Protect Taxpayers, Update E-Mail Privacy Laws

The Honorable Chuck Grassley
Chairman, Senate Judiciary Committee
United States Senate
224 Dirksen Senate Office Building
Washington, DC 20510
The Honorable Patrick J. Leahy
Ranking Member, Senate Judiciary Committee
United States Senate
224 Dirksen Senate Office Building
Washington, DC 20510

Dear Chairman Grassley and Ranking Member Leahy:

Thank you for undertaking the important task of investigating the need to clarify the limits of federal agencies to pry into American’s email and update the Electronic Communications Privacy Act. (ECPA). This is an issue of major interest to taxpayers and one that National Taxpayers Union (NTU), the nation’s oldest taxpayer advocacy organization, has long supported.

Back in 2013, the results of a Freedom of Information Act request from the American Civil Liberties Union caused justifiable consternation among Americans by revealing the tax agency may have been ignoring a court order requiring the government to regard taxpayer emails and texts as protected by the Fourth Amendment. According to a 2009 IRS handbook, such communications did not “have a reasonable expectation of privacy.”

The IRS has since tried to back-pedal. A statement on its website claims that when the agency is in an “active criminal investigation and seeks to obtain the content of emails from an Internet Service Provider, we obtain a court ordered search warrant.” But what of non-active, non-criminal matters? The agency claims that is not “policy to seek the content of emails from ISPs in civil investigations,” although to “resolve any remaining confusion surrounding the issue,” there might be “appropriate updates” to its guidance in the future.

Yet, exactly whose “confusion” is being referenced here?  The general public’s, who might be worried that the door is still open to serious breaches of protections against undue search and seizure powers? After all, tax authorities can demand these details of financial life from an Internet Service Provider (ISP) without a taxpayer even knowing it. And even if criminal cases are rare compared to civil proceedings, the tax collector has been known to push the investigatory envelope with Americans whose behavior was not criminal at all.

Or is the confusion with the IRS, which makes a fine statement about “respecting taxpayer rights and taxpayer privacy” but whose past actions at the very least raise some doubts about its commitment? Furthermore, as lawmakers well understand, “policies” do not carry the force of positive law; they are more malleable, discretionary, and changeable than statutes passed by Congress.

Unfortunately, those statutes are failing to keep up with the times. Under the Electronic Communications Privacy Act (ECPA) of 1986, no warrant is needed on digital communications that have been in storage with a third-party Service Provider for at least 180 days. An update to ECPA is vital, if for no other reason than to shield Americans from mischief on the part of tax collectors who might be tempted to stretch their powers.

That is why NTU supported an open letter prior to the August recess from a broad coalition that urged Judiciary Committee lawmakers in both chambers to “finally move forward on bipartisan legislation to reform ECPA – without … unnecessary and troubling exceptions to warrant protection for Americans’ private digital content.”

Signatories of the statement specifically called out federal regulators for seeking these broad carve-outs to warrant requirements, noting the obvious danger:

This would allow a wide range of regulatory agencies – including the IRS, EPA, SEC, FTC and an endless number of state agencies – to obtain sensitive personal information unrelated to an investigation and protected by privilege since service providers are in no position to assess the relevance of the materials requested or assert privilege (as targets generally do). …This burden would fall most heavily on the owners and employees of small businesses, who are far more likely to rely on cloud email services (while large companies often host their own email).

ISPs already widely volunteer information to public safety agencies when they have the good-faith belief that people’s lives or physical well-being may be at risk. Furthermore, instead of shaking down ISPs, regulators and other government entities can readily seek information directly from the individuals they are investigating through a nimble court-order process.

It should therefore be non-controversial for members of both parties in Congress to strengthen the boundaries on governments’ ability to pry into Americans’ email and text accounts, and provide similar Fourth Amendment safeguards for this realm to what we have for our homes, cars, and other property. The House’s Email Privacy Act (H.R. 699, with a veto-proof majority of cosponsors) and the Senate’s ECPA Amendments Act (S. 356) would help to achieve this vital check on big government. Senate Judiciary Committee hearings today likewise offer the opportunity to dispense with specious objections to ECPA reform and move forward now.

Email privacy policy is not just for civil libertarians anymore. As lawmakers consider a packed slate of urgent issues this fall, curbing the power of federal agencies to violate taxpayers’ rights to privacy and due process should be on top of the to-do list.


Pete Sepp