Right now, if the cops want to read my e-mail, it’s pretty trivial for them to do so. All they have to do is ask my online e-mail provider. But a new bill set to be introduced Thursday in the Senate Judiciary Committee by its chair, Sen. Patrick Leahy (D-VT), seems to stand the best chance of finally changing that situation and giving e-mail stored on remote servers the same privacy protections as e-mail stored on one's home computer.

When Congress passed the 1986 Electronic Communications Privacy Act (ECPA), a time when massive online storage of e-mail was essentially unimaginable, it was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered "abandoned" after 180 days. By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days; police only need to show that they have "reasonable grounds to believe" the information gathered would be useful in an investigation. Many Americans and legal scholars have found this standard, in today’s world, problematic.

Leahy, who was one of ECPA’s original authors, proposed similar changes in May 2011, but that was never even brought to a vote in the committee. The new version, which keeps the most important element of the 2011 proposal, will be incorporated into a larger bill aimed at revising the 1988 Video Privacy Protection Act (VPPA).

A more politically-palatable maneuver

As we reported last year, the House passed a revision to the VPPA, making it easier for online video rental services (yep, Netflix is a fan of this bill!) to share information about customers’ rental history through a simple online consent form, rather than explicit, printed, written consent. This is a legislative moved aimed squarely at making the bill more palatable to Republicans (who comprised 8 of 10 members on the Judiciary Committee), and who are generally opposed to weakening law enforcement tools.

Leahy’s new amendement would provide a major change to the privacy standard of all electronic correspondence by finally requiring a probable cause-driven warrant. If this bill does pass, it would instantaneously provide significantly more privacy to everyone in America who sends e-mail, uses Facebook, Twitter, Google Docs, or communicates online in essentially any way.

"[Currently] there’s a standard for what’s electronic communications services, and that’s where there’s the 180-day rule," said Chris Calabrese, legislative counsel at the American Civil Liberties Union, in an interview with Ars.

"There’s a whole class of remote computing services, which were ones that did data processing back in the 1980s], but are now cloud computing. What this does is eliminate the distinction between the two and eliminate the 180 day rule and raise them all up to a warrant. It’s very solid legislative language. It covers all private communications and would require a warrant to access them. Something that’s long overdue. We’re talking about a huge class of very private information and stuff that is so undisputedly private."

Judicial clarity

Many advocacy groups and tech companies, including Apple, Google, Amazon, Dropbox, Google, the Electronic Frontier Foundation (EFF), Facebook, the ACLU and many others (collectively under an umbrella group known as Digital Due Process) have been lobbying Congress for some time now. All of these entities likely would be in favor of such a bill.

"The ECPA fix would be a major step forward for e-mail privacy," wrote Lee Tien, a staff attorney at the EFF, in an e-mail to Ars.

But more interestingly, beyond the list of usual suspects of supporters (groups like the EFF and the ACLU), are the other parties supporting the bill.

On Wednesday, members of the Judiciary Committee received copies of two letters from prominent former government officials: former Rep. Bob Barr (R-GA) and Marc J. Zwillinger, who spent three years prosecuting cybercrime from the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice. Barr is also a former federal prosecutor and Zwilinger is now in private practice and also teaches law at Georgetown University.

Both men argued that one of the primary reasons for the new bill’s passage would be to provide clarity between current case law and investigatory practice. In 2010, the Sixth Circuit Court of Appeals ruled that the Fourth Amendement protecting unreasonable searches and seizures also protects e-mail, even if it’s over 180 days old.

Because online e-mail providers (like Google’s Gmail, for instance) can’t know if their customers fall under the Sixth Circuit jurisdiction, many have taken to requiring a warrant from law enforcement when they may not need to.

"This has created uncertainty the Leahy amendment would replace with clarity: law enforcement officers would no longer wonder whether they should seek communications content without a warrant, or whether the warrant requirement applies in one jurisdiction but not another," wrote former Rep. Barr. "This clarity will help ensure that seized evidence will not be suppressed at the end of the prosecution, thereby allowing a guilty party to escape punishment."

The content of an e-mail would be protected, other data, less so

In a further bid to potentially assuage conservative committee members, Zwillinger also points out that the new amendment would "leave in place lower legal standards for the building blocks of law enforcement investigations."

Such information could include name, address, e-mail address, IP addresses, and other transactional data such as when, where, with whom and for how long someone communicated.

"This is the type of information that prosecutors use to build probable cause that enables them to seek court-ordered access to more sensitive information, such as communications content," Zwillinger wrote.

Ars e-mailed staffers of Sen. Chuck Grassley (R-IA), the committee’s ranking Republican, to see what the senator thought of the Leahy amendment—as of press time they had not responded.

"E-mail and its eventual successors are simply too important to be governed by inconsistent and confusing standards," wrote Woodrow Hartzog, a professor at the Cumberland School of Law at Samford University, in an e-mail sent to Ars. "While more comprehensive and adaptable privacy protections for electronic communications are needed, I imagine dramatic improvement in the electronic surveillance regime will be politically and logistically challenging."