[Congressional Record Volume 151, Number 54 (Thursday, April 28, 2005)]
[Senate]
[Page S4553]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. LEAHY (for himself and Mr. Sununu):
  S. 936. A bill to ensure privacy for e-mail communications; to the 
Committee on the Judiciary.
  Mr. LEAHY. Mr. President, I introduce today the Leahy-Sununu E-mail 
Privacy Act to ensure that last year's decision by the First Circuit 
Court of Appeals in a case called United States v. Councilman does not 
undermine the online privacy that Americans expect and cherish. Senator 
Sununu has been a leader on privacy issues, and I appreciate and 
welcome his support.
  In a strained reading of the Electronic Communications Privacy Act 
(ECPA), the majority in this case effectively concluded that it was 
permissible for an Internet Service Provider to systematically 
intercept, copy and read its customers' incoming e-mails for corporate 
gain. This outcome is an unacceptable privacy intrusion that is 
inconsistent with Congressional intent and the commonly-held 
understanding of the protections provided by ECPA, and requires swift 
Congressional response. I offer the E-mail Privacy Act as a simple, 
straightforward way to prevent the erosion of the privacy protection 
Congress granted to e-mail and ensure that this outcome is not 
repeated.
  In 1986 Congress passed ECPA to update the Wiretap Act so that 
Americans could enjoy the same amount of privacy in their online 
communications as they do in the offline world. ECPA was a careful, 
bipartisan and long-planned effort to protect electronic communications 
in two forms--from real-time monitoring or interception as they were 
being delivered, and from searches when they were stored in record 
systems. We recognized these as different functions and set rules for 
each based on the relevant privacy expectations and threats to privacy 
implicated by the different forms of surveillance.
  The Councilman decision upset this careful distinction. Functionally, 
the ISP was intercepting e-mails as they were being delivered, yet the 
majority concluded that the relevant rules were those pertaining to 
stored communications, which exempt ISPs. Specifically, the majority 
rejected the argument put forth by the Justice Department that an 
intercept occurs--and the Wiretap Act--applies when an e-mail is 
acquired contemporaneously with its transmission, regardless of whether 
the transmission may be in electronic storage for a nanosecond at the 
time of acquisition. This majority's conclusion fails to consider the 
nature of electronic communications systems and belies the reality that 
such searches are functionally an interception.
  The implications of this decision are broad. While many ISPs are 
responsible online citizens, this does not change the fact that this 
decision essentially licenses ISPs to snoop. Even more worrisome is 
that this decision creates the opportunity for the type of Big Brother 
invasions that understandably make Americans cringe. For practical 
reasons, law enforcement often installs surveillance devices at these 
nanosecond storage points, but before doing so, they have obtained the 
appropriate legal permission to intercept e-mails--a Title III order. 
Under the majority's interpretation in the Councilman decision, law 
enforcement would no longer need to obtain a Title III order to conduct 
such searches, but rather could follow the less rigorous procedures for 
stored communications. For example, under the rules for stored 
communication, if law enforcement were to get the consent of a 
university-operated ISP, such searches could be performed without the 
knowledge of users. This is Carnivore unleashed if you will, and is 
simply not the outcome that Congress intended or the American people 
expect. Searches that occur in nanosecond storage points during the 
transmission process are in their function ``interceptions'' and should 
be treated as such and subject to the wiretap laws.
  The E-mail Privacy Act is a simple approach to prevent the erosion of 
privacy protections and clarifies that the wiretap laws apply to e-mail 
interceptions like those at issue in the Councilman case. In essence, 
the Act would amend ECPA to clarify that the definition of intercept is 
not a narrow, rigid concept, but is broad enough to include actions 
that are functionally equivalent to an interception. Importantly, these 
careful and slight changes would simply restore the status quo prior to 
the Councilman decision without disturbing other areas of ECPA and 
without raising controversial concerns that may be difficult to resolve 
in the few remaining days of this term.
  This is an important issue to the American people, and fortunately 
the E-mail Privacy Act provides a straightforward approach that we can 
all get behind. Again, I thank Senator Sununu for his support on this 
important legislation. I am sure he would join me in urging our 
colleagues to make e-mail privacy a top priority and support the E-mail 
Privacy Act.
  I ask unanimous consent that the text of the bill be printed in the 
Record.
  There being no objection, the bill was ordered to be printed in the 
Record, as follows:

                                 S. 936

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``E-Mail Privacy Act of 
     2005''.

     SEC. 2. CLARIFICATION OF THE DEFINITION OF INTERCEPT.

       Section 2510(4) of title 18, United States Code, is amended 
     by striking ``through the use of any electronic, mechanical, 
     or other device.'' and inserting ``contemporaneous with 
     transit, or on an ongoing basis during transit, through the 
     use of any electronic, mechanical, or other device or 
     process, notwithstanding that the communication may 
     simultaneously be in electronic storage;''.
                                 ______