Amending the ECPA: 2017 technology versus 1986 law

From the about-damned-time department:

TechCrunch recently reported that a long-needed update to the Electronic Communications Privacy Act (ECPA) has passed the House of Representatives, a good sign that the bill may actually be signed into law this year.

Unfortunately, the roadblock to passing this bill in 2016 was that the Senate wanted to water down the bill, crippling the gain in privacy that is the whole reason why the bill exists. It is only common sense, in the era of providers like Gmail offering quotas that are effectively infinite thus allowing people to keep everything, that email is just as protected from warrantless searches as any other personal electronic data.

I can’t think of a good reason why emails over 180 days old should be legally obtainable with just a subpoena instead of an actual warrant. This is one reason I have not kept emails on other servers for anything approaching the 180 days in the ECPA. (Interestingly, the other big reason is space: I currently only have emails going back to 2016 November 22 and later, and I’m at 76% quota used. As much as I get right now, I could not keep 180 days’ worth of email on the server I’m using if I wanted to.)

The ECPA is now over three decades old. Its effective date of 1986 October 21 predates widespread public access to the Internet by almost a full decade. The laws which amended it did nothing to amend the 180 day subpoena rule, which is ass-backwards and patently devoid of sense. Even if it did make sense in late 1986, the world has changed a lot in the three decades since. For example: in 1986 UUCP and FidoNet were the predominant forms of exchanging email (unless one was emailing someone on the same BBS that one was dialed into), and today, both are extinct for practical purposes with the impending death of analog telephone lines (though FidoNet still technically exists, most of its traffic now goes across the Internet). The sooner we can get a law that is tuned to the reality of living in 2017 with a connection to the Internet, the better.

Revolt against the black-box era

A recent TechCrunch article highlights the efforts of a site called iFixit, which provides instructions for users to repair their own gadgets instead of sending them back to the manufacturer and paying a (usually rather steep) fee for repairs.

Given that some manufacturers such as Apple intend battery changes to be done at the factory now (something unheard of as recently as 2005), this is a welcome step in the right direction. It’s great that we have someone willing to challenge what’s becoming a new status quo, but kind of sad that we’ve gotten to this point to begin with.

I remember my first computer, the Atari 1200XL, and the printer we bought for it (which I wound up not really using that often), and for that matter the printer we bought for our first PC (a Packard Bell 80286-based unit with a whopping 1 megabyte of RAM and a 40 megabyte hard drive, which were huge in a world where the new 3½ floppy disks that held 1.44 megabytes were just catching on). Both printer came with all kinds of documentation on exactly what codes to send to it to change the font or text size. There was no messing around with proprietary Windows drivers as most programs ran under DOS and wrote to the printer directly. It was expected, particularly in the case of consumer level computer equipment, that one receive programming documentation; a lot of hobbyists programmed in lower level languages at least in part (I remember fondly writing assembler language subroutines to speed up dog-slow interpreted BASIC programs).

Fast forward to 2010. A fair amount of the software support for GNU/Linux and the many BSD Unixes is obtained from reverse engineering. Sometimes manufacturers play nice and provide the appropriate documentation. But too many, particularly in the case of 3D-accelerated video cards and wireless networking, consider that documentation a trade secret or (in the latter case) cite liability concerns under FCC or equivalent government regulations. Thankfully, there are some that don’t.

We’ve gone from appliances that came with schematics to Apple’s iPod and iPhone coming sealed except for the SIM card opening of the latter (and how to open even that is not obvious without doing research), Microsoft’s Zune being equally obnoxious when it comes to battery replacement, and many other devices with appearances of being designed in the presence of someone whose job it is to say “to hell with the user being able to fix it, we can charge them to fix it at our factory and make even more profit.” Even cars are not immune, I can only imagine what my grandfather would think about today’s cars lacking something simple like an idle adjustment screw (which has been extinct even as of my 1997 Ford Thunderbird, and I would assume anything more recent as well).

The iFixit site is a step in the right direction, but the ultimate responsibility for a change in trend comes from the manufacturers, and the manufacturers only speak one language in the end: money. Ultimately, the responsibility is on us. Vote with your feet and pocketbook.