EFF and the ACLU of Northern California urged a California appeals court last week to reverse a judge’s wrongheaded and dangerous ruling that threatens the critical privacy protections afforded by the California Electronic Communications Privacy Act (CalECPA), the most robust digital privacy measure in the country.
The law, which garnered bipartisan support, requires police to obtain a warrant from a neutral judge to search stored communications such as email, text messages, location data, or documents, whether they are on an electronic device or in the cloud. Warrants must describe in detail the information to be seized, specifying time periods for the search, target individuals or accounts, and the type of information sought. Anything collected that’s not relevant to what’s described in the warrant can’t be reviewed, used, or disclosed, and must be sealed. These requirements are more specific and extensive than what's currently required by the Fourth Amendment. California law enforcement agencies said CalECPA struck the correct balance between their need to obtain electronic communication to investigate criminal activities and the privacy interests people have over their email, texts, documents, and other digital communications.
Violations of CalECPA carry appropriately severe consequences for law enforcement: suppression and deletion of information obtained without a warrant as provided by the law. Prosecutors who collect electronic communications stored on a laptop or in the cloud absent a warrant that meets the requirements of CalECPA lose the ability to use information as evidence.
The message of the suppression of evidence provision of CalECPA is clear: you abuse it, and you lose it.
A few weeks after CalECPA went into effect, a Monterey County Superior Court judge issued a search warrant that authorized an effectively unlimited search, seizure, and extraction of electronic devices and information from a dentist’s office. In violation of CalECPA, the warrant authorized seizure of any and all computers, cellphones, and electronic accounts without limitation or specifying that they be possessed by the person who was under investigation. This is precisely what CalECPA was designed to prevent. The dentist was later charged with possession of child pornography based on evidence gathered under the faulty warrant.
When the defendant’s attorneys sought to have the evidence thrown out because the warrant violated the statute, the Monterey County judge agreed that CalECPA had not been complied with, but refused to do so. The judge concluded that CalECPA’s requirements were no stricter than those found under the U.S. and state constitutions (not true), and even if the warrant failed to meet the requirements, suppression of the evidence was not appropriate.
Our brief lays out in detail how wrong the judge got it. The ruling was a dramatic error that, if upheld, would eviscerate CalECPA’s privacy protections, and set a dangerous precedent allowing prosecutors to attempt to skirt CalECPA’s requirements. The statute’s robust enforcement provisions and remedies would be rendered toothless.
Courts are required to follow the law—new laws, old laws, it doesn’t matter. This court’s erroneous ruling must be reversed to protect the privacy rights of all Californians.