Deputy Attorney General James M. Cole Speaks at the Justice Department Women’s History Month Observance Program:
Chairman Sensenbrenner, Ranking Member Scott, and Members of the Subcommittee, thank you for the opportunity to testify on behalf of the Department of Justice regarding the Electronic Communications Privacy Act (ECPA).
This topic is particularly important to the Department because of the wide-ranging impact the statute has on public safety and both criminal and civil law enforcement operations. We are pleased to engage with the Subcommittee in discussions about how ECPA is used and how it might be updated and improved.
ECPA includes the Pen Register Statute and the Stored Communications Act (SCA), as well as amendments to the Wiretap Act. These statutes are part of a set of laws that control the collection and disclosure of both content and non-content information related to electronic communications, as well as content that has been stored remotely. Although originally enacted in 1986, ECPA has been updated several times since, with significant revisions occurring in both 1994 and 2001.
I intend to focus the majority of my testimony on the SCA, which contains three primary components that regulate the disclosure of certain communications and related data. First, section 2701 of Title 18 prohibits unlawful access to certain stored communications: anyone who obtains, alters, or prevents authorized access to those communications is subject to criminal penalties. Second, section 2702 of Title 18 regulates voluntary disclosure by service providers of customer communications and records, both to government and non-governmental entities. Third, section 2703 of Title 18 regulates the government’s ability to compel disclosure of both stored content and non-content information from a service provider; it creates a set of rules that all governmental entities must follow in order to compel disclosure of stored communications and other records.
Since its inception, the SCA has served multiple purposes. It provides the rules governing how providers of communications services disclose stored information—including contents of communications, such as the body of an email, and non-content information—to a wide variety of government entities. in doing so, it imposes requirements on the government and providers to ensure that the privacy of individuals is protected.
The statute thus seeks to ensure public safety and other law enforcement imperatives, while at the same time ensuring individual privacy. It is important that efforts to amend the SCA remain focused on maintaining both of these goals.