Tip:
Highlight text to annotate it
X
JERROLD NADLER: I now recognize Mr. Salgano.
RICHARD SALGANO: Thank you, Chairman Nadler, Ranking
Member Sensenbrenner, and members of the subcommittee.
As Google's senior counsel for law enforcement and
information security, I oversee Google's response to
government requests for user information under many
authorities, including the Electronic Communications
Privacy Act of 1986.
I've also worked with ECPA extensively from a law
enforcement perspective as a senior counsel in the criminal
division in the Department of Justice.
ECPA was a forward looking statute for 1986.
And much of it remains relevant today.
But over my many years of experience in implementing, in
trying to interpret, and frankly, often wrestling with
the statute, I've seen large gaps grow between the
technological assumptions of that earlier era and the
reality of how electronic communication works today.
As a result of those gaps, providers, users, law
enforcement agents, investigators, and
prosecutors, as well as judges, often face complex and
baffling rules that are difficult to explain, and
challenging to apply.
Even more significant, however, in important
respects, ECPA now fails to provide the privacy protection
that people reasonably expect.
And that's why Google helped found and strongly supports
the Digital Due Process Coalition.
The coalition, which many of you may have heard of, is a
broad coalition.
It includes telecommunications companies like AT&T. We have
internet companies, many of whom are represented on the
panel today, and other organizations, including
Americans for Tax Reform, and the ACLU, among many other
members that I haven't mentioned.
The coalition has proposed a set of common sense principles
for updating ECPA.
The reforms seek to preserve the structure of the statute
and certainly the tools needed by law enforcement to perform
their important functions, but are intended to ensure that
the protections afforded to data stored in the cloud are
no less than those extended to data stored in the home or in
the office.
Cloud computing is a new term, as has been noted.
But most of us use cloud services every day, even if
the label isn't particularly familiar to us.
When you use the web to send an email, to edit a document,
or to manipulate a calendar-- as Professor Feldman has
reflected to us--
you're actually using cloud computing services.
The services now are very robust and very feature rich.
In fact, many companies are moving their entire IT
infrastructure into the internet based cloud, and
getting the functionality through service providers.
Shifting all of these computing tasks from our
desktops to cloud providers offers tremendous social
benefits, tremendous economic benefits,
and security benefits.
Today's technology bears little resemblance to the
mainframe computers of the 1980s.
Back then, remote computing and storage were rare luxuries
for companies, usually used for bulk processing, like
payroll services or data backup.
ECPA has not kept pace with the rapid technological
advances that we've enjoyed in the last few years.
And as a result, the problems are becoming obvious.
One example that has been alluded to already, under
ECPA, the government must obtain a warrant to get the
content of an email that is no older than six months.
But for older messages, the government can
simply issue a subpoena--
obviously without a judge's approval--
to compel the production of the email's
content from a provider.
Under the Department of Justice's interpretation of
ECPA-- which has been rejected by the ninth circuit--
opened email, regardless of the age, can be obtained using
that lower subpoena standard.
Distinguishing the privacy protections of the email based
on age and by access of the user makes no sense today.
In 1986, perhaps it did.
Remote storage was so expensive that users rarely
stored messages for very long.
They either downloaded or deleted the messages soon
after receiving them.
Today, people often keep messages and mail for
indefinite periods of time, possibly forever.
With Gmail--
which is Google's free email service--
Google offers enough free storage that space constraints
are not a reason ever to delete an old mail.
Many of our users have messages going back to when
Gmail was launched over six years ago.
Gmail accounts have essentially become the filing
cabinets of today.
The example reveals how parts of ECPA need to be updated for
the 21st century.
The Digital Due Process proposal would go far towards
achieving that goal.
Advances in technology depend not just on smart engineers,
but also on smart laws that will not stand in the way of
continued innovation and adoption of technology.
I thank the subcommittee for giving me attention to this
issue, and urge you to help bring ECPA into
the internet age.
Thank you.