The Next Generation Communications Privacy Act

47 Pages Posted: 30 Jul 2013 Last revised: 13 Apr 2018

See all articles by Orin S. Kerr

Orin S. Kerr

University of California, Berkeley School of Law

Date Written: July 29, 2013

Abstract

In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to regulate government access to Internet communications and records. ECPA is widely regarded as outdated, and ECPA reform is now on the Congressional agenda. At the same time, existing reform proposals retain the structure of the 1986 Act and merely tinker with a few small aspects of the statute. This Article offers a thought experiment about what might happen if Congress were to repeal ECPA and enact a new privacy statute to replace it.

The new statute would look quite different from ECPA because overlooked changes in Internet technology have dramatically altered the assumptions on which the 1986 Act was based. ECPA was designed for a network world with high storage costs and only local network access. Its design reflects the privacy threats of such a network, including high privacy protection for real-time wiretapping, little protection for noncontent records, and no attention to particularity or jurisdiction. Today’s Internet reverses all of these assumptions. Storage costs have plummeted, leading to a reality of almost total storage. Even U.S.-based services now serve a predominantly foreign customer base. A new statute would need to account for these changes.

This Article contends that a next generation privacy act should contain four features. First, it should impose the same requirement on access to all contents. Second, it should impose particularity requirements on the scope of disclosed metadata. Third, it should impose minimization rules on all accessed content. And fourth, it should impose a two-part territoriality regime with a mandatory rule structure for U.S.-based users and a permissive regime for users located abroad.

Keywords: ECPA, Stored Communications Act, Fourth Amendment

JEL Classification: K42, K30

Suggested Citation

Kerr, Orin S., The Next Generation Communications Privacy Act (July 29, 2013). 162 University of Pennsylvania Law Review 373 (2014). , Available at SSRN: https://ssrn.com/abstract=2302891

Orin S. Kerr (Contact Author)

University of California, Berkeley School of Law ( email )

Berkeley, CA 94720-7200
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
1,039
Abstract Views
8,809
Rank
39,752
PlumX Metrics