IE 11 is not supported. For an optimal experience visit our site on another browser.

2 congressional bills seek to strengthen online privacy

The U.S. Capitol BuildingArchitect of the U.S. Capitol

Two congressional bills could have big implications for electronic inboxes and mobile devices when it comes to privacy.

On Thursday , Sen. Patrick Leahy (D-Vt.) was set to propose an amendment to the Electronic Communications Privacy Act of 1986 that would extend privacy rights regarding email.

Leahy's move comes just one day after U.S. Rep. Ed Markey (D-Mass.) introduced the Mobile Device Privacy Act, which would force service providers and app developers to gain permission before monitoring any activity or accessing any data on any mobile device.

Warrants for email
Law enforcement's easy access to remotely stored emails has long been a thorn in the side of privacy advocates, but that might be about to change. If passed, a Senate bill introduced by Leahy will protect all email equally, regardless of whether it's stored on a remote server or your own hard drive.

The law would finally require law enforcement to obtain a probable cause warrant to rifle through archived emails, something they've been able to do up to now by jumping over an easily cleared standard of proving "reasonable grounds" that the information gleaned could be useful.

As tech blog Ars Technica reports, the law in its current form is a relic from the 1980s before remote email storage became the norm we take for granted today. Messages that hadn't been downloaded for more than six months were considered "abandoned" and police needed to present little just cause to peruse old private communiqués without a warrant.

But now that virtually every hand has a smartphone in it and remote clouds are bursting at the seams, such lax rules have become archaic.

This new law would extend privacy protections to just about every person in the United States. If you use email, Facebook, Twitter, Google Drive, or cloud-based services such as Dropbox, this law applies to you.

"What this does is eliminate the distinction between the two and eliminate the 180-day rule and raise them all up to a warrant. It's very solid legislative language. It covers all private communications and would require a warrant to access them. Something that's long overdue. We're talking about a huge class of very private information and stuff that is so undisputedly private," Chris Calabrese, legislative counsel at the American Civil Liberties Union, told Ars.

While this bill seeks to strengthen the shield between an email message and law enforcement, some metadata might not enjoy the same protections. Access to names, email addresses, IP addresses and other information would "leave in place lower legal standards for the building blocks of law enforcement investigations," reported Ars.

Mobile monitoring
As the Senate prepares to debate Leahy's amendment, the House of Representatives must contend with its own potential privacy law.

Mobile apps are becoming a part of our day-to-day living at a rapid pace. We use them to shop, bank, send and receive messages, schedule appointments and figure out where we're going. But as apps become an ever-increasing part of what we do, the laws to govern them can't seem to keep up.

In what Markey called  a "significant societal issue that has to be discussed," apps, their developers and the platforms they run on have run amok, doing little more than paying lip-service to security concerns, and in some cases, using highly sensitive data inappropriately and without a user's consent or knowledge.

In a recent case, an app for the social network Path was caught sending users' address books back to Path's servers, unbeknownst to the users.

In many cases, apps want all or nothing as far as information goes. They require users to grant a blanket request for permissions that may include access to location data and contacts, or they simply won't run.

"Apps very commonly access our sensitive information," Markey said. "Apps often do this without prior notice and even when the app isn't actively being used."

In addition to making companies obtain permission before monitoring a mobile device, Markey's bill would require any company that collects personal information from a mobile device to have secure policies in place for storing it.

The bill would also give enforcement powers to the Federal Trade Commission and the Federal Communications Commission to punish mobile companies that break the law and provide a clear-cut way for customers to sue companies that violated their privacy.

Attitudes and the Internet
Although the proposed laws are independent of each other, they mark a significant change in the attitude of legislators toward the Internet. The Stop Online Piracy Act (SOPA ) and the Cyber Intelligence Sharing and Protection Act (CISPA), bills aimed at curving online piracy, looked like they'd pass with bipartisan support before a grassroots movement by Internet users picked off the majority of the bills' Capitol Hill supporters.

In January, Leahy was the lead sponsor of the Protect IP Act (PIPA), a bill that drew the ire of millions of Americans, concerned that broad language in the law could lead to the wrongful shuttering of sites perceived to be infringing or facilitating another's ability to infringe on intellectual property rights.