Assuming that Texas Governor Rick Perry does not veto it, the Lone Star State appears set to enact the nation’s strongest e-mail privacy bill. The proposed legislation requires state law enforcement agencies to get a warrant for all e-mails regardless of the age of the e-mail.
On Tuesday, the Texas bill (HB 2268) was sent to Gov. Perry’s desk, and he has until June 16, 2013 to sign it or veto it. If he does neither, it will pass automatically and take effect on September 1, 2013. The bill would give Texans more privacy over their inbox to shield against state-level snooping, but the bill would not protect against federal investigations. The bill passed both houses of the state legislature earlier this year without a single “nay” vote.
This new bill, if signed, will make Texas law more privacy-conscious than the much-maligned 1986-era Electronic Communications Privacy Act (ECPA). With the ECPA, federal law enforcement agencies are only required to get a warrant to access recent e-mails before they are opened by the recipient.
As we’ve noted many times before, there are no such provisions in federal law once the e-mail has been opened or if it has sat in an inbox, unopened, for 180 days. In March 2013, the Department of Justice acknowledged in a Congressional hearing that this distinction no longer makes sense and the DOJ would support revisions to ECPA.
A spokesperson for the governor, Courtney Ford, did not immediately respond to Ars’ request to find out whether Gov. Perry plans on signing the bill. The bill reads in part:
An authorized peace officer may require a provider of an electronic communications service or a provider of a remote computing service to disclose electronic customer data that is in electronic storage by obtaining a warrant under Section 5A.
. . .
[A] district judge may issue a search warrant under this section for electronic customer data held in electronic storage, including the contents of and records and other information related to a wire communication or electronic communication held in electronic storage, by a provider of an electronic communications service or a provider of a remote computing service described by Subsection (h), regardless of whether the customer data is held at a location in this state or at a location in another state. An application made under this subsection must demonstrate probable cause for the issuance of the warrant and must be supported by the oath or affirmation of the authorized peace officer.
As if the ECPA wasn’t complicated enough, one United States circuit court of appeals decided that federal authorities do need a warrant before accessing e-mail. The case, known as United States v. Warshak, has created a split as other circuits, including the United States Supreme Court, haven’t yet taken up the issue. (Google has since taken the public stance that it will follow the Warshak standard.)
Previously, Texas state law had language mirroring ECPA’s existing 180-day requirement. Of course, ECPA remains federal law of the land in Texas and in all the other 49 states. But civil libertarians and legal experts hope that this may spur Washington, DC into passing much-needed ECPA reform, which has languished for some time now.
“Privacy is a special thing in Texas—it goes to the core values of Texas,” said Chris Soghoian, a senior policy analyst at the American Civil Liberties Union.
“It’s always good to see states passing pro-privacy legislation because it sends a signal to Congress. It sends a signal to conservative members who might not yet be on board that this is something being supported in their own states and it helps the courts to see that this is a safe space to venture into. When cities and states start protecting e-mail, then judges may feel like there is a reasonable expectation of privacy.”
Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation (EFF), agreed.
“It is the first state legislature I’m aware of to change the law this way,” he told Ars. “Other states are currently considering similar legislation, including California—where EFF sponsored SB 467 recently passed the Senate 33-1 and is now being considered in the Assembly.”
“It’s significant proof that privacy reform is not only needed but also politically feasible with broad bipartisan support,” Fakhoury said. “Hopefully that will impact federal ECPA reform efforts by getting people on both of sides of the political aisle to work together to make meaningful electronic privacy reform a reality. The more states that pass similar legislation, the more pressure it will put on Congress to keep up with the changing legal landscape.”