Connect with us

Hi, what are you looking for?


Cloud Security

Senate Delays Data Privacy Amendment Until After November

A sweeping digital privacy protections measure that would have required the government to get a warrant for data stored in the cloud has been delayed until after the November elections.

A sweeping digital privacy protections measure that would have required the government to get a warrant for data stored in the cloud has been delayed until after the November elections.

The Senate Judiciary Committee decided to postpone discussion on an amendment which would require the government to get a probable-cause warrant before obtaining email and other content stored in the cloud. The proposal, an amendment to the Video Privacy Protection Act, was an attempt to rewrite sections of the 1986 Electronic Communications Privacy Act.

US Senate Under the current provisions of the ECPA, the government currently can request and obtain a suspect’s email or other stored content from an Internet service provider without showing probable cause that a crime has been committed. The existing law gives government access to any data stored on a server for at least 180 days with nothing more than an administrative subpoena indicating it has “reasonable grounds” to believe the information would be useful in an investigation.

The amendment would nullify the 180 day rule and require a proper warrant.

“I drafted these privacy updates in careful consultation with representative from the privacy, civil liberties, technology and law enforcement communities,” said Sen. Patrick Leahy (D-Vermont) in a statement.

The House recently passed changes to the Video Privacy Protection Act, which would allow Netflix customers from allowing their Facebook streams to automatically update what movies they are watching. Spotify and several other music streaming services already publish what users are listening to on Facebook. The VPPA originally required users to give consent on what video they are watching on a rental-by-rental basis. The new update limited the law’s reach to allow Netflix to publish on Facebook.

Leahy proposed an amendment, which “improves the privacy protections in the House bill,” he said. His amendment adds privacy protections so that users who consent to share video viewing information can opt-out at any time. The other part of the amendment adds “common sense updates” to ECPA to enhance privacy protections on emails and other content, according to Leahy’s statement.

The proposed amendment would prohibit a service provider from voluntarily disclosing the contents of user emails or other electronic communications to the government without a proper search warrant. The government would also be required to notify the individual whose email was obtained and provide the individual with a copy of the search warrant and other details about the data seized within three days. The notification can be delayed for up to 90 days under a court order.

Advertisement. Scroll to continue reading.

As more and more Internet users started stored email and other documents on third-party servers indefinitely instead of keeping them locally, the ECPA has become problematic. When enacted back in 1986, people didn’t store content in the cloud, and email was stored briefly on servers before users downloaded them. Email more than six months old was considered abandoned, which made it fair game for law enforcement. But with personal cloud storage lockers and Webmail, the law is out of sync with how technology has advanced.

Various technology, privacy, civil liberties and civil rights groups, including the Center for Democracy and Technology and Microsoft, support the changes.

“ECPA is woefully outdated—it was passed in 1986 before ubiquitous cloud computing and archived email even existed—so this is great news,” the Electronic Frontier Foundation wrote, noting that the proposed privacy protection wasn’t restricted to just email, but also included geo-location information.

“The same protections found in the physical world should apply equally to the virtual world,” the EFF said.

Leahy said the goal was to “update these privacy laws in a way that does not inadvertently undermine law enforcement’s ability to keep us safe” and will “consider all legitimate concerns.”

“There are appropriate exceptions to this prohibition under current law, including when a customer provides consent, or when disclosure to law enforcement is necessary to address certain criminal activity,” Leahy said, adding those exceptions would remain in place.

“Any effort to revise ECPA should involve detailed and careful consideration of the consequences of proposed changes on the ability of law enforcement investigators to conduct their work efficiently and effectively on behalf of American citizens,” a coalition of six groups representing police officers wrote to the Senate. The group included the National Narcotic Officers’ Associations’ Coalition, National Sheriffs’ Association, the Major County Sheriffs’ Association, Major Cities Chiefs of Police Association, Association of State Criminal Investigative Agencies, and the National District Attorneys’ Association.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.