Addressing the privacy that lies in the usage of electronic communications is a piece of legislation falling under the ambit of the United States judicial strata, known as the Electronic Communications Privacy Act of 1986. From the concept of the Wiretap Act to the idea of the Stored Communications Act, the Privacy Act comprises the aforementioned aspects precisely.
It is only when viewed together in a nutshell, that it is said to have bestowed legal protections for electronic communications as well as provide regulations for the interception and access to such communications by law enforcement agencies.
The Electronic Communications Privacy Act was brought into force with the sole motive of updating and modernizing the Federal Wiretap Act of 1968, which categorically focused on the concept of interception of traditional telephone conversations that were executed over “hard” telephone lines.
With the rapid growth and advancement of technology, complemented by the emergence of digital and electronic communications, it became vehemently evident to upgrade the legislation dealing with the aforementioned aspect of privacy.
To dive into the concept further, the Wiretap Act idea falling under the scrutiny of The Electronic Communications Privacy Act extends the scope of privacy protection that is brought into play for safeguarding any exchange of information taking place via various forms of electronic communications that stands inclusive of emails, digital messages, and voice over IP, commonly addressed as VoIP conversations.
The aforementioned aspect clearly prohibits the unauthorized interception of such communication lines as well as strives to establish requirements and guidelines needed for obtaining the court’s authorization or consent from the parties involved.
Speaking of the other core concept of The Electronic Communications Privacy Act is the Stored Communications Act which encompasses ideas pertaining to the privacy of stored electronic communications, such as emails stored on servers or electronic files stored in the cloud.
From regulating the access to such communications by government authorities to establishing procedures, guidelines, and standards for deriving the said access to stored communications, marks the need for having such a legislation.
Emphasizing the fact that, throughout the years, additional legislation, such as the USA PATRIOT Act which was brought into existence in response to the September 11, 2001, terrorist attacks, has been equipped with the amendment and clarifications of certain aspects of The Electronic Communications Privacy Act.
Such aforementioned developments have aimed to curate the law as per the new technologies and methods of communication. Not only this but the fact that in some cases they have eased restrictions on law enforcement’s access to stored communications under specific circumstances, serves to be of utmost essentiality.
Along the same lines, it deems it important to highlight that The Electronic Communications Privacy Act and its amendments are subject to several ongoing discussions that mark a thin line between privacy rights and law enforcement needs, especially in the digital age.
The court decisions and legislative proposals are created in such a way as to shape the interpretation and application of the law in relation to evolving technologies and privacy concerns.
1. The General Provisions of The Electronic Communications Privacy Act
The Electronic Communications Privacy Act, as previously amended, bestows strict protections for aspects such as wire, oral, and electronic communications at various stages which stands as follows:
- When the communications and conversations are curated for the exchange of knowledge
- When the aforementioned are found to be in transit
- When such communications are stored on computers or other electronic devices
Running parallel, The Electronic Communications Privacy Act encompasses a wide range of communications that is inclusive of emails, telephone conversations, and several other forms of electronic data.
Not only that but the aforementioned act is equipped with the skill to recognize that privacy should be upheld not only for real-time communications and conversations but also for stored electronic communications found on electronic devices.
Taking as an illustration, when a person is sending an email, having a telephonic conversation, or transmitting data electronically, the Electronic Communications Privacy Act is bestowed with the power to safeguard the privacy of such communications along with prohibiting the unauthorized interception of the aforementioned aspect
The Electronic Communications Privacy Act also disperses its protections to the storage of electronic communications that refers to the data preserved on platforms such as computers, servers, or other electronic devices and deemed to be safeguarded from unauthorized access or disclosure by any third party.
Along with such protections, it is also equipped with the authority to curate standards and guidelines that are required for the officials of the government to follow when wanting to seek access to stored communications found on various devices.
Complementing the same is the aspect of limitations that is followed by such protections under The Electronic Communications Privacy Act.
Taking, as an illustration, the aspect that under specific circumstances supported by proper legal officials, law enforcement agencies are authorized to access stored communications that stand to be present on various electronic platforms and devices.
Apart from the aforementioned, certain provisions of the Act have been hugely subjected to varied interpretations, discussions and debates pertaining to the aspect of the evolution of technologies in sync with privacy concerns.
2. The Civil Rights and Liberties under The Electronic Communications Privacy Act
“The structure of the SCA reflects a series of classifications that indicate the drafters’ judgments about what kinds of information implicate greater or lesser privacy interests”.
Determining the standards of privacy for the protection of various data stored on different devices is the kind of approach deployed by drafters of the Stored Communications Act which is precisely emphasized in the above-mentioned statement.
Additionally, The Stored Communications Act falls under the ambit of the Electronic Communications Privacy Act which was created with the sole intention of focusing on the aspect of privacy that lies in the category of stored electronic communications.
It is a known fact by the drafters of the Stored Communications Act that the different types of information stored by service providers not only on varied electronic devices but also have distinctive levels of privacy interests attached to them.
Not only have the drafters categorised the different aspects and kinds of information found on the devices but have also curated varied levels of legal guards that can be bestowed upon them.
Such aforesaid segregation of information shines a light on the judgments that pertain to the vehement importance of privacy aspects in unique types of data on diverse kinds of electronic devices.
Taking as an illustration, when speaking of the intensity levels that are found in different kinds of data, the drafters of the Stored Communications Act put forth that the information unveiled from stored emails tends to have greater privacy concerns than compared to subscriber account information.
Diving further into the aforementioned, the type of content found in stored emails focuses on the authentic exchange of information in real time, hence the data contained within them serve to be of utmost confidentiality, importance, and sensitivity.
However, when speaking of the comparative counterpart, the subscriber account information, it deems it essential to state that such account information focuses only on the basic and minimum details of the user such as the name, address, and payment information.
Complementing the duties of the drafters of the Stored Communications Act, the said individuals are also employed with the skill to identify the marked differentiation between materials such as computing services that are deemed to be available to the public at large and those computing services, the access of which is refrained from being bestowed upon the public.
Computing services that are accessible by the public such as public email services or any other online platforms offering varied services to a wide range of user account holders, as per the drafters, are believed to need stricter guidelines and regulations and must be provided with stronger privacy safeguards.
Speaking of the privacy aspects, for the address of such varied standards of the aforementioned, it is the concept of the Stored Communications Act, that is relied upon for bestowing upon the knowledge on the different kinds of legal guards associated with diverse kinds of data on electronic devices.
To elaborate on the intensity of the privacy protection requirement, it is essential to look at the following illustrations:
- Having the bare minimum privacy protection criteria, are the kinds of information that are derived by any law enforcement or government agencies on the basis of a subpoena.
- Increasing by a few percent, the privacy defence requirements attached to data pertaining to special court orders lie on a higher level when compared with the aforestated.
- Lastly, focusing on more sensitive cases, which require the derivation of information from stored communications, to have a search warrant for executing the same, is deemed to be a must, hence, it qualifies as an act that requires a supreme level of legal protection.
On the same lines, the Stored Communications Act also possesses a branch of information, that deals with the distinguishment of the different kinds of legal process that deems to be of vehement essentiality when speaking in terms of the notice sent to the subscriber.
Any kind of notice that is sent to the subscriber refers to the fact that the individual whose data is being sought will not only be informed about the government’s request for delving into the same but also be provided with the authorization to access their data.
3. The Specific Provisions of The Electronic Communications Privacy Act
The Electronic Communications Privacy Act comprises three main titles that are deemed of utmost essence which are as follows:
3.1. Title I:
The Wiretap Act serves as Title I of The Electronic Communications Privacy Act, the purpose of which is to strictly prohibit the intentional interception, use, or disclosure of wire, oral, or electronic communications via electronic devices.
- Not only the aforementioned, but it has also employed the skill to restrict the action of another person to intercept such communications and derive information. The very use of such illegally obtained communications has been termed inadmissible in the form of evidence in a court of law.
- The only individuals who are authorized to engage in interception or disclosure of information via such means are operators and service providers as it is their job and it falls in the normal course of their employment; hence it is regarded as one of the major exceptions to the prohibitions under the said act.
- Not only this but those acts of individuals are also exempted under the Act, who are required to intercept communications or conduct electronic surveillance under the Foreign Intelligence Surveillance Act.
- Apart from the aforementioned, Title I also has the ability to curate guidelines and procedures for government officials to obtain judicial authorization for interfering in wire, oral, or electronic communications. Such a provision is termed to regulate the use and disclosure of information which are derived through the process of authorized wiretapping.
- In the same regard, it is important to put forth that a judge, post an application for such intervention that shows a probable cause reflecting that such an act will bring to light the evidence of a specific offence listed in the Act, as per their discretion, may issue a warrant that authorizes such interception for up to 30 days.
3.2. Title II:
The said title revolves around The Stored Communications, the main focus of which lies in granting privacy protections to the contents of files stored by service providers as well as the records of subscribers under the possession of the service providers. The said content refers to the data pertaining to subscriber names, billing records, and IP addresses.
- The Stored Communications Act shines light upon the guidelines and limitations it has curated, on how the service providers maintain, process, and disclose stored communications on electronic devices. Not only this but the Act is also employed with the ability to be able to regulate the aspects as to how and when the government entities are authorized to access stored communications as well as subscriber records.
- From curating the rules to obtain warrants and subpoenas to putting across the guidelines for the courts to access such information, The Stored Communications Act comprises all such aspects.
3.3. Title III:
Pen Register and Trap and Trace Devices fall under the ambit of Title III of the Electronic Communications Privacy Act, which solely enlightens the ideas of the pen register and trap and trace devices.
- The former, that is Pen registers are equipped with the ability to capture dialled numbers and all the other related information that are retrieved from the outgoing calls, on the other hand, the latter, that is trap and trace devices analyze the numbers as well as any other data that is received from incoming calls.
- On the same lines, Title III also governs how government entities are allowed to use such devices.
- From understanding that the authorities are required to obtain a court order before installing such pen registers and trap and trace devices to comprehending the fact that such an order is based on the certification by the applicant that such information that will be obtained will be relevant to an ongoing investigation conducted by the applicant’s attorney, it deems it essential that a proper process is required to take advantage of such provision.
4. The Amendments under The Electronic Communications Privacy Act
To reach where it is now, The Electronic Communications Privacy Act has been subjected to several significant amendments and changes since it was brought into force in 1986. Such amendments are as follows:
4.1. Communications Assistance for Law Enforcement Act of 1994:
The Communications Assistance for Law Enforcement Act was a key source to result in the expansion of The Electronic Communications Privacy Act’s scope, the goal of which was to include the requirements for telecommunications carriers to ensure that the equipment and services, they are using, have built-in surveillance capabilities, serving to be easier for law enforcement agencies to conduct electronic analysis.
4.2. USA PATRIOT Act of 2001:
Contributing immensely to the development of The Electronic Communications Privacy Act is The USA PATRIOT Act which brought into existence several changes to the act pertaining to better the law enforcement’s surveillance capabilities.
From expanding the types of information that could be derived through court orders, standing inclusive of voicemails and email records to regulating the exchange of information between government agencies, The USA PATRIOT Act has been of great significance for the improvement of The Electronic Communications Privacy Act.
4.3. The Foreign Intelligence Surveillance Act Amendments Act of 2008:
Not only did this act amend the Foreign Intelligence Surveillance Act as a whole but the said changes in this act, left a huge impact on the provisions of The Electronic Communications Privacy Act.
The said act has contributed to helping in the broadening of the government’s surveillance powers for the collection of foreign intelligence information that is inclusive of the interception of electronic communications involving non-U.S. citizens.
5. Information Privacy Right and of The Electronic Communications Privacy Act
The concept of an individual’s right to information privacy is a broad one, hence, to regulate the same as well as to provide a direction to understand the definition of personal information it deems it necessary to read below:
5.1. Personal Information:
Not being restricted to either private or sensitive, personal information also revolves around the notion comprising any information that can be used for the identification of an individual.
From data that can establish an authorship relation to the individual, a descriptive relation to the individual to a kind of information pertaining to the instrumental mapping relation of an individual, all of the aforesaid falls under the ambit of personal information.
5.2. Non-Personal Information:
A kind of information that cannot be associated with a specific individual, is termed as Non-Personal Information. An amalgamation of three categories such as
- non-human information, which is information that does not relate to individuals,
- anonymous information, which lacks personally identifiable markers but can potentially enable to linking of information to an individual through additional research or publicity and
- group information, which refers to a collection of individuals rather than specific individuals, is what makes up this entire segment.
However, it is important to note that such distinctions between personal and non-personal information may not always serve to be straightforward, especially where a case involves either a small group or when an individual’s identity can still be deciphered from the information.
5.3. Balancing Privacy Interests:
There are certain factors that the court is required to keep in mind when it is deemed to balance an individual’s privacy interests against the government’s requirement in disclosure. Such factors are as follows:
- Embarrassment or Reputational Injury: The Courts, when analyzing a case, assess the extent to which there is a disclosure of certain information that could lead to embarrassment or harm to an individual’s image or reputation in society.
- These are the kinds of data, that if unveiled, can cause immeasurable damage to an individual’s personal or professional life, hence the court shall adjudge in such a way, where privacy protection is of utmost essentiality.
- Harassment and Intrusion: The courts are required to take into account whether unveiling certain private information could lead to unwanted harassment or intrusion into an individual’s personal life. It is stated that protections are to be bestowed upon the individual if such revealment of information could possibly lead to exposing an individual to unwanted attention.
- The practicality of Privacy Expectations: The courts are employed with the power that requires them to analyze the fairness in the individual’s expectations pertaining to the grant of privacy protections in a given context.
- Taking as an illustration, in the case of e-commerce, individuals are generally of the opinion that their personal information will only be used for the purposes they have consented to, hence, they have a reasonable expectation that in case, there is scope for any unauthorized disclosure or misuse of their information, the court will aid in justice.
- Embarrassment or Reputational Injury: The Courts, when analyzing a case, assess the extent to which there is a disclosure of certain information that could lead to embarrassment or harm to an individual’s image or reputation in society.
6. The Fourth Amendment And Electronic Communications
The Fourth Amendment of the United States Constitution states that:
“The Constitution, through the Fourth Amendment, protects people from unreasonable searches and seizures by the government. The Fourth Amendment, however, is not a guarantee against all searches and seizures, but only those that are deemed unreasonable under the law.”
As put forth above, the Fourth Amendment to the United States Constitution grants protection to individuals from unreasonable searches and seizures.
Not only the fact that it shine a light on the aspect that citizens have the right to be secure in their own skin, houses, documentation, and effects, but it also highlights the idea that any kind of search warrant shall only be issued upon the presentation of a probable cause that must be supported by oath or affirmation, with the essence of specifically describing the place to be searched and the things that are to be seized.
For emphasizing the same, the Supreme Court, in its numerous pronouncements, has established the fact that when law enforcement officials conduct a search to find evidence of any criminal activity, to obtain a judicial warrant for ensuring practicality is served to be of extreme essence.
It is important to state that the primary purpose of the Fourth Amendment is to safeguard the privacy and security of individuals against unwarranted invasions and intrusions by government authorities.
The fact that not all government actions fall under the ambit of the Fourth Amendment’s scrutiny is a change in the scene. The protections offered by the Fourth Amendment are solely dependent on the occurrence of a “search.”
A search, referring to its dictionary definition, is an act that is considered to have taken place when the government trespasses an individual’s reasonable expectation of personal privacy. To make such a determination, a dependency on two distinct inquiries is highlighted.
The first refers to whether the person under investigation has demonstrated a subjective expectation of privacy in the object of the search, and the second aspect focuses on whether society is willing to recognize that said expectation of the individual as reasonable.
In the case of Quon v. City of Ontario, the Supreme Court never considered explicitly whether stored electronic communications are entitled to Fourth Amendment protection, hence the Court has assumed, without marking as a conclusion, that individuals have a reasonable expectation of privacy in case of stored messages.
In the case of Nixon v. Administrator of General Services, the Court had derived that individuals have a legitimate expectation of privacy in their private communications.
In the case of United States v. Warshack, the court was in the dilemma of understanding whether e-mails and other electronic messages are protected under the ambit of the Fourth Amendment.
The confusion was resolved when the court referred to the judgement by the U.S. Court of Appeals for the Sixth Circuit, which held that users have a reasonable expectation of privacy in e-mails stored by their internet service provider.
More recently, courts have begun to address the requirement of the minimizing action of searches in e-mails and other electronic records. Judge Alex Kozinski outlined in United States v. Comprehensive Drug Testing, the specific data minimization guidelines that have been employed by other courts which are as follows:
- Magistrates should place emphasis on the government to waive reliance upon the plain view doctrine in digital evidence cases.
- Segregation and redaction must be either done by specialized personnel or an independent third party. If the segregation is to be done by government computer personnel, it must be agreed in the warrant application that the computer personnel will not disclose to the investigators any information other than that which is the target of the warrant.
- Warrants and subpoenas must disclose the actual risks of destruction of information as well as prior efforts to seize that information in other judicial fora.
- The government’s search protocol must be designed to uncover only the information for which it has probable cause, and only that information may be examined by the case agents.
- The government must destroy or, if the recipient may lawfully possess it, return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept.
Not only the aforementioned, but the courts have also taken the initiative to shine a light on the issue of notification and warrant returns for email searches.
In the case of United States v. Donovan, the Supreme Court has made it abundantly clear that the government must provide notice of a search and an inventory of the return in order to fulfil the condition of the Fourth Amendment.
However, some lower courts have interpreted the Electronic Communications Privacy Act’s notice requirement as being satisfied when the government notifies service providers, not individual users.
From understanding the background, the general provisions, complemented with the specific provisions, to the various amendments as well as the effect of the act on online privacy, the Electronic Communications Privacy Act serves to be of utmost importance, especially in the digital age.
Not only this but the concept of electronic communications with regard to the Fourth Amendment of the Constitution shows the essentiality of the said act for the individuals residing in the United States.