from the yikes dept
Even a long-term law enforcement guy, James Trainum, is worried about the impact of such a law:
The amendment would allow the government to bypass the warrant requirement in times of claimed emergency. Specifically, it would mandate that providers turn over sought-after data in response to a claimed emergency from federal, state, or local law enforcement officials. Under current law, companies are permitted, but not required, to comply with such emergency — and warrantless — requests for data.
There are two huge problems with this proposal. First, it appears to be responding to a problem that doesn’t exist. Companies already have discretion to make emergency disclosures to governmental officials, and proponents of the legislation have failed to identify a single instance in which providers failed to disclose sought-after information in response to an actual, life-threatening emergency. To the contrary, the data suggest that providers do in fact regularly cooperate in response to emergency requests. (See the discussion here.)
Second, and of particular concern, the emergency disclosure mandate operates with no judicial backstop. None. Whatsoever. This is in direct contrast with the provisions in both the Wiretap Act and Foreign Intelligence Surveillance Act (FISA) that require companies to comply with emergency disclosure orders, but then also require subsequent post-hoc review by a court.
As we've discussed, back in April the House voted unanimously to fix ECPA. And while the Senate has dragged its feet until now, it's disappointing to see Senators like Sessions and Cornyn now try to attach dangerous amendments to ECPA reform that basically destroy whatever good that is in there. Both of those Senators should be ashamed -- and their colleagues should reject these proposals.
In my 27 year career in law enforcement, the majority of which I spent as a homicide detective with the Metropolitan Police Department of Washington, D.C., I sought and obtained communication records in the majority of my investigations. I encountered no problems obtaining these records under the current law and in the rare, truly emergency situation, the law posed no undue burden. I have found that complying with the requirements to obtain records in a non-emergency situation actually helped me build stronger cases because, by following the rules, the evidence was unassailable in court. Unfortunately, too many of my colleagues, for whatever reason, would try to take the shortcuts that the new law would encourage.
Changing the emergency exception law is unnecessary. The law permits providers to disclose private communications to the government whenever they have a good-faith belief that such disclosure is required to respond to an emergency. Furthermore, emergency exceptions are quite uncommon. For example, in 2014 Google received only 342 emergency requests, compared to 20,280 subpoenas and search warrants, and information was provided in response to the vast majority of those emergency requests. If a provider finds a problem with the request, law enforcement can always revise it to address concerns.