Electronic Communications Privacy Act

The U.S. Electronic Communications Privacy Act (ECPA) of 1986 was created in order to address privacy issues surrounding the pervasiveness of computers and databases in the government and the workplace. Its major provisions include extending privacy protection to email, voice mail, and remote computing services. It has been criticized for allowing law-enforcement agencies easier access to consumer records, and for allowing a certain amount of employer surveillance. Debates have more recently focused on whether its extension of law-enforcement monitoring of private communications could undermine the constitutional right to privacy.

Before the ECPA was enacted in 1986, electronic surveillance was covered by Title III of the Omnibus Crime Control and Safe Streets Act of 1968, also known as the Federal Wiretap Act. Because the wiretap law did not consider electronic technologies, both industry and civil-liberty groups urged Congress to update the law. It was believed that strengthening privacy through ECPA would create a principle that privacy is beneficial for both consumers and businesses. Signed into law by President Reagan on October 21, 1986, and effective January 20, 1987, the ECPA expanded privacy protection to radio pagers, electronic mail, cellular telephones, private-communication carriers, and computer transmissions.

Under the ECPA, privacy protection was extended to all carriers, private and branch telephone exchanges, and local area networks. Under the Stored Communications provisions of the ECPA, the contents of stored email, voicemail, and remote computing services are protected. These provisions protect email from unauthorized access, alteration, and disruption, as well as from unauthorized disclosure without the lawful consent of the originator of the communication. The ECPA also restricts government access to customer and subscriber records, and requires government entities to acquire a search warrant, court order, or subpoena to access any service-provider records without the prior notification of the customer or subscriber.

Criticism of the ECPA has focused on its potential threats to civil liberties. In particular, critics are worried that more and varied law-enforcement agencies have easier access to customer and subscriber information records, that the federal infringement of privacy under the guise of electronic surveillance has increased, and that there could be a possible increase in the surveillance of citizens who have been targeted as members of particular political groups.

Workplace privacy has also been a concern, as the ECPA, although not allowing employers to monitor employee email or telephone calls, does allow employers to eavesdrop on their employees if they are notified in advance, or if there is reason to suspect that the employers' interests are being jeopardized.

One of the first major decisions under the ECPA was the 1993 ruling in Steve Jackson Games Incorporated, et al., vs. United States Secret Service, United States of America, et al. In this case, the court ruled that the U.S. Secret Service had violated the ECPA when it seized computer equipment belonging to Steve Jackson, believing that he was involved in software theft from BellSouth. Of particular interest in this case is the judge's ruling that the ECPA was violated when agents seized a computer containing private, stored emails.

After the Oklahoma City bombing in 1995, proposals were made to reinforce the wiretap laws so that law enforcement would have easier access to electronic records. Two recent court cases demonstrate the increasing complexity of email privacy.

...