Senate moves on NDAA and ECPA…but are we really any better off?

Nadia Kayyali

Last week was a busy one for civil liberties in Congress. The National Defense Authorization Act (NDAA) was passed in Senate, and an amendment to the Electronic Communications Privacy Act (ECPA) was voted out of the Senate Judiciary Committee.


An amendment to the NDAA, sponsored by Senator Feinstein, passed in the Senate on Thursday. This amendment may be a positive step, but it has gaping holes and may ultimately represent a cure worse than the disease.

First, the vote in favor of the amendment was dependent on two conflicting views of what it does. According to Senators Graham (R-SC) and Levin (D-MI):

the 2001 Authorization for the Use of Military Force (AUMF) passed by Congress grants the military the power to detain U.S. citizens who are part of al Qaeda, and that remains the case with the Feinstein amendment.

In particular, as Senator Leahy points out:

They contended that the Supreme Court in Hamdi v. Rumsfeld held that the Authorization for the Use of Military Force (AUMF) expressly authorized the indefinite detention of citizens, regardless of where they were apprehended.

The fact is that the Supreme Court decisions in Hamdi and other cases regarding detention and military commissions were often sharply divided, and the law is far from settled. If the NDAA is interpreted in court, this legislative history could be cause for concerns.  One of the deep flaws in Senator Feinstein’s amendment is the susceptibility to this lack of clarity.

Furthermore, under the Feinstein amendment, a later act of  Congress could allow indefinite detention. Detention without due process is never constitutional, which the amendment fails to acknowledge.

Another flaw of the amendment is that it protects only citizens and legal permanent residents, leaving anyone else still subject to indefinite detention. As a letter addressed to Senator Feinstein from 20 civil liberties and human rights organizations (including BORDC) stated:

The constitutional requirements of due process of law apply to all persons within the United States.

The amendment seems to ignore the historic context of detention in this country, as pointed out by the Japanese  American Citizens League:

the [Feinstein] amendment is of particular concern to the Japanese American Citizens League because of our historic concern stemming from the Japanese American incarceration experience during World War II.  Nearly half of the internees were not United States citizens, and would not have been protected by this amendment.

Finally, the amendment effectively authorizes domestic military detention by:

 imply[ing] that indefinite military detention of any other persons apprehended within the United States was authorized in 2001 and was lawful.

Senator Udall (D-UT) had proposed amendments that would have provided protections to all, regardless of citizenship and protected against the concern of use of the military within the United States for detention. Although real change remains necessary at the federal level, it is still possible to advocate for due process at the local level .


Until last week, the Electronic Communications Privacy Act (ECPA) had received little legislative attention since 1986. The legal standards it created for e-mail were beyond obsolete: it allowed access without a subpoena of any email older than 180 days, and gave no protections for information turned over to third parties like Google.

Last Wednesday, however, the Senate Judiciary Committee finally moved on reforms, possibly spurred on by the Petraus scandal. The Committee approved a measure sponsored by Senator Leahy that requires a warrant in order to access electronic communications such as email. It was tagged on to a law that would also amend the Video Protection Act, which currently does not allow disclosure of a customer’s rental history without consent on a per-rental basis.

The amendment would  allow consumers to opt-in for two-year periods to allow their rental history to be shared. The main argument in favor of this was that it allows automatic updating of Facebook from services such as Netflix. The changes are likely to be voted on next year.

The push for changes to ECPA has been led not only be civil liberties and privacy advocates, but also by corporations. The Digital Due Process Coalition, which has advocated for ECPA reform for several years, includes many corporate members. Giants such as Microsoft, Facebook, and AT&T are all members.

Much like the opposition to the Stop Online Piracy Act, which included many of the same companies this raises the question of whether support of corporations is necessary in order to protect privacy interests.

The lack of response to privacy and civil liberties concerns from Congress in other areas, such as the Foreign Intelligence Surveillance Act Amendments of 2008 (FAA), reinforces this impression. Even worse, regardless of whether these changes to ECPA pass, they are completely inapplicable in the national security context. If the government cannot simply seize old emails under ECPA, the National Security Agency can still engage in warrantless wiretapping under the FAA, and the FBI has access to a vast surveillance state that has continued to grow exponentially since 9-11.

Like much in Congress, the pending changes to both ECPA and NDAA are incrementally positive. It remains to be seen how far advocates can push members of the House and Senate for real change.

Originally appeared on the Bill of Rights Defense Committee's People's Blog for the Constitution.