Washington, D.C. – House Judiciary Committee Chairman Bob Goodlatte (R-Va.) today gave the following statement on the House floor in support of the Email Privacy Act (H.R. 387).

Chairman Goodlatte: Today, the House of Representatives will again vote to approve legislation that reforms and modernizes the Electronic Communications Privacy Act, or “ECPA.”  Last year, identical legislation passed with unanimous bipartisan support, by a vote of 419-0. Reforming ECPA has been a top priority for me as Chairman of the Judiciary Committee.  I have worked with Members of Congress, advocacy groups, and law enforcement agencies for years on many complicated nuances involved in updating this law. The resulting bill is a carefully-negotiated agreement to update the procedures governing government access to stored communications content and records.

Thirty years ago – when personal computing was still in its infancy and few of us had ever heard of something called the World Wide Web – Congress enacted ECPA to establish procedures that strike a “fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies.”

In 1986, mail was sent through the U.S. Postal Service, a search engine was called a library, and “clouds” were found only in the sky.  In 1986, computer storage was finite and expensive.  It was unheard of that a commercial product would allow users to send and receive electronic communications around the globe for free and store those communications for years with a third-party provider.

So much has changed in the last three decades.  The technology explosion of the last three decades has placed a great deal of information on the Internet, in our emails, and on the cloud.  Today, commercial providers, businesses, schools, and governments of all shapes and sizes provide email and cloud computing services to customers, students, and employees.

The Email Privacy Act establishes for the first time in federal statute a uniform warrant requirement for stored communication content in criminal investigations, regardless of the type of service provider, the age of an email, or whether the email has been opened.

The bill preserves the authority for law enforcement agents to serve the warrant on the provider because, as with any other third-party custodian, the information sought is stored with them.  However, the bill acknowledges that providers may give notice to their customers when in receipt of a warrant, court order, or subpoena, unless the provider is court-ordered to delay such notification.

The bill continues current practice that delineates which remote computing service providers – or cloud providers – are subject to the warrant requirement for content in a criminal investigation.  ECPA has traditionally imposed heightened legal process and procedures to obtain information for which the customer has a reasonable expectation of privacy, namely emails, texts, photos, videos, and documents stored in the cloud.  H.R. 387 preserves this treatment by maintaining in the statute limiting language regarding remote computing services.

Contrary to practice thirty years ago, today vast amounts of private, sensitive information are transmitted and stored electronically.  But this information may also contain evidence of a crime and law enforcement agencies are increasingly dependent upon stored communications content and records in their investigations.

To facilitate timely disclosure of evidence to law enforcement, the bill authorizes a court to require a date for return of service of the warrant.  In the absence of such a requirement, H.R. 387 requires email and cloud providers to promptly respond to warrants for communications content.

Current law makes no distinction between content disclosed to the public, like an advertisement on a website, versus content disclosed only to one or a handful of persons, like an email or text message.  The result is that law enforcement could be required to obtain a warrant even for publicly-disclosed content. The bill clarifies that commercial public content can be obtained with process other than a warrant.

Lastly, H.R. 387 clarifies that nothing in the law limits Congress’s authority to compel a third-party provider to disclose content in furtherance of its investigative and oversight responsibilities.

Thirty years ago, the extent to which people communicated electronically was much more limited.  Today, however, the ubiquity of electronic communications requires Congress to ensure that legitimate expectations of privacy are protected while respecting the needs of law enforcement.

I am confident that this bill strikes the necessary balance, and does so in a way that continues to promote the development and use of new technologies and services that reflect how people communicate with one another today and into the future.

I’d like to thank Congressman Yoder and Congressman Polis for introducing the underlying legislation.

It is my hope that today, the House will once again approve this legislation that embodies the principles of the 4th Amendment and reaffirms our commitment to protecting the privacy interests of the American people without unduly sacrificing public safety.

I urge my colleagues to support this bipartisan legislation, and I reserve the balance of my time.