Ever since former National Security Agency contractor Edward Snowden dropped a slew of classified documents into the public’s view, the country has re-engaged in a vigorous debate about some — but not all — of the authorities the U.S. government claims to eavesdrop on electronic communications. But there is at least one loophole written into law that makes Americans vulnerable to unnecessary intrusions, is much more unsettling than a lot of the Snowden material and isn’t getting much attention.

A section of law that hasn’t come up for discussion in the past few weeks, on the other hand gives law enforcement at all levels relatively unfettered access to stored email, documents in the “cloud” and other personal material. The reason is that that law, the Electronic Communications Privacy Act, is old, and technology has far surpassed the vision of the lawmakers who wrote and passed it in 1986. The law says, if users keep email on a third-party server for more than 180 days, they’ve abandoned the material and law enforcement can look at it — armed merely with a subpoena, not a warrant from a judge.

Now Americans store years’ worth of email online and keep all sorts of other files on remote hard drives owned by communications companies and located far away from their homes. It’s not just metadata that’s vulnerable here — it’s the full contents of every stored email and every cloud-based document.

Unlike some of the tougher issues the country is confronting following the NSA leaks, this one is easy. Congress should finally act on Sen. Patrick Leahy’s bill to modernize the law.