It may take incremental steps to ensure due process against government seizure of online data, but step-by-step protections are better than no protections at all.
The Law Enforcement Access to Data Stored Abroad (LEADS) Act, introduced last week by a bipartisan trio of U.S. senators, is the latest development stemming from the heightened concern about data privacy and due process raised by the 2013 disclosures about the National Security Agency’s sweeping set of activities geared toward data acquisition on millions of U.S. and foreign individuals.
The LEADS Act, sponsored by Sens. Chris Coons, D-Del., Orrin Hatch, R-Utah and Dean Heller, R-Nev., is intended as an amendment to the pending update of the Electronic Communications Privacy Act. The ECPA update would sharpen Fourth Amendment protections by extending them to data stored by third-party services, also known as “cloud storage.” In short, the bill would make documents and material stored in the cloud subject to the same search-warrant requirements as a user’s personal property.
LEADS would permit the execution of U.S. search warrants originating on data servers in foreign countries, as long as they comply with the laws of the country where the electronic data is stored.
The act has the support of a number of technology companies, including Microsoft and Verizon. In the wake of the NSA disclosures, a number of companies—both domestic and foreign–moved their data to storage facilities off-shore, in many cases cancelling contracts with U.S. companies.
The larger point, however, is that users have the right to be secure in their papers and effects, just as the Fourth Amendment states. The push for a renewed ECPA itself is the result of the NSA’s overreach. Sadly, it may be a casualty of the current gridlock in Congress. Still, the Supreme Court gave citizens some encouraging rulings this year, including a requirement for police to have a search warrant to access cell phone data.
It’s also encouraging to see, outside of Washington policy circles, U.S. businesses getting more active in protecting user data. On their new smartphones, Apple and Google have made it impossible for the government to unlock encrypted data. Yahoo has released thousands of pages of documentation on its ultimately unsuccessful suit to stop the government from seizing its customers’ data. Clearly, U.S. enterprises see no upside in cooperating with overzealous investigators. While it is true that agencies, from the NSA on down to your local police department, have legal means at their disposal to acquire the evidence they need, it is not up to the citizenry to grease the wheels for them.
Quite to the contrary, the central point of the Bill of Rights is to place explicit limits and obstacles on the government’s powerful monopoly on force. While no one can know what the founders may have thought of today’s tech policy debates, they knew well the overwhelming advantage power of the purse, power of military and power of policing affords the state–even one conceived as democratic and just. They did their best to make sure that abuse of that advantage did not come too easily.
High technology gives the state yet another powerful advantage over the individual. While it does create certain efficiencies, it also promotes procedural laziness, lulling lawmakers into the belief that massive surveillance, analytics and online data crunching will replace solid police work. A bunch of pranksters who made it to the top of one of the Brooklyn Bridge towers—and who were never caught—serve as a warning against this mentality.
That’s why we need LEADS, a new ECPA and many other constitutionally derived hoops for law enforcement to jump through when it comes to online investigation and datagathering. In the long run, it will ensure thoroughness and meaningful outcomes without compromising privacy, liberty and due process.