On Tuesday, the Department of Justice acknowledged for the first time that the notion that e-mail more than 180 days old should require a different legal standard is outdated.

This marked shift in legal theory, combined with new House subcommittee hearings and new Senate legislation, might just actually yield real, meaningful reform on the much-maligned Electronic Communications Privacy Act. It's an act, by the way, that dates back to 1986.

As Ars' Tim Lee wrote in November 2012, “ECPA requires a warrant to obtain freshly sent e-mail before it's been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient's e-mail box for 180 days, a lower standard applies. These rules simply don't line up with the way modern e-mail systems work.”

In written testimony presented to a House subcommittee on Tuesday, Acting Assistant Attorney General Elana Tyrangiel concurred with that idea.

“We agree, for example, that there is no principled basis to treat e-mail less than 180 days old differently than e-mail more than 180 days old. Similarly, it makes sense that the statute not accord lesser protection to opened e-mails than it gives to e-mails that are unopened. Acknowledging that the so-called ‘180-day rule’ and other distinctions in the [Stored Communications Act, a sub-section of ECPA] no longer make sense is an important first step. The harder question is how to update those outdated rules and the statute in light of new and changing technologies while maintaining protections for privacy and adequately providing for public safety and other law enforcement imperatives.”

Civil liberties advocates are watching ECPA reform's progress with a careful and optimistic eye.

“[The ACLU has] said that there should always be a warrant for e-mail,” Chris Calabrese, legislative counsel at the American Civil Liberties Union (ACLU), told Ars. “To me, this is one of those things that is a core constitutional value. We’ve always said that we protect communications with a warrant, whether it was physical mail 150 years ago, telephone calls 40 years ago, or e-mail today.”

With any luck, there will be a much better, privacy-conscious way for law enforcement to access our e-mail. Don't hold your breath for urgency though. Ars has been reporting on this issue for many months now—similar legislation has been introduced going way back to May 2011.

Pen registers and D-orders also under fire

Besides Tyrangiel’s Tuesday testimony, the House’s Subcommittee on Crime, Terrorism, Homeland Security, and Investigations also fielded written testimony. The subcommittee asked questions of the Tennessee Bureau of Investigation, a law professor from the George Washington University Law School, and Google’s director of law enforcement.

Tyrangiel also articulated “there are a number of other parts of the statute that may merit further examination during any process updating and clarifying the statute.”

Specifically, she cited problems with how law enforcement has used other electronic records, which include pen registers, “D-orders,” and other tools. But the justice department wasn't totally in favor of making all digital communications more private. Tyrangiel suggested that accessing "to" and "from" addressing information should be made easier for law enforcement.

"Congress could consider modernizing the SCA so that the government can use the same legal process to compel disclosure of addressing information associated with modern communications, such as e-mail addresses, as the government already uses to compel disclosure of telephone addressing information. Historically, the government has used a subpoena to compel a phone company to disclose historical dialed number information associated with a telephone call, and ECPA endorsed this practice. However, ECPA treats addressing information associated with e-mail and other electronic communications differently from addressing information associated with phone calls. Therefore, while law enforcement can obtain records of calls made to and from a particular phone using a subpoena, the same officer can only obtain 'to' and 'from' addressing information associated with e-mail using a court order or a warrant, both of which are only available in criminal investigations. This results in a different level of protection for the same kind of information (e.g., addressing information) depending on the particular technology (e.g., telephone or e-mail) associated with it. Congress could consider updating the SCA to set the same standard for addressing information related to newer technologies as that which applies in traditional telephony."

In other words, while the Justice Department appears open to eliminating some parts of the law that are blatantly ridiculous (the 180 days bit), it also seems to want to lower the standard for accessing header information via a simple subpoena.

ECPA reform bill re-introduced in Senate

Also on Tuesday, Sen. Patrick Leahy (D-VT) re-introduced legislation that had previously passed committee in November 2012. The difference this time? Its co-sponsor comes from across the aisle, which hopefully means that it has a better chance of passing. Earlier this month, two lawmakers introduced a related bi-partisan bill in the House of Representatives.

“When ECPA was enacted, e-mail was primarily a means of communicating information, not storing it," said Sen. Mike Lee (R-UT). "Today, we use our e-mail accounts as digital filing cabinets, where we store many of the personal documents and sensitive information that the Fourth Amendment was meant to protect. This bill takes an essential step toward ensuring that the private life of Americans remains private.”

Still, privacy advocates have raised eyebrows at the fact that at least some law enforcement agents have been pushing for a text message retention provision in any ECPA revision.

“Billions of texts are sent every day, and some surely contain key evidence about criminal activity,” said Richard Littlehale, assistant special agent at the Tennessee Bureau of Investigation, in his written testimony (PDF). “Text messaging often plays a big role in investigations related to domestic violence, stalking, menacing, drug trafficking, and weapons trafficking. I am well aware that retention means a cost for service providers. I would urge Congress to find a balance that is not overly burdensome to service providers, but that ensures that law enforcement can obtain access to critical evidence with appropriate legal process for at least some period of time.”

Civil libertarians hope that this time around—particularly in the wake of last year’s Gen. David Petraeus scandal—meaningful ECPA reform can move forward.

“Both chairmen [of the Senate and House committees] are working together and interested in ensuring that the same rights users have in the physical world also apply in the virtual world,” Mark Jaycox, a policy analyst at the Electronic Frontier Foundation, told Ars. “Congress is finally listening to the courts and users, both of which agree that warrants should be needed for all private online messages—regardless of the age of the message.”