From the about-damned-time department:
TechCrunch recently reported that a long-needed update to the Electronic Communications Privacy Act (ECPA) has passed the House of Representatives, a good sign that the bill may actually be signed into law this year.
Unfortunately, the roadblock to passing this bill in 2016 was that the Senate wanted to water down the bill, crippling the gain in privacy that is the whole reason why the bill exists. It is only common sense, in the era of providers like Gmail offering quotas that are effectively infinite thus allowing people to keep everything, that email is just as protected from warrantless searches as any other personal electronic data.
I can’t think of a good reason why emails over 180 days old should be legally obtainable with just a subpoena instead of an actual warrant. This is one reason I have not kept emails on other servers for anything approaching the 180 days in the ECPA. (Interestingly, the other big reason is space: I currently only have emails going back to 2016 November 22 and later, and I’m at 76% quota used. As much as I get right now, I could not keep 180 days’ worth of email on the server I’m using if I wanted to.)
The ECPA is now over three decades old. Its effective date of 1986 October 21 predates widespread public access to the Internet by almost a full decade. The laws which amended it did nothing to amend the 180 day subpoena rule, which is ass-backwards and patently devoid of sense. Even if it did make sense in late 1986, the world has changed a lot in the three decades since. For example: in 1986 UUCP and FidoNet were the predominant forms of exchanging email (unless one was emailing someone on the same BBS that one was dialed into), and today, both are extinct for practical purposes with the impending death of analog telephone lines (though FidoNet still technically exists, most of its traffic now goes across the Internet). The sooner we can get a law that is tuned to the reality of living in 2017 with a connection to the Internet, the better.