170 lines
10 KiB
Plaintext
170 lines
10 KiB
Plaintext
THE ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
|
|
|
|
A LAYMAN'S VIEW
|
|
|
|
by
|
|
Michael H. Riddle
|
|
|
|
|
|
(Copyright 1988, Michael H. Riddle. This article may be further reproduced
|
|
and disseminated provided that no fees are charged beyond normal
|
|
reproduction costs and further provided that the following disclaimer is
|
|
included.)
|
|
|
|
DISCLAIMER: The author is not an lawyer. This article represents one
|
|
layman's views of the background and contents of PL 99-508, the Electronic
|
|
Communications Privacy Act of 1986. Anyone needing legal advice should
|
|
consult with the attorney of their choice.
|
|
|
|
|
|
Those of us who remember life before the Pepsi Generation can attest to the
|
|
change brought into our lives by advances in electronic technology.
|
|
Starting with the widespread use of the transistor, and continuing into the
|
|
integrated circuit, the large scale integrated circuit, the very large
|
|
scale integrated circuit, etc., electronic "miracles" have become
|
|
commonplace and cheap. Perhaps the single best illustration of that change
|
|
is in the field of "information technology." The advent of the personal
|
|
computer, the blurring of the lines between telecommunications and
|
|
computing, the breakup of the Bell system, and the growing technological
|
|
awareness of the general population have caused what can only be called a
|
|
revolution in the way we communicate with each other. Not too many years
|
|
ago, we learned of world events from newspapers--today from television and
|
|
radio. Not too many years ago we exchanged personal messages by mail--today
|
|
we telephone. Not too many years ago, businesses in a hurry would send mail
|
|
special delivery--today they use overnight express or facsimile. And,
|
|
increasingly, businesses and individuals use computer communications instead
|
|
of or in addition to these other means of passing information around our
|
|
society.
|
|
|
|
Anytime someone passes what they hope to be a private communication to
|
|
another, they expect that their fellow citizens will respect its privacy.
|
|
Not only do the customs of society enforce this expectation, statute laws
|
|
have been enacted to insure it. Thus, everyone knows, or should know, not
|
|
to tamper with the mail. Everyone knows, or should know, not to
|
|
electronically eavesdrop ("bug") someone else's telephone calls. And
|
|
everyone knows, or should know, not to do likewise with computer
|
|
communications.
|
|
|
|
Alas, not everyone knows that. If everyone did, we wouldn't need laws to
|
|
protect what ought to be our reasonable expectations of privacy. Not too
|
|
long ago, the Congress of the United States passed PL 99-508, the Electronic
|
|
Communications Privacy Act of 1986. In doing so, Congress was recognizing
|
|
the way technology has changed society and trying to react to that change.
|
|
|
|
The Act contains two main parts, or Titles. Title I--Interception of
|
|
Communications and Related Matters, merely updates existing laws to reflect
|
|
what I've said above. Where the law used to say you can't bug private
|
|
telephone communications, it now says you can't bug private computer
|
|
communications. Where it preserved your right to listen in to public radio
|
|
transmissions, it preserves your right to "listen in" to public computerized
|
|
transmissions (here the Congress particularly was thinking of unencrypted
|
|
satellite television, although the law is written in more general terms).
|
|
It allows the "provider of electronic communication service" (sysops, to
|
|
electronic bulletin board users) to keep records of who called and when, to
|
|
protect themselves from the fraudulent, unlawful or abusive use of such
|
|
service.
|
|
|
|
Title II--Stored Wire and Electronic Communications and Transactional
|
|
Records Access, is the section that has caused the biggest concern among
|
|
bulletin board system operators and users. Unfortunately, while a lot of
|
|
well-intentioned people knew that a law had been passed, most of them
|
|
started discussing it without taking the trouble to read it first. As a
|
|
result, there has been a lot of misinformation about what it says, and a lot
|
|
of reaction and overreaction that was unnecessary.
|
|
|
|
The first thing we need to realize is that Title II adds a new chapter to
|
|
Title 18 of the United States Code (USC). The USC fills most of two shelves
|
|
in the Omaha library. It covers in general detail virtually everything the
|
|
federal government does. In many places it gives departments and agencies
|
|
to pass rules and regulations that have the force of law. If it didn't,
|
|
instead of filling two shelves it would probably fill two floors, and
|
|
Congress would be so bogged down in detail work it would get even less done
|
|
that it does now. Of all the USC, Title 18 deals with Crimes and Criminal
|
|
Procedure. That's where PL 99-508 talks about electronic communications.
|
|
It makes certain acts federal crimes. Equally important, it protects
|
|
certain common-sense rights of sysops.
|
|
|
|
Under the Act, it is now a federal offense to access a system without
|
|
authorization. That's right. Using your "war-games dialer," you find a
|
|
modem tone on a number you didn't know about before and try to log on. From
|
|
the way I read the law, you can try to log on without penalty. After all,
|
|
you might not have used a war-games dialer. You might just have got a wrong
|
|
number. (Don't laugh, it's happened to me right here in Omaha!) At the
|
|
point you realize its not the board you think you called, you ought to hang
|
|
up, because at the point where you gain access to that neat, new, unknown
|
|
system, you've just violated 18 USC 2701.
|
|
|
|
A lot of us are users of systems with "levels" of access. In the BBS world,
|
|
levels may distinguish between old and new users, between club members and
|
|
non-members, or sysops from users. In the corporate and government world,
|
|
levels may protect different types of proprietary information or trade
|
|
secrets. Section 2701 also makes it a federal offense to exceed your
|
|
authorized access on a system.
|
|
|
|
What about electronic mail, or "e-mail?" E-Mail has been the single biggest
|
|
area of misinformation about the new law. First, section 2701 does make it
|
|
a federal offense to read someone else's electronic mail. That would be
|
|
exceeding your authorization, since "private" e-mail systems do not intend
|
|
for anyone other than the sender or receiver to see that mail. But, and a
|
|
big but, sysops are excluded. Whoever staffed the bill for Congress
|
|
realized that system operators were going to have access to information
|
|
stored on their systems. There are practical technical reasons for this,
|
|
but there are also practical legal reasons. While the Act does not directly
|
|
address the liability of sysops for the use of their systems in illegal
|
|
acts, it recognizes they might have some liability, and so allows them to
|
|
protect themselves from illegal use. Sysops are given a special
|
|
responsibility to go along with this special privilege. Just like a letter
|
|
carrier can't give your mail to someone else, just like a telegraph operator
|
|
can't pass your telegram to someone else, just like a telephone operator
|
|
overhearing your call can't tell someone else what it was about, so sysops
|
|
are prohibited from disclosing your e-mail traffic to anyone, unless you (or
|
|
the other party to the traffic) give them permission.
|
|
|
|
Common sense, right. So far all I think we've seen is that the law has
|
|
changed to recognize changes in technology. But then, what about the
|
|
police? If they can legally bug phones with a court order, if they can
|
|
legally subpoena telephone records, what can they do with bulletin boards?
|
|
Pretty much the same things. The remaining sections of the Act go into
|
|
great detail about what the police can do and how they can do it. The
|
|
detail is too much to get into in this article, and I would suggest that if
|
|
a sysop or user ever needed to know this information, that would be a case
|
|
when they ought to be seeing their attorney. I will give a couple of
|
|
details, however: if a sysop is served, they can be required to make a
|
|
backup copy of whatever information is on their system (limited, of course,
|
|
to that listed in the warrant or subpoena). They must do this without
|
|
telling the persons under investigation. They do not at this point,
|
|
generally, give the police the records. They just tell the police that its
|
|
been done. Then, the courts notify the user that this information has been
|
|
requested and the user has a chance to challenge it. Eventually, after it
|
|
all gets sorted out, the information goes to the police or is destroyed,
|
|
whichever. Again, if a sysop or user ever finds themselves in this
|
|
situation, don't rely on this article--see your lawyer. And, see him/her
|
|
soon, because the Act imposes time limits.
|
|
|
|
If the Act makes all of this stuff federal crimes, what penalties does it
|
|
establish? Again, generally, there are two cases. The first is the one
|
|
most BBS operators and users will be concerned with. "A fine of not more
|
|
than $5,000 or imprisonment for not more than six months, or both."
|
|
Actually, in the law, that's the second case. The first is where businesses
|
|
were conducting industrial espionage--"for purposes of commercial advantage,
|
|
malicious destruction or damage, or private commercial gain." In this case,
|
|
"a fine of not more that $250,000 or imprisonment for not more than one year,
|
|
or both, in the case of a first offense," and "a fine or imprisonment for not
|
|
more that two years, or both, for a subsequent offense."
|
|
|
|
What all this has said is that the federal criminal code now protects
|
|
electronic communications the way it previously protected written ones. It
|
|
understands that mailmen, physical or electronic, have access to the mail
|
|
they carry, so it tells them not to tell. It sets up some hefty penalties
|
|
for those who don't take privacy seriously enough. And finally, it sets up
|
|
procedures for the contents of bulletin board and other electronic systems
|
|
to be sought for official investigation. This is, of course, one layman's
|
|
opinion. As long as the reader doesn't have criminal intent or hasn't been
|
|
served with some type of request for system records, it's probably adequate.
|
|
If, however, the reader finds him/herself confronting the law "up close and
|
|
personal," then this article should be noted for one and only one piece of
|
|
advice: see a lawyer, and soon!
|
|
|
|
|
|
Downloaded From P-80 International Information Systems 304-744-2253
|