California governor vetoes state email privacy bill
by Kate Tummarello, The Hill
California Gov. Jerry Brown vetoed a state online privacy bill that would have protected residents’ electronic communications accounts from warrantless access by law enforcement agencies.
The bill would require law enforcement agencies to obtain a warrant before accessing electronic communications. They would have to notify a user within three days of accessing that user’s electronic communications.
Under current federal law, the Electronic Communications Privacy Act (ECPA), law enforcement agencies do not need warrants to require electronic communication companies to turn over their users’ communications if they have been electronically stored for more than 180 days.
If law enforcement agencies do obtain a warrant, they do not have to notify the user. If they have subpoenas or court orders — which have a lower burden of proof than warrants — they are required to inform the user.
Led by Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.), Congress is considering ECPA reform but has yet to pass legislation updating the 27-year-old law.
These expanded notice requirements in the California bill “go beyond those required by federal law and could impede ongoing criminal investigations,” Brown wrote in his veto statement. “I do not think that is wise.”
Brown’s concerns are “overblown,” according to Hanni Fakhoury, staff attorney at the Electronic Frontier Foundation (EFF), which supported the bill.
The EFF wrote to Brown last month, encouraging him to sign the bill into law. The bill is “a sensible [one] that updates the state’s electronic privacy laws to the realities of the 21st century,” the group wrote.
Fakhoury said privacy advocates have been optimistic that states will pass privacy-enhancing legislation where the federal government has tried to and failed, especially now that Congress is mired in the shutdown and debt-ceiling debates. “Our hope has been to get states to jump in and fill the voids,” he said.