Despite Lavabit contempt order, e-mail privacy stalled in Congress

A federal appeals court is holding in contempt the operator of a now-defunct e-mail service because he refused to abide by a court order and turn over the crypto keys and expose Lavabit’s 400,000 customers to the government’s prying eyes.

Equally troubling as that Wednesday decision by the Fourth US Circuit Court of Appeals may be, Congress has essentially punted on reforming the Electronic Communications Privacy Act, the law surrounding e-mail privacy.

That has led one of the leading lobbyists on the matter to declare a defeat of sorts.

“It’s become clear to us in the course of a year and a half, we’re not going to see comprehensive ECPA reform at this time,” lobbyist Jim Dempsey, a vice president at the Center for Democracy & Technology, said in a telephone interview.

As it now stands, the President Ronald M. Reagan-era law allows the cops to get your e-mail or other cloud-stored content without a warrant, so long as it’s been stored on a third-party’s servers for at least six months. That law, combined with others, also allows the authorities to obtain cell-site data without a warrant. (Court rulings on these topics are mixed, and some key e-mail services, like Google, Microsoft and others, say they demand warrants despite the law.)

All the while, gridlock and fear in Congress is keeping lawmakers from adopting even watered-down reform packages.

That means lawmakers cannot bring themselves to update a law Reagan signed almost three decades ago, when CompuServe was king, when e-mail was briefly stored on servers before recipients downloaded them with their own software. The only clouds available at that time were those in the sky. Gmail was a figment of science fiction, and e-mail left on servers was considered abandoned.

But that original law that protected e-mail has been turned on its head, as most e-mail users store their communications in the cloud.

Consider that the Senate Judiciary Committee passed a watered down reform measure last year requiring the authorities to obtain a probable-cause warrant to acquire cloud-based data—the same standard required to search the same material if it was on a hard drive in your house.

“Just because your emails are on your computer, must not mean they have any less protection than if they were printed on your desk,” said Mark Jaycox, an Electronic Frontier Foundation legislative analyst.

But American politics has created the 8th Wonder of the World—the legislative hold. In this case, an anonymous lawmaker or lawmakers has blocked the measure from going before the full Senate for a yes or no vote. And that’s despite the unheard of announcement by the Justice Department saying it supports the package to enhance the public’s privacy protections.

And this is the weakened version of legislation that once required warrants to track one’s movements via cell tower pings from their mobile phones.

Dempsey is lobbying for the privacy changes along with several groups, like Digital Due Process, whose membership includes the biggest names in tech, from Adobe to Twitter, and said the Security and Exchange Commission’s opposition to the warrant requirement has rattled some lawmakers.

Mary Joe White, the SEC chief, doesn’t support the changeover and wants to keep it easy for investigators to access cloud communications.

“A few members of Congress are concerned,” Dempsey said.

Yet 200 House members think it’s a good idea to shore up the warrant requirement, at least insofar as e-mail and cloud-stored content is concerned.

Rep. Kevin Yoder (R-KS) proposed legislation nearly a year ago demanding a warrant. Some 200 members have signed onto the package, an unprecedented number. Yet it hasn’t gotten a vote before the House Judiciary Committee, the body that sends it to the House floor.