Federal Regulations on Wiretapping/ECPA of 1986
FEDERAL ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
(a) Offense.--Except as provided in subsection 9c) of this
section whoever--
(1) intentionally accesses without authorization a facility
through which an electronic communication service is provided;
or
(2) intentionally exceeds an authorization to access that facility
and thereby obtains, alters, or prevents authorized access to
a wire or electronic communication while it is in electronic
storage in such system shall be punished as provided in
subsection (b) of this section.
(b) Punishment.-- The punishment for an offense under sub section
(a) of this section is--
(1) if the offense is committed for purposes of commercial advan-
tage, malicious destruction or damages, or private commercial
gain--
(A) a fine of not more than $250,000 or imprisonment for not
more than one year, or both, in the case of a first offense
under this subparagraph; and
(B) a fine under this title or imprisonment for not more than
two years or both for an subsequent offense under this
subparagraph; and
(2) a fine of not more than $5,000 or imprisonment for not more
than six months, or both in any other case.
Section 2702. Disclosure of Contents
(a) Prohibitions.--Except as provided in subsection (b)--
(1) a person or entitle providing an electronic communication ser-
vice to the public shall not knowingly divulge to any person
or entity the contents of a communication while in electronic
storage by that service; and
(2) a person or entity providing remote computing service to he
public shall not knowingly divulge to any person or entity the
contents of any communication which is carried or maintained
on that service--
(A) on behalf of, and received by means of electronic transmis-
sion from (or created by means of computer processing of
communications received by means of electronic transmission
from), a subscriber or customer of such service; and
(B) solely for the purpose of providing storage or computer
processing services to such subscriber or customer, if the
provider is not authorized to access the contents of any
such communications for purposes of providing any services
other than storage or computer processing.
(b) Exceptions.--A person or entity may divulge the contents of a
communication ---
(1) to an addressee or intended recipient of such communication or
an agent of such addressee or intended recipient;
(2) as otherwise authorized in section 2516, 2511(2)(a) or 2703 of
this title;
(3) with the lawful consent of the originator or an addressee or
intended recipient of such communication, or the subscriber in
the case of remote computing service;
(4) to a person employed or authorized or whose facilities are sued
to forward such communication to its destination;
(5) as may be necessarily incident to the rendition of the service
or to the protection of the rights or property of the provider
of that service; or
(6) to a law enforcement agency, if such contents--
(A) were inadvertently obtained by service provider; and
(B) appear to pertain to the commission of a crime.
*******
REPORT LANGUAGE
Proposed section 2701 provides a new criminal offense. The offense
consists of either: (1)intentionally accessing, without authorization,
a facility through which an electronic communication service is pro-
vided or (2) intentionally exceeding the authorization of such faci-
lity. In addition, the offense requires that the offender must, as
a result of such conduct, obtain, alter, or prevent unauthorized access
to a wire or electronic communication while it is in electronic stor-
age in such a system. The term electronic storage is defined in sect-
ion 2510(17) of Title 18. Electronic storage means any temporary,
intermediate storage of a wire or electronic communication incidental
to the electronic transmission thereof and the storage of such commu-
nication by an electronic communications service for the purpose of
back-up protection of such communication.
Section 2701(a) makes it an offense intentionally to access without
authorization, or to exceed an authorization to access, an electronic
communication service and thereby obtain, later or prevent authorized
access to a wire or electronic communication while it is in electronic
storage in such system. This provision addresses the growing problem
of unauthorized persons deliberately gaining access to, and sometimes
tampering with, electronic or wire communication that are not intended
to be available to the public. *******(emphasis added)**** The
Committee recognizes however that some electronic communicatio ser-
vices offer specific features, sometimes known as computer "electronic
bulletin boards," through which interested person may communicate
openly with the public to exchange computer programs in the public
domain and other types of information that may be distributed without
legal constraint.
It is not the intent to hinder the development or use of "electronic
bulletin boards" or other comparable services. The Committee believes
that where communications are readily accessible to the general public,
the sender has, for purposes of Section 2701(a), extended an "author-
ization" to the public to access those communications. A person may
reasonably conclude that a communication is readily accessible to the
general public if the telephone number of the system and other means
of accesses are widely known, and if a person does not, in the course
of gaining access, encounter any warnings, encryptions, password re-
quests or other indication of intended privacy. To access a communi-
cation on such a system should not be a violation of the law.
Some communication systems offer a mixture of services, some, such as
bulletin boards, which may be readily accessible to the general public,
while others -- such as electronic mail -- may be intended to be con-
fidential. Such a system typically has two or more distinct levels of
security. A user may be able to access electronic bulletin boards and
the like merely with a password he assigns to himself, while access to
such features as electronic mail ordinarily entails a higher level of
security (i.e., the mail must be addressed to the user to be accessible
specifically). Section 2701 would apply differently to the different
services. These wire or electronic communications which the service
provider attempts to keep confidential would be protected, while the
statute would impose no liability for access to feature configured to
be readily accessible to the general public.
******
Section 2702 specifies that a person or entity providing wire or elec-
tronic communication service to the public may divulge the contents of
a communication while in electronic storage by that service with the
lawful consent of the originator or any addressee or intended addressee
or intended recipient of such communication. The committee emphasizes
that "lawful consent" in this context, need not take the form of a
formal written document of consent. A grant of consent electronically
would protect the service provider from liability for disclosure under
section 2702. Under various circumstances, consent might be inferred
to have arisen from a course of dealing between the service provider
and the customer or subscriber -- e.g. where a history of transactions
between the parties offers a basis for a reasonable understanding that
a consent to disclosure attaches to a particular class of communica-
tions. Consent may also flow from a user having had a reasonale basis
for knowing that disclosure or use may be made with respect to a com-
munications, and having taken action that evidences acquiescence to
such disclosure or use -- e.g. continued use of such an electronic com-
munication system. Another type of implied consent might be inferred
from the very nature of the electronic transaction. For example, a
subscriber who places a communication on a computer "electronic bull-
etin board," with a reasonable basis for knowing that such communica-
tions are freely made available to the public, should be considered to
have given consent to the disclosure or use of the communication. If
conditions governing disclosure or use are spelled out in the rules
of an electronic communication service, and those rules are available
to users or in contracts for the provision of such services, it would
be appropriate to imply consent on the part of a user to disclosures
or uses consistent with those rules.
Section 2702(a) specifies that a person or entity providing a wire or
electronic communication service or remote computer services to the
public shall not knowingly divulge the contents of any communication
while in electronic storage by that service to any person or entity
other than the addressee or intended recipient of such communication
or an agent of such addressee or intended recipient of the communica-
tions. Under some circumstances, however, a customer for or subscriber
to a wire or electronic communication service may place a commnication
on the service without specifying an addressee. The Committee in tends,
in that situation, that the communication at a minimum be deemed ad-
dressed to the service provider for purposes of Section 2702(b). Be-
cause an addressee may consent to the disclosure of a communication to
any other person, a service provider or system operator, as imputed
address, may disclose the contents of an unaddressed communication.
A person may be an "intended recipient" of a communication, for purpose
of section 2702, even if he is not individually identified by name or
otherwise. A communication may be addressed to the members of a group,
for example. In the case of an electronic bulletin board, for instance,
a communication might be directed to all members of a previously formed
"special interest group" or, alternatively, to all members of the pub-
lic who are interested in a particular topic of discussion. In such an
instance, the service provider would not be liable for disclosure to
any person who might reasonably be considered to fall in the class of
intended recipients.
COMMENTS
The entire document has to be read and studied to draw final conclusions on a number of important issues. However, the following observations I think are fair at this point:
1. SYSOPS are, under the Act, going to be considered providers of an
electronic communications service. In other words, whenever a BBS
goes up, it becomes an electronic communication service subject to
the requirements of the new law, should it be enacted.
2. Users of the BBS are protected by the law, and may have grounds to
take action against or ask that criminal charges be brought if their
communications are improperly disclosed.
3. SYSOPS do have added protection against hackers, and federal law
enforcement should now be available.
4. Any "general" messages addressed to all members of the board, provided the board is open to the general public, may be disclosed and
are not protected.
5. How other messages and files are handled gets complex thereafter.
a. It is unclear whether a sysop may legally read private mail on
his board addressed to another user, unless sysop discloses in
a warning message that he/she may read such messages.
b. Conferences that are not generally open to the public probably
create an expectation of privacy and there will be limited
rights to disclose information.
c. Major changes in security procedures might require user consent,
or their messages might have to be removed.
6. It would be prudent to have a major disclaimer in the introduction
of each BBS session, stating that there is no expectation of privacy
and that anything left on the board may be read or disclosed
by the sysop.
|