As Congress works on passing legislation to update privacy laws for the digital, online, Internet of Things age, a trio of Senators (two Republicans and a Democrat), have introduced the International Communications Privacy Act (ICPA).
If it sounds familiar, it's because it is meant to add privacy protections not currently in the Electronic Communications Privacy Act (ECPA), which itself is being updated elsewhere in Congress. The bill is co-sponsored by Sens. Dean Heller (R-Nev.), Orrin Hatch (R-Utah), and Chris Coons (D-Del.)
In fact, ICPA was originally planned as an amendment to an ECPA update but threatened to disrupt the compromise bill that passed unanimously in the House.
The ICPA bill would address what co-sponsor Hatch calls "perhaps the most significant and difficult issue we now face," which is how to safeguard communications internationally given that the U.S government asserts the right to access communications from anyone, anywhere so long as the information can be accessed via a company under U.S. jurisdiction.
ICPA, which is an update of last year's Law Enforcement Access to Data Stored Abroad (LEADS) Act (HR 1174), does the following:
"Requires law enforcement agencies to obtain a warrant for all content. Under ICPA, law enforcement may only obtain the content of electronic communications stored with electronic communication service providers and remote computing service providers pursuant to a warrant.
"Creates a clear legal framework authorizing law enforcement to obtain the electronic communications of U.S. persons, regardless of where those communications are located. It also allows law enforcement to obtain electronic communications relating to foreign nationals in certain circumstances.
"Reforms the Mutual Legal Assistance Treaty (MLAT) process by providing greater accessibility, transparency, and accountability. ICPA requires the Attorney General to create an online docketing system for MLAT requests and to publish new statistics on the number of such requests.
"Establishes a sense of Congress that data providers should not be subject to data localization requirements. Such requirements are incompatible with the borderless nature of the Internet, an impediment to online innovation, and unnecessary to meet the needs of law enforcement."