Download This PaperReasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act
Deirdre K. Mulligan, Reasonable Expectations in Electronic Communications: A Critical Perspective on the Electronic Communications Privacy Act, 72 GEO. WASH. L. REV. 1557, 1598 (2004).
42 Pages Posted: 24 Sep 2019
Date Written: August 2004
Abstract
Many hailed the passage of the Electronic Communications Privacy Act of 1986 ("ECPA") as a victory for privacy. It created the statutory framework of privacy protections and related standards for law enforcement access covering electronic communications and remotely stored electronic records. Significantly, the ECPA established the standards that currently control law enforcement access to personal e-mail and electronic records, such as pictures and date books, stored on remote servers.
In 1986, relatively few people had Internet access; commercial electronic mail services and commercial data processing centers were emerging, but both primarily served the business community. The World Wide Web was barely a gleam in its creator's eye. Today, increasing numbers of individuals have adopted the Internet for business and interpersonal communication and as a data repository. Millions of individuals use e-mail, chat, and "blog" on a daily basis. Individuals store personal photo albums, journals, and otherinformation on commercial servers. In the eighteen years since the ECPA's passage, we have witnessed an enormous growth in personal use of the Internet.
The increased personal use of the Internet to communicate and store communications and other personal electronic records, such as photos, diaries, and date books, raise questions about the adequacy of the privacy standards developed in 1986.
Two forces, one technical and one legal, influenced the privacy protections and law enforcement access standards found in the ECPA. First, multiple transitory copies of an e-mail's content are created as it moves across the network from sender to recipient. The existence of static copies of the e-mail communication's content, which can be accessed after the fact from entities not party to the communication, is distinct from traditional voice communications over a wire, which, because of its ephemeral nature, can only be accessed by eavesdropping in real-time or through the cooperation of a party to the communication. This technical distinction was important because as a practical matter it meant that the contents of a communication could be accessed at multiple points in time, from multiple parties, and at multiple locations. Second, this practical difference had the potential to influence the privacy afforded the contents of e-mail communications under the Fourth Amendment. A series of 1970s Supreme Court decisions (the "business records cases") raised the possibility that these multiple copies of e-mails, in addition to electronic files that were intentionally placed on remote commercial servers for safekeeping, were wholly without Fourth Amendment protection. Broadly stated, these decisions were asserted to support the proposition that individuals have no protected privacy interest in personal information and records voluntarily disclosed to businesses. This broad interpretation, strongly supported by the law enforcement community during the consideration of ECPA, and at a time when present personal uses of the Internet were largely unforeseen, played an important role in shaping the privacy protections ultimately afforded to the content of electronic communications and remotely stored electronic records.
In this Article, I question whether the privacy standards set out in the ECPA provide adequate protection as a matter of policy and Fourth Amendment law. Part I discusses the genesis of the ECPA. Part II describes the privacy and law enforcement access provisions relevant to electronic communications and electronic records maintained on remote servers. Part III documents the increasing use of the Internet by individuals for personal purposes. Part IV examines the "business records cases" and identifies three principles that should limit their reach. Part V documents the way in which ECPA's reliance on the "business records cases" as a point of departure ignores these limiting principles and is in tension with other areas of Fourth Amendment law. The Article concludes that given the current personal use of the Internet, key provisions of ECPA no longer adequately protect privacy as a matter of public policy and constitutional law, recommends that ECPA be revised, and suggests several provisions that are ripe for constitutional
challenge.
Today, millions of U.S. individuals are using electronic mail for personal communications and storing personal effects such as family photos, diaries, and date books on the Internet. The changed ways in which people use the Internet, enabled by new technical standards, laws, and business models, have exposed fundamental weaknesses in the structure of the ECPA. Many who supported the statute would agree that it has failed to keep pace with changes in and on the Internet and therefore no longer provides appropriate privacy protections. It is time to revisit and revise ECPA to establish appropriate privacy protections that respect individuals' expectations and constitutional requirements.
Keywords: surveillance, privacy, Fourth Amendment, ECPA, fiduciary
JEL Classification: K1, K14, O38
Suggested Citation: Suggested Citation