In today’s world, we upgrade our smartphones to the latest-and-greatest models once every couple of years, or we find ourselves with outdated hardware that can’t keep up with the newest apps. We’ve come to accept (and even revel in) this constant upgrading as part and parcel of an era that is marked by a pace of innovation, unfathomable just a few decades ago, made possible by the ubiquity of wired and wireless Internet access and the advent of cloud computing.
Given the tectonic changes that have occurred in technology and communications over the last three decades, it is shocking that the laws governing the privacy and security of our stored electronic communications were written when Mark Zuckerberg was two years old.
The Electronic Communications Privacy Act, passed in 1986, was designed to give privacy protections to the new forms of communications that were in their infancy in the mid-1980s. At that time, storing data was amazingly expensive and inefficient (floppy disks were state-of-the-art), so long-term storage of data was cost-prohibitive. As a result, ECPA was written with a loophole that seems unthinkable today: the government may demand, without a warrant, emails older than 180 days. In today’s day and age, where few of us give a second thought to storage capacity in our cost-free inboxes, that creates an enormous problem.
These outdated laws have also had unintended consequences with the rise of cloud computing. Because these outdated laws were created in an era when large-scale transmission of data required physically carrying a disc or a tape from one place to the other, there was little thought given to the idea that, in the near future, data would flow back and forth constantly between servers without thought to physical proximity.
No longer do we store data in server rooms in the back office (or even on our personal hard drives). As more and more of our data, from music, to video, to email, to business records, migrate to the cloud, that data crosses borders without a second though as cloud providers seek to maximize efficiency. While data itself may know no borders, they still have massive implications in the law.
As the high-tech centers in Salt Lake City and Provo grow at an astounding pace and our entrepreneurs spread into markets across the globe, the conflict between borderless data and the law becomes a very real threat. For instance, as the law stands, the U.S. government claims the ability to demand data from cloud providers in other countries, simply based on the fact that those cloud providers have a U.S. based subsidiary or parent company.
The Law Enforcement Access to Data Stored Abroad (“LEADS”) Act, recently introduced by our own Senator Orrin Hatch, will reform ECPA and creates a framework for when and how the US government can access data stored aboard. The government would have to comply with the laws of the country where the data is stored.
This may seem an abstract problem, but as the app-based economy grows by leaps and bounds, it becomes very real.
We join the numerous technology companies, manufacturers and privacy organizations that have come out in support of the LEADS Act.