Nicole A. Ozer, ACLU of Northern California

More and more, nonprofits rely on technology to fulfill our missions. We connect with members using e-mail and social networking, carry out research on search engines and Web sites, and use online services to purchase supplies and produce and store documents. And our members also rely on technology to take part, booking reminders in online calendars or using GPS-enabled cell phones to get to events.

But everything we do online leaves a digital trail behind about our activities and our members. And once member lists, actions and events, emails and documents are collected and stored by an online service, outdated electronic privacy law is failing to keep this information safe from inappropriate access and potential misuse.

The Electronic Communications Privacy Act (ECPA) is the federal law that is supposed to protect the privacy of electronic communications and personal information from inappropriate disclosure to government or third parties. But ECPA was enacted in 1986, when Ronald Reagan was President, cell phones were as big as your head, and the Web did not even exist. Technology has changed dramatically since then, allowing us to easily move our activities and information online -- but since electronic privacy law hasn't kept up, the privacy protections for that information may not transition as smoothly.

Cloud computing is a prime example. If you produce documents or keep records and store them in a filing cabinet, a work computer, or an in-house server, your information cannot be seized without a judge's approval, you know when the government or a third party demands access to your information, and you often have the opportunity to fight that disclosure. But if you use a software-based service or electronic storage company, depending on the terms of the cloud computing provider and the type of demand, your information might be handed over without judicial oversight and without you even knowing.

Concern about disclosure is not hypothetical.

We know that the government and third parties are regularly issuing demands for companies to turn over the personal information of users. It was recently revealed that Sprint received 8 million demands for location information in just a 13 month period. Google just released data that it received over 3,500 demands from law enforcement involving criminal investigations in the last six months of 2009. (And Google's tool does not include demands received outside of criminal investigations nor does it count the actual number of users whose records were demanded, so this may be only a fraction of the number of users whose records were demanded). If Google is receiving thousands of demands digging into the intimate details of individual lives that are captured in emails, search histories, reading and viewing logs, and the like, how many more are going out to Yahoo, Microsoft, Facebook and the thousands of other online services that we use every day?

Outdated electronic privacy law impacts everyone who uses e-mail, mobile phones, or the Internet. This means nonprofits too, as our ability to accomplish our goals could be compromised if we cannot protect our own information and the privacy of our members. NTEN's Executive Director, Holly Ross, concluded her April 2, 2010 blog post about cloud computing by saying, "We also have to ask if we're putting our clients and our missions at risk."

Nonprofits should not be forced to choose between using new technology and protecting our organizations and the individuals who join us in that work.

It's time to update electronic privacy protections to match our modern world. That's why the ACLU has launched the Demand Your dotRights campaign to educate and mobilize the public, companies, and lawmakers to update electronic privacy. The campaign is designed to create ways for lawmakers, companies, and consumers to work together to upgrade privacy protections. It includes video and text resources on everything from cloud computing to social networking and search and is designed to educate and mobilize everyone in the online world to work together for change.

The issue is starting to get some much-needed attention. A coalition of public interest groups and companies, Digital Due Process, has formed to push for stronger electronic privacy protections. In late March, U.S. Senator Patrick Leahy agreed that "our federal electronic privacy laws are woefully outdated" and members of Congress pledged to hold hearings this spring to review current law. This increased interest in online privacy presents an opportunity to bring our woefully outdated laws up to speed.

In addition to the changes being pursued by the Digital Due Process coalition, the ACLU is asking for additional protections. We hope that you will join us in pushing to modernize electronic privacy law in the following ways:

• Protect Personal Information. Documents and information is increasingly stored online. The government should not be able to access information like email, online documents, and search records without a warrant, just like they can't enter a home or office and take personal papers without a warrant.
• Safeguard Location Information. Legal protection for current and historical location information should be written into the law. Mobile phones shouldn't be used as personal tracking devices without a warrant or even the owner's knowledge.
• Prohibit Use of Illegally Obtained Information. No one should be allowed to use information that is illegally obtained. Without this safeguard, overzealous law enforcement officers are incentivized to ignore the law.
• Require Transparency Around Information Collection. The public should know how often personal information is requested and handed over, and at what cost to taxpayers. Neither law enforcement nor most Internet companies make this data public. Policymakers and technology users cannot make fully-informed decisions without this information.

Technology has advanced at breakneck speed since 1986, while privacy law has remained at a standstill. Please join us at www.dotrights.org and help us create privacy protections to match our modern digital world. Privacy law doesn't auto-update. Demand Your dotRights!

Nicole A. Ozer, Esq. is the Technology and Civil Liberties Policy Director at the ACLU of Northern California and is spearheading the organization's new online privacy campaign, Demand your dotRights (www.dotrights.org).