It’s among the most popular bills in Congress, but it’s still stuck in committee.
More than 300 House members—a majority of the body—have signed on as cosponsors to the Email Privacy Act, which would require police to obtain a warrant before accessing emails, Facebook messages, and other private online content. It has vocal support from conservatives such as Reps. Kevin Yoder and Ted Poe, as well as liberals such as Reps. Jared Polis and Sheila Jackson Lee. Getting it passed is one of the top policy priorities for Internet giants such as Google and Yahoo, and it’s even endorsed by antitax crusader Grover Norquist.
But after more than three years of debate, the bill still hasn’t made it to the House floor for a vote. And on Tuesday, a hearing of the House Judiciary Committee made it clear why: The panel’s chairman, Rep. Bob Goodlatte, isn’t backing the bill yet, and his committee perch gives him enough power to keep it from going through.
Goodlatte said Tuesday he supports the “core” of the Email Privacy Act, but he also demanded changes to ensure the bill doesn’t hamper law enforcement. A Goodlatte aide said the hearing “highlighted some issues that need to be addressed” and declined to say when the bill might advance to a vote in the committee.
Goodlatte’s resistance is proving to be a major stumbling block, even though the bill already has more cosponsors than it would need votes to pass.
Under the Electronic Communications Privacy Act, the government can seize emails that have been opened or that are more than 180 days old without judicial approval. When lawmakers passed ECPA in 1986, they assumed that if a person hadn’t downloaded and deleted an email within six months, it could be considered abandoned and wouldn’t require strict privacy protections. While one federal appeals court ruled in 2010 that the Constitution requires police to obtain a warrant to access emails, other courts have concluded that people lose privacy protections when they share information with third parties such as email providers.
The Judiciary Committee chairman also warned that there are “serious public safety” concerns with a provision that would require police to serve the criminal suspect with the warrant instead of just the suspect’s email provider. And he argued that the bill could undermine investigations by Congress and civil agencies, which don’t have access to criminal warrants.
That concern was echoed by Andrew Ceresney, the head of enforcement at the Securities and Exchange Commission. The Email Privacy Act, Ceresney testified, “poses significant risks to the American public by impeding the ability of the SEC and other civil law enforcement agencies to investigate and uncover financial fraud and other unlawful conduct.”
But Ceresney acknowledged that the SEC hasn’t tried to subpoena email providers since the appeals court granted constitutional protections to remotely stored content in 2010. The bill’s supporters also argued that civil agencies such as the SEC should just continue forcing the targets of their investigations to turn over records instead of going to email providers like Google.
Pointing to the controversy over the Internal Revenue Service targeting conservative organizations, Chris Calabrese, the vice president of policy for the Center for Democracy and Technology, a privacy advocacy group, urged Congress not to allow civil agencies to use the bill as “a tool to gain new powers.”
The bill, which would not affect foreign intelligence operations, had been largely overshadowed by the leaks by Edward Snowden and the debate over National Security Agency surveillance.
Sens. Patrick Leahy and Mike Lee introduced counterpart legislation to the Email Privacy Act in the Senate. The Senate Judiciary Committee held a hearing in September, but like Goodlatte, Chairman Chuck Grassley worried the legislation could hamper law enforcement investigations. The Senate has not scheduled a committee vote on the bill.