On October 8, 2015, California Governor Jerry Brown signed the California Electronic Communications Privacy Act (CalECPA/State Bill 178), which the American Civil Liberties Union described as a “landmark victory” for digital privacy. The new law goes into effect on January 1, 2016, and is probably the most comprehensive digital privacy law in the nation – only two other states (Maine and Utah) have passed similar legislation. The law requires police to obtain a warrant before accessing an individual’s private electronic information, such as text messages, emails, GPS data and online documents that are stored in the cloud and on smart phones, tablets, computers and other digital devices. The government also must obtain a warrant before requiring a business to produce an individual’s electronic information.
In keeping with balancing the competing interests of law enforcement and private citizens, the law contains certain narrow exceptions to the warrant requirement: If an owner of a device gives a government entity permission to access data on that device, or if law enforcement believes a device has been lost or stolen, it can access it to try to identity, verify or contact the owner. There’s also an emergency provision. If the police believe that “an emergency involving danger of death or serious physical injury to any person requires access to the electronic device information,” then it can go ahead and access the information. The agency still will have to file for a warrant within three days of obtaining the data, though.
This significant change in the law will likely cause a dramatic shift in the practices of both prosecutors and defense attorneys. In recent years, cell phone providers and online services have become increasingly cooperative with law enforcement’s requests for delivery of digital information. According to the authors of the bill — state Sens. Mark Leno (D-San Francisco) and Joel Anderson (R-Alpine) — AT&T received more than 64,000 demands for location information in 2014; Verizon received more than 15,000 demands for location data in the first half of 2014, and only one-third of those came with a warrant. In its own transparency report, Twitter revealed that it received 4,363 government data requests in the first half of 2015, around half of which were in the U.S. It complied 80% of the time. In other words, the protections we enjoy for our physical property – including our letters and other papers, did not fully extend to our digital property. Why should a drawer of paper correspondence have more protection than a server full of email? As stated by Senator Leno “[f]or too long, California’s digital privacy laws have been stuck in the Dark Ages, leaving our personal emails, text messages, photos and smartphones increasingly vulnerable to warrantless searches.That ends [with the passage of] CalECPA, a carefully crafted law that protects personal information of all Californians. The bill also ensures that law enforcement officials have the tools they need to continue to fight crime in the digital age.”
Going forward under the new law, before obtaining data stored by online services, law enforcement will have to demonstrate they have probable cause to target someone’s digital information. With the advent of CalECPA, there may be more litigation of warrant issues in criminal court and, probably less cell phone and other digital evidence admitted.