House Judiciary Committee Approves E-Privacy Bill

By Kerry Gildea, Contributing WriterThe House Judiciary Committee Sept. 26 approved legislation making it more difficult for law enforcement officials to track electronic communications and transactions.The Judiciary Committee, in a 20-1 vote, passed the Electronic Communications Privacy Act of 2000 (H.R. 5018). The bill requires "probable cause" for government access to trace electronic communications. It also requires a warrant for government seizure of read or unread e-mail stored with an Internet service provider for up to one year. The committee adopted a version of the bill offered by Rep. Charles Canady, R-Fla. Calling the legislation a common-sense approach that balances privacy and law enforcement concerns, Canady urged quick consideration by the full House."It is especially important that, as law enforcement does its job, we work vigilantly to protect the privacy rights of individuals, particularly in the area of communication on the Internet," he said. Concern about electronic privacy has escalated on Capitol Hill since more information has become public about law enforcement techniques and systems, such as the FBI's Carnivore electronic message monitoring system.While there is no Senate counterpart to the bill, House supporters are hopeful the Senate either will adopt this version or move forward with something similar before the end of this session.Among its provisions, the bill requires the federal government to report annually on the number of requests it makes to disclose the contents of stored electronic communications. It also increases the civil penalties that may be applied to people who illegally intercept electronic communications by raising the daily damages for each violation from $100 a day to $500 a day. Also, the bill requires high-level Justice Department approval for interceptions of electronic communications, as is required for interceptions of wire and oral communications.Canady also has drafted another bill to protect employees from having their employers secretly monitor their communications or computer use. A Canady aide said he is holding back on pushing that bill because of the time constraints of this session."Recent media reports show that a growing number of employers are using often sophisticated surveillance techniques to monitor their employees' communications," Canady said.Officials from civil liberties organizations, industry and academia began urging Congress earlier this year to take action to update privacy laws to keep pace with technological advances. They have argued that Congress needs to strengthen privacy laws to restore a balance between government surveillance and personal privacy.James Dempsey, senior staff counsel for the Center for Democracy and Technology, told the House Judiciary Subcommittee on the Constitution at a Sept. 6 hearing that Canady's bill and others under consideration are just a first step toward addressing some of the weaknesses in privacy laws. "This bill would make important improvements in the enforcement of the constitutional guarantee against unreasonable searches and seizures," Dempsey said. Dempsey rejected the notion that measures such as the Electronic Communications Privacy Act will impede the ability of law enforcement officials to do their jobs."No law enforcement agency will be prohibited by these bills from locating a criminal suspect or monitoring a terrorist's e-mail," he said. "In fact, these bills do not prohibit any form of monitoring. All they will do is to set clear and strong privacy guidelines for use of electronic surveillance techniques and require public reporting of surveillance statistics as the foundation of oversight and accountability." The Judiciary Committee also passed an amendment directing police to obtain a warrant before they can access stored e-mail. In the past, police could gain access with an administrative subpoena.Canady said the new law actually will help law enforcement officials capture cybercriminals. For example, it allows service providers to disclose to law enforcement basic customer records, such as name and address, in certain emergency situations. It also allows police to use devices to track the source and destination of criminal communications without a court order for up to 48 hours in situations involving national security and ongoing attacks on computer networks, Canady said. However, if a court finds that law enforcement had an insufficient basis to conduct the monitoring, the bill requires that person whose communications were wrongfully tracked be notified.The bill also raises the maximum penalty for serious computer violations to 10 years in prison. One example of such a violation was the creation and spread of the "Melissa virus," which caused tens of millions of dollars in damage to computers nationwide, Canady said.Bills such as this address the fact that privacy laws are outdated for two reasons: the growing surveillance potential of communications and computer technologies, and the government's expanding use of electronic monitoring and data collection techniques, Dempsey said.Privacy questions will continue into the next Congress about whether law enforcement tools such as Carnivore should be subject to Fourth Amendment scrutiny, said Andrew Shen, a policy analyst at the Electronic Privacy Information Center.While Canady's bill raises the standards for how far law enforcement can go in obtaining data on an individual, questions on technologies such as Carnivore show that there are more issues for lawmakers to tackle, Shen said."The first step in dealing with items such as Carnivore is to make as much information open to the public eye, and then have hearings and allow for analysis by independent organizations like EPIC," Shen said. "I am confident these issues won't go away with the end of this session."