Professor Orin Kerr has proposed an elegant new thought experiment in his piece, The Next Generation Communications Privacy Act. The Article efficiently relays the history and structure of the Electronic Communications Privacy Act of 1986 (ECPA), a law that “grants Internet users a set of statutory privacy rights that limits the government’s power to access a person’s communications and records.” The Article then ably diagnoses what is wrong with ECPA today—namely, that changes in technology and constitutional law over the last quarter century have rendered ECPA outdated. Finally, the Article proposes four plausible principles to guide Congress were it to write a new electronic communications privacy statute from scratch, rather than reform ECPA at the margins, as contemporary advocates propose.
Professor Kerr’s argument is clear, forceful, and fundamentally sound in the sense that his conclusion follows from his premises. The Article also makes a series of quiet assumptions, however, that readers may find controversial.
First, the Article reads as though ECPA exists only to protect citizens from public officials. According to its text and to case law, however, ECPA also protects private citizens from one another in ways any new act should revisit. Second, the Article assumes that society should address communications privacy with a statute, whereas specific experiences with ECPA suggest that the courts may be better suited to address communications privacy—for reasons Professor Kerr himself offers. Finally, the Article addresses ECPA in isolation from the Foreign Intelligence Surveillance Act of 1978 (FISA), which seems strange in light of revelations that our government systematically intercepts and stores its citizens’ electronic communications under FISA’s auspices. Put another way, The Next Generation Communications Privacy Act succeeds marvelously on its own terms, but not necessarily on everyone else’s. Worse still, we do not benefit from Professor Kerr’s powerful insights regarding the issues he omits.