Sens. Orrin Hatch (R., Utah) and Chris Coons (D., Del.) today introduced legislation to require U.S. law enforcement officials to obtain a warrant in order to access e-mail and other electronic communications of U.S. persons and persons located in the U.S. that is stored with third parties inside or outside the U.S. The bill also would reform the mutual legal assistance treaty (MLAT) process used by U.S. and foreign law enforcement officials to obtain information located outside their borders. A version of ICPA introduced by Sen. Hatch in the last congressional session failed to pass.
The proposed International Communications Privacy Act (ICPA) would also authorize “law enforcement to obtain electronic communications relating to foreign nationals who are located outside the United States in certain circumstances,” according to an overview of the bill released by Sen. Hatch’s office. It would also state “a sense of Congress that data providers should not be subject to data localization requirements. Such requirements are incompatible with the borderless nature of the Internet, are an impediment to online innovation, and are unnecessary to meet the needs of law enforcement.”
The issue of extraterritorial effects of warrants could be before the Supreme Court if it chooses to review the Second Circuit’s 2016 decision in “Microsoft Corp. v. U.S.,” which allowed Microsoft to ignore a U.S. search warrant for customer data stored in Ireland.
Given that dispute, Sen. Hatch said, it is “past time for Congress to address the critically important issue of international data privacy and the need to establish a sensible legal framework for law enforcement to access extraterritorial communications. The potential global reach of government warrant authority has significant implications for multinational businesses and their customers. Failing to address this issue in a reasonable, comprehensive way will only continue to cause problems between American businesses and the U.S. government. ICPA will aid US law enforcement while safeguarding consumer privacy, striking a much-needed balance in today’s data-driven economy.”
In a blog post today, Microsoft President and Chief Legal Officer Brad Smith said, “The International Communications Privacy Act (ICPA) updates antiquated data laws to better meet the needs of law enforcement, while protecting people’s privacy rights. In today’s fast-moving digital world, it’s important that law enforcement can quickly access evidence across borders to solve and prevent crime. But it’s also important to have a strong and fair legal process in place to protect citizens when governments want to access their email and other online data. This timely, much-needed legislation allows law enforcement agencies to do their jobs while respecting borders and the timeless values cherished by people around the world.”
Mr. Smith added, “Recent congressional hearings in the House and Senate Judiciary Committees have shown unanimous agreement on the need for a durable and modern legal framework to govern how governments access data across borders. The current law was enacted more than 30 years ago, long before most people had even heard of email or the internet. It was drafted in a world in which electronic data was stored on personal computers, or on servers located in offices or homes, not with cloud service providers. The notion of seeking data from a datacenter in another country was never contemplated when the law was passed. It’s up to Congress, not the courts, to determine how best to modernize the law.”
The Computer & Communications Industry Association, the Internet Association, the Software and Information Industry Association, and 10 other trade groups sent a letter to Sens. Hatch and Coons yesterday supporting the bill (TR Daily, July 31). —Lynn Stanton, firstname.lastname@example.org