By: Aaron Hsieh

I. Introduction

The Digital Revolution, also referred to as the Third Industrial Revolution, is a period during the latter half of the 20th century characterized by sweeping changes brought about by new digital computing and communication technology.[1]  At the core of the Digital Revolution was the mass production and widespread use of digital technology, including the computer, cellular phone, and most importantly, the Internet.[2]

Before the Digital Revolution, individuals stored their private documents in file cabinets and storage bins.[3]  As the use of computers became more widespread, individuals began storing their documents on local computers.[4]  In both instances, absent exigent circumstances, the U.S. government had to apply for a warrant and provide notice when accessing an individual’s private information.[5]

Today, however, it is becoming increasingly common for individuals to store their sensitive documents on remote computing servers owned by third party service providers.[6]  For instance, Dropbox is a file hosting service that offers cloud storage.[7]  This trend towards storing information remotely with third parties should not alter the fundamental constitutional requirement that the U.S. government needs to obtain a search warrant when accessing an individual’s private documents and communications.[8]  But, the reality is the U.S. government continues to play fast and loose with its constitutional duty to obtain a search warrant.  In 1986, Congress enacted the Electronic Communication Privacy Act (ECPA), which was designed to safeguard an individual’s electronic privacy rights.[9]  At the time the ECPA was enacted, remote cloud computing was a foreign concept.  Because there have been no subsequent amendments to the ECPA, this thirty-one-year-old privacy law still governs how and when law enforcement agencies can obtain access to documents that individuals store online.[10]

This Article argues that § 2703 of the ECPA is unconstitutional as it fails to account for over three decades of technological growth.  The U.S. government should be required to obtain a warrant when it seeks an individual’s digital data from third party service providers.  Therefore, in order to properly address these shortcomings, Congress should enact the Email Privacy Act, along with an additional amendment authorizing voluntary disclosure subject to post-hoc judicial review.[11]

For purposes of serving as an online publication and as a means of reducing its length, this submission excludes discussion of § 2705 of the ECPA as it relates to the Fourth Amendment requirement of notice and then-senator Jeff Sessions’ emergency authorization provision proposal.

II. Background
A. Fourth Amendment Overview

The United States Supreme Court has recognized, in countless decisions, that the basic purpose of the Fourth Amendment is to “safeguard the privacy and security of individuals against arbitrary intrusion by government officials.”[12]  As such, the Supreme Court said that individual and privacy rights are deemed to be fundamental to a free society.[13]  The Fourth Amendment affords individuals the right to be free from unreasonable searches and seizures and can be divided into two general clauses—the reasonableness clause and the warrants clause.[14]

The reasonableness clause protects the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”[15]  In determining whether a search or seizure is reasonable, the courts ask whether the defendant manifested a subjective expectation of privacy and if so, whether society is prepared to accept the defendant’s subjective expectation of privacy as reasonable.[16]  Whenever the reasonableness clause is satisfied, the Fourth Amendment applies, triggering the application of the warrants clause.[17]  The warrants clause provides that “no warrant shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”[18]  This clause highlights four requirements that must be met in order for courts to issue a valid warrant—a valid warrant must be: supported by probable cause;[19] issued by a neutral magistrate[20] pursuant to an oath or affirmation;[21]  and particularly describe the place to be searched and the things to be seized.[22]  In the event where it is not feasible to obtain a search warrant, the police are permitted to conduct a warrantless search only when certain exigent circumstances exist.[23]

While the rights and protections of the Fourth Amendment are well established, when applied to information stored online, its intended reach is limited.[24]  The Fourth Amendment defines the right to be secure in spatial terms, and as such, does not expressly apply to the reasonable expectation of privacy in an online context.[25]

B. ECPA Overview

Title II of the ECPA, commonly referred to as the Stored Communications Act (SCA), extends Fourth Amendment-like protection to electronic communications.[26]  The purpose of the SCA is to address standards for voluntary and compelled disclosure of stored wired and electronic communications held by third party internet-service providers (ISPs).[27]  In particular, § 2703 lays out the guidelines for how and when law enforcement agencies can access an individual’s electronic data.[28]

Section 2703(a) refers to access to contents of wire or electronic communications held in electronic storage within the last 180 days.[29]  In order for the U.S. government to access these communications, it must obtain a search warrant and provide adequate notice.[30]

Section 2703(b) involves access to contents of electronic communication stored in a remote computing service for longer than 180 days.[31]  In such cases, a communication has been in storage for the past 180 days, and the U.S. government can compel disclosure using a search warrant,[32] a subpoena,[33] or a court order.[34]

Section 2703(c) addresses access to non-content records pertaining to a subscriber of an electronic communication service or remote computing service.[35]  Examples of non-content communications include, among others, a subscriber’s name,[36] address,[37] local and long distance telephone records,[38] and means of payment for such service, including any credit card or bank account number.[39]  The U.S. government can obtain this information through the use of a warrant, subpoena, court order, or with consent.[40]

However, because the ECPA’s language and provisions were enacted in 1986, it fails to comprehensively account for modern day technological growth.

III. Analysis

The Founding Fathers recognized the right of the American people to privacy in their persons, houses, papers and effects.[41]  This right remains as true today than ever, especially in light of technological advancements.[42]

A. Warrant Requirement

The Fourth Amendment cannot reasonably be understood to permit law enforcement officers to obtain the digital information of individuals without a warrant.  By allowing disclosure without a warrant, the legislature is implying that individuals who choose to store their papers and effects electronically, rather than physically in their homes, are somehow entitled to a lower level of privacy protection.  While the Supreme Court has never explicitly considered whether stored electronic communications are entitled to Fourth Amendment protection, it has begun to trend toward that assumption.[43]

In Riley v. California, the Court held that the warrantless search and seizure of digital contents from a cell phone during a search incident to an arrest is unconstitutional.[44]  Chief Justice John Roberts characterized cell phones as minicomputers and stated that just because “technology now allows an individual to carry such information in his hand, [it] does not make the information any less worthy of the protection for which the Founders fought.”[45]  Similarly, in United States v. Warshak, the Sixth Circuit held that email users have a Fourth Amendment protected reasonable expectation of privacy in the contents of their email accounts and where the government relied on the SCA to gain access to an individual’s emails without a warrant, the individual’s Fourth Amendment rights were violated.[46]

In contrast, the Fifth Circuit held in In Re Application of the United States for Historical Cell Site Data that SCA court orders compelling cell phone providers to disclose cell site information are not per se unconstitutional.[47]  The court reasoned that callers voluntarily convey information to their phone service providers, and information conveyed voluntarily to third parties are entitled to weaker Fourth Amendment protections.[48]  However, in Commonwealth v. Augustine, the Massachusetts Supreme Court disagreed with the Fifth Circuit’s ruling, finding that defendants have a reasonable expectation of privacy in cell site location information.[49]  It recognized that cell site location information is analogous to GPS data, because both track a person’s movements, and thus, implicate an individual’s reasonable expectation of privacy.[50]

The warrant requirement serves as an invaluable safeguard for the American people in preventing government overreach.  As the shift to the digital world continues in full force, it is important to recognize that the American people do not deserve less constitutional protection when their papers and effects are stored electronically.

B. Jeff Sessions’ Voluntary Disclosure Provision

Then-senator Jeff Sessions’ voluntary disclosure provision requires a third-party service provider to disclose information to a government entity in instances where there is lawful consent from either the intended recipient of the communication, or the subscriber on whose behalf the provider stores, holds, or maintains the communication.[51]

While this provision is promising, as it stands now, it is still too vague.  There needs to be specific procedures laid out that define what steps law enforcement agents need to take when obtaining an individual’s consent.  In order for consent to be valid, it must be voluntary and cannot be coerced.[52]  While consent does not require the police to make an affirmative showing that the defendants knew that they could refuse,[53] it must still be voluntary.  As such, the need for post-hoc judicial review is vital to preventing law enforcement agents who coerce individuals into giving consent and no subsequent recourse for victims.[54]  It follows that neutral magistrates, rather than the police, who have a stake in the matter, are best suited to make this determination.[55]  Therefore, if the magistrate judge finds that consent was coerced, then any evidence that stems from the invalid disclosure must be suppressed and cannot be used against the defendant at trial.[56]

IV. Recommendation

The SCA’s outdated legislation has led to ambiguity in compliance obligations from third-party service providers, and as evidenced above, the courts continue to have difficulty applying the SCA to modern technological growth.[57]  As such, this Article recommends a number of modifications that would ensure that an individual’s privacy rights are better protected from abuse.

Section 2703(c) should be amended to include the same disclosure standards as §§ Section 2703(a) and Section 2703(b).[58]  For example, a model § 2703(c) might look like this:

Section 2703(c): Records Concerning Electronic Communication Service or Remote Computing Service –

(1) In General – A government entity may require the disclosure by a provider of electronic communication service or remote computing service of a record or other information pertaining to a subscriber to or customer of such service (not including the contents of wire or electronic communications) –

(A) if a government entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) that –

(i) is issued by a court of competent jurisdiction directing the disclosure; and

(ii) may indicate the date by which the provider must make the disclosure to the government entity.

Furthermore, § 2703 should include then-senator Sessions’ voluntary consent provision, which allows law enforcement agencies to obtain an individual’s digital data in lieu of a search warrant, subject to post-hoc judicial review.  For example:

Exceptions for Consensual Disclosure of Communications –

(1) In General – A provider of electronic communication service or remote computing service shall disclose to a government entity –

(A) a wire or electronic communication (including the contents of the communication) –

(i) with the lawful consent of –

(I) the originator, addressee, or intended recipient of the communication; or

(II) the subscriber or customer on whose behalf the provider stores, holds, or maintains the communication.[59]

Judicial Review of Consensual Disclosure of Communications –

(1) In General – To the extent necessary, a reviewing court shall decide de novo all relevant questions of law and fact in order to confirm there was consensual disclosure of communications by a subscriber or customer.

V. Conclusion

As it is becoming more and more clear that electronic communication falls well within the realm of the Fourth Amendment’s “papers and effects,” the U.S. government must be required to apply for a search warrant before attempting to access an individuals’ content and non-content electronic communications.  The Email Privacy Act,[60] coupled with a modification requiring probable cause for non-content electronic communication and a voluntary disclosure provision subject to post-hoc judicial review[61], will finally ensure that the law protects digital data as well as it does physical documents.[62]

[1] Julian Birkinshaw, Beyond the Information Age, Wired (June 2014),; Digital Revolution, Techopedia,

[2] The Digital Revolution, Digital Experts Academy,

[3] Birkinshaw, supra note 1.

[4] Id.

[5] Katz v. United States, 389 U.S. 347 (1967).

[6] Birkinshaw, supra note 1.

[7] About, Dropbox,

[8] U.S. Const. amend. IV; Katz, 389 U.S. at 349; Modernizing the Electronic Communications Act (ECPA), American Civil Liberties Union,; Tim Cushing, White House Vaguely Agrees Outdated ECPA Should be Reformed but Only with an Eye on the Government’s “Interests,” TechDirt (July 28, 2015),; The House Votes Unanimously to Strengthen Email Privacy, N.Y. Times (Apr. 29, 2016),

[9] 18 U.S.C. § 2703–05 (2012).

[10] H.R. 387, 115th Cong. (2017); H.R. 699, 114th Cong. (2016); H.R. 1852, 113th Cong. (2013–2014).

[11] H.R. 387, 115th Cong. (2017); H.R. 699, 114th Cong. (2016); H.R. 1852, 113th Cong. (2013–2014).

[12] U.S. Const. amend. IV; Camara v. Municipal Court, 387 U.S. 523, 528 (1967); Wolf v. Colorado, 338 U.S. 25, 27 (1949).

[13] Id.

[14] U.S. Const. amend. IV.

[15] Id.

[16] Katz, 389 U.S. at 349.

[17] Id.

[18] U.S. Const. amend. IV.

[19] Id.; Illinois v. Gates, 462 U.S. 213, 218 (1983); Spinelli v. United States, 393 U.S. 410, 416 (1969); Aguilar v. Texas, 378 U.S. 108, 113 (1964).

[20] U.S. Const. amend. IV.

[21] Id.; Massachusetts v. Upton, 466 U.S. 727, 730 (1984).

[22] U.S. Const. amend. IV; Draper v. United States, 358 U.S. 307, 310 (1959).

[23] Mincey v. Arizona, 437 U.S. 385, 390 (1978).

[24] U.S. Const. amend. IV; Katz, 389 U.S. at 389.

[25] U.S. Const. amend. IV.

[26] 18 U.S.C. § 2701–2712 (2012).

[27] Id.

[28] 18 U.S.C. § 2703 (2012).

[29] 18 U.S.C. § 2703(a) (2012).

[30] Id.

[31] 18 U.S.C. § 2703(b) (2012).

[32] 18 U.S.C. § 2703(b)(1)(A) (2012).

[33] 18 U.S.C. § 2703(b)(1)(B)(i) (2012).

[34] 18 U.S.C. § 2703(b)(1)(B)(ii) (2012).

[35] 18 U.S.C. § 2703(c) (2012).

[36] 18 U.S.C. § 2703(c)(2)(A) (2012).

[37] 18 U.S.C. § 2703(c)(2)(B) (2012).

[38] 18 U.S.C. § 2703(c)(2)(C) (2012).

[39] 18 U.S.C. § 2703(c)(2)(F) (2012).

[40] 18 U.S.C. § 2703(c)(A)–(E) (2012).

[41] U.S. Const. amend. IV.

[42] Modernizing the Electronic Communications Act (ECPA), supra note 8.

[43] Quon v. City of Ontario, 560 U.S. 746, 748 (2010).

[44] Riley v. California, 573 U.S. 2477, 2495 (2014).

[45] Id.

[46] United States v. Warshak, 632 F.3d 266, 270 (6th Cir. 2010).

[47] In re Application of the United States for Historical Cell Site Data, 724 F.3d 600, 605 (5th Cir. 2013).

[48] Id.

[49] Commonwealth v. Augustine, 467 Mass. 230, 232 (2014).

[50] Id.

[51] HEN16527, S. 356, 114th Cong. (2016).

[52] Schneckloth v. Bustamonte, 412 U.S. 218, 225 (1973).

[53] Id.

[54] H.R. 387, 115th Cong. (2017); HEN16527, S. 356, 114th Cong. (2016).

[55] Id.

[56] Id.

[57] Modernizing the Electronic Communications Act (ECPA), supra note 8.

[58] 18 U.S.C. § 2703 (2015); H.R. 387, 115th Cong. (2017).

[59] H.R. 387, 115th Cong. (2017).

[60] Id.

[61] Id.; HEN16527, S. 356, 114th Cong. (2016).

[62] The House Votes Unanimously to Strengthen Email Privacy, N.Y. Times, supra note 8; Modernizing the Electronic Communications Act (ECPA), supra note 8.