California Leads on Electronic Privacy. Other States Must Follow.

The fourth time was the charm.

Last Thursday, California Gov. Jerry Brown signed the California Electronic Communications Privacy Act, which requires a warrant before California law enforcement can seize the contents or metadata of your communications, demand location records from your cell phone provider, or use a StingRay to gather information about your smartphone. This comes after Brown had vetoed three previous bills in the past four years, none nearly as ambitious as CalECPA. So getting CalECPA signed into law is truly a watershed moment for California privacy law — but also a clear signal that we have a real opportunity to make digital privacy a reality across the country.

California’s economy is largely driven by cutting-edge technology, but until last week its digital privacy protections lagged far behind. That’s no longer the case. CalECPA breaks from the archaic “180-day rule” in federal law and replaces arbitrary distinctions between “electronic communications services” and “remote computing services” with a single rule for any online service: Get a warrant.

It also ensures that not just the contents of your communications but the essential metadata that reveals who you talk to, what you read about, and when and where you go receive the protection of a warrant standard. It covers not only direct physical searches of your smart phone but also remote access through new technology like StingRays. And it makes sure that every time a warrant is issued the target is actually notified so that surveillance is not secret forever. It’s a huge step forward in a state where even small steps were failing not long ago.

One of the reasons CalECPA was successful was because of the dramatic shift in public awareness of and attitudes towards surveillance over the past few years. Edward Snowden’s revelations about the NSA’s metadata surveillance program taught Americans that simplistic assurances that “no one is listening to your calls” were no substitute for meaningful privacy protections. Evidence has mounted that police have misused surveillance powers to monitor First Amendment-protected activities like peaceful protests or religious participation. And events in Ferguson and elsewhere have continued to undermine trust in law enforcement and government in general.

The courts likewise have recently reaffirmed the right to privacy in our technological world. The Supreme Court has recently issued two unanimous decisions extending the Fourth Amendment’s warrant requirement to GPS trackers and searches of cellular phones. At the same time, Justice Scalia pointedly urged lawmakers to take up the mantle of moving privacy law forward, noting that “legislatures, enacted by the people, are in a better position than [courts] to assess and respond to the changes that have already occurred and those that almost certainly will take place in the future” when it comes to “privacy protection in the 21st century.” The White House has also called on lawmakers to update the law to “ensure the standard of protection for online, digital content is consistent with that afforded in the physical world.”

Meanwhile, eroding trust in both the government and technology has created a realization that the status quo is simply untenable. Online companies who lost tens of billions of dollars as a result of the NSA revelations recognized that consumers’ willingness to engage in online activities hinged upon their possession of meaningful digital privacy rights. And law enforcement agencies also realized that they needed to rebuild partnerships with their communities rather than treating everyone like a suspect.

So when CalECPA was introduced in January of this year, we weren’t alone in supporting it. Instead, CalECPA was supported from the outset by tech giants like Google, Facebook, and Apple as well as more traditional civil rights and civil liberties organizations and community groups. And, unlike in years past, law enforcement agencies were ready to come to the table and work through specific substantive concerns rather than rejecting the entire concept of stronger privacy on principle. Some law enforcement agencies even formally joined the cause: the San Diego Police Officers Association officially supported CalECPA, stating that it “strengthens community relationships and increases transparency” and was “in the best interests of all Californians.” And that broad support paid off, giving California arguably the strongest digital privacy law in the United States, if not the world.

But what happened in California doesn’t have to stay in California. The backdrop for CalECPA’s success is true nationwide: We the people want protection for our sensitive digital information; companies want clear and consistent rules that help them rebuild consumer trust; and no one wants to be left behind as technological and societal progress marches on. Put that together and you have a recipe for change.

Federal ECPA reform has moved at a glacial pace, with even modest reform a challenge  to enact despite 300 hardcore supporters in the House alone. CalECPA shows that states don’t have to wait for D.C. — they can lead it instead. And the more states that follow, the more pressure there will be on the federal government to finally bring federal privacy law out of the digital dark ages. California has taken one big step towards that goal.

Who’s next?

View comments (6)
Read the Terms of Use


Also you can check out articulate 8 Human Rights


How do I know if police are actually following the law and not somehow ignoring the rule and spying on me?

Recently police asked for my phone number in Modesto, CA and I have never had police ask that before. I wasn't doing anything wrong and just sitting in my car(I am a minority). I gave it to them without really thinking and just being cooperative and realized it was weird afterwards. Looked it up and saw how police do crazy stuff spying on people and ended up here.

Any helpful insight?

Chris Conley

You're absolutely right that passing a law like CalECPA is only part of the solution -- the other part is making sure it's actually followed.

CalECPA does what it can to ensure compliance. If California cops demand your email or location records, they are required to notify you. If they don't and you find out anyhow (say for example Google tells you they got a warrant from the police but the police don't) then you can ask a court to require that all of the information they collected be deleted.

But that doesn't work in every scenario, like the one you describe with no warrant at all. Ultimately what we really need is an attitude shift, where police realize that their responsibility is investigating actual crimes rather than emgaging in dragnet surveillance of everyone, and that building rather than undermining community trust helps them do their job.

That's a long-term battle with unfortunately no end in sight, but seeing law enforcement groups actually support laws like CalECPA is at least a positive sign.



Police can ask you for anything. Whether you have to provide it to them is a different issue. In this case, you did not have to provide your phone number. Moreover, if you are just sitting in your car, you do not need to talk to them, let alone give them any information.

Legally, you gave them your phone number voluntarily. It is virtually impossible for you to find out what they are doing with it.


Sting Ray is being used on my computer right now.

Leslie Marchante

My husband and I are under surveillance as we speak.

Stay Informed