We've been talking about and asking for ECPA reform for many, many years, and it might finally be moving forward. ECPA is the Electronic Communications Privacy Act, which details how the government can get access to your electronic communications. The law was written in the early 1980s, and as you've probably noticed, we live in a very different world these days as it pertains to electronic communications. One key example: the law says that messages left on a server for more than 180 days are considered abandoned and can be searched without a warrant. That may have made some sense (though, not really) in a client-server era, where everyone downloaded their messages leading to them being deleted from a server, but it makes no sense at all in an era of cloud computing.
The main foes against updating ECPA have been government agencies that have investigatory powers, but not the ability to get a warrant -- mainly the SEC and the IRS, with the SEC being the real stumbling block. The SEC really liked the fact that it could snoop through emails without a warrant. So, even with massive support in Congress, ECPA reform never went anywhere.
So it was a bit surprising to folks this week to see Rep. Bob Goodlatte announce that the Judiciary Committee will now markup the ECPA reform bill, meaning that the bill is moving forward again. It's not entirely clear why it's happening now, but at the very least, it sounds like the SEC's constant protests may no longer be an obstacle. Hopefully it does move forward, and whatever results from the process leads to much stronger privacy protections on electronic communications, such as actually requiring a warrant, like the 4th Amendment says should happen.
from the updated-for-government-needs-and-wants dept
The SEC (Securities and Exchange Commission) has been fighting much-needed updates to the ECPA (Electronic Communications Privacy Act) for a few years now, claiming that treating old email like new email would somehow strip it of its power to investigate and punish wrongdoing. For no discernible reason, legislators decided to treat electronic mail like physical mail, designating unopened emails over six months old "abandoned" and accessible by almost anyone using nothing more than a subpoena.
Moving the law towards logic would insert a warrant requirement for old emails, bringing them under the same protection as emails less than 180 days old. But it's not just the SEC that's resistant to changing the law. It's also local law enforcement and the DOJ itself, both of which have greater powers than the SEC when it comes to accessing electronic communications.
The most recent hearing featured testimony from the SEC, DOJ and, for no discernible reason, the Tennessee Bureau of Investigation. The consensus is that the law should be updated, but not that part of it (SEC) and only if it makes it easier for law enforcement to obtain more stuff without warrants (DOJ, TBI).
The SEC's argument against the introduction of a warrant requirement is that it would prevent the agency from obtaining other user data from ISPs using only a subpoena, glossing over the fact that it likes having warrantless access to tons of email.
When we conduct an investigation, we generally will seek emails and other electronic communications from the key actors via an administrative subpoena – a statutorily authorized mechanism for gathering documents and other evidence in our investigations. In certain instances, the person whose emails are sought will respond to our request. But in other instances, the subpoena recipient may have erased emails, tendered only some emails, asserted damaged hardware, or refused to respond – unsurprisingly, individuals who violate the law are often reluctant to produce to the government evidence of their own misconduct. In still other instances, email account holders cannot be subpoenaed because they are beyond our jurisdiction.
It is at this point in an investigation that we may in some instances, when other mechanisms for obtaining the evidence are unlikely to be successful, need to seek information from the internet service provider (ISP). H.R. 699 would require government entities to procure a criminal warrant when they seek the content of emails and other electronic communications from ISPs. Because the SEC and other civil law enforcement agencies cannot obtain criminal warrants, we would effectively not be able to gather evidence, including communications such as emails, directly from an ISP, regardless of the circumstances.
As is (sort of) admitted in the SEC's testimony, the current law provides more protection for physical documents than electronic ones. However, SEC Director Andrew Ceresney spins this as an argument against modifying the ECPA.
Some have asserted that providing civil law enforcement with an ability to obtain electronic communications from ISPs in limited circumstances would mean electronic documents enjoy less protection than paper documents. That is not accurate. Indeed, as currently drafted, H.R. 699 would create an unprecedented digital shelter – unavailable for paper materials – that would enable wrongdoers to conceal an entire category of evidence from the SEC and civil law enforcement.
The DOJ and Tennessee Bureau of Investigation also express alarm at the proposed rollback of subpoena powers, but they use the kidnapping of children, rather than financial misconduct, as their starting points.
While the DOJ admits the 180-day cutoff period makes very little sense, it suggests no fixes along those lines. Instead, it suggests warrant exceptions for Pen Register statutes (information about communications) be aligned with those in the Wiretap Act (the communications themselves) so DOJ agencies can acquire the data along with the communications when operating a wiretap. It makes a certain amount of sense, but it's actually just the DOJ asking for the less-stringent set of exceptions (tied to the Wiretap Act, believe it or not) to be applied across the board.
It also asks for legislators to better define what can be accessed with certain orders to eliminate "inconsistency" in judge behavior.
The Fifth Circuit has interpreted this provision to require a court to issue a 2703(d) order when the government makes the “specific and articulable facts” showing specified by § 2703(d). See In re Application of the United States, 724 F.3d 600 (5th Cir. 2013). However, the Third Circuit has held that because the statute says that a § 2703(d) order “may” be issued if the government makes the necessary showing, judges may choose not to sign an application even if it provides the statutory showing. See In re Application of the United States, 620 F.3d 304 (3d Cir. 2010). The Third Circuit’s approach makes the issuance of § 2703(d) orders unpredictable and potentially inconsistent; some judges may impose additional requirements, while others may not.
(Hey, judicial inconsistency isn't much fun for defendants, either.)
Once again, the DOJ is looking for a less-stringent standard to be applied, rather than truly looking to bring this law into the 21st century. Its plea for "technologically-neutral" handling of communications data is similarly focused on applying a lower standard to the acquisition of communications, no matter their source.
The Tennessee Bureau of Investigation, on the other hand, argues that an updated ECPA would put too much power in the hands of ISPs and other entities responsive to law enforcement warrants and subpoenas.
H.R. 699 goes far beyond the commonly stated goal of modernizing ECPA by requiring a search warrant for all stored content. In fact, it creates protections for a wider range of stored electronic evidence that could pose a greater hindrance to law enforcement than protections afforded evidence stored on a computer inside a house or office. Searches in response to ECPA process are performed by service providers, not by law enforcement officers, and H.R. 699 extends the notice provisions previously necessary only with lesser levels of process like subpoenas along with the probable cause standard. The end result is that law enforcement has to get a search warrant to access more evidence, and must bear the added burden of notice requirements that were previously limited to lesser process, without the benefit of controlling the execution of the warrant.
Apparently, any increase in difficulty -- no matter its relation to the Fourth Amendment -- is unacceptable.
Because H.R. 699 in its current form imposes burdens that will make our job harder without offering any relief in other areas, we urge the committee not to pass H.R. 699 without amending the bill to reflect greater sensitivity to the concerns of the state and local law enforcement community. When we have to get a warrant, it should mean something; right now, H.R. 699 turns the compulsory process of a search warrant into a subpoena with a higher proof requirement.
The Bureau's Richard Littlehale further lays out his argument for lowered requirements by claiming entities being served with legal paperwork have been less than helpful in the past.
In many instances, we are unable to utilize evidence that would be of enormous value in protecting the public because the technologies used to carry and store that information are not accessible to us, no matter what legal process we obtain. That may be because of technological problems, but just as frequently it is because of non-technical barriers to access. The companies that retain these records are often unable or unwilling to respond to law enforcement’s lawful demands in a timely manner, and there are few consequences for an incomplete or inaccurate response. The primary emergency disclosure provision in the section of ECPA that we use to obtain stored content is voluntary for the providers, not mandatory, and even where emergency access is granted to law enforcement, in some instances, there is insufficient service provider compliance staff to process legitimate emergency requests quickly.
Littlehale's argument appears to be a paraphrasing of Pat Paulsen's satirical campaign slogan: if we (law enforcement) have to up our standards, up theirs! He apparently feels ISPs, etc. don't face enough legal penalties for not immediately handing over everything law enforcement demands, whether they have the capability to do so or not. Littlehale wants warrant service under a modified ECPA to more closely resemble warrant service at a residence: where cops announce their presence after they've entered and destroyed everything they touch in search of evidence. He can't handle the fact that private entities maintain control of digital communications sought and that his agency (and others) must approach them (rather than drive up on their lawns and shoot grenades through their windows) with the proper paperwork and wait until responsive information is gathered and turned over.
Much like the DOJ and the SEC, Littlehale doesn't want an updated law. He wants a law rewritten to treat digital communications like physical communications, bringing the barrier to access and the expectation of privacy down to the lowest level possible. That's what is really being discussed here. Not a rewrite of an outdated law to reflect the reality of modern communications, but ways to make an already law enforcement-friendly law even friendlier.
from the 'pretty-sure-we're-above-the-law,-judge' dept
Congress is once again declaring its willingness to hold everyone in the nation accountable for their actions, present party excepted.
Back in 2011, it was revealed that members of Congress were participating in insider trading. Spending a great deal of time conversing with lobbyists tends to result in the discussion of information that has yet to be made public. Legislators, being the opportunists they are, chose to buy and sell stock based on this insider info. Lobbyists -- also opportunists -- sometimes did the same thing. And it was all perfectly legal... at least for Congress.
This revelation did nothing to increase the public's goodwill towards its so-called "representatives." With its approval percentage (15%) sliding below that of Bernie Madoff's personal loan applications, Congress swiftly acted to close this loophole in the law.
Two years later, with everyone safely re-elected, Congress quietly excised the disclosure requirement in the new law, making it virtually impossible to verify whether or not it was actually playing by the rules it had made for itself. Predictably, it called the disclosure of such information a "national security risk."
Meanwhile, the SEC opened an investigation into Congressional insider trading related to health insurance companies. Congress refused to answer subpoenas or provide documents to the Commission. When ordered to by a federal judge, the House Ways and Means Committee gently explained that it could do whatever the fuck it wanted to.
The U.S. House Ways and Means Committee and a top staff member say the panel and its employees are "absolutely immune" from having to comply with subpoenas from a federal regulator in an insider-trading probe.
On November 13, U.S. District Judge Paul Gardephe agreed with most of the SEC’s claims and ordered Congress to comply with the subpoena within 10 days. “Members of Congress and congressional employees are not exempt from the insider trading prohibitions arising under the securities laws,” he wrote. Gardephe reminded the attorneys that “Congress barred such claims of immunity when it adopted” the STOCK Act.
Congress' top lawyer fought back, claiming certain, very specific words were missing from the STOCK Act and that legislators' immunity was still intact.
Kerry W. Kircher, the House general counsel, requested more time. Then, shortly before Thanksgiving, on November 25, he filed a motion to appeal the subpoena to the 2nd Circuit. Kircher argued that the STOCK Act did not explicitly authorize the SEC to issue subpoenas to Congress, even to investigate insider trading.
This may not result in the investigation being scuttled or the lawsuit being tossed, but it does buy Congress more time to figure out its next accountability-dodging move. Meanwhile, Congress members are doing what they can to ensure the battle the SEC is waging to at least hold them as accountable as their own STOCK Act promised they would, will be long, expensive and hopefully, ultimately fruitless. These efforts are also shady as hell.
Away from the spotlight, however, congressional leaders continue to fight enforcement and to shore up the target of the SEC inquiry. Rep. Pat Tiberi, R-Ohio, and Rep. Diane Black, R-Tenn., two lawmakers who served on the same committee as Sutter, have used PAC money to donate to the legal defense fund set up to defend him.
Campaign funding -- itself a toxic wasteland where morality and ideals go to die -- is being rerouted to keep Bruce Sutter, a former Ways and Means Committee member who allegedly passed on non-public Medicare reimbursement information to a lobbyist for law firm Greenberg Taurig. Not only will Congress members let nothing stand in the way of personally profiting from their time in office, they'll also apparently ensure those who previously got away with it will continue to elude being held accountable.
The Los Angeles school district's headfirst leap into technological waters has turned into the ultimate cautionary tale. Rather than ensure everything was up to spec, the district chose to distribute 90,000 iPads bundled with Pearson software and hand them over to its students… who cracked the minimal built-in protections within a week and turned the devices into something they wanted to use, rather than something they had to use.
Why the full-on dive? Well, it appears at least part of it may have been motivated by low-level corruption -- the sort of thing you'd expect to be present in a $500 million project, one that ballooned to $1.3 billion, even as most students went without new iPads or laptops. (Only 91,000 of the 650,000 iPads had been purchased by the point the program was shut down.)
The federal Securities and Exchange Commission recently opened an informal inquiry into whether Los Angeles school officials complied with legal guidelines in the use of bond funds for the now-abandoned $1.3-billion iPads-for-all project.
In particular, the agency was concerned with whether the L.A. Unified School District properly disclosed to investors and others how the bonds would be used, according to documents provided to The Times.
Now that the program is effectively dead and under intense scrutiny, the ineptness of the district's rollout is under discussion. The district is claiming this debacle really isn't its fault.
The Los Angeles Unified School District is seeking to recoup millions of dollars from technology giant Apple over a problem-plagued curriculum that was provided with iPads intended to be given to every student, teacher and administrator.
Apple may be in the headline and leading paragraph, but district officials seem more irritated with software provider Pearson. Under the terms of the agreement, Pearson was allowed to half-ass its way through the first year, providing only "partial curriculum." It was expected to be at least as prepared as the students by the beginning of the following school year. It wasn't, despite receiving $200 per iPad in licensing fees.
“Only two schools of 69 in the Instructional Technology Initiative ... use Pearson regularly,” according to an internal March report from project director Bernadette Lucas. “Any given class typically experiences one problem or more daily. Teachers report that the students enjoy the interactive content — when it’s available. When it’s not, teachers and students try to roll with the interruptions to teaching and learning as best they can.”
The remaining schools, she said, with more than 35,000 students, “have given up on attempting regular use of the app.”
Pearson, despite having received millions of dollars (and possibly some preferential treatment during the bidding process), is flunking. It hasn't created bilingual versions of its software -- something of a necessity in Los Angeles. The analytic software it promised to the district (as part of the justification for the software premiums) has yet to arrive. It hasn't even provided online versions of periodic achievement tests.
How much Apple and other device makers are really at fault is up for debate. As the device makers, they only needed to provide a device and operating system. The rest seems to be on Pearson, which at this point, should really be doing better at providing functional educational software. The LA school district may have erred in its decision to roll this out before ensuring everything worked properly, but the future's not just going to sit around waiting for giants like Pearson to get their end of the equation in order. The field is ripe for disruption. Or, it would be... if entrenched interests (government entities) weren't so set on bedding down with equally entrenched interests (textbook publishers).
But what comes across here is something more than just ensuring government contractors live up to the terms of their agreements. Above the better-late-than-never attempt at fiscal responsibility (always save your receipts!), you can hear the faint whinging noise of the district arguing that it shouldn't be responsible for its own botched rollout, financial impropriety or inability to respond to problems with more agility. As much as I'd like to bash Pearson (and I really, really would), there's definitely a hint of buck-passing in the air.
The district could have handled this better, but there was just too much money at stake. Hundreds of millions of dollars in expeditures can't guarantee working tech, but it goes a long way towards ensuring a certain level of mismanagement. Large contracts tend to bring out the worst in people. Not only will there almost always be some level of impropriety, but there will also be a compulsion to do everything fast and hard so the public can see where its money's being spent. Doing something, even if it's clumsy and questionable, is almost always preferable to doing it the right way. The LA school district wanted to win the race to the future, but only managed to knock over every hurdle before collapsing several hundred iPads short of the finish line. And now it wants the same companies it allegedly allowed to seduce it into handing over more that $500 million to give some of it back.
For many years now, we've been writing about the need for ECPA reform. ECPA is the Electronic Communications Privacy Act, written in the mid-1980s, which has some frankly bizarre definitions and rules concerning the privacy of electronic information. There are a lot of weird ones but the one we talk about most is that ECPA defines electronic communications that have been on a server for 180 days or more as "abandoned," allowing them to be examined without a warrant and without probable cause as required under the 4th Amendment. That may have made sense in the 1980s when electronic communications tended to be downloaded to local machines (and deleted), but make little sense in an era of cloud computing when the majority of people store their email forever on servers. For the past few years, Congress has proposed reforming ECPA to require an actual warrant for such emails, and there's tremendous Congressional support for this.
And yet... it never seems to pass. The story that we keep hearing is that two government agencies in particular really like ECPA's outdated system: the IRS and the SEC. Since both only have administrative subpoena power, and not the ability to issue warrants like law enforcement, the lower standards of ECPA make it much easier for them to snoop through your emails without having to show probable cause. Last year, in a Congressional hearing, the SEC's boss, Mary Jo White, was questioned about this by Congressman Kevin Yoder, who has been leading the charge on ECPA reform. As we reported at the time, in the conversation, White clearly said that the SEC needed this ability or it would lose "critical" information in its investigations. You can see the conversation from 2014 below, where White (starting around 2:30) explains how vital this process is to the SEC:
Here's the key line:
"What concerns me, as the head of a... law enforcement agency, is that we not put out of reach of lawful process... what is often, sometimes the only, but critical evidence of a serious securities fraud.... And we use that authority quite judiciously, but it's extremely important to law enforcement."
What struck us as interesting last year was White admitting that the SEC appeared to regularly use this process, since she noted that it was "extremely important" and provided "critical evidence."
Fast forward to this week, and the same two players were involved in yet another Congressional hearing. You can
see that conversation here as well, with the critical point being made after about four and a half minutes, where White says some of the same stuff, about the privacy protections, and how even if the SEC used this process it still notifies the subscribers to give them a due process right to protest the subpoena... but also, oddly, seems to claim that the SEC never actually makes use of this process:
Here's the key line this time (the full response is a jumble of half sentences and unfinished thoughts, so it's a bit of a mess):
"While these discussions have been going on, to try to sufficiently balance the privacy and the law enforcement interests, we've not to date to my knowledge proceeded to subpoena the ISPs. But that, I think, is critical authority to be able to maintain -- done in the right way and with sufficient solicitousness and it's very important to the privacy interests which I do think can be balanced.
As I said, if you watch her entire response, it's a complete mess of half-finished thoughts, which seems rather typical of someone trying to sound like they're answering a question but not actually doing so. Later in the same answer, she insists that taking away this authority might take away an important tool.
So, we know that the SEC really wants to keep this tool. But last year it said it was "extremely important" and provided "critical evidence." This year, she's saying that the SEC isn't even using the tool. So, uh, which is it? Is this tool absolutely necessary for critical evidence, or is it not even being used by the SEC?
And, through all of this, the SEC still has not answered the most basic question: why can't it treat email the same way it has to treat paper documents under the 4th Amendment? That is, if it wants the document it can subpoena the end user for those documents. It does not get to route around the end user and subpoena a third party for those documents. So why can't it treat email in the same way?
from the the-last-time-we-reformed-our-privacy-laws... dept
For many, many years, we've been talking about the need for ECPA reform. ECPA -- the Electronic Communications Privacy Act -- is an incredibly outdated piece of legislation from the 1980s that governs law enforcement's ability to access email and other electronic communications. This was the era before the internet was anywhere close to the mainstream (though it did exist). Among the various weird parts of the law, it says that any communication that is over 180 days old and still on a server is considered "abandoned" so that the government can access it without a warrant. Think about that in this era when you keep all your communications online. It was written when lawmakers thought people would "download" the messages off a server. That's just the most noteworthy problem -- there are all sorts of different definitions based on messages that have been opened or not opened and other oddities as well, almost none of which make sense.
Last year we noted that more than half of the House was co-sponsoring a bill put forth by Reps. Kevin Yoder and Jared Polis to reform ECPA in a big way. But even with so many supporting the law, it failed to move. A big hurdle? Both the IRS and SEC (note: not your standard law enforcement agencies) like the fact that they can use ECPA to snoop through electronic communications (without a warrant -- which those agencies can't get on their own anyway).
Yoder and Polis are back again with another attempt, and it's matched by a similar legislation in the Senate from Senators Patrick Leahy and Mike Lee. To get attention for the bill, Yoder, Polis and some other supporters took to Twitter in a bit of a meme fest, highlighting some historical facts to demonstrate just how long it's been since ECPA became law. It's worth scrolling through them all (though, there are a lot), because some are pretty funny:
At this point, it's a complete travesty that such a bill hasn't become law. People have explained the need for it for well over a decade, and more than half of Congress was signed on to co-sponsor it in the last Congressional term. Already this new bill has 228 additional co-sponsors in the House and another 6 co-sponsors in the Senate. The IRS and SEC's objections are simply ridiculous. Having more convenient access to someone's emails is no excuse for not better protecting the privacy of our online communications.
Of course, this isn't the only effort going on to protect privacy. Reps. Zoe Lofgren, Ted Poe and Suzan DelBene have also introduced a bill to update ECPA. It's pretty clear that Congress knows that the law needs to be updated, and it's time to get past whatever objections there are and actually start protecting our privacy.
"I have a long record of support for open government and the FOIA process. I am concerned that provisions in this bill will have the unintended consequence of harming our ability to enforce the many important federal laws that protect American consumers from financial fraud and other abuses," Rockefeller said in a statement Friday. "According to experts across the federal government, these provisions would make it harder for federal agency attorneys to prepare their cases, and they would potentially give defendants new ways to obstruct and delay investigations into their conduct. I hope there is a way to address these concerns and pass the bill."
The two agencies offering up the most resistance to the bill appear to be the FTC and the SEC, both of which apparently feel the law creates a playground for targets of its investigations.
[S]ources said the agencies' concerns are that the legislation would allow companies to pierce the attorney-client and attorney work-product privileges, potentially giving targets of enforcement actions a roadmap detailing what kind or level of misconduct will trigger action and what kind is likely to be ignored.
There also appears to be a law enforcement contingent pushing for death of this bill as well.
"The bill would statutorily require government law enforcement agencies to withhold documents from a FOIA request only if they first establish that 'the agency reasonably foresees that disclosure would harm an interest protected by' the exemption invoked," said a Rockefeller aide who asked not to be named. "Consequently, the bill could expose law enforcement agencies to needless litigation and drain their already limited resources in defending FOIA decisions that have long been invoked for legitimate law enforcement purposes."
Transparency advocates point out that privileged attorney-client communications will remain privileged even with the passage of the bill and that government agencies will still retain the power to redact information and withhold documents -- they'll just need to start providing better explanations for these actions. As for the concerns about the new "forseeable harm" requirement? That requirement isn't even new.
"Agencies have been required to use this standard since 2009 when Attorney General Holder issued a memo requiring it. Agencies also used this same standard during President Clinton's term. It was only during President George W. Bush's term of secrecy that this standard was rolled back," [Patrice McDermott of OpenTheGovernment.org] wrote.
As it stands now, Rockefeller is standing alone among his fellow senators and representatives. Two unanimous votes -- one in the House and one in the Senate -- are being negated by a single Senator. Supporters of FOIA reform are urging people to contact his office and make it clear that Rockefeller alone shouldn't get to decide whether this bill lives or dies, especially considering its path to this point.
If, as the saying goes, justice is blind, the data would show little correlation between firms' political expenditures and their likelihood of being prosecuted. Instead, Correira found that "politically connected firms are on average less likely to be involved in an SEC enforcement action and face lower penalties if they are prosecuted by the SEC." Specifically, Correira discovered that firms that increased their PAC contributions by $1 million over five years ended up halving their probability of being prosecuted.
Yes, correlation is not automatically causation, yada yada, but that doesn't mean there isn't a causal relationship here. I guess it's possible one could argue that a company that increases its PAC contributions is somehow less likely to be also engaged in financial shenanigans, but I'm not sure anyone would actually buy that.
There are some other bits of data that don't speak particularly kindly to the motives of SEC folks, such as that old revolving door:
Data from the Project on Government Oversight has documented that since 2001, more than 400 former SEC officials filed disclosure forms documenting their plans to represent firms before the SEC. Correira's report shows that this revolving door also influences financial prosecutions, as companies that employ lobbyists who once worked for the SEC "experience a larger reduction in the probability of enforcement and in penalties than those that do not."
Of course, it might not be entirely the SEC's fault. As Correira suggests, the SEC may be responding to basic incentives itself, in noting that investigations and prosecutions of politically "friendly" firms may create "political consequences for itself and its budget." Sirota more or less got a former SEC official to admit that this all goes into the thought process:
In an interview with IBTimes, former SEC counsel Scott Kimpel acknowledged that the agency does have to weigh how to best maximize its limited resources.
"At the end of the day, the SEC only has about 1,000 enforcement officials, so they can't possibly go after every single case of wrongdoing," he said.
As Sirota again notes at the end of his article, this issue is not just for the SEC, but for other federal agencies as well, including the DOJ, which more or less admitted that it wouldn't prosecute Wall Street firms connected to the 2008 financial mess, because it might have "a negative impact on the national economy."
It's not clear how you directly solve this issue, but it certainly does seem like a very real problem. Between the revolving door and the power of campaign contributions, it's been quite clear for a long time that the government is not the people's representatives any more (if they ever were).
"Laws are for other people." - Too many legislators to count
It's common knowledge that insider trading is illegal. In fact, we have an entire government agency in place to regulate trading and to investigate insider trading allegations. Executives have been sentenced to months (sometimes even years) in plush, well-appointed hellholes for participating in insider trading.
Members of Congress, however, were exempt from insider trading rules until 2012. An 2011 expose by 60 Minutes let millions of Americans know that members of Congress had plenty of access to market-changing information and were acting on it.
In a rare (ha!) show of self-preservation, a united House full of Congresspersons facing reelection battles passed the STOCK Act, which basically made Congress and its staffers play by the same trading rules as every other American.
In 2013, with Congressional members safely re-elected, the House decided to roll back its previous legislative effort in order to get back into the insider trading business. It tore out the stipulation demanding disclosure of trading activity -- the one thing citizens could use to verify adherence to the "no insider trading" rule -- stating that these disclosures were a "security risk." This sailed through with unanimous consent late on a Thursday afternoon (the end of the Congressional work week) and was signed by the President the following Monday.
The U.S. House Ways and Means Committee and a top staff member say the panel and its employees are "absolutely immune" from having to comply with subpoenas from a federal regulator in an insider-trading probe.
The committee yesterday responded to U.S. District Court Judge Paul Gardephe's order to explain why it hadn't complied with the U.S. Securities and Exchange Commission's requests for documents, phone records and testimony of aide Brian Sutter for more than a year.
The SEC is investigating a suspicious spike in health insurer trading volumes and prices ahead of a report that announced government payments to insurers would be increased, rather than decreased. This investigation claims that a Green Taureg LLC lobbyist sent the information to a Height Securities LLC analyst ahead of the official government announcement and that House Ways and Means staff director Brian Sutter may have been the originating source.
The Committee's legal rep has responded by claiming Congress is above the law or, if not above, very definitely adjacent to it, but certainly not within in and subject to federal subpoenas.
Kerry W. Kircher, the top lawyer for the House, said the SEC's request should be dismissed because the information it seeks concerns legislative activities protected by the Constitution, which can't be reviewed by federal judges.
Kircher also stated that his client does not and will not (EVER) have time for the SEC's "apply the insider trading rules to everyone" bullshit.
Sutter's connection to the investigation is "tangential" Kircher said, and would also interfere with his work because his schedule is "heavily, and nearly permanently, booked."
So, if anyone thought an SEC insider trading probe would bring more accountability to the House, those thoughts may now be dismissed to make room for more cynicism. There's a slim possibility the SEC may extract damning evidence, but it will have to fight its way through a House full of people with no conceivable reason to be compliant. Insider trading was a great Congressional job perk and its uncontested run helped pad the wallets of future lobbyists, board members and consultants. No one really wants to completely end it, but they'd certainly like people to stop talking about it.
For quite some time we've talked about the importance of ECPA reform. ECPA -- the Electronic Communications Privacy Act -- is woefully outdated. Passed in the 1980s, when the internet was just a small network that connected a few universities, it has allowed law enforcement and other government officials to snoop on your email based on some very outdated definitions and assumptions. As we've discussed in the past, one very obvious example, is the idea that, under the law, emails stored on a server for over 180 days are considered "abandoned" and that there's no need to get a warrant to view those emails. Of course, that was back when people expected old emails to be either deleted or downloaded. No one predicted "cloud" computing with virtually unlimited storage.
For years now, there's been a major effort at ECPA reform, to actually make sure that law enforcement needs a warrant to view your emails. It has had strong support in Congress for some time, but the main folks fighting against it are the SEC and the IRS, who like the fact that they can search through your emails without a warrant. In fact, the SEC seems to revel in its ability to do some very questionable things, in part thanks to ECPA.
Earlier this week, the main ECPA reform bill in the House, sponsored by Reps. Kevin Yoder and Jared Polis, hit a new milestone: it currently has 218 co-sponsors, meaning that more than half of the House now has their name on the bill. And yet, the bill is still stalled out, because House leadership has been scared off by the SEC and IRS. Hopefully, the House will finally move forward on this bill.
And while Yoder notes in that article that the NSA revelations have actually helped give this bill momentum, it's important to note that this is separate from the NSA reform issue. ECPA reform is unrelated to the NSA stuff, but covers what other government agencies can do with your email. Both are important issues, but it would be great to finally get basic ECPA reform through. This is a fight that's been going on for over a decade, and with more than half the House supporting it, how much longer can Congressional leadership ignore it?