Two men share securities regulation news

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Securities Regulation Daily, September 16, 2015

SEC’s Ceresney echoes law enforcement worries over digital data bill

By Jacquelyn Lumb

Government officials expressed concern about a bill that would amend the Electronic Communications Privacy Act (ECPA), explaining to the Senate Judiciary committee that, in its current form, it could impede civil law enforcement agencies in their investigations. SEC Enforcement Director Andrew Ceresney noted that S.356 would require government entities to obtain a criminal warrant when they want access to emails or other electronic communications from Internet service providers (ISP), but the SEC and other civil law enforcement agencies cannot obtain criminal warrants so they would be unable to gather this evidence. He said an alternative proposal would be to require a judicial proceeding before an ISP is compelled to produce information, which would provide greater protection to Internet subscribers than a criminal warrant since they would have a chance to challenge the government’s information request.

Outdated provisions. Committee Chair Charles Grassley (R-Iowa) noted that the ECPA was enacted in 1986 to protect the privacy of American’s electronic communications while also providing the government with access in certain circumstances. Grassley said there is a growing consensus that the Act needs to be modernized, particularly the provisions that relate to the age of the communication and whether it has been opened.

DOJ’s concerns. Elana Tyrangiel, testifying on behalf of the Department of Justice, said that DOJ is concerned about the effect a blanket warrant requirement would have on its civil operations. Civil litigators and regulators cannot reliably obtain email and other information solely by serving a subpoena on a subscriber, she said. They must have the ability to ask a court to compel disclosure of the information from providers. Tyrangiel said the Administration also has significant concerns about the proposal to change the standards and protocols for access to content stored outside the U.S.

FTC’s concerns. Daniel Salsburg, testifying on behalf of the Federal Trade Commission, advised that the FTC does not currently seek emails and other electronic communications covered by the ECPA but, as more electronic communications move to the cloud, the effectiveness of the agency’s fraud prevention program could be affected if the legislation is not modified.

Under current law, Salsburg said the FTC could compel an ECPA service provider to produce a customer’s or a subscriber’s content with notice or delayed notice to the customer or the subscriber. However, the Sixth Circuit, in U.S. v. Warshak, 631 F.3d 266 (2010), held that the Fourth Amendment bars warrantless access to email content held by an ECPA service provider. A criminal warrant as proposed is not available to the FTC, he said, yet would be required even for previously public commercial content or promotions of a product or service and even when the customer has consented to the release of the information by the ISP.

Salsburg urged that any modernization of the Act authorize agencies to obtain previously public commercial content that advertises or promotes a product or service, compel an ECPA service provider to disclose content with the customer’s consent and, when efforts to obtain the information fails, to seek a court order compelling the provider to produce the electronic content.

SEC’s proposed approach. Ceresney said there are ways to update the Act without frustrating the legitimate needs of civil law enforcement. He said that electronic communications often provide critical evidence in the SEC’s investigations. Establishing fraudulent intent is one of the most challenging areas in an investigation, he explained, and emails and other electronic communications are often the only direct evidence of that state of mind.

The SEC generally will seek access to electronic communications using an administrative subpoena, but recipients may erase emails, provide only some of the communications, or refuse to respond. When other mechanisms prove unsuccessful, the SEC may need to seek the information from the ISP. If S.356 is enacted, the SEC and other law enforcement agencies would be denied access to critical evidence that may create an incentive for subpoena recipients to be less forthcoming. He said a judicial process would provide an appropriate mechanism for obtaining access to electronic communications.

A second panel of witnesses included representatives from the Tennessee Bureau of Investigation, Google, Inc., the Center for Democracy and Technology (CDT), and BSA/The Software Alliance.

Support from technology industry. Google strongly supports S.356 and believes the court’s interpretation in Warshak is correct. Google requires a search warrant in all instances where law enforcement seeks to compel it to disclose the contents of Gmail accounts and other Google services. In Google’s view, S.356 is a modest effort to codify what is already the law of the land today.

CDT believes the passage of S.356 is the best way to advance what it called a modest but critical privacy protection, and over 100 technology companies have signed on to ECPA reform principles. BSA also supports the proposed legislation and urged that the reforms not be weakened by changes that will force software companies and other digital service providers to be placed in the middle of disputes between the government and the targets of civil investigations.

Concern of state investigators. The representative from the Tennessee Bureau of Investigation testifying on behalf of the Association of State Criminal Investigative Agencies, asked that regardless of the process that Congress determines is appropriate, it guarantee that law enforcement can obtain access to the digital evidence it needs to do its job reliably and quickly.

MainStory: TopStory Enforcement SECNewsSpeeches

Securities Regulation Daily

Introducing Wolters Kluwer Securities Regulation Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.