S-4649-119
Read twice and referred to the Committee on the Judiciary.
Sponsored by Mike Lee (R-UT)
What it does
This bill would amend the Electronic Communications Privacy Act (ECPA) to require the government to obtain a warrant — regardless of how old the message is — before compelling a third-party service provider (such as an email or cloud storage company) to hand over the contents of stored electronic communications. It would eliminate the current rule that allows the government to access emails older than 180 days using only a subpoena or court order. It would also clarify that providers may notify users when their communications have been sought by the government, and preserve Congress's own subpoena authority over such communications.
Who benefits
All Americans who use email, cloud storage, or other third-party digital communication services — estimated at hundreds of millions of users. Journalists and their sources who rely on confidential digital communications. Attorneys whose client communications are stored with third-party providers. Businesses storing proprietary communications in the cloud. Civil liberties organizations that have long sought to close the 180-day loophole. Technology and cloud service companies that face legal and reputational pressure when compelled to hand over user data without a warrant.
Who is hurt
Federal, state, and local law enforcement agencies that currently use the lower-threshold subpoena process to access older stored emails — a faster and less burdensome tool than obtaining a warrant. Prosecutors in civil and regulatory investigations (e.g., SEC, IRS, FTC) who rely on administrative subpoenas to access stored communications without probable cause. Investigations into financial fraud, tax evasion, or other white-collar crimes that depend heavily on email records may face higher procedural hurdles. Agencies that lack the investigative resources to meet the probable cause standard in every case.
Supporters argue
Supporters argue that the current 180-day rule is a relic of the 1986 Electronic Communications Privacy Act, written when email was a novelty and long-term cloud storage did not exist. They contend that the Supreme Court's reasoning in Carpenter v. United States (2018) — that comprehensive digital records warrant Fourth Amendment protection — directly supports extending warrant requirements to stored email content. They further argue that no principled distinction exists between a one-day-old email and a 181-day-old email in terms of the privacy interest at stake, and that the bill simply aligns the law with what the Constitution already requires.
Opponents argue
Opponents argue that the blanket warrant requirement would significantly slow civil and regulatory investigations — such as those by the SEC or IRS — that rely on administrative subpoenas and do not involve criminal probable cause. They contend that the bill's broad scope could impede legitimate oversight of financial fraud and tax compliance, where email records are critical evidence but criminal standards may not yet be met. They further argue that existing judicial oversight of subpoenas already provides meaningful protection, and that Congress should craft narrower exceptions for civil enforcement rather than imposing a one-size-fits-all criminal warrant standard.
Constitutional context
The Fourth Amendment protects against unreasonable searches and seizures, and the Supreme Court in Carpenter v. United States (2018) held that the government must obtain a warrant to access comprehensive digital records held by third parties, signaling that the third-party doctrine has limits in the digital age. This bill codifies and extends that principle to all stored electronic communications content, regardless of age.
Checks and balances
The judicial branch gains a more consistent gatekeeping role, as courts must now issue warrants before the executive branch can compel disclosure of stored communications content; the existing warrant process — including probable cause review by a neutral magistrate — serves as the primary check on government access.
Historical precedent
The original Electronic Communications Privacy Act of 1986 established the 180-day rule this bill would eliminate; the House passed a version of the Email Privacy Act in 2016 and 2017 with near-unanimous votes, but the Senate did not act on either version.