With tax day behind us, taxpayers may soon have something else to celebrate from the IRS. In testimony before the Senate Finance Committee today, IRS Acting Commissioner Steven Miller was questioned aggressively about documents released by the ACLU last week that indicate that the IRS does not think it needs a warrant to read all emails and other electronic communications during criminal investigations. Under pressure from senators, Miller agreed to update IRS policy documents within 30 days to state that a warrant is required for access to all emails, regardless of their age.

Two senators from opposite sides of the aisle, Senator Grassley (R-IA) and Senator Wyden (D-OR), pressed Miller about whether the IRS has sought or obtained emails without a warrant since a federal appeals court ruled in 2010 that a warrant is required for all emails. (You can watch the hearing here. Sen. Grassley’s questions start at 1:25:00 and Sen. Wyden’s questions start at 1:31:10.) They asked why the IRS seems to be ignoring that 2010 decision—United States v. Warshak—in most of the country, and advising its criminal investigative agents that emails stored on a server for more than 180 days can be obtained without a warrant. Surprisingly, Miller answered that the IRS follows Warshak across the country. That’s not what internal IRS documents and its public policy manual show, but if true it is welcome news. Importantly, Miller committed to clarify written IRS policy within 30 days to state that a warrant is always required.

Miller’s testimony leaves several important questions unanswered, however:

Although Miller stated that the IRS Criminal Investigation unit obtains warrants for all emails, he did not discuss other forms of electronic communication such as text messages, instant messages, and direct messages on social media. Under the Fourth Amendment, a warrant should be required for those private communications as well.

Miller stated that, to his knowledge, the IRS has not obtained electronic communications without a warrant in the past. But an internal IRS Chief Counsel Advice memorandum from 2011 reveals that, months after Warshak, IRS investigative agents requested emails from an internet service provider without a warrant at least once. The IRS should explain when it started following Warshak nationally, and whether it has sought or obtained emails without a warrant in the past.

We applaud Senators Grassley and Wyden for quickly taking up this important issue and getting an answer from the IRS, less than a week after the ACLU released the IRS documents. But while the IRS’s apparent change of policy is a step in the right direction, there is more for Congress to do. The current IRS policy manual relies on the outdated Electronic Communications Privacy Act (ECPA), which only requires a warrant for some emails and other electronic communications. In order to uniformly protect the privacy of Americans’ private communications, lawmakers must update ECPA to require a warrant for the contents of all electronic communications, regardless of age or other factors. Strong reform legislation has been introduced by a bipartisan group of sponsors, and is starting to make its way through the legislative process. Follow this link to urge Congress to modernize our electronic privacy law and close the loophole that’s letting the government access email and other electronic communications without a warrant.