Trailblazing Email Privacy Bill Proposed in Texas
Mary Grinman - Edited by Natalie Kim
H.B. No. 2268
[caption id="attachment_3322" align="alignleft" width="150"] Photo By: André Natta - CC BY 2.0[/caption]
On May 27, 2013, the Texas State Senate and House both signed H.B. 2268. The legislation requires state law enforcement agents to secure a warrant before accessing emails and other “electronic customer data” in “electronic storage.” H.B. 2268 at 3–4. It also permits state courts to serve warrants on out-of-state service providers as long as they do “business in [Texas] under a contract . . . with a resident of [Texas], if any part of that contract . . . is to be performed in [Texas].” Id. at 9. With this requirement, the bill closes the loophole of the 1986 Electronic Communications Privacy Act (ECPA), which allows warrantless access to emails opened or older than 180 days. Unless Governor Rick Perry vetoes the bill by June 16, 2013, the bill will pass and go into effect on September 1.
Texas Rep. John Frullo originally authored the bill, with support from civil liberties organizations such as the Texas Electronic Privacy Coalition. Prior to the bill’s passage, the Senate amended it to allow “an authorized peace officer” to “require a provider . . . to disclose . . . information revealing the identity of customers . . . [and] information about a customer’s use of the applicable service[,] without giving subscriber or customer notice” as long as he obtained an administrative subpoena, a grand jury subpoena, a warrant, a court order, or the consent of the customer. See Senate Amendments Printing Analysis, at 5–6. The legislation is designed to “extend the jurisdiction of district judges by granting them privileges to issue data search warrants beyond the physical boundaries of the state for computer data searches only.” Senate Committee Report at 1.
Texas Legislature Online provides a summary of the history surrounding the bill. Ars Technica calls the bill “unprecedented,” and describes it as “the nation’s strongest email privacy bill.” RT states that the bill could be “a roadmap to updating the [federal] 1986 Electronic Communications Privacy Act (ECPA),” which only requires a warrant for recent and unopened emails. Pub. L. No. 99-508, 100 Stat. 1848 (Oct. 21, 1986),codified at 18 U.S.C. §§2510-22, 2701-11, 3121-26. However, Bloomberg BNA reminds its readers that the federal government will retain the authority to “access older emails without a warrant.”
Currently, Texas law emulates the ECPA in only requiring a warrant for electronic content that has been stored for 180 days or fewer. See H.B. 2268 at 5. While federal law retains the 180-day requirement, even the Department of Justice has conceded that this distinction is not rational in light of modern technology trends. Furthermore, the Sixth Circuit held in United States v. Warshak that a warrantless government authority may not constitutionally compel an Internet Service Provider to release its subscribers’ emails. United States v. Warshak, No. 06-00111 (6th Cir. Dec. 14, 2010) Opinion hosted by Eff.org. However, other circuits have yet to follow suit. Commentators hope that steps taken at the state level, like H.B. 2268 and similar legislation being considered in California (SB-467), will prompt Congress to reconsider the outdated policies of the ECPA.
Although the enactment of H.B. 2268 would provide citizens of Texas with significantly more electronic privacy, Bloomberg BNA reports that the Texas Electronic Privacy Coalition was “disappoint[ed]” with “the lack of progress related to other privacy measures.” The Coalition had backed another proposal, H.B. 1608, which would have required authorities to obtain a warrant before tapping into locational data stored with service providers to track their subscribers. Despite the Coalition’s efforts, this bill has not yet been voted on.
After the recent privacy scandal at the National Security Agency, the federal government is under pressure to justify its encroachment on the privacy of U.S. citizens. Increased electronic privacy protection at the state level stands a greater chance of influencing Congress to adopt similar measures.