In what’s being called a landmark victory for digital privacy, California police will no longer be able to get their hands on user data without first getting a warrant from a judge.
Governor Jerry Brown on Thursday signed the California Electronic Communications Privacy Act (CalECPA), SB 178, which requires state law enforcement to get a warrant before they can access electronic information about who we are, where we go, who we know, and what we do.
US privacy rights groups have long been concerned that law enforcement hasn’t considered it necessary to get a search warrant before they can search messages, email, photos and other digital data stored on mobile phones or company servers.
States such as California, tired of waiting around for Congress to update 29-year-old federal electronic privacy statutes, are taking reform into their own hands.
Nicole Ozer, Technology & Civil Liberties Policy Director at the ACLU of California:
This is a landmark win for digital privacy and all Californians. We hope this is a model for the rest of the nation in protecting our digital privacy rights.
Hanni Fakhoury, senior staff attorney for the Electronic Frontier Foundation, told NBC News that while California isn’t the first state to guarantee protections such as these – Utah and Maine have similar laws on the books – the nation’s most populous state has passed the most protective law to date.
The bill was sponsored by Democratic Senator Mark Leno and Republican Senator Joel Anderson.
The ACLU published an article by the two senators in which they had decried the state’s antiquated privacy laws:
Technology has advanced exponentially, but California’s privacy laws are still stuck in the digital dark ages. Law enforcement is increasingly taking advantage of outdated privacy laws to turn mobile phones into tracking devices and access sensitive emails, digital documents, and text messages without proper judicial oversight.
As it is, 82% of Californians have voiced support for the end to warrantless digital information searches.
According to the ACLU, CalECPA is a direct response to an “exponential growth in law enforcement demands for digital information” that’s seen demands to Google nearly triple over the last five years.
Twitter, meanwhile, has reported a 52% jump just this past year.
In its own transparency report, Twitter revealed that it received 4,363 government data requests in the first half of 2015, around half of which were in the US.
Twitter complied with the US requests 80% of the time.
According to the senators who authored the bill, AT&T received more than 64,000 demands for location information in 2014; Verizon received more than 15,000 demands for location data in the first half of 2014, and only one-third of those came with a warrant.
According to Senator Leno, that situation ended on Thursday:
That ends today with the Governor’s signature of CalECPA, a carefully crafted law that protects personal information of all Californians. The bill also ensures that law enforcement officials have the tools they need to continue to fight crime in the digital age.
The tools to keep fighting crime to which Senator Leno referred include a number of exceptions: if police or another government entity believe that a device has been lost or stolen, they can access information on the device in order to identify, verify or contact its owner.
What’s more, an emergency provision allows a government entity to search a device if it believes that “an emergency involving danger of death or serious physical injury to any person requires access to the electronic device information.”
That doesn’t completely let the government off the hook, though – the agency doing the search will have three days from obtaining data in which it will still have to file for a warrant.