Leahy and Sununu Introduce E-Mail Privacy Act

April 28, 2005. Sen. Patrick Leahy (D-VT) and Sen. John Sununu (R-NH) introduced S 936, the "E-Mail Privacy Act of 2005".

This bill is a reaction to the split opinion of the three judge panel of the U.S. Court of Appeals (1stCir) in USA v. Bradford Councilman, a criminal case involving the Electronic Communications Privacy Act (ECPA) and unauthorized accessing of the content of stored e-mail messages. The Court of Appeals held that there was no violation of the Wiretap Act, as amended by the ECPA, when stored e-mail was accessed, because, since it was in storage, there was no interception within the meaning of the statute. See also, story titled "1st Circuit Holds Wiretap Act Does Not Apply to E-Mail in Storage" in TLJ Daily E-Mail Alert No. 930, July 1, 2004.

The Court of Appeals held a rehearing en banc on December 8, 2004. See, story titled "1st Circuit Grants Rehearing En Banc in Councilman Case" in TLJ Daily E-Mail Alert No. 992, October 7, 2004. Sen. Leahy filed an amicus curiae brief [PDF].

The Court of Appeals reasoned that whether there is a violation of 18 U.S.C. 2511 in this case turns on the definitions found in 18 U.S.C. 2510. That is, 18 U.S.C. 2511(1) provides, in part, that "any person who (a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication ... shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5)." 18 U.S.C. 2510 contains definitions of both "wire communication" and "electronic communication". The definition of "wire communication" includes "any electronic storage of such communication", while the definition of "electronic communication" makes no reference to stored communications. Thus, no interception can occur while the e-mails are in electronic storage. And, since there is no interception, there is no violation of 18 U.S.C. 2511.

The Leahy Sununu bill amends 18 U.S.C. 2510 to undo Councilman. The bill provides that "Section 2510(4) of title 18, United States Code, is amended by striking `through the use of any electronic, mechanical, or other device.' and inserting `contemporaneous with transit, or on an ongoing basis during transit, through the use of any electronic, mechanical, or other device or process, notwithstanding that the communication may simultaneously be in electronic storage;"

Sen. Patrick LeahySen. Leahy (at right) explained his bill in the Senate. He stated that "In a strained reading of the Electronic Communications Privacy Act (ECPA), the majority in this case effectively concluded that it was permissible for an Internet Service Provider to systematically intercept, copy and read its customers' incoming e-mails for corporate gain. This outcome is an unacceptable privacy intrusion that is inconsistent with Congressional intent and the commonly-held understanding of the protections provided by ECPA, and requires swift Congressional response." See, Congressional Record, April 28, 2005, at Page S4553.

"In 1986 Congress passed ECPA to update the Wiretap Act so that Americans could enjoy the same amount of privacy in their online communications as they do in the offline world. ECPA", said Sen. Leahy. "The Councilman decision upset this careful distinction."

He added that "this decision essentially licenses ISPs to snoop. Even more worrisome is that this decision creates the opportunity for the type of Big Brother invasions that understandably make Americans cringe. For practical reasons, law enforcement often installs surveillance devices at these nanosecond storage points, but before doing so, they have obtained the appropriate legal permission to intercept e-mails -- a Title III order. Under the majority's interpretation in the Councilman decision, law enforcement would no longer need to obtain a Title III order to conduct such searches, but rather could follow the less rigorous procedures for stored communications."

The Councilman case has resulted in other legislative proposals. For example, on July 22, 2004, Rep. Jerrold Nadler (D-NY) and others introduced HR 4977 (108th Congress), the "E-mail Privacy Protection Act of 2004". This bill amends the Wiretap Act and the Stored Communications Act, to provide that accessing stored e-mail communications, including by e-mail service providers, can constitute criminal violations. See, story titled "Rep. Nadler Introduces Bill to Criminalize Accessing Stored E-Mail" in TLJ Daily E-Mail Alert No. 950, August 2, 2004.

Also on July 22, Rep. Jay Inslee (D-WA) and others introduced HR 4956 (108th Congress), the "E-mail Privacy Act of 2004". Like Rep. Nadler's bill, HR 4977, this bill responds to the opinion in USA v. Councilman, and provides increased legal protection under the Criminal Code for stored e-mail communications. However, Rep. Inslee's bill would provide less onerous limitations upon the activities of e-mail service providers. See, story titled "Rep. Inslee Introduces E-mail Privacy Act" in TLJ Daily E-Mail Alert No. 950, August 2, 2004.