Alex Modelski

 

Articles




Home

Areas of Practice

Articles

Legal Links

Contact Info

Legal Notice

Seattle Office:
16 West Harrison, Suite 106
Seattle, WA 98119
Tel. 206-971-7094
Fax 425-867-3013

Bellevue Office:
800 Bellevue Way NE, Suite 400
Bellevue, WA 98004
Tel. 425-556-0500
Fax 425-867-3013
.
 

This article is published with the permission of Alex Modelski to provide information to attorneys and contract service personnel. It is intended to be informational and does not constitute legal advice regarding any specific situation. It may be reprinted without the express permission of Alex Modelski so long as it is reprinted in its entirety including this title page.If you have any questions or would like additional information, contact Alex using the contact information provided below.

 

EMAIL AND THE LAW OF PRIVACY

October 14, 2001


Copyright ã 2001 Alex Modelski

TABLE OF CONTENTS

Introduction

Common Law Rights of Privacy

Constitutional Law

State Constitutional Issues and Statutory Law

Electronic Communication Privacy Act

Carnivore

System Administrators and Sniffer Software

Doubleclick Litigation Computer Fraud and Abuse Act

WebBugs

Rights of ISP’s to Inspect and Disclose; Anonymous Posters

May An Employer Read Employee Email?

Public Employers

Email and Internet Use Policies

Appendix A, Computer Fraud and Abuse Act

Appendix B, Amendments to Computer Fraud and Abuse Act in Patriot Act of 2001

Appendix C, Chapter 119 - Wire And Electronic Communications Interception And Interception Of Oral Communications

Appendix D, Chapter 121 - Stored Wire And Electronic Communications And Transactional Records Access

Introduction

In his September 4, 2001 open letter to federal judges, published in the Wall Street Journal, Ninth U.S. Circuit Court of Appeals Judge Alex Kozinski wrote regarding the Judicial Conference C00ommittee on Automation and Technology recommendation that federal courts monitor employee email and Web usage:

    The U.S. Bureau of Prisons maintains the following sign next to all telephones used by inmates: "The Bureau of Prisons reserves the authority to monitor conversations on the telephone. Your use of institutional telephones constitutes consent to this monitoring. . . ."

    I'm planning to put signs like these next to the telephones, computers, fax machines and other equipment used in my chambers because, according to a policy that is up for a vote by the U.S. Judicial Conference, we may soon start treating the 30,000 employees of the judiciary pretty much the way we treat prison inmates.

    Exaggeration? Not in the least. According to the proposed policy, all judiciary employees--including judges and their personal staff--must waive all privacy in communications made using "office equipment," broadly defined to include "personal computers . . . library resources, telephones, facsimile machines, photocopiers, [office supplies." There is a vague promise that the policy may be narrowed in the future, but it is the quoted language the Judicial Conference is being asked to approve on Sept. 11.

    Not surprisingly, the proposed policy has raised a public furor…. I asked that my response…be distributed to federal judges…but my request was rejected. I must therefore take this avenue for addressing my judicial colleagues on a matter of vital importance to the judiciary and the public at large. Like prisoners, judicial employees must acknowledge that, by using this equipment, their "consent to monitoring and recording is implied with or without cause." Judicial opinions, memoranda to colleagues, phone calls to your proctologist, faxes to your bank, e-mails to your law clerks, prescriptions you fill online--you must agree that bureaucrats are entitled to monitor and record them all.

    This is not how the federal judiciary conducts its business. For us, confidentiality is inviolable. No one else--not even a higher court--has access to internal case communications, drafts or votes. Like most judges, I had assumed that keeping case deliberations confidential was a bedrock principle of our judicial system. But under the proposed policy, every federal judge will have to agree that court communications can be monitored and recorded, if some court administrator thinks he has a good enough reason for doing so.

    Another one of our bedrock principles has been trust in our employees. I take pride in saying that we have the finest work force of any organization in the country; our employees show loyalty and dedication seldom seen in private enterprise, much less in a government agency. It is with their help--and only because of their help--that we are able to keep abreast of crushing caseloads that at times threaten to overwhelm us. But loyalty and dedication wilt in the face of mistrust. The proposed policy tells our 30,000 dedicated employees that we trust them so little that we must monitor all their communications just to make sure they are not wasting their work day cruising the Internet.

    How did we get to the point of even considering such a draconian policy? Is there evidence that judicial employees massively abuse Internet access? Judge Nelson's memo suggests there is, but if you read the fine print you will see that this is not the case.

    Even accepting the dubious worst-case statistics, only about three percent to seven percent of Internet traffic is non-work related. However, the proposed policy acknowledges that employees are entitled to use their telephone and computer for personal errands during lunchtime and on breaks. Because lunches and breaks take up considerably more than three percent to seven percent of the workday, we're already coming out ahead. Moreover, after employees were alerted last March that downloading of certain files put too much strain on the system, bandwidth use dropped dramatically. Our employees have shown they can be trusted to follow directions.

    Unbeknownst to the vast majority of judges and judicial employees, Mr. Mecham secretly started gathering data on employee Internet use. When the Web sites accessed from a particular computer affronted his sensibilities, Mr. Mecham had his deputy send a letter suggesting that the employee using that computer be sanctioned, and offering help in accomplishing this. Dozens of such letters went out, and one can only guess how many judicial employees lost their jobs or were otherwise sanctioned or humiliated as a consequence.

    When judges of our circuit discovered this surreptitious monitoring, we were shocked and dismayed. We were worried that the practice was of dubious morality and probably illegal.
    In their hurry to vindicate Mr. Mecham's unauthorized snooping, the committee short-circuited the normal collegial process of deliberation and consultation.

     I therefore suggest that all federal judges reading these words--indeed all concerned citizens--write or call their Judicial Conference representatives and urge them to vote against the proposed policy. In addition, we must undo the harm we have done to judicial employees who were victims of Mr. Mecham's secret, and probably illegal, snooping. The Judicial Conference must pass a resolution that offers these employees an apology and expungement of their records.

    Moreover, we should appoint an independent investigator to determine whether any civil or criminal violations of the Electronic Communications Privacy Act were committed during the months when 30,000 judicial employees were subjected to surreptitious monitoring. If we in the judiciary are not vigilant in acknowledging and correcting mistakes made by those acting on our behalf, we will surely lose the moral authority to pass judgment on the misconduct of others. –quoted from "Help Stop Monitoring of the Internet at the Federal Judiciary", By Manny Klausner, FrontPageMagazine.com, September 7, 2001, http://www.frontpagemag.com/guestcolumnists/klausner09-07-01.htm.

Agreeing with Judge Kozinski, the Federal Judges Association, which represents 85 percent of the nation's 1,800 judges, adopted a resolution opposing the proposed policy. In a letter to Judge Edwin Nelson, Chief Judge Edith H. Jones of the Fifth Circuit criticized unrestricted monitoring as "the equivalent of sanctioning wiretapping of telephones or searches of office files to prevent unauthorized use of government property." Ultimately, the Judicial Conference approved a revised version, which does not specifically permit monitoring of e-mail and permits limited tracking of Web-surfing. [Judicial Conference Approves Recommendations on Electronic Case File Availability and Internet Use -September 19, 2001, http://www.uscourts.gov/news.html.]On the other hand, the approved "model appropriate use policy" banned court employees from using their office computers to access file-sharing services, such as Napster and Gnutella, and from creating, downloading, viewing, storing, copying or transmitting sexually explicit materials or those related to gambling or illegal weapons. The dispute among federal judges and the issues raised in Judge Kozinski’s open letter raise all of the essential elements basic to an understanding of the law of privacy as it applies to email.

Top

Common Law Rights of Privacy

The word "privacy" does not appear in the U.S. Constitution.Yet, it is now construed to be a broad and inalienable right. The origin of this right is grounded in tort law and a famous 1890 Harvard Law Review article by future Supreme Court justice Louie Brandeis called "The Right to Privacy". In it, Brandeis asserted that a person ought to be able to sue someone who violates one's right to "privacy." In a most famous passage Brandeis said:

    That the individual shall have full protection in person and in property is a principle as old as the common law; but it has been found necessary from time to time to define a new the exact nature and extent of such protection. Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the demands of society. Thus, in very early times, the law gave a remedy only for physical interference with life and property, for trespasses vi et armis. Then the "right to life" served only to protect the subject from battery in its various forms; liberty meant freedom from actual restraint; and the right to property secured to the individual, his lands and his cattle. Later, there came a recognition of man's spiritual nature, of his feelings and his intellect. Gradually, the scope of these legal rights broadened, and now the right to life has come to mean the right to enjoy life -- the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term "property" has grown to compromise every form of possession -- intangible as well as tangible.

The courts ultimately agreed and began recognizing common law rights to privacy.Today, employees’ rights to e-mail privacy are largely governed by state tort law. The Restatement (Second) of Torts summarizes these causes of action as follows:

    652A. General Principle

    1. One who invades the right of privacy of another is subject to liability for the resulting harm to the interests of the other.

    2. The right of privacy is invaded by:

      1. unreasonable intrusion upon the seclusion of another, as stated in 652B; or
      2. appropriation of the other's name or likeness, as stated in 652C; or
      3. unreasonable publicity given to the other's private life, as stated in 652D; or
      4. publicity that unreasonably places the other in a false light before the public,as stated in 652E.

    652B. Intrusion upon Seclusion

    One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.

    652C. Appropriation of Name or Likeness

    One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.

    652D. Publicity Given to Private Life

    One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that

    1. would be highly offensive to a reasonable person, and
    2. is not of legitimate concern to the public.

    652E. Publicity Placing Person in False Light

    One who gives publicity to a matter concerning another that places the other before the public in a false light is subject to liability to the other for invasion of his privacy, if

    1. the false light in which the other was placed would be highly offensive to a reasonable person, and
    2. the actor had knowledge of or acted in reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed

The tort most relevant to e-mail interception by employers is unreasonable intrusion upon the seclusion of another.

    Top

    Constitutional Law

    The Supreme Court has found privacy rights implicit in the "penumbra" surrounding the First, Third, Fourth, Fifth and Ninth Amendments. Griswold v. Connecticut, 381 U.S. 479, 483-5 (1965). More specifically, however, the Fourth Amendment of the U.S. Constitution prohibits unreasonable searches and seizures by the United States government, and through the Fourteenth Amendment, that prohibition has been extended to the States, counties and any other entity that may act "under color of law".

    As applied to electronic communications, the landmark case of Katz v. U.S., 389 U.S. 347 (1967) considered a wiretap on a public telephone booth. The Court held that the police violated the defendant's constitutional right of privacy and made an unreasonable seizure under the Fourth Amendment. In Justice Harlan's concurring opinion in Katz, 389 U.S. at 361, a two-part test was proposed: (1) Did the person have an actual expectation of privacy in the communication? and (2) Does society recognize this expectation as reasonable?

    The U.S. Supreme Court accepted this two-part test in Smith v. Maryland, 442 U.S. 735, 740 (1979) and restated their acceptance again in California v. Ciraolo, 476 U.S. 207, 211 (1986). Further, the Supreme Court has held that a warrantless search that violates a person’s reasonable expectation of privacy will nonetheless be "reasonable" (and therefore constitutional) if it falls within an established exception to the warrant requirement. See Illinois v. Rodriguez, 497 U.S. 177, 183 (1990). Accordingly, investigators must consider two issues when asking whether a government search of a computer requires a warrant.  First, does the search violate a reasonable expectation of privacy?  If so, the search may nonetheless by reasonable because it falls within an exception to the warrant requirement, such as consent (user, co-users, co-owner, parent, system administrator), implied consent (individuals, such as prison guards, often enter into agreements with the government in which they waive some of their Fourth Amendment rights, and users of computer systems often must view a banner conditioning use of the system upon a waiver of privacy rights), exigent circumstances (in United States v. David, 756 F. Supp. 1385 (D. Nev. 1991), agents saw the defendant deleting files on his computer memo book, and seized the computer immediately), plain view (for example, if an agent conducts a valid search of a hard drive and comes across evidence of an unrelated crime while conducting the search, the agent may seize the evidence under the plain view doctrine, United States v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999)), search incident to lawful arrest (See United States v. Reyes, 922 F. Supp. 818, 833 (S.D.N.Y. 1996) holding that accessing numbers in a pager found in bag attached to defendant’s wheelchair within twenty minutes of arrest falls within search-incident-to-arrest exception), inventory searches and border searches ("routine searches" at the border or its functional equivalent do not require a warrant, probable cause, or even reasonable suspicion that the search may uncover contraband or evidence)

    In the case of a communication that contains evidence of criminal activity, there is no protection for the confidentiality of the communication when the recipient discloses the contents to law enforcement agents or at a criminal trial. U.S. v. White, 401 U.S. 745 (1971)(no violation of Fourth Amendment when defendant spoke to informant who had concealed microphone and transmitter); Hoffa v. U.S., 385 U.S. 293 (1966)(statements made by Hoffa to undercover informant not protected by Fourth Amendment). Furthermore, there is no protection under the Fifth Amendment to the U.S. Constitution for production of documents at a criminal trial, U.S. v. Doe, 465 U.S. 605 (1984). Thus, the author of an e-mail message generally has no constitutional right to prevent disclosure of the message by the recipient.

    Top

    State Constitutional Issues And Statutory Law

    Many state constitutions guarantee a right of privacy that parallels the protections of the Fourth Amendment. See Alaska Constitution, Article I, § 22; California Constitution, Article I, § 1; Florida Constitution, Article I, § 23; Hawaii Constitution, Article I, § 6; Illinois Constitution, Article I, § 6; Louisiana Constitution, Article 1, § 5; Montana Constitution, Article II, § 10; South Carolina Constitution, Article I, § 10. Washington Constitution Article No. 1, § 7. Generally, these constitutional provisions apply only to governmental actors or those acting under "color of law", but California's Constitution has been successfully used to challenge private employer actions. See, e.g., Ryan v. Sara Lee Corp., No. S031479, 1993 Cal. LEXIS 2464 (Cal. Dist. Ct. App. April 29, 1993); Semore v. Pool, 266 Cal. Rptr. 280 (Cal. Dist. Ct. App. 1990) See also Luck v. Southern Pac. Transp. Co., 267 Cal. Rptr. 618 (privacy provision of California constitution may apply to private employers), cert. denied, 498 U.S. 939 (1990). On the other hand, California's highest court has upheld a private employer's drug testing program where the employer's legitimate regulatory objectives in conducting the testing outweighed any expectation of privacy. Hill v. National Collegiate Athletic Ass'n, 865 P.2d 633 (Cal. 1994) (upheld NCAA's use of drug testing program for its student athletes).

    Several states have statutes protecting against the interception of electronic communications. In 1998, Connecticut enacted legislation requiring employers to give prior written notice of electronic monitoring to all employees who may be affected. Pub. Law 98-142. See also, New Jersey Wiretapping and Electronic Surveillance Control Act, N.J.S.A. 2A:156A-1 et seq.; Pennsylvania Wiretapping and Electronic Surveillance Act, 18 Pa. Cons. Stat. Ann. § 5702 et seq. See also Cal. Penal Code § 629; Colo. Rev. Stat. Ann. § 16-15-102; Md. Code Ann. §§10-4A-01-08; and N.Y. Crim. Proc. Art. 700. These statutes are largely patterned after the federal Electronic Communications Privacy Act, discussed below.

    Top

    Electronic Communications Privacy Act

    The Electronic Communications Privacy Act of 1986 ("ECPA") is the only federal statute that specifically addresses the interception of email. It expanded preexisting prohibitions on the unauthorized interception of wire and oral communications to include other forms of electronic communications. This is a voluminous and complex statute. Subject to various exceptions, the ECPA makes it illegal to intercept an email at the point of transmission, while in transit, when stored by an email router or server, or after receipt by the intended recipient. Chapter 119, §§ 2510-2522 (See Appendix C), deals with unlawful interception, use and disclosure of wire, oral or electronic communications, as well as lawful governmental interception and use. Chapter 121, §§ 2701 through 2711 (See Appendix D), deals with unlawful access and disclosure of stored communications, as well as governmental access and use of such stored communications. The sections dealing with governmental access and use are very detailed and complex and provide the legal basis for national security agency monitoring of email through the Carnivore system.

    The ECPA provides for both criminal and civil liability. A civil plaintiff who proves a violation of Chapter 119 may recover the greater of either:
    (1) actual damages suffered and any profits made by the violator; or
    (2) statutory damages (the greater of $100 a day for each day of violation or $10,000). 18 U.S.C. § 2520(c)(2). Further, attorneys' fees, litigation costs, and other equitable relief may be available. Id. § 2520(a)(3). The criminal penalty includes up to five years imprisonment and fines up to $5000. Id. § 2511(4)(a)-(b). Chapter 121 provides for more severe remedies, including minimum damages of $1,000, punitive damages in the event of willful violation, and disciplinary action in the event of governmental agency violation.

    Neither chapter, however, establishes a general right to e-mail privacy in the workplace because of various exceptions it contains. For example, the prohibition against intercepting communications does not apply where one of the parties to the communication consents to the interception 18 U.S.C. §2511(2)(d). An e-mail system provider and/or its employees have the right to intercept and use electronic communications in the normal course of employment while engaged in an activity which is incident to the rendition of the service or for the protection of the rights or property of the provider. 18 U.S.C. § 2511(2)(a)(i). Furthermore, the definition of "electronic communication" is limited to those affecting interstate commerce. Therefore, e-mail messages transmitted on an employer's completely internal e-mail system may not be subject to the ECPA. In the case of Andersen Consulting LLP v. UOP and Bickel & Brewer, 991 F. Supp. 1041 (N.D.Ill. 1998), the Court interpreted § 2702(a) of ECPA, which provides that "a person or entity providing any electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service." The court held that to be subject to this statute, a defendant must provide electronic communication service to the community at large. As UOP only utilized its e-mail system for internal communication, it did not supply service to the public or community at large, even if the system permitted communications over the Internet with third parties. As a result, it was not subject to the statute, and the claim thereunder was dismissed.

    18 U.S.C. § 2701(a) prohibits anyone from obtaining, altering, or preventing authorized access to an electronic communication by intentionally accessing, without authorization, a facility through which electronic communications services are provided, or by exceeding authorization to access such a facility.

    In the wake of the atrocities of Sept. 11, pursuant to the request of President George W. Bush, Congress amended much U.S. law as part of its response to terrorism. (See "Congress Makes it Easier to Snoop," http://www.csmonitor.com/2001/1011/p16s1-stct.html.) In addition to the establishment of a counter-terrorism fund, condemnation of discrimination against Arab and Muslim Americans, authorization of the expansion of a National Electronic Crime Task Force, authorization of confiscation of property of foreign entities involved in hostilities against the United States, provision for increased border guard staffing, extension of access to criminal record to the INS and State Departments, changes in Habeas Corpus and Immigration Law, establishment of humanitarian relief for victims of terrorism, liberalization of proof standards regarding death and disability of victims of terrorism, authorization of payment of rewards to informants against terrorists, extension of Secret Service jurisdiction, expansion of access to educational records, funding of increased crime victim assistance, criminalization of attacks against transportation systems, criminalization of harboring terrorists, definition and criminalization of terrorism and terrorist conspiracies, temporary deferral of the obligation of reporting intelligence-related matters to Congress, establishment of a foreign asset tracking center and a virtual translation center, provision for dam security and investigation of money laundering, the Patriot Act of 2001 also amends sections of the ECPA, the Wiretap Act, the Foreign Intelligence Surveillance Act, and the pen register and trap and trap devices for foreign intelligence purposes provisions. (See http://thomas.loc.gov/cgi-bin/query/D?c107:3:./temp/~c107WEcEDs::).These changes generally ease or lift restrictions on the ability of government agencies to access communications and records of those communications and expand the authority of law enforcement agencies to share the communications obtained through surveillance. Pursuant to a Sunset provision, the amendments terminate as of Dec. 31, 2003, 2004 and 2006.

    Generally speaking, three exceptions are provided to Chapter 2701’s prohibitions on access to stored communications. The Act does not prohibit conduct which is authorized: (1) by the party or entity providing the electronic communications service; (2) by users of electronic communications sent, or intended for, such users; and (3) for certain activities of governmental or law enforcement entities. The Patriot Act of 2001 has added another exception allowing disclosure by the electronic communications service to a governmental entity, if the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information (Patriot Act of 2001, § 212). It amends 18 U.S.C. § 2702 to prohibit disclosure of records or other information regarding subscribers or users of electronic communications services and remote computing services "not including the contents [of such communications] to any government agency" (§ 210). Though difficult to interpret, this amendment may always authorize disclosure of such contents to government agencies or merely enable the disclosure in case of emergency.

    The Patriot Act of 2001 also makes clear that a "computer trespasser" has no reasonable expectation of privacy, thereby permitting disclosure with regard to his electronic communications (Patriot Act of 2001, § 217). It also exempts the Federal Government from civil liability under 18 U.S.C. § 2707 and adds an entirely new § 2712 dealing with civil liability of the Federal Government ((Patriot Act of 2001, § 223). The Act also allows the federal government to learn ISP subscriber numbers, identities, temporarily assigned network addresses and means and source of payment (including any credit card or bank account number) of subscribers (Patriot Act of 2001, § 210).

    18 U.S.C. § 2703 provides that a governmental entity may require the disclosure by a provider of electronic communication service of the contents of an electronic communication that is in electronic storage in an electronic communications system for one-hundred and eighty days or less only pursuant to a warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant. However, the Section does not protect users against disclosure of information to non-governmental entities.

    Top

    Carnivore

    Carnivore is a system used to implement court-ordered surveillance of electronic communication. It has received a great deal of online press in the last year, and has been a focus of anti-terrorist investigation since the attacks of Sept. 11, 2001. Groups such as the American Civil Liberties Union and the Center for Democracy and Technology view Carnivore as an unwarranted invasion of privacy (See "CDT Statement Preserving Democratic Freedoms In Times Of Peril," September 14, 2001, http://www.cdt.org/security/010914cdtstatement.shtml ).
    Carnivore is used when other methods (e.g. having an ISP provide the requested data) do not meet the needs of the investigators or the restrictions placed by the court. Carnivore can be used to collect full content of communications under 18 U.S.C §§ 2510-2522 (ECPA) and 50 U.S.C §§ 1801-1846 (Foreign Intelligence Surveillance Act) or only address information (i.e., pen register) under 18 U.S.C §§ 3121-3127 and 50 U.S.C §§ 1841-1846 (pen registers and trap and trap devices for foreign intelligence purposes). Law enforcement agents follow a rigorous, detailed procedure to obtain court orders and surveillance is performed under the supervision of the court issuing the order. The Carnivore architecture comprises: (1) a one way tap into an Ethernet data stream; (2) a general purpose computer to filter and collect data; (3) additional general purpose computers to control the collection and examine the data; and (4) a telephone link to the collection computer. The collection computer is typically installed without a keyboard or monitor. Symantec’s PcAnywhere, allows the additional computers to control the collection computer via the telephone link. The link is protected by an electronic key such that only a computer with a matching key can connect. Carnivore software is typically loaded on the collection computer while Packeteer and Coolminer are installed on the control computers. When placed at an ISP, the collection computer receives all packets on the Ethernet segment to which it is connected and records packets or packet segments that match Carnivore filter settings. The one-way tap ensures that Carnivore cannot transmit data on the network, and the absence of an installed Internet protocol (IP) stack ensures that Carnivore cannot process any packets other than to filter and optionally record them. Carnivore can neither alter packets destined for other systems on the network nor initiate packets. In pen mode, the operator can see the TO and FROM email addresses and the IP addresses of computers involved in File Transfer Protocol (FTP) and Hypertext Transfer Protocol (HTTP) sessions. In full-collection mode, the operator can view the content of email messages, HTTP pages, FTP sessions, etc.

    Top

    System Administrators and Sniffer Software

    The legality of employing Sniffer software to protect ones’ email network has yet to be tested in Court. Crackers (evil hackers) utilize sniffer software to locate passwords, entry points into networks, etc. Network administrators utilize sniffer software, (commonly available brand names include EtherPeek, NAI Sniffer Portable, Win Sniffer 1.2, Analyzer v.2.02) to "sniff out" unusual or problematic activity on a network, including entry by crackers. Such software can be set to intercept any packet visible to the network interface card on which the software is installed and it can be set to capture only those packets transmitted to a particular IP or Ethernet address or all packets which utilize a particular protocol, such as IP, TCP/IP or IP/HTTP. After packets are captured, the user can cause the software to reconstruct the session and then examine the contents in a graphical display or display plain text in readable ASCII format.

    The first legal issue arises from the fact that 18 U.S.C. 2512 prohibits manufacture, assembly, possession or sale of "any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of surreptitious interception of wire or oral or electronic communications." The computer onto which the sniffer software is loaded may or may not qualify as such a "device". Also, both cracker and system administrator could argue that the software is primarily useful for analyzing the nature of packet traffic, such as size, type, and patterns of traffic, rather than inspecting the contents of the packets. It appears that this issue has yet to be litigated.

    The second legal issue arises from the fact that 18 U.S.C. 2511 prohibits the interception of wire or oral or electronic communications.Andersen Consulting might lead one to believe that use of sniffer software to view contents of email on a completely internal email system would be acceptable. However, Andersen Consulting interpreted 18 U.S.C. 2702, not 2511. § 2511(a) does not mention electronic communication service.Therefore, a complaining party would not need to prove that the system is open to the public. Further, 18 U.S.C. 2511(2)(a)(i) provides that:

      It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.

    If Andersen Consulting controls, the system administrator does not qualify for the protection of § 2511(2)(a)(i) inasmuch as his system is not open to the public.Therefore, § 2511(a) would seem to prohibit his interception of email, whether by sniffer software or otherwise, at least to the extent that such email qualifies as an "electronic communication", that is so long as it affects interstate commerce.

    18 U.S.C. § 2511(2)(d) permits interception of an "electronic communication" when the person intercepting same:

      (d) is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.

    To take advantage of this exception, computer networks frequently make use of computer banners that appear whenever a person logs onto the network. A banner is text which appears whenever a user attempts to enter a network from a designated point of entry known as a "port." Banners vary substantially in wording, but they usually inform the user that: (1) the user is on a private network; and (2) by proceeding, the user is consenting to all forms of monitoring. The following is an example:

      This computer network belongs to the Widget Corporation and may be used only by Widget Corporation employees and only for work-related purposes and subject to Widget Corporation policies and procedures. Any other use (including use in violation of Widget Corporation policies and procedures) of this network is unauthorized. The Widget Corporation reserves the right to monitor use of this network to ensure network security and to respond to specific allegations of employee and non-employee misuse. Use of this network shall constitute consent to monitoring for such purposes. In addition, the Widget Corporation reserves the right to consent to a valid law enforcement request to search the network for evidence of a crime stored within the network.

    Top

    Doubleclick Litigation

    The recent case of In Re Doubleclick, Inc. Privacy Litigation, 00 Civ. 0641 (S.D.N.Y., March 28, 2001), presented a creative attempt by Plaintiffs to extend the ECPA and Wiretap Act to use of "cookies". This consolidated multi-district class action litigation grew out of Doubleclick’s use of "cookies" on client websites. "Cookies" are programs which the site downloads to users’ computers to: 1. gather information regarding a user’s search engine query string; 2. gather user provided information; and 3. track user movement on a website. Whenever a user visits a site which has consented to Doubleclick’s presence, software loaded on the host server downloads the information collected by the "cookies" loaded onto the user’s computer. The Court dismissed the Plaintiffs’ action because:
    1. for purposes of § 2701(a), the conduct was authorized by the user of the electronic communications system (the website owners) for whom Plaintiff’s communication (the transmitted contents of the "cookies") was "intended";
    2. for purposes of § 2701(a), the cookies are not stored in "electronic storage" as it is defined (temporary intermediate storage or storage at an electronic communication service);
    3. for purposes of § 2511(a), Doubleclick and its client websites consented to the "interception" of Plaintiff’s "communications"; 4. for purposes of § 2511(a), the consensual purpose of Doubleclick’s actions was not "primarily criminal or tortious" - rather it was to assist the client sites and Doubleclick to make money.

    Computer Fraud and Abuse Act

    The Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, et. seq., (See Appendix A) prohibits trafficking in passwords and prohibits unauthorized access, by someone without authority or in excess of authority, to a computer (used in interstate commerce or to a government computer) for purposes of obtaining information, committing fraud or extortion, interfering with operation of the accessed computer, and prohibits knowingly causing a transmission which damages such a computer. This statute has been widely utilized by law enforcement agencies to punish crackers and purveyors of "worms" and "viruses". In addition to criminal penalties, the CFAA provides for compensatory damages, injunctive relief and other equitable relief. A growing list of cases provides an idea of the scope of prohibited actions.America Online, Inc. v. Christian Brothers (SDNY, December 9, 2000) (finding that sending spam caused violations of both (a)(5) and (a)(5)(C)); America Online, Inc. v. LCGM, 1998 US Dist. LEXIS 20144 (finding a spammer violated the CFAA); America Online, Inc. v. National Health Care Discount, Inc. 2000 WL 1724884 (N.D. Iowa Sept. 25, 2000) (sending unwanted email is "access" for purposes of CFAA and large volume of email impairs the availability of a computer system; also finding that scraping email addresses could violate (a)(2)(C)); Hotmail Corporation v. Van$ Money Pie Inc., 1998 WL 388389 (N.D. Cal., April 20, 1998) (a default judgment finding, among other things, that spamming with falsified return email addresses with the intention of causing bounced back emails and complaints to damage Hotmail Corporation was a violation of the Computer Fraud and Abuse Act); In re Intuit Privacy Litigation, 2001 WL 370081 (C.D. Cal. April 10, 2001) (dismissing a claim that placing cookies violates the CFAA); Register.com v. Verio (SDNY Dec. 8, 2000) (access by search robots could give rise to (a)(5)(C) and (a)(2) violation; Shurgard Storage Centers, Inc. v. Safeguard Self Storage, Inc. (W.D. Wash. 10/26/2000), 119 F. Supp. 2d 1121 (culprit acted "without authority" when, while still employed by the plaintiff, but acting as an agent for the defendant, he sent e-mails to the defendant containing various trade secrets and proprietary information belonging to the plaintiff. In the cited case of In Re Doubleclick, Inc. Privacy Litigation, 00 Civ. 0641 (S.D.N.Y., March 28, 2001), the Court noted that the CFAA’s prohibitions against obtaining information without authorization apply only to interstate or foreign communications, damages are limited to economic damages, such economic damage must exceed $5,000, and they must result from a single wrongful act. Further, the Court pointed out that there is no cost to disabling cookies inasmuch as most browser software allows cookies to be "turned off" and inasmuch as Doubleclick offers an "opt out" cookie for free download from its site.

    The Patriot Act of 2001 contains substantial amendments to the CFAA (§ 814)( See Appendix B). It reverses Doubleclick with regard to the requirement that the $5,000 damage threshold must be met by a single act; it increases criminal penalties; it clarifies that the term "loss" includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; it clarifies that "person" includes corporations and other entities; it permits recovery of damages in some situations without proof of economic damages; it includes among the actionable damages the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals; it provides that no action may be brought for the negligent design or manufacture of computer hardware, computer software, or firmware.

    Top

    Web Bugs

    Those who utilize "opt-in" email enjoy receiving relevant HTML content pushed to their computer on a regular basis. What they don’t know is that that content sometimes includes a "Web bug". Web bugs typically use Java Script, a programming language embedded in the HTML text, to collect certain information that allows a user’s movements online to be tracked. Such bugs are also contained in Web page HTML and software downloads. Among the information collected is the IP address of the computer in which the bug is installed, the URL of the page from which the bug is downloaded, and the time the page was viewed. The bug enables the collected information to be sent to its originator, such as at the time it is forwarded to other recipients.

    Unlike cookies, Web bugs are invisible. This gives rise to a host of privacy concerns, because the Web bug’s use is often not adequately disclosed. The undisclosed use of tracking technology to monitor or collect consumer information, or to share such information with third parties, can result in civil and criminal penalties. Recently, the US District Court for the Southern District of New York issued an important order in Specht v. Netscape Communications Corp., 00 Civ. 4871, 2001 U.S. Dist. LEXIS 9073 (S.D.N.Y. 7/3/01). The case involves Netscape’s "SmartDownload" software, which is intended to make it easier for its users to download files from the Internet without losing their interim progress if they lose their Internet connection. At the time of free download from the Netscape site, Plaintiffs were invited to "please review…the license agreement" which contained an arbitration clause (one Plaintiff downloaded the software from another site where the invitation to review the license agreement was not even present). The Court denied Netscape’s Motion to Compel arbitration, holding that there was no proof that the Plaintiffs had assented to the license agreement. More importantly, for purposes of this discussion, the Plaintiffs allege that the software transmits to Netscape private information about the user’s file transfer activity on the Internet, thereby effecting an electronic surveillance of the user’s activity in violation of ECPA and CFAA. It is hard to imagine that the placement of such bugs could result in $5,000 in economic damages required by the CFAA (though this may become easier to prove given the above-noted amendments contained in the Patriot Act of 2001). For purposes of 18 U.S.C. 2701(a) it may be that the transmission of the user information is authorized by the user of the electronic communications system (Netscape) for whom Plaintiff’s communication (the user information) was "intended". For purposes of § 2701(a), the bugs don’t seem to be stored in "electronic storage" as it is defined (temporary intermediate storage or storage at an electronic communication service). For purposes of § 2511(a), it would seem that one of the parties to the communication, Netscape, consented to the "interception" of Plaintiff’s "communications". Finally, for purposes of § 2511(a), the placement of the bugs does not seem to be "primarily criminal or tortious"—rather it was for some business purpose. Perhaps criminal or civil trespass or conversion would be more appropriate causes of action.

    Top

    Rights of ISP’s to Inspect and Disclose; Anonymous Posters

    At the time that users contract with their Internet Service Provider (ISP), they contractually agree that the ISP shall have the right to review and take certain actions with regard to the user’s data and transmissions. For example, AOL provides in its Screen Name Service Terms of Use:

      You acknowledge that AOL reserves the right at all times to disclose any information concerning your use of the Screen Name Service or Participating Sites and Services to comply with valid legal process such as a search warrant, subpoena or court order, or in special cases such as a physical threat to you or others. AOL also reserves the right to edit, refuse to post, or to remove any information, posting or material, in whole or in part, without any prior notification to you. AOL is not responsible for any failure or delay in removing such material.

      ....use of the content or materials available on the Screen Name Service for any purpose not expressly permitted in these Terms of Use is prohibited.

    Mindspring’sInternet Service Agreement provides:

      Monitoring the Services
      EarthLink has no obligation to monitor the Services, but may do so and disclose information regarding use of the Services for any reason if EarthLink, in its sole discretion, believes that it is reasonable to do so, including to: satisfy laws, regulations, or governmental or legal requests; operate the Services properly; or protect itself and its Members. Please see our Privacy Policy . EarthLink may immediately remove your material or information from EarthLink’s servers, in whole or in part, which EarthLink, in its sole and absolute discretion, determines to infringe another’s property rights or to violate our Acceptable use policy

    Mindspring’s Privacy Policy goes on to provide:

      Special Cases
      ....EarthLink may disclose personal information about Visitors or Members, or information regarding your use of the Services or Web sites accessible through our Services, for any reason if, in our sole discretion, we believe that it is reasonable to do so, including: to satisfy laws, such as the Electronic Communications Privacy Act, regulations, or governmental or legal requests for such information; to disclose information that is necessary to identify, contact, or bring legal action against someone who may be violating our Acceptable Use Policy or other user policies; to operate the Services properly; or to protect EarthLink and our Members.

    In 1998, AOL drew criticism when it admitted that it violated its own privacy policy by releasing information showing that a customer being investigated by the U.S. Navy was a homosexual.(See "AOL sides with anonymous posters" by Aaron Elstein, ZDNet News, WSJ Interactive Edition, March 5, 2001, http://www.zdnet.com/zdnn/stories/news/0,4586,2692564,00.html.)

    Recently, despite the fact that ISP’s have great latitude to make disclosure pursuant to the clauses quoted above, they have in fact taken on the role of privacy shield with regard to anonymous posters on ISP sponsored message boards. AOL, Yahoo! and other ISP’s are being deluged with subpoena’s issued in John Doe defamation actions being used by publicly traded corporations seeking to uncover the identities of those posters whose comments are particularly offensive, damaging or suspicious. In fact, representatives of AOL have stated that in Year 2000 they received over 475 subpoenas, a 40% increase over 1999. Id. AOL has argued that such suits can constitute an illegitimate use of the courts to silence and retaliate against speakers whose statements, while unpleasant from the standpoint of the Plaintiff, are not unlawful. Id. Yahoo! has told a California Superior Court that it receives thousands such subpoenas. (See "A Victory, of Sorts, for Spouting Off" by Jane Black, BusinessWeek online, July 20, 2001, http://www.businessweek.com/bwdaily/dnflash/jul2001/nf20010720_543.htm.)

    On July 11, 2001, the New Jersey Superior Court issued two opinions in cases in which Yahoo! challenged subpoenas for private information regarding posters. Dendrite International, Inc. v. John Doe No. 3, (Superior, N.J., July 11, 2001); Immunomedics, Inc. v. John Does 1-10, John Foe, A/K/A "bioledger," and John Foes 2-10 (Superior, N.J., July 11, 2001).In Dendrite, the Court quashed the subpoena and in Immunomedics, the Court denied the Motion to Quash Subpoena Duces Tecum. In analyzing the cases, the Court gave the following guidance:

      We offer the following guidelines to trial courts when faced with an application by a plaintiff for expedited discovery seeking an order compelling an ISP to honor a subpoena and disclose the identity of anonymous Internet posters who are sued for allegedly violating the rights of individuals, corporations or businesses. The trial court must consider and decide those applications by striking a balance between the well-established First Amendment right to speak anonymously, and the right of the plaintiff to protect its proprietary interests and reputation through the assertion of recognizable claims based on the actionable conduct of the anonymous, fictitiously-named defendants.

       We hold that when such an application is made, the trial court should first require the plaintiff to undertake efforts to notify the anonymous posters that they are the subject of a subpoena or application for an order of disclosure, and withhold action to afford the fictitiously-named defendants a reasonable opportunity to file and serve opposition to the application. These notification efforts should include posting a message of notification of the identity discovery request to the anonymous user on the ISP's pertinent message board. 

      The court shall also require the plaintiff to identify and set forth the exact statements purportedly made by each anonymous poster that plaintiff alleges constitutes actionable speech. 

      The complaint and all information provided to the court should be carefully reviewed to determine whether plaintiff has set forth a prima facie cause of action against the fictitiously-named anonymous defendants. In addition to establishing that its action can withstand a motion to dismiss for failure to state a claim upon which relief can be granted pursuant to R. 4:6-2(f), the plaintiff must produce sufficient evidence supporting each element of its cause of action, on a prima facie basis, prior to a court ordering the disclosure of the identity of the unnamed defendant. 

      Finally, assuming the court concludes that the plaintiff has presented a prima facie cause of action, the court must balance the defendant's First Amendment right of anonymous free speech against the strength of the prima facie case presented and the necessity for the disclosure of the anonymous defendant's identity to allow the plaintiff to properly proceed. 

      The application of these procedures and standards must be undertaken and analyzed on a case-by-case basis. The guiding principle is a result based on a meaningful analysis and a proper balancing of the equities and rights at issue.

    Applying this methodology to both cases, the Court quashed the subpoena requested by Dendrite due to its failure to offer evidence establishing that the poster’s statements sufficiently harmed Dendrite. The Court refused to quash the subpoena requested by Immunomedics because the poster identified herself as an employee, and the suit alleged harm resulting from disclosures of confidential information contained in the postings.

    Similar analysis was utilized by the Virginia Supreme Court in America Online, Inc. V. Anonymous Publicly Traded Company, (March 2, 2001) 2001 Va. LEXIS 38; 29 Media L. Rep. 1442. In that case, the Virginia Supreme Court held that AOL would not have to respond to a subpoena issued by an Indiana Court in a defamation suit on behalf of Plaintiff anonymous publicly traded corporation against an anonymous defendant, "John Doe." The court stated that a court might allow a party to proceed anonymously only upon showing of special circumstances when a party's need for anonymity outweighs the public's interest in knowing the party's identity and outweighs the prejudice to the opposing party. The Court found the Plaintiff’s allegations of potential economic harm to be conclusory.

    Some litigants who have sought to prevent disclosure of their private information have alleged that disclosures would violate the Electronic Communications Privacy Act (ECPA)(which is further discussed below. In Jessup-Morgan v. America Online, Inc., 20 F.Supp.2d 1105 (E.D. Mich 1998) the Plaintiff alleged that AOL violated the ECPA when her identity was divulged to her husband’s ex-wife, pursuant to subpoena, when the ex-wife attempted to learn who had been posting sexual solicitations under her name on an AOL message board. The Court analyzed these allegations as follows:

      The prohibitions of the Electronic Communication Privacy Act (ECPA), 18 U.S.C. §§ 2701 et seq., are inapplicable. The ECPA prohibits disclosure of the contents of an electronic communication to any person or entity (18 U.S.C. § 2702) or to the government (18 U.S.C. § 2703) without first meeting certain restrictions. 18 U.S.C. § 2711 states that the definitions in 18 U.S.C. § 2510 apply to the ECPA’s provisions. 18 U.S.C. § 2510 states that "‘contents’, when used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication," [not information concerning the identity of the author of the communication]. 18 U.S.C. § 25 10(8). The "content" of a communication is not at issue in this case. Disclosure of information identifying an AOL electronic communication account customer is at issue. In 18 U.S.C. § 2703(c)(1)(C) this identifying information is specifically acknowledged as separate from the "content" of electronic communications. The ECPA actually authorizes AOL’s disclosure:

      Except as provided in subparagraph (B), a provider of electronic communication service or remote computing service may disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a) or (b) of this section) to any person other than a governmental entity.

      18 U.S.C. 2703(c)(1)(A) (emphasis added) (subsections (a) and (b) do not apply to the AOL disclosure). AOL made the disclosure, not to the public, but to a private individual, Barbara Smith’s attorney, pursuant to a properly executed subpoena. Because the prohibitions of the ECPA do not apply to the AOL disclosure in this case, Jessup’s claim that AOL violated the Electronic Communication Privacy Act fails, and AOL is entitled to dismissal of this claim because of her failure to state a claim upon which relief can be granted. FED. R. Civ. P.1 2(b)(6).

    AOL has posts the following language on its site:

      AOL’s Terms of Service provide that AOL will release account information or information sufficient to identify a member "only to comply with valid legal process such as a search warrant, subpoena or court order . . ." Thus, if you seek such identity or account information in connection with a civil legal matter, you must serve AOL with a valid subpoena.

      AOL is headquartered in Loudoun County, Virginia and subject to the jurisdiction of Loudoun County Circuit Court and the United States District Court for the Eastern District of Virginia. For applicable requirements governing the issuance of subpoenas in these jurisdictions, please consult Va. Code Ann. § 8.01-411and Virginia Supreme Court Rules 4:9(c) and/or Rule 45 of the Federal Rules of Civil Procedure.

      Upon receipt of a valid subpoena, it is AOL’s policy to promptly notify the Member(s) whose information is sought. In non-emergency circumstances, AOL will not produce the subpoenaed Member identity information until approximately two weeks after receipt of the subpoena, so that the Member whose information is sought will have adequate opportunity to move to quash the subpoena in court. AOL invoices for costs associated with subpoena compliance. We charge $75.00 per hour for research, $14.00 per Federal Express and 25 cents per copy. Subpoenas should be directed to:

      AOL Custodian of Records
      22000 AOL Way
      Dulles, VA, 20166

      Please be advised that the Electronic Communications Privacy Act; 18 U.S.C. §2701 et seq., prohibits an electronic communications service provider from producing the contents of electronic communications, even pursuant to subpoena or court order, except in limited circumstances. Further, AOL’s e-mail system retains e-mail for a period of only approximately two days after the e-mail has been read. After that time, the e-mail is automatically deleted. Unread and sent e-mail is preserved on our system for approximately 28 days. If a member deletes any e-mail, that e-mail is automatically deleted after 24 hours from the AOL systems. Finally, AOL does not retain the contents of chat room or instant message communications, nor does it store information about member Internet usage or websites visited.

      Finally, it is AOL’s policy to release information sufficient to identify an AOL member only where the party seeking the information has filed a legal action that implicates the AOL member in some legally cognizable impropriety or wrongdoing. AOL requests a copy of the complaint and any supporting documentation to indicate how the AOL e-mail address is related to the pending litigation.

    The policy statement raises the question, "when does the ECPA prohibit disclosure pursuant to subpoena? That issue was addressed in Federal Trade Commission v. Netscape Communications Corp., No. CV-00-00026 (N.D.Cal. 04/24/2000). In that case, the FTC filed a civil action in the United States District Court for the Eastern District of Virginia against various defendants, alleging violations of 15 U.S.C. § 45(a), the FTC unfair competition statute. Netscape was not a defendant in that action. The FTC issued a discovery subpoena as part of pre-trial discovery to uncover documents indicating personal information relating to the identity of certain individuals. The Court held that the FTC’s subpoena was barred by 18 U.S.C. § 2703(c)(1)(C), part of the ECPA, which allows an "electronic communication provider" to honor only trial subpoenas and not pre-trial discovery subpoenas.

    In light of the amendments contained in the Patriot Act of 2001, AOL’s policy may soon be amended to provide that disclosure may be voluntarily made to a governmental entity, especially if AOL reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information.

    Finally, in criminal cases, Courts have generally ruled against criminal defendant ISP customers who have attempted to block government access to their account information and against those who attempt to exclude evidence gathered from ISP’s pursuant to warrants. Courts generally find that the defendants have "no reasonable expectation of privacy." See United States v. Kennedy,  No. 99-10105-01 (D. Kan. Jan. 3, 2000)(ISP customer with child pornography on his web site hosted by Road Runner did not have a reasonable expectation of privacy in the information he gave when subscribing to the ISP, Road Runner). United States v. Hambrick   55 F. Supp. 2d 504 (W.D. Va.1999). (Government investigator in sting operation obtained personal information about defendant from ISP based on warrant that was later admitted to be defective. The court held that a valid warrant was not required due to the lack of expectation of privacy, and that the ISP was not subject to civil liability under the Electronic Communications Privacy Act because it acted pursuant to a warrant it believed to be valid at the time).But, see Steve Jackson Games v. U.S. Secret Service, 816 F.Supp. 432 (W.D.Tex. 1993), aff'd, 36 F.3d 457 (5thCir. 1994) (where four plaintiffs claimed that the Secret Service had read and deleted their private e-mail, without their consent, Court found the Secret Service intentionally seized and read communications and thereafter deleted or destroyed some of them either intentionally or accidentally, finding Secret Service liable under the ECPA, 18 U.S.C. 2701, awarding statutory damages of $ 1000 per plaintiff plus $195,000 in attorneys' fees and approximately $ 57,000 in costs to plaintiffs).

    Top

    May An Employer Read Employee Email?

    Employers are increasingly concerned that they may become exposed to civil liability or criminal charges associated with employee misuse of email—e.g., importation of viruses and worms, transmission of pornography, defamation, discriminatory statements, trade secrets, etc. Employers typically seek to reduce the chance of potential abuse by periodically monitoring employee use of email and the Internet. Further, upon termination of employment, employers often audit and collect information from employee email accounts and continue to receive, respond to and dispose of email which continues to arrive after the employee is terminated.

    The tort most relevant to e-mail interception by employers is unreasonable intrusion upon the seclusion of another. Liability under this tort does not require that the information acquired be publicized or used by the employer. Restatement (Second) of Torts, Comment a. However, to establish the tort, the intrusion must be highly offensive to a reasonable person. Courts generally consider electronic surveillance, such as telephone monitoring, an "intrusion" sufficient to establish that element of the tort. Courts generally consider electronic surveillance, such as telephone monitoring, an "intrusion" sufficient to establish that element of the tort. See, e.g., Billings v. Atkinson, 489 S.W.2d 858 (Tex. 1973); Nader v. General Motors Corp., 255 N.E.2d 765 (N.Y. 1970) (telephone wiretapping). In determining the offensiveness of the intrusion, courts examine "the degree of intrusion, the context, conduct and circumstances surrounding the intrusion, as well as the intruder's motives and objectives, the setting into which he intrudes, and the expectations of those whose privacy is invaded. See Miller v. National Broadcasting Co., 232 Cal. Rptr. 668, 679 (Cal. Ct. App. 1986). While express or implied consent is one defense to liability, the mere good faith belief that consent has been given is normally not a defense.

    In deciding whether an intrusion invades a private matter, courts require both that the employee have a subjective expectation of privacy and that the expectation be objectively reasonable. State courts responding to such tort claims have generally attempted to balance an employee's reasonable expectation of privacy against the employer's business justification for monitoring. Thus, the critical issues to examine when determining employer tort liability for monitoring or intercepting employee e-mail messages are: (1) does the plaintiff have a reasonable expectation of privacy and, if so, (2) was there a legitimate business justification for the intrusion sufficient to override that privacy expectation.

    The most frequently cited early case to address the privacy rights of employees with respect to e-mail messages applied Pennsylvania state law. Smyth v. The Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996). The plaintiff, Michael A. Smyth, exchanged e-mails with his supervisor which contained offensive references including threats to kill the company's sales management and references to the holiday party as the "Jim Jones Koolaid affair." Company executives terminated Smyth for "inappropriate and unprofessional comments over Defendant's e-mail system."Plaintiff filed a wrongful discharge action alleging that the employer's conduct violated Pennsylvania's public policy protecting his right of privacy. The court found that: 1. there is no reasonable expectation of privacy in e-mail communications voluntarily made to a supervisor over a company-wide e-mail system despite the fact that the employer assured the plaintiff that the e-mail messages would not be intercepted by management; 2. even if there was a reasonable expectation of privacy, a reasonable person would not consider the employer's interception to be a substantial and highly offensive intrusion upon seclusion; 3. the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighed any privacy interest the employee may have had in his comments.

    Subsequent significant cases include:

    Bourke v. Nissan Motor Corp., No. BO68705 (Cal.Ct. App. July 26, 1993) (unreported decision), (Defendant employee, conducting training seminar about the use of its e-mail system, randomly accessed an e-mail message written by the plaintiff, which contained information of a personal, sexual nature, leading to review of other employee email, leading to reprimands and terminations. Plaintiffs sued Nissan for invasion of privacy, violation of criminal wiretapping statutes, and wrongful discharge. Court found that Plaintiffs had no reasonable expectation of privacy in their e-mail messages because they had signed a waiver stating that it was company policy that employees restrict their use of company-owned computer hardware and software to company business, and because many months before their terminations, Plaintiffs had learned that their e-mail messages were periodically read by employees other than the intended recipients, despite fact that plaintiffs were given passwords.)

    Wesley College v. Pitts 974 F.Supp. 375, (D.Del. 1997) Inadvertent glimpse of email message displayed on a computer screen did not rise to the level of an "interception" as contemplated by the Electronic Communications Privacy Act. Further, under ECPA, where an unknown person makes a copy of e-mail and gives it away, other people who do not provide an electronic communication service can lawfully further distributions of copies of that private e-mail.

    McLaren v. Microsoft Corp , No. 05-97-00824-CV (Texas Ct. App., May 28, 1999). Although employee used private password to encrypt email messages stored on office computer, this did not create reasonable expectation of privacy that would prevent company from decrypting and viewing files. Email account and workstation to use it were provided for business, not personal, use, and company had legitimate access to data stored there.

    Fraser v. Nationwide Mutual Insurance Co. E.D. Pa., No. 98-CV-6726, 3/27/01. Plaintiff independent insurance agent, alleged that Nationwide intercepted his email communication in violation of  the Federal Wiretap Act, 18 U.S.C. § 2511 and the Pennsylvania Wiretap Act, 18 Pa.C.S. § 5702 et seq. and that Nationwide unlawfully accessed Fraser's e-mail from storage, in violation of the federal and state Stored Communications Acts, 18 U.S.C. § 2701 et seq. , and 18 Pa.C.S. § 5741. The court found that no interception had taken place for the purpose of the Wiretap Act, because the retrieval of a message from storage after transmission is not an "interception." The Stored Communications act prohibits unauthorized access to an electronic communication while in electronic storage. Electronic storage means temporary storage incidental to the electronic transfer or storage by an electronic communications server kept for the purpose of backup. Therefore retrieval of a message from storage after transmission is not illegal under the Act.  

    Top

    Public Employers

    Courts often find that public employees lack a reasonable expectation of privacy. In United States v. Simons , 206 F.3d 392 (4th Cir. 2000), a government employee was charged with violating federal laws against possession of child pornography. The employing agency identified incriminating documents on his computer. The court held that the employee did not have a reasonable expectation of privacy as to the fruits of his Internet use where the agency had notified employees of limitations and a policy of periodic audits to ensure compliance. Other courts have agreed with the approach articulated in Simons and have held that banners and policies generally eliminate a reasonable expectation of privacy in contents stored in a government employee’s network account. See Wasson v. Sonoma County Junior College, 4 F. Supp.2d 893, 905-06 (N.D. Cal. 1997) (holding that public employer’s computer policy giving the employer "the right to access all information stored on [the employer’s] computers" defeats an employee’s reasonable expectation of privacy in files stored on employer’s computers); Bohach v. City of Reno, 932 F. Supp. 1232, 1235 (D. Nev. 1996) (holding that police officers did not retain a reasonable expectation of privacy in their use of a pager system, in part because the Chief of Police had issued an order announcing that all messages would be logged); United States v. Monroe, 52 M.J. 326 (C.A.A.F. 2000) (holding that Air Force sergeant did not have a reasonable expectation of privacy in his government e-mail account because e-mail use was reserved for official business and network banner informed each user upon logging on to the network that use was subject to monitoring). But see DeMaine v. Samuels, 2000 WL 1658586, at *7 (D. Conn. 2000) (suggesting that the existence of an employment manual explicitly authorizing searches "weighs heavily" in the determination of whether a government employee retained a reasonable expectation of privacy at work, but "does not, on its own, dispose of the question").

    Typically, a warrant must be obtained before a public agency can conduct a search that violates an individual’s reasonable expectation of privacy.  Public employers, however, present a special case.  In O’Connor v. Ortega, 480 U.S. 709 (1987), the Supreme Court held that a public employer may conduct a workplace search that violates a public employee’s reasonable expectation of privacy so long as the search is "reasonable."  The Court reasoned that the need for government officials to pursue legitimate non-law-enforcement aims justifies a relaxing of the warrant requirement because "the burden of obtaining a warrant is likely to frustrate the [non-law-enforcement] governmental purpose behind the search." O’Connor, 480 U.S. at 720 (quoting Camara v. Municipal Court, 387 U.S. 523, 533 (1967)).

    According to O’Connor, a warrantless search must satisfy two requirements to qualify as "reasonable."  First, the employer or his agents must participate in the search for a work-related reason, rather than merely to obtain evidence for use in criminal proceedings. Second, the search must be justified at its inception and permissible in its scope. The first element of O’Connor’s reasonableness test limits the O’Connor exception to circumstances in which the government actors who conduct the search act in their capacity as employers, rather than law enforcers.  The Court specified two such circumstances. First, the Court concluded that public employers can conduct reasonable work-related noninvestigatory intrusions, such as entering an employee’s office to retrieve a file or report while the employee is out.  See id.  at 722 (plurality); Id. at 732 (Scalia, J., concurring).  Second, the Court concluded that employers can conduct reasonable investigations into an employee’s work-related misconduct, such as entering an employee’s office to investigate employee misfeasance that threatens the efficient and proper operation of the office. See id. at 724 (plurality); Id. at 732 (Scalia, J., concurring).

    In general, the presence and involvement of law enforcement officers will not invalidate the search so long as the employer or his agent participates in the search for legitimate work-related reasons. See, e.g., Gossmeyer v. McDonald, 128 F.3d 481, 492 (7th Cir. 1997) (presence of law enforcement officers in team searching for evidence of work-related misconduct did not invalidate search); Taketa, 923 F.2d at 674 (search of DEA office space by DEA agents investigating allegations of illegal wiretapping "was an internal investigation directed at uncovering work-related employee misconduct."). Shields v. Burge, 874 F.2d 1201, 1202-05 (7th Cir. 1989) (internal affairs investigation of a police sergeant appropriate despite parallel criminal investigation); Ross v. Hinton, 740 F. Supp. 451, 458 (S.D. Ohio 1990) (concluding that a public employer’s discussions with law enforcement officer concerning employee’s alleged criminal misconduct, culminating in officer’s advice to "secure" the employee’s files, did not transform employer’s subsequent search of employee’s office into a law enforcement search).

    It appears that the identity of the person conducting the search will play a major role in a Court’s determination as to whether a search has a work related purpose. For example, in United States v. Simons, 206 F.3d 392, 400 (4th Cir. 2000), the Fourth Circuit concluded that O’Connor authorized the search of a government employee’s office by his supervisor even though the dominant purpose of the search was to uncover evidence of a crime.  ("[The employer] did not lose its special need for the efficient and proper operation of the workplace merely because the evidence obtained was evidence of a crime.") (internal quotations and citations omitted).  On the other hand, the Court in Rossi v. Town of Pelham, 35 F. Supp.2d 58 (D.N.H. 1997) held that the O’Connor exception did not apply when a government employer sent a uniformed police officer to an employee’s office, even though the purpose of the police officer’s presence was entirely work-related.

    To be "reasonable" under the Fourth Amendment, a work-related employer search of the type endorsed in O’Connor must also be both "justified at its inception," and "permissible in its scope."  O’Connor, 480 U.S. at 726 (plurality).  A search will be justified at its inception "when there are reasonable grounds for suspecting that the search will turn up evidence that the employee is guilty of work-related misconduct, or that the search is necessary for a noninvestigatory work-related purpose." Id.  A search will be "permissible in its scope" when "the measures adopted are reasonably related to the objectives of the search and [are] not excessively intrusive in light of the nature of the misconduct."  O’Connor, 480 U.S. at 726 (plurality) (internal quotations omitted).   

    Although public employers may search employees’ workplaces without a warrant for work-related reasons, public employers acting in their official capacity generally cannot consent to a law enforcement search of their employees’ offices. See United States v. Blok, 188 F.2d 1019, 1021 (D.C. Cir. 1951) (concluding that a government supervisor cannot consent to a law enforcement search of a government employee’s desk); Taketa, 923 F.2d at 673; Kahan, 350 F. Supp. at 791.  The rationale for this result is that the Fourth Amendment cannot permit one government official to consent to a search by another. Therefore, law enforcement searches conducted pursuant to a public employer’s consent must be evaluated under O’Connor rather than the third-party consent rules of Matlock. The question in such cases is not whether the public employer had common authority to consent to the search, but rather whether the combined law enforcement and employer search satisfied the Fourth Amendment standards of O’Connor v. Ortega.

    Top

    Email and Internet Use Policies

    In light of the foregoing discussion of common law tort of non-consensual intrusion upon seclusion, the ECPA, the CFAA, and the Fourth Amendment, employer’s counsel should be convinced of the need for clear email and Internet use policies. For maximum protection of the employer, such policies must: notify users of employer monitoring; restrict usage to business purposes; prohibit solicitation (including, but not limited, to those that solicit for personal business ventures, religious or other personal causes); define misuse (gambling, transmitting derogatory, abusive, offensive, demeaning or disruptive statements, defamation, discriminatory statements, sexual harassment, propagation of pornography, transmission of jokes, cartoons, chain e-mails, and spam); inform employees that misuse is prohibited and can be the basis for discipline, including dismissal; inform users that any and all communications may be turned over to law enforcement agencies; prohibit third party access; notify all users that the email system is owned by the business, and that nothing stored on, or transmitted by, the system will be considered confidential or private, even if protected by password or encryption, except when such confidentiality is for the benefit of the corporation. Employees should be told to treat e-mail messages as they would postcards or shared paper documents and, as such, the e-mail messages should not include any information or statements that they would mind having a third party read or have read in open court. Further, the network should bear a banner of the sort described in the discussion of the CFAA and employees should be required to sign a statement (which re-states the policy) acknowledging receipt of the policy.

    On the other hand, employers should also consider that draconian policies sometimes reduce productivity. Preventing employees from shopping on Amazon from the office during the Holiday season may result in the employee missing half a day of work. Network administrator access to a CEO’s email or that of a sitting federal judge may reduce security. Therefore, each employer and network must consider the special needs of its users when establishing policies and consider utilizing technical tools such as encryption and extraordinary procedures for monitoring of highly sensitive email.

    On the other hand, all employees should be admonished not to engage in illegal copying of copyright protected works, or making available copies of such works. They should be cautioned to observe copyright and licensing agreements that may apply to files, documents and software they wish to download. They should also be required to obtain approval from the employer’s supervisory personnel before downloading any materials for which a registration fee is requested. They should be informed that software containing encryption functionality must not be placed on the Internet for downloading outside the United States, because United States export control laws closely regulate such software; users are to comply with all laws and government regulations.

    In practice, the employer should utilize the least intrusive means of monitoring and limit monitoring to that needed to protect the employer’s business purposes. Another purpose of such policies is to protect the intellectual property and trade secrets of the employer. Therefore, it is good practice to inform employees that: deleting email does not eliminate the message from the system; email attachments sometimes include prior revisions of documents, which may reveal secrets or embarrassing detail; highly confidential, sensitive or otherwise proprietary information should not be sent by email without appropriate encryption; users may not, without specific authority from the Chief Information Officer, establish ports for entry into Employer’s systems; when using any computer attached to the employer network, users should not access the Internet except through an employer-approved Internet Firewall and they should not access the Internet directly, whether through a modem or through another service provider, unless their accessing computer is disconnected from all employer networks; all files downloaded from the Internet must be checked for possible viruses; files (other than brand new programs from approved vendors) contained on some other media, such as diskette, CD, zip disk, etc. must be downloaded by appropriately trained representatives of the CIO.

    Top

    APPENDIX A

    COMPUTER FRAUD AND ABUSE ACT

    TITLE 18 UNITED STATES CODE

    Sec. 1030. Fraud and related activity in connection with computers

    1. Whoever -

      1. having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

      2. intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains -

        1. information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
        2. information from any department or agency of the United States; or
        3. information from any protected computer if the conduct involved an interstate or foreign communication;

      3. intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;

      4. knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

        1. knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

        2. intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

        3. intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage;

      5. knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if -

        1. such trafficking affects interstate or foreign commerce; or

        2. such computer is used by or for the Government of the United States; [1]

      6. with intent to extort from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section.

    2. Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section.

    3. The punishment for an offense under subsection (a) or (b) of this section is -


        1. a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and
        2. a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph;

        1. a fine under this title or imprisonment for not more than one year, or both, in the case of an offense under subsection (a)(2), (a)(3), (a)(5)(C), or (a)(6) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and [2]

        2. a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(2), if -

          1. the offense was committed for purposes of commercial advantage or private financial gain;
          2. the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or
          3. the value of the information obtained exceeds $5,000; [3]

        3. a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (3)(A) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4), (a)(5)(A), (a)(5)(B), or (a)(7) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4), (a)(5)(A), (a)(5)(B), (a)(5)(C), or (a)(7) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and [4]

        4. The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate offenses under subsections (a)(2)(A), (a)(2)(B),

            () The United States Secret Service shall, in addition to any of the United States Secret Service shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General.

        5. As used in this section -                        

          1. the term ''computer'' means an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device;

          2. the term ''protected computer'' means a computer -

            1. exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or

            2. which is used in interstate or foreign commerce or communication;

          3. the term ''State'' includes the District of Columbia, the Commonwealth of Puerto Rico, and any other commonwealth, possession or territory of the United States;

          4. the term ''financial institution'' means -

            1. an institution, with deposits insured by the Federal Deposit Insurance Corporation;

            2. the Federal Reserve or a member of the Federal Reserve including any Federal Reserve Bank;

            3. a credit union with accounts insured by the National Credit Union Administration;

            4. a member of the Federal home loan bank system and any home loan bank;

            5. any institution of the Farm Credit System under the Farm Credit Act of 1971;

            6. a broker-dealer registered with the Securities and Exchange Commission pursuant to section 15 of the Securities Exchange Act of 1934;

            7. the Securities Investor Protection Corporation;

            8. a branch or agency of a foreign bank (as such terms are defined in paragraphs (1) and (3) of section 1(b) of the International Banking Act of 1978); and
            9. an organization operating under section 25 or section 25(a) [5] of the Federal Reserve Act. [6]

          5. the term ''financial record'' means information derived from any record held by a financial institution pertaining to a customer's relationship with the financial institution;

          6. the term ''exceeds authorized access'' means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;

          7. the term ''department of the United States'' means the legislative or judicial branch of the Government or one of the executive departments enumerated in section 101 of title 5; and [7]

          8. the term ''damage'' means any impairment to the integrity or availability of data, a program, a system, or information, that -

            1. causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals;

            2. modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals;

            3. causes physical injury to any person; or

            4. threatens public health or safety; and

          9. the term ''government entity'' includes the Government of the United States, any State or political subdivision of the United States, any foreign country, and any state, province, municipality, or other political subdivision of a foreign country.

        6. This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.

        7. Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. Damages for violations involving damage as defined in subsection (e)(8)(A) are limited to economic damages. No action may be brought under this subsection unless such action is begun within 2 years of the date of the act complained of or the date of the discovery of the damage.

        8. The Attorney General and the Secretary of the Treasury shall report to the Congress annually, during the first 3 years following the date of the enactment of this subsection, concerning investigations and prosecutions under subsection (a)(5).


        Footnotes

        [1] So in original. Probably should be followed by ''or''.
        [2] So in original. The word ''and'' probably should not appear.
        [3] So in original. Probably should be followed by ''and''.
        [4] So in original. The ''; and'' probably should be a period.
        [5] See References in Text note below.
        [6] So in original. The period probably should be a semicolon.
        [7] So in original. The word ''and'' probably should not appear.


        Top

    APPENDIX B

    Amendments to Computer Fraud and Abuse Act in Patriot Act of 2001

    1. CLARIFICATION OF PROTECTION OF PROTECTED COMPUTERS- Section 1030(a)(5) of title 18, United States Code, is amended--

      1. by inserting '(i)' after (A),

      2. by redesignating subparagraphs (B) and (C) as clauses (ii) and (iii), respectively;

      3. by adding 'and' at the end of clause (iii), as so redesignated; and

      4. by adding at the end the following:

        (B) caused (or, in the case of an attempted offense, would, if completed, have caused) conduct described in in clause (i), (ii), or (iii) of subparagraph (A) that resulted in--

      1. loss to 1 or more persons during any 1-year period (including loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;

      2. the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;

      3. physical injury to any person;

      4. a threat to public health or safety; or

      5. damage affecting a computer system used by or for a Government entity in furtherance of the ministration of justice, national defense, or national security;'.

    2. PENALTIES- Section 1030(c) of title 18, United States Code is amended--

      1. in paragraph (2)--

        1. in subparagraph (A) --

          1. by inserting 'except as provided in subparagraph (B),' before 'a fine';

          2. ) by striking '(a)(5)(C)' and inserting '(a)(5)(A)(iii)'; and

          3. by striking 'and' at the end;

        2. in subparagraph (B), by inserting 'or an attempt to commit an offense punishable under this subparagraph,' after 'subsection (a)(2),' in the matter preceding clause (i); and

        3. in subparagraph (C), by striking 'and' at the end;

      2. in paragraph (3)--

        1. by striking ', (a)(5)(A), (a)(5)(B),' both places it appears; and

        2. by striking 'and' at the end; and

      3. by striking '(a)(5)(C)' and inserting '(a)(5)(A)(iii)'; and

      4. by adding at the end the following new paragraphs:

        1. a fine under this title, imprisonment for not more than 10 years, or both, in the case of an offense under subsection (a)(5)(A)(i), or an attempt to commit an offense punishable under that subsection;

        2. a fine under this title, imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(5)(A)(ii), or an attempt to commit an offense punishable under that subsection;

        3. a fine under this title, imprisonment for not more than 20 years, or both, in the case of an offense under subsection (a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to commit an offense punishable under either subsection, that occurs after a conviction for another offense under this section.'.

    3. DEFINITIONS- Subsection (e) of section 1030 of title 18, United States Code is amended--

      1. in paragraph (2)(B), by inserting ', including a computer located outside the United States' before the semicolon;

      2. in paragraph (7), by striking 'and' at the end;

      3. by striking paragraph (8) and inserting the following new paragraph (8):

        (8) the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information

      4. in paragraph (9), by striking the period at the end and inserting a semicolon; and

      5. by adding at the end the following new paragraphs:

        (10) the term 'conviction' shall include a conviction under the law of any State for a crime punishable by imprisonment for more than 1 year, an element of which is unauthorized access, or exceeding authorized access, to a computer;

        (11) the term 'loss' includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service;

        (12) the term `person' means any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity;'.

    4. DAMAGES IN CIVIL ACTIONS- Subsection (g) of section 1030 of title 18, United States Code is amended--

      1. by striking the second sentence and inserting the following new sentences: `A suit for a violation of subsection (a)(5) may be brought only if the conduct involves one of the factors enumerated in subsection (a)(5)(B). Damages for a violation involving only conduct described in subsection (a)(5)(B)(i) are limited to economic damages.'; and

      2. by adding at the end the following: `No action may be brought under this subsection for the negligent design or manufacture of computer hardware, computer software, or firmware.'.

    5. AMENDMENT OF SENTENCING GUIDELINES RELATING TO CERTAIN COMPUTER FRAUD AND ABUSE- Pursuant to its authority under section 994(p) of title 28, United States Code, the United States Sentencing Commission shall amend the Federal sentencing guidelines to ensure that any individual convicted of a violation of section 1030 of title 18, United States Code, can be subjected to appropriate penalties, without regard to any mandatory minimum term of imprisonment.

    Top

    14. APPENDIX C

    TITLE 18 UNITED STATES CODE

    CHAPTER 119 - WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS

    Sec. 2510. Definitions 

    As used in this chapter -

    1. ''wire communication'' means any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception (including the use of such connection in a switching station) furnished or operated by any person engaged in providing or operating such facilities for the transmission of interstate or foreign communications or communications affecting interstate or foreign commerce and such term includes any electronic storage of such communication;

    2. ''oral communication'' means any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation, but such term does not include any electronic communication;

    3. ''State'' means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States;

    4. ''intercept'' means the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.

    5. ''electronic, mechanical, or other device'' means any device or apparatus which can be used to intercept a wire, oral, or electronic communication other than -

      1. any telephone or telegraph instrument, equipment or facility, or any component thereof, (i) furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business or furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business; or (ii) being used by a provider of wire or electronic communication service in the ordinary course of its business, or by an investigative or law enforcement officer in the ordinary course of his duties;

      2. a hearing aid or similar device being used to correct subnormal hearing to not better than normal;

    6. ''person'' means any employee, or agent of the United States or any State or political subdivision thereof, and any individual, partnership, association, joint stock company, trust, or corporation;

    7. ''Investigative or law enforcement officer'' means any officer of the United States or of a State or political subdivision thereof, who is empowered by law to conduct investigations of or to make arrests for offenses enumerated in this chapter, and any attorney authorized by law to prosecute or participate in the prosecution of such offenses;

    8. ''contents'', when used with respect to any wire, oral, or electronic communication, includes any information concerning the substance, purport, or meaning of that communication;

    9. ''Judge of competent jurisdiction'' means -

      1. a judge of a United States district court or a United States court of appeals; and
      2. a judge of any court of general criminal jurisdiction of a State who is authorized by a statute of that State to enter orders authorizing interceptions of wire, oral, or electronic communications;

    10. ''communication common carrier'' shall have the same meaning which is given the term ''common carrier'' by section 153(h) [1] of title 47 of the United States Code;

    11. ''aggrieved person'' means a person who was a party to any intercepted wire, oral, or electronic communication or a person against whom the interception was directed;

    12. ''electronic communication'' means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include -

      1. any wire or oral communication;

      2. any communication made through a tone-only paging device;

      3. any communication from a tracking device (as defined in section 3117 of this title); or

      4. electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds;

    13. ''user'' means any person or entity who -

      1. uses an electronic communication service; and
      2. is duly authorized by the provider of such service to engage in such use;

    14. ''electronic communications system'' means any wire, radio, electromagnetic, photooptical or photoelectronic facilities for the transmission of electronic communications, and any computer facilities or related electronic equipment for the electronic storage of such communications;

    15. ''electronic communication service'' means any service which provides to users thereof the ability to send or receive wire or electronic communications;

    16. ''readily accessible to the general public'' means, with respect to a radio communication, that such communication is not -

      1. scrambled or encrypted;

      2. transmitted using modulation techniques whose essential parameters have been withheld from the public with the intention of preserving the privacy of such communication;

      3. carried on a subcarrier or other signal subsidiary to a radio transmission;

      4. transmitted over a communication system provided by a common carrier, unless the communication is a tone only paging system communication; or

      5. transmitted on frequencies allocated under part 25, subpart D, E, or F of part 74, or part 94 of the Rules of the Federal Communications Commission, unless, in the case of a communication transmitted on a frequency allocated under part 74 that is not exclusively allocated to broadcast auxiliary services, the communication is a two-way voice communication by radio;

    17. ''electronic storage'' means -

      1. any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
      2. any storage of such communication by an electronic communication service for purposes of backup protection of such communication; and
    18. ''aural transfer'' means a transfer containing the human voice at any point between and including the point of origin and the point of reception.

    Sec. 2511. Interception and disclosure of wire, oral, or electronic communications prohibited 

    1. Except as otherwise specifically provided in this chapter any person who -

      1. intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;

      2. intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication when -

        1. such device is affixed to, or otherwise transmits a signal through, a wire, cable, or other like connection used in wire communication; or

        2. such device transmits communications by radio, or interferes with the transmission of such communication; or

        3. such person knows, or has reason to know, that such device or any component thereof has been sent through the mail or transported in interstate or foreign commerce; or

        4. such use or endeavor to use (A) takes place on the premises of any business or other commercial establishment the operations of which affect interstate or foreign commerce; or


          (B) obtains or is for the purpose of obtaining information relating to the operations of any business or other commercial establishment the operations of which affect interstate or foreign commerce; or

        5. such person acts in the District of Columbia, the Commonwealth of Puerto Rico, or any territory or possession of the United States;

      3. intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection;

      4. intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; or

        1. intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, intercepted by means authorized by sections 2511(2)(a)(ii), 2511(2)(b)-(c), 2511(2)(e), 2516, and 2518 of this chapter,
        2. ) knowing or having reason to know that the information was obtained through the interception of such a communication in connection with a criminal investigation,
        3. having obtained or received the information in connection with a criminal investigation, and
        4. with intent to improperly obstruct, impede, or interfere with a duly authorized criminal investigation, shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).

        1. It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.

        2. Notwithstanding any other law, providers of wire or electronic communication service, their officers, employees, and agents, landlords, custodians, or other persons, are authorized to provide information, facilities, or technical assistance to persons authorized by law to intercept wire, oral, or electronic communications or to conduct electronic surveillance, as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, if such provider, its officers, employees, or agents, landlord, custodian, or other specified person, has been provided with -

          1. a court order directing such assistance signed by the authorizing judge, or

          2. a certification in writing by a person specified in section 2518(7) of this title or the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required, setting forth the period of time during which the provision of the information, facilities, or technical assistance is authorized and specifying the information, facilities, or technical assistance required. No provider of wire or electronic communication service, officer, employee, or agent thereof, or landlord, custodian, or other specified person shall disclose the existence of any interception or surveillance or the device used to accomplish the interception or surveillance with respect to which the person has been furnished a court order or certification under this chapter, except as may otherwise be required by legal process and then only after prior notification to the Attorney General or to the principal prosecuting attorney of a State or any political subdivision of a State, as may be appropriate. Any such disclosure, shall render such person liable for the civil damages provided for in section 2520. No cause of action shall lie in any court against any provider of wire or electronic communication service, its officers, employees, or agents, landlord, custodian, or other specified person for providing information, facilities, or assistance in accordance with the terms of a court order or certification under this chapter.

      1. It shall not be unlawful under this chapter for an officer, employee, or agent of the Federal Communications Commission, in the normal course of his employment and in discharge of the monitoring responsibilities exercised by the Commission in the enforcement of chapter 5 of title 47 of the United States Code, to intercept a wire or electronic communication, or oral communication transmitted by radio, or to disclose or use the information thereby obtained.

      2. It shall not be unlawful under this chapter for a person acting under color of law to intercept a wire, oral, or electronic communication, where such person is a party to the communication or one of the parties to the communication has given prior consent to such interception.

      3. It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.

      4. Notwithstanding any other provision of this title or section 705 or 706 of the Communications Act of 1934, it shall not be unlawful for an officer, employee, or agent of the United States in the normal course of his official duty to conduct electronic surveillance, as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, as authorized by that Act.

      5. Nothing contained in this chapter or chapter 121, or section 705 of the Communications Act of 1934, shall be deemed to affect the acquisition by the United States Government of foreign intelligence information from international or foreign communications, or foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system, utilizing a means other than electronic surveillance as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, and procedures in this chapter or chapter 121 and the Foreign Intelligence Surveillance Act of 1978 shall be the exclusive means by which electronic surveillance, as defined in section 101 of such Act, and the interception of domestic wire and oral communications may be conducted.

      6. It shall not be unlawful under this chapter or chapter 121 of this title for any person -

        1. to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

        2. to intercept any radio communication which is transmitted -

          1. by any station for the use of the general public, or that relates to ships, aircraft, vehicles, or persons in distress;

          2. by any governmental, law enforcement, civil defense, private land mobile, or public safety communications system, including police and fire, readily accessible to the general public;

          3. by a station operating on an authorized frequency within the bands allocated to the amateur, citizens band, or general mobile radio services; or

          4. by any marine or aeronautical communications system;

        3. to engage in any conduct which -

          1. is prohibited by section 633 of the Communications Act of 1934; or

          2. is excepted from the application of section 705(a) of the Communications Act of 1934 by section 705(b) of that Act;

        4. to intercept any wire or electronic communication the transmission of which is causing harmful interference to any lawfully operating station or consumer electronic equipment, to the extent necessary to identify the source of such interference; or

        5. for other users of the same frequency to intercept any radio communication made through a system that utilizes frequencies monitored by individuals engaged in the provision or the use of such system, if such communication is not scrambled or encrypted.

      7. It shall not be unlawful under this chapter -

        1. to use a pen register or a trap and trace device (as those terms are defined for the purposes of chapter 206 (relating to pen registers and trap and trace devices) of this title); or

        2. for a provider of electronic communication service to record the fact that a wire or electronic communication was initiated or completed in order to protect such provider, another provider furnishing service toward the completion of the wire or electronic communication, or a user of that service, from fraudulent, unlawful or abusive use of such service.

      1. Except as provided in paragraph (b) of this subsection, a person or entity providing an electronic communication service to the public shall not intentionally divulge the contents of any communication (other than one to such person or entity, or an agent thereof) while in transmission on that service to any person or entity other than an addressee or intended recipient of such communication or an agent of such addressee or intended recipient.

      2. A person or entity providing electronic communication service to the public may divulge the contents of any such communication -

        1. as otherwise authorized in section 2511(2)(a) or 2517 of this title;

        2. with the lawful consent of the originator or any addressee or intended recipient of such communication;

        3. to a person employed or authorized, or whose facilities are used, to forward such communication to its destination; or

        4. which were inadvertently obtained by the service provider and which appear to pertain to the commission of a crime, if such divulgence is made to a law enforcement agency.

      1. Except as provided in paragraph (b) of this subsection or in subsection (5), whoever violates subsection (1) of this section shall be fined under this title or imprisoned not more than five years, or both.

      2. If the offense is a first offense under paragraph (a) of this subsection and is not for a tortious or illegal purpose or for purposes of direct or indirect commercial advantage or private commercial gain, and the wire or electronic communication with respect to which the offense under paragraph (a) is a radio communication that is not scrambled, encrypted, or transmitted using modulation techniques the essential parameters of which have been withheld from the public with the intention of preserving the privacy of such communication, then -

        1. if the communication is not the radio portion of a cellular telephone communication, a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit, a public land mobile radio service communication or a paging service communication, and the conduct is not that described in subsection (5), the offender shall be fined under this title or imprisoned not more than one year, or both; and
        2. if the communication is the radio portion of a cellular telephone communication, a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit, a public land mobile radio service communication or a paging service communication, the offender shall be fined under this title.

      3. Conduct otherwise an offense under this subsection that consists of or relates to the interception of a satellite transmission that is not encrypted or scrambled and that is transmitted -

        1. to a broadcasting station for purposes of retransmission to the general public; or

        2. as an audio subcarrier intended for redistribution to facilities open to the public, but not including data transmissions or telephone calls, is not an offense under this subsection unless the conduct is for the purposes of direct or indirect commercial advantage or private financial gain.

      1. (a)
      2. If the communication is -

        1. a private satellite video communication that is not scrambled or encrypted and the conduct in violation of this chapter is the private viewing of that communication and is not for a tortious or illegal purpose or for purposes of direct or indirect commercial advantage or private commercial gain; or

        2. a radio communication that is transmitted on frequencies allocated under subpart D of part 74 of the rules of the Federal Communications Commission that is not scrambled or encrypted and the conduct in violation of this chapter is not for a tortious or illegal purpose or for purposes of direct or indirect commercial advantage or private commercial gain, then the person who engages in such conduct shall be subject to suit by the Federal Government in a court of competent jurisdiction.

      3. In an action under this subsection -

        1. if the violation of this chapter is a first offense for the person under paragraph (a) of subsection (4) and such person has not been found liable in a civil action under section 2520 of this title, the Federal Government shall be entitled to appropriate injunctive relief; and
        2. if the violation of this chapter is a second or subsequent offense under paragraph (a) of subsection (4) or such person has been found liable in any prior civil action under section 2520, the person shall be subject to a mandatory $500 civil fine.

    2. The court may use any means within its authority to enforce an injunction issued under paragraph (ii)(A), and shall impose a civil fine of not less than $500 for each violation of such an injunction.

    Sec. 2512. Manufacture, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices prohibited

    1. Except as otherwise specifically provided in this chapter, any person who intentionally -

      1. sends through the mail, or sends or carries in interstate or foreign commerce, any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications;

      2. manufactures, assembles, possesses, or sells any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications, and that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce; or

      3. places in any newspaper, magazine, handbill, or other publication any advertisement of -

        1. any electronic, mechanical, or other device knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications; or

        2. any other electronic, mechanical, or other device, where such advertisement promotes the use of such device for the purpose of the surreptitious interception of wire, oral, or electronic communications, knowing or having reason to know that such advertisement will be sent through the mail or transported in interstate or foreign commerce, shall be fined under this title or imprisoned not more than five years, or both.

    2. It shall not be unlawful under this section for -

      1. a provider of wire or electronic communication service or an officer, agent, or employee of, or a person under contract with, such a provider, in the normal course of the business of providing that wire or electronic communication service, or

      2. an officer, agent, or employee of, or a person under contract with, the United States, a State, or a political subdivision thereof, in the normal course of the activities of the United States, a State, or a political subdivision thereof, to send through the mail, send or carry in interstate or foreign commerce, or manufacture, assemble, possess, or sell any electronic, mechanical, or other device knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications.

    3. It shall not be unlawful under this section to advertise for sale a device described in subsection (1) of this section if the advertisement is mailed, sent, or carried in interstate or foreign commerce solely to a domestic provider of wire or electronic communication service or to an agency of the United States, a State, or a political subdivision thereof which is duly authorized to use such device.

    Sec. 2513. Confiscation of wire, oral, or electronic communication intercepting devices

    Any electronic, mechanical, or other device used, sent, carried, manufactured, assembled, possessed, sold, or advertised in violation of section 2511 or section 2512 of this chapter may be seized and forfeited to the United States. All provisions of law relating to (1) the seizure, summary and judicial forfeiture, and condemnation of vessels, vehicles, merchandise, and baggage for violations of the customs laws contained in title 19 of the United States Code, (2) the disposition of such vessels, vehicles, merchandise, and baggage or the proceeds from the sale thereof, (3) the remission or mitigation of such forfeiture, (4) the compromise of claims, and (5) the award of compensation to informers in respect of such forfeitures, shall apply to seizures and forfeitures incurred, or alleged to have been incurred, under the provisions of this section, insofar as applicable and not inconsistent with the provisions of this section; except that such duties as are imposed upon the collector of customs or any other person with respect to the seizure and forfeiture of vessels, vehicles, merchandise, and baggage under the provisions of the customs laws contained in title 19 of the United States Code shall be performed with respect to seizure and forfeiture of electronic, mechanical, or other intercepting devices under this section by such officers, agents, or other persons as may be authorized or designated for that purpose by the Attorney General.

    Sec. 2515. Prohibition of use as evidence of intercepted wire or oral communications

    Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision thereof if the disclosure of that information would be in violation of this chapter.

    Sec. 2516. Authorization for interception of wire, oral, or electronic communications

    1. The Attorney General, Deputy Attorney General, Associate Attorney General, [1] or any Assistant Attorney General, any acting Assistant Attorney General, or any Deputy Assistant Attorney General or acting Deputy Assistant Attorney General in the Criminal Division specially designated by the Attorney General, may authorize an application to a Federal judge of competent jurisdiction for, and such judge may grant in conformity with section 2518 of this chapter an order authorizing or approving the interception of wire or oral communications by the Federal Bureau of Investigation, or a Federal agency having responsibility for the investigation of the offense as to which the application is made, when such interception may provide or has provided evidence of -

      1. any offense punishable by death or by imprisonment for more than one year under sections 2274 through 2277 of title 42 of the United States Code (relating to the enforcement of the Atomic Energy Act of 1954), section 2284 of title 42 of the United States Code (relating to sabotage of nuclear facilities or fuel), or under the following chapters of this title: chapter 37 (relating to espionage), chapter 90 (relating to protection of trade secrets), chapter 105 (relating to sabotage), chapter 115 (relating to treason), chapter 102 (relating to riots), chapter 65 (relating to malicious mischief), chapter 111 (relating to destruction of vessels), or chapter 81 (relating to piracy);

      2. a violation of section 186 or section 501c of title 29, United States Code (dealing with restrictions on payments and loans to labor organizations), or any offense which involves murder, kidnapping, robbery, or extortion, and which is punishable under this title;

      3. any offense which is punishable under the following sections of this title: section 201 (bribery of public officials and witnesses), section 215 (relating to bribery of bank officials), section 224 (bribery in sporting contests), subsection (d), (e), (f), (g), (h), or (i) of section 844 (unlawful use of explosives), section 1032 (relating to concealment of assets), section 1084 (transmission of wagering information), section 751 (relating to escape), section 1014 (relating to loans and credit applications generally; renewals and discounts), sections 1503, 1512, and 1513 (influencing or injuring an officer, juror, or witness generally), section 1510 (obstruction of criminal investigations), section 1511 (obstruction of State or local law enforcement), section 1751 (Presidential and Presidential staff assassination, kidnapping, and assault), section 1951 (interference with commerce by threats or violence), section 1952 (interstate and foreign travel or transportation in aid of racketeering enterprises), section 1958 (relating to use of interstate commerce facilities in the commission of murder for hire), section 1959 (relating to violent crimes in aid of racketeering activity), section 1954 (offer, acceptance, or solicitation to influence operations of employee benefit plan), section 1955 (prohibition of business enterprises of gambling), section 1956 (laundering of monetary instruments), section 1957 (relating to engaging in monetary transactions in property derived from specified unlawful activity), section 659 (theft from interstate shipment), section 664 (embezzlement from pension and welfare funds), section 1343 (fraud by wire, radio, or television), section 1344 (relating to bank fraud), sections 2251 and 2252 (sexual exploitation of children), sections 2312, 2313, 2314, and 2315 (interstate transportation of stolen property), section 2321 (relating to trafficking in certain motor vehicles or motor vehicle parts), section 1203 (relating to hostage taking), section 1029 (relating to fraud and related activity in connection with access devices), section 3146 (relating to penalty for failure to appear), section 3521(b)(3) (relating to witness relocation and assistance), section 32 (relating to destruction of aircraft or aircraft facilities), section 38 (relating to aircraft parts fraud), section 1963 (violations with respect to racketeer influenced and corrupt organizations), section 115 (relating to threatening or retaliating against a Federal official), and section 1341 (relating to mail fraud), section 351 (violations with respect to congressional, Cabinet, or Supreme Court assassinations, kidnapping, and assault), section 831 (relating to prohibited transactions involving nuclear materials), section 33 (relating to destruction of motor vehicles or motor vehicle facilities), section 175 (relating to biological weapons), section 1992 (relating to wrecking trains), a felony violation of section 1028 (relating to production of false identification documentation), section 1425 (relating to the procurement of citizenship or nationalization unlawfully), section 1426 (relating to the reproduction of naturalization or citizenship papers), section 1427 (relating to the sale of naturalization or citizenship papers), section 1541 (relating to passport issuance without authority), section 1542 (relating to false statements in passport applications), section 1543 (relating to forgery or false use of passports), section 1544 (relating to misuse of passports), or section 1546 (relating to fraud and misuse of visas, permits, and other documents);

      4. any offense involving counterfeiting punishable under section 471, 472, or 473 of this title;

      5. any offense involving fraud connected with a case under title 11 or the manufacture, importation, receiving, concealment, buying, selling, or otherwise dealing in narcotic drugs, marihuana, or other dangerous drugs, punishable under any law of the United States;

      6. any offense including extortionate credit transactions under sections 892, 893, or 894 of this title;

      7. a violation of section 5322 of title 31, United States Code (dealing with the reporting of currency transactions);

      8. any felony violation of sections 2511 and 2512 (relating to interception and disclosure of certain communications and to certain intercepting devices) of this title;

      9. any felony violation of chapter 71 (relating to obscenity) of this title;

      10. any violation of section 60123(b) (relating to destruction of a natural gas pipeline) or section 46502 (relating to aircraft piracy) of title 49;

      11. any criminal violation of section 2778 of title 22 (relating to the Arms Export Control Act);

      12. the location of any fugitive from justice from an offense described in this section;

      13. a violation of section 274, 277, or 278 of the Immigration and Nationality Act (8 U.S.C. 1324, 1327, or 1328) (relating to the smuggling of aliens);

      14. any felony violation of sections 922 and 924 of title 18, United States Code (relating to firearms);

      15. any violation of section 5861 of the Internal Revenue Code of 1986 (relating to firearms);

      16. [2] a felony violation of section 1028 (relating to production of false identification documents), section 1542 (relating to false statements in passport applications), section 1546 (relating to fraud and misuse of visas, permits, and other documents) of this title or a violation of section 274, 277, or 278 of the Immigration and Nationality Act (relating to the smuggling of aliens); or [2] So in original. Two subpars. (p) have been enacted.

      [2] any conspiracy to commit any offense described in any subparagraph of this paragraph.

    2. The principal prosecuting attorney of any State, or the principal prosecuting attorney of any political subdivision thereof, if such attorney is authorized by a statute of that State to make application to a State court judge of competent jurisdiction for an order authorizing or approving the interception of wire, oral, or electronic communications, may apply to such judge for, and such judge may grant in conformity with section 2518 of this chapter and with the applicable State statute an order authorizing, or approving the interception of wire, oral, or electronic communications by investigative or law enforcement officers having responsibility for the investigation of the offense as to which the application is made, when such interception may provide or has provided evidence of the commission of the offense of murder, kidnapping, gambling, robbery, bribery, extortion, or dealing in narcotic drugs, marihuana or other dangerous drugs, or other crime dangerous to life, limb, or property, and punishable by imprisonment for more than one year, designated in any applicable State statute authorizing such interception, or any conspiracy to commit any of the foregoing offenses.

    3. Any attorney for the Government (as such term is defined for the purposes of the Federal Rules of Criminal Procedure) may authorize an application to a Federal judge of competent jurisdiction for, and such judge may grant, in conformity with section 2518 of this title, an order authorizing or approving the interception of electronic communications by an investigative or law enforcement officer having responsibility for the investigation of the offense as to which the application is made, when such interception may provide or has provided evidence of any Federal felony.

    Sec. 2517. Authorization for disclosure and use of intercepted wire, oral, or electronic communications

    1. Any investigative or law enforcement officer who, by any means authorized by this chapter, has obtained knowledge of the contents of any wire, oral, or electronic communication, or evidence derived therefrom, may disclose such contents to another investigative or law enforcement officer to the extent that such disclosure is appropriate to the proper performance of the official duties of the officer making or receiving the disclosure.

    2. Any investigative or law enforcement officer who, by any means authorized by this chapter, has obtained knowledge of the contents of any wire, oral, or electronic communication or evidence derived therefrom may use such contents to the extent such use is appropriate to the proper performance of his official duties.

    3. Any person who has received, by any means authorized by this chapter, any information concerning a wire, oral, or electronic communication, or evidence derived therefrom intercepted in accordance with the provisions of this chapter may disclose the contents of that communication or such derivative evidence while giving testimony under oath or affirmation in any proceeding held under the authority of the United States or of any State or political subdivision thereof.

    4. No otherwise privileged wire, oral, or electronic communication intercepted in accordance with, or in violation of, the provisions of this chapter shall lose its privileged character.

    5. When an investigative or law enforcement officer, while engaged in intercepting wire, oral, or electronic communications in the manner authorized herein, intercepts wire, oral, or electronic communications relating to offenses other than those specified in the order of authorization or approval, the contents thereof, and evidence derived therefrom, may be disclosed or used as provided in subsections (1) and (2) of this section. Such contents and any evidence derived therefrom may be used under subsection (3) of this section when authorized or approved by a judge of competent jurisdiction where such judge finds on subsequent application that the contents were otherwise intercepted in accordance with the provisions of this chapter. Such application shall be made as soon as practicable.

    Sec. 2518. Procedure for interception of wire, oral, or electronic communications

    1. Each application for an order authorizing or approving the interception of a wire, oral, or electronic communication under this chapter shall be made in writing upon oath or affirmation to a judge of competent jurisdiction and shall state the applicant's authority to make such application. Each application shall include the following information:

      1. the identity of the investigative or law enforcement officer making the application, and the officer authorizing the application;

      2. a full and complete statement of the facts and circumstances relied upon by the applicant, to justify his belief that an order should be issued, including (i) details as to the particular offense that has been, is being, or is about to be committed, (ii) except as provided in subsection (11), a particular description of the nature and location of the facilities from which or the place where the communication is to be intercepted, (iii) a particular description of the type of communications sought to be intercepted, (iv) the identity of the person, if known, committing the offense and whose communications are to be intercepted;

      3. a full and complete statement as to whether or not other investigative procedures have been tried and failed or why they reasonably appear to be unlikely to succeed if tried or to be too dangerous;

      4. a statement of the period of time for which the interception is required to be maintained. If the nature of the investigation is such that the authorization for interception should not automatically terminate when the described type of communication has been first obtained, a particular description of facts establishing probable cause to believe that additional communications of the same type will occur thereafter;

      5. a full and complete statement of the facts concerning all previous applications known to the individual authorizing and making the application, made to any judge for authorization to intercept, or for approval of interceptions of, wire, oral, or electronic communications involving any of the same persons, facilities or places specified in the application, and the action taken by the judge on each such application; and (f) where the application is for the extension of an order, a statement setting forth the results thus far obtained from the interception, or a reasonable explanation of the failure to obtain such results.

    2. The judge may require the applicant to furnish additional testimony or documentary evidence in support of the application.

    3. Upon such application the judge may enter an ex parte order, as requested or as modified, authorizing or approving interception of wire, oral, or electronic communications within the territorial jurisdiction of the court in which the judge is sitting (and outside that jurisdiction but within the United States in the case of a mobile interception device authorized by a Federal court within such jurisdiction), if the judge determines on the basis of the facts submitted by the applicant that -

      1. there is probable cause for belief that an individual is committing, has committed, or is about to commit a particular offense enumerated in section 2516 of this chapter;

      2. there is probable cause for belief that particular communications concerning that offense will be obtained through such interception;

      3. normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous;

      4. except as provided in subsection (11), there is probable cause for belief that the facilities from which, or the place where, the wire, oral, or electronic communications are to be intercepted are being used, or are about to be used, in connection with the commission of such offense, or are leased to, listed in the name of, or commonly used by such person.

    4. Each order authorizing or approving the interception of any wire, oral, or electronic communication under this chapter shall specify -

      1. the identity of the person, if known, whose communications are to be intercepted;

      2. the nature and location of the communications facilities as to which, or the place where, authority to intercept is granted;

      3. a particular description of the type of communication sought to be intercepted, and a statement of the particular offense to which it relates;

      4. the identity of the agency authorized to intercept the communications, and of the person authorizing the application; and
      5. the period of time during which such interception is authorized, including a statement as to whether or not the interception shall automatically terminate when the described communication has been first obtained. An order authorizing the interception of a wire, oral, or electronic communication under this chapter shall, upon request of the applicant, direct that a provider of wire or electronic communication service, landlord, custodian or other person shall furnish the applicant forthwith all information, facilities, and technical assistance necessary to accomplish the interception unobtrusively and with a minimum of interference with the services that such service provider, landlord, custodian, or person is according the person whose communications are to be intercepted. Any provider of wire or electronic communication service, landlord, custodian or other person furnishing such facilities or technical assistance shall be compensated therefor by the applicant for reasonable expenses incurred in providing such facilities or assistance. Pursuant to section 2522 of this chapter, an order may also be issued to enforce the assistance capability and capacity requirements under the Communications Assistance for Law Enforcement Act.

    5. No order entered under this section may authorize or approve the interception of any wire, oral, or electronic communication for any period longer than is necessary to achieve the objective of the authorization, nor in any event longer than thirty days. Such thirty-day period begins on the earlier of the day on which the investigative or law enforcement officer first begins to conduct an interception under the order or ten days after the order is entered. Extensions of an order may be granted, but only upon application for an extension made in accordance with subsection (1) of this section and the court making the findings required by subsection (3) of this section. The period of extension shall be no longer than the authorizing judge deems necessary to achieve the purposes for which it was granted and in no event for longer than thirty days. Every order and extension thereof shall contain a provision that the authorization to intercept shall be executed as soon as practicable, shall be conducted in such a way as to minimize the interception of communications not otherwise subject to interception under this chapter, and must terminate upon attainment of the authorized objective, or in any event in thirty days. In the event the intercepted communication is in a code or foreign language, and an expert in that foreign language or code is not reasonably available during the interception period, minimization may be accomplished as soon as practicable after such interception. An interception under this chapter may be conducted in whole or in part by Government personnel, or by an individual operating under a contract with the Government, acting under the supervision of an investigative or law enforcement officer authorized to conduct the interception.

    6. Whenever an order authorizing interception is entered pursuant to this chapter, the order may require reports to be made to the judge who issued the order showing what progress has been made toward achievement of the authorized objective and the need for continued interception. Such reports shall be made at such intervals as the judge may require.

    7. Notwithstanding any other provision of this chapter, any investigative or law enforcement officer, specially designated by the Attorney General, the Deputy Attorney General, the Associate Attorney General, or by the principal prosecuting attorney of any State or subdivision thereof acting pursuant to a statute of that State, who reasonably determines that -

      1. an emergency situation exists that involves -

        1. immediate danger of death or serious physical injury to any person,

        2. conspiratorial activities threatening the national security interest, or

        3. conspiratorial activities characteristic of organized crime, that requires a wire, oral, or electronic communication to be intercepted before an order authorizing such interception can, with due diligence, be obtained, and

      2. there are grounds upon which an order could be entered under this chapter to authorize such interception, may intercept such wire, oral, or electronic communication if an application for an order approving the interception is made in accordance with this section within forty-eight hours after the interception has occurred, or begins to occur. In the absence of an order, such interception shall immediately terminate when the communication sought is obtained or when the application for the order is denied, whichever is earlier. In the event such application for approval is denied, or in any other case where the interception is terminated without an order having been issued, the contents of any wire, oral, or electronic communication intercepted shall be treated as having been obtained in violation of this chapter, and an inventory shall be served as provided for in subsection (d) of this section on the person named in the application.

      1. The contents of any wire, oral, or electronic communication intercepted by any means authorized by this chapter shall, if possible, be recorded on tape or wire or other comparable device. The recording of the contents of any wire, oral, or electronic communication under this subsection shall be done in such a way as will protect the recording from editing or other alterations. Immediately upon the expiration of the period of the order, or extensions thereof, such recordings shall be made available to the judge issuing such order and sealed under his directions. Custody of the recordings shall be wherever the judge orders. They shall not be destroyed except upon an order of the issuing or denying judge and in any event shall be kept for ten years. Duplicate recordings may be made for use or disclosure pursuant to the provisions of subsections (1) and (2) of section 2517 of this chapter for investigations. The presence of the seal provided for by this subsection, or a satisfactory explanation for the absence thereof, shall be a prerequisite for the use or disclosure of the contents of any wire, oral, or electronic communication or evidence derived therefrom under subsection (3) of section 2517.

      2. Applications made and orders granted under this chapter shall be sealed by the judge. Custody of the applications and orders shall be wherever the judge directs. Such applications and orders shall be disclosed only upon a showing of good cause before a judge of competent jurisdiction and shall not be destroyed except on order of the issuing or denying judge, and in any event shall be kept for ten years.

      3. Any violation of the provisions of this subsection may be punished as contempt of the issuing or denying judge.

      4. Within a reasonable time but not later than ninety days after the filing of an application for an order of approval under section 2518(7)(b) which is denied or the termination of the period of an order or extensions thereof, the issuing or denying judge shall cause to be served, on the persons named in the order or the application, and such other parties to intercepted communications as the judge may determine in his discretion that is in the interest of justice, an inventory which shall include notice of -

      1. the fact of the entry of the order or the application;

      2. the date of the entry and the period of authorized, approved or disapproved interception, or the denial of the application; and

      3. the fact that during the period wire, oral, or electronic communications were or were not intercepted. The judge, upon the filing of a motion, may in his discretion make available to such person or his counsel for inspection such portions of the intercepted communications, applications and orders as the judge determines to be in the interest of justice. On an ex parte showing of good cause to a judge of competent jurisdiction the serving of the inventory required by this subsection may be postponed.

    8. The contents of any wire, oral, or electronic communication intercepted pursuant to this chapter or evidence derived therefrom shall not be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in a Federal or State court unless each party, not less than ten days before the trial, hearing, or proceeding, has been furnished with a copy of the court order, and accompanying application, under which the interception was authorized or approved. This ten-day period may be waived by the judge if he finds that it was not possible to furnish the party with the above information ten days before the trial, hearing, or proceeding and that the party will not be prejudiced by the delay in receiving such information.

      1. Any aggrieved person in any trial, hearing, or proceeding in or before any court, department, officer, agency, regulatory body, or other authority of the United States, a State, or a political subdivision thereof, may move to suppress the contents of any wire or oral communication intercepted pursuant to this chapter, or evidence derived therefrom, on the grounds that -

        1. the communication was unlawfully intercepted;

        2. the order of authorization or approval under which it was intercepted is insufficient on its face; or

        3. the interception was not made in conformity with the order of authorization or approval. Such motion shall be made before the trial, hearing, or proceeding unless there was no opportunity to make such motion or the person was not aware of the grounds of the motion. If the motion is granted, the contents of the intercepted wire or oral communication, or evidence derived therefrom, shall be treated as having been obtained in violation of this chapter. The judge, upon the filing of such motion by the aggrieved person, may in his discretion make available to the aggrieved person or his counsel for inspection such portions of the intercepted communication or evidence derived therefrom as the judge determines to be in the interests of justice.

      2. In addition to any other right to appeal, the United States shall have the right to appeal from an order granting a motion to suppress made under paragraph (a) of this subsection, or the denial of an application for an order of approval, if the United States attorney shall certify to the judge or other official granting such motion or denying such application that the appeal is not taken for purposes of delay. Such appeal shall be taken within thirty days after the date the order was entered and shall be diligently prosecuted.

      3. The remedies and sanctions described in this chapter with respect to the interception of electronic communications are the only judicial remedies and sanctions for nonconstitutional violations of this chapter involving such communications.

    9. The requirements of subsections (1)(b)(ii) and (3)(d) of this section relating to the specification of the facilities from which, or the place where, the communication is to be intercepted do not apply if -

      1. in the case of an application with respect to the interception of an oral communication -

        1. the application is by a Federal investigative or law enforcement officer and is approved by the Attorney General, the Deputy Attorney General, the Associate Attorney General, an Assistant Attorney General, or an acting Assistant Attorney General;

        2. the application contains a full and complete statement as to why such specification is not practical and identifies the person committing the offense and whose communications are to be intercepted; and
        3. the judge finds that such specification is not practical; and (b) in the case of an application with respect to a wire or electronic communication -

        1. the application is by a Federal investigative or law enforcement officer and is approved by the Attorney General, the Deputy Attorney General, the Associate Attorney General, an Assistant Attorney General, or an acting Assistant Attorney General;

        2. the application identifies the person believed to be committing the offense and whose communications are to be intercepted and the applicant makes a showing that there is probable cause to believe that the person's actions could have the effect of thwarting interception from a specified facility;

        3. the judge finds that such showing has been adequately made; and
        4. the order authorizing or approving the interception is limited to interception only for such time as it is reasonable to presume that the person identified in the application is or was reasonably proximate to the instrument through which such communication will be or was transmitted.

    10. An interception of a communication under an order with respect to which the requirements of subsections (1)(b)(ii) and (3)(d) of this section do not apply by reason of subsection (11)(a) shall not begin until the place where the communication is to be intercepted is ascertained by the person implementing the interception order. A provider of wire or electronic communications service that has received an order as provided for in subsection (11)(b) may move the court to modify or quash the order on the ground that its assistance with respect to the interception cannot be performed in a timely or reasonable fashion. The court, upon notice to the government, shall decide such a motion expeditiously.

    Sec. 2519. Reports concerning intercepted wire, oral, or electronic communications

    1. Within thirty days after the expiration of an order (or each extension thereof) entered under section 2518, or the denial of an order approving an interception, the issuing or denying judge shall report to the Administrative Office of the United States Courts -

      1. the fact that an order or extension was applied for;

      2. the kind of order or extension applied for (including whether or not the order was an order with respect to which the requirements of sections 2518(1)(b)(ii) and 2518(3)(d) of this title did not apply by reason of section 2518(11) of this title);

      3. the fact that the order or extension was granted as applied for, was modified, or was denied;

      4. the period of interceptions authorized by the order, and the number and duration of any extensions of the order;

      5. the offense specified in the order or application, or extension of an order;

      6. the identity of the applying investigative or law enforcement officer and agency making the application and the person authorizing the application; and (g) the nature of the facilities from which or the place where communications were to be intercepted.

    2. In January of each year the Attorney General, an Assistant Attorney General specially designated by the Attorney General, or the principal prosecuting attorney of a State, or the principal prosecuting attorney for any political subdivision of a State, shall report to the Administrative Office of the United States Courts -

      1. the information required by paragraphs (a) through (g) of subsection (1) of this section with respect to each application for an order or extension made during the preceding calendar year;

      2. a general description of the interceptions made under such order or extension, including (i) the approximate nature and frequency of incriminating communications intercepted, (ii) the approximate nature and frequency of other communications intercepted, (iii) the approximate number of persons whose communications were intercepted, (iv) the number of orders in which encryption was encountered and whether such encryption prevented law enforcement from obtaining the plain text of communications intercepted pursuant to such order, and (v) the approximate nature, amount, and cost of the manpower and other resources used in the interceptions;

      3. the number of arrests resulting from interceptions made under such order or extension, and the offenses for which arrests were made;

      4. the number of trials resulting from such interceptions;

      5. the number of motions to suppress made with respect to such interceptions, and the number granted or denied;

      6. the number of convictions resulting from such interceptions and the offenses for which the convictions were obtained and a general assessment of the importance of the interceptions; and

      7. the information required by paragraphs (b) through (f) of this subsection with respect to orders or extensions obtained in a preceding calendar year.

    3. In April of each year the Director of the Administrative Office of the United States Courts shall transmit to the Congress a full and complete report concerning the number of applications for orders authorizing or approving the interception of wire, oral, or electronic communications pursuant to this chapter and the number of orders and extensions granted or denied pursuant to this chapter during the preceding calendar year. Such report shall include a summary and analysis of the data required to be filed with the Administrative Office by subsections (1) and (2) of this section. The Director of the Administrative Office of the United States Courts is authorized to issue binding regulations dealing with the content and form of the reports required to be filed by subsections (1) and (2) of this section.

    Sec. 2520. Recovery of civil damages authorized

    1. In General. - Except as provided in section 2511(2)(a)(ii), any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used in violation of this chapter may in a civil action recover from the person or entity which engaged in that violation such relief as may be appropriate.

    2. Relief. - In an action under this section, appropriate relief includes -

      1. such preliminary and other equitable or declaratory relief as may be appropriate;

      2. damages under subsection (c) and punitive damages in appropriate cases; and
      3. a reasonable attorney's fee and other litigation costs reasonably incurred.

    3. Computation of Damages. - (1) In an action under this section, if the conduct in violation of this chapter is the private viewing of a private satellite video communication that is not scrambled or encrypted or if the communication is a radio communication that is transmitted on frequencies allocated under subpart D of part 74 of the rules of the Federal Communications Commission that is not scrambled or encrypted and the conduct is not for a tortious or illegal purpose or for purposes of direct or indirect commercial advantage or private commercial gain, then the court shall assess damages as follows:

      1. If the person who engaged in that conduct has not previously been enjoined under section 2511(5) and has not been found liable in a prior civil action under this section, the court shall assess the greater of the sum of actual damages suffered by the plaintiff, or statutory damages of not less than $50 and not more than $500.

      2. If, on one prior occasion, the person who engaged in that conduct has been enjoined under section 2511(5) or has been found liable in a civil action under this section, the court shall assess the greater of the sum of actual damages suffered by the plaintiff, or statutory damages of not less than $100 and not more than $1000.

        (2) In any other action under this section, the court may assess as damages whichever is the greater of -

      1. the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation; or

      2. statutory damages of whichever is the greater of $100 a day for each day of violation or $10,000.

    4. Defense. - A good faith reliance on -

      1. a court warrant or order, a grand jury subpoena, a legislative authorization, or a statutory authorization;

      2. a request of an investigative or law enforcement officer under section 2518(7) of this title; or

      3. a good faith determination that section 2511(3) of this title permitted the conduct complained of; is a complete defense against any civil or criminal action brought under this chapter or any other law.

    5. Limitation. - A civil action under this section may not be commenced later than two years after the date upon which the claimant first has a reasonable opportunity to discover the violation.

    Sec. 2521. Injunction against illegal interception

    Whenever it shall appear that any person is engaged or is about to engage in any act which constitutes or will constitute a felony violation of this chapter, the Attorney General may initiate a civil action in a district court of the United States to enjoin such violation. The court shall proceed as soon as practicable to the hearing and determination of such an action, and may, at any time before final determination, enter such a restraining order or prohibition, or take such other action, as is warranted to prevent a continuing and substantial injury to the United States or to any person or class of persons for whose protection the action is brought. A proceeding under this section is governed by the Federal Rules of Civil Procedure, except that, if an indictment has been returned against the respondent, discovery is governed by the Federal Rules of Criminal Procedure.

    Sec. 2522. Enforcement of the Communications Assistance for Law Enforcement Act

    1. Enforcement by Court Issuing Surveillance Order. - If a court authorizing an interception under this chapter, a State statute, or the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) or authorizing use of a pen register or a trap and trace device under chapter 206 or a State statute finds that a telecommunications carrier has failed to comply with the requirements of the Communications Assistance for Law Enforcement Act, the court may, in accordance with section 108 of such Act, direct that the carrier comply forthwith and may direct that a provider of support services to the carrier or the manufacturer of the carrier's transmission or switching equipment furnish forthwith modifications necessary for the carrier to comply.

    2. Enforcement Upon Application by Attorney General. - The Attorney General may, in a civil action in the appropriate United States district court, obtain an order, in accordance with section 108 of the Communications Assistance for Law Enforcement Act, directing that a telecommunications carrier, a manufacturer of telecommunications transmission or switching equipment, or a provider of telecommunications support services comply with such Act.

    3. Civil Penalty. -

      1. In general. - A court issuing an order under this section against a telecommunications carrier, a manufacturer of telecommunications transmission or switching equipment, or a provider of telecommunications support services may impose a civil penalty of up to $10,000 per day for each day in violation after the issuance of the order or after such future date as the court may specify.

      2. Considerations. - In determining whether to impose a civil penalty and in determining its amount, the court shall take into account -

      1. the nature, circumstances, and extent of the violation;

      2. the violator's ability to pay, the violator's good faith efforts to comply in a timely manner, any effect on the violator's ability to continue to do business, the degree of culpability, and the length of any delay in undertaking efforts to comply; and
      3. such other matters as justice may require.

    4. Definitions. - As used in this section, the terms defined in section 102 of the Communications Assistance for Law Enforcement Act have the meanings provided, respectively, in such section.

    Top


     APPENDIX D

    TITLE 18 UNITED STATES CODE

    CHAPTER 121 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS

    Sec. 2701. Unlawful access to stored communications

    1. Offense. - Except as provided in subsection (c) of this section whoever -

      1. intentionally accesses without authorization a facility through which an electronic communication service is provided; or

      2. intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.

    2. Punishment. - The punishment for an offense under subsection (a) of this section is -

      1. if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain -

        1. a fine under this title or imprisonment for not more than one year, or both, in the case of a first offense under this subparagraph; and
        2. a fine under this title or imprisonment for not more than two years, or both, for any subsequent offense under this subparagraph; and
        3. a fine under this title or imprisonment for not more than six months, or both, in any other case.

    3. Exceptions. - Subsection (a) of this section does not apply with respect to conduct authorized -

      1. by the person or entity providing a wire or electronic communications service;

      2. by a user of that service with respect to a communication of or intended for that user; or

      3. in section 2703, 2704 or 2518 of this title.

    Sec. 2702. Disclosure of contents

    1. Prohibitions. - Except as provided in subsection (b) -

      1. a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and
      2. a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service -

        1. on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service; and
        2. solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing.

    2. Exceptions. - A person or entity may divulge the contents of a communication -

      1. to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient;

      2. as otherwise authorized in section 2517, 2511(2)(a), or 2703 of this title;

      3. with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;

      4. to a person employed or authorized or whose facilities are used to forward such communication to its destination;

      5. as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service; or

      6. to a law enforcement agency -

      1. if the contents -

        1. were inadvertently obtained by the service provider; and
        2. appear to pertain to the commission of a crime; or

      2. if required by section 227 of the Crime Control Act of 1990.

    Sec. 2703. Requirements for governmental access

    1. Contents of Electronic Communications in Electronic Storage. - A governmental entity may require the disclosure by a provider of electronic communication service of the contents of an electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of an electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

    2. Contents of Electronic Communications in a Remote Computing Service. - (1) A governmental entity may require a provider of remote computing service to disclose the contents of any electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection -

      1. without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant; or

      2. with prior notice from the governmental entity to the subscriber or customer if the governmental entity -

        1. uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or

        2. obtains a court order for such disclosure under subsection (d) of this section; except that delayed notice may be given pursuant to section 2705 of this title.

          2 Paragraph (1) is applicable with respect to any electronic communication that is held or maintained on that service -

      1. on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such remote computing service; and
      2. solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing.

    3. Records Concerning Electronic Communication Service or Remote Computing Service. -
        (1)
        1. Except as provided in subparagraph (B), a provider of electronic communication service or remote computing service may disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a) or (b) of this section) to any person other than a governmental entity.

        2. A provider of electronic communication service or remote computing service shall disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a) or (b) of this section) to a governmental entity only when the governmental entity -

          1. obtains a warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant;

          2. obtains a court order for such disclosure under subsection (d) of this section;

          3. has the consent of the subscriber or customer to such disclosure; or

          4. submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title).

        3. A provider of electronic communication service or remote computing service shall disclose to a governmental entity the name, address, local and long distance telephone toll billing records, telephone number or other subscriber number or identity, and length of service of a subscriber to or customer of such service and the types of services the subscriber or customer utilized, when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under subparagraph (B).

        (2) A governmental entity receiving records or information under this subsection is not required to provide notice to a subscriber or customer.

    4. Requirements for Court Order. - A court order for disclosure under subsection (b) or (c) may be issued by any court that is a court of competent jurisdiction described in section 3127(2)(A) and shall issue only if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation. In the case of a State governmental authority, such a court order shall not issue if prohibited by the law of such State. A court issuing an order pursuant to this section, on a motion made promptly by the service provider, may quash or modify such order, if the information or records requested are unusually voluminous in nature or compliance with such order otherwise would cause an undue burden on such provider.

    5. No Cause of Action Against a Provider Disclosing Information Under This Chapter. - No cause of action shall lie in any court against any provider of wire or electronic communication service, its officers, employees, agents, or other specified persons for providing information, facilities, or assistance in accordance with the terms of a court order, warrant, subpoena, or certification under this chapter.

    6. Requirement To Preserve Evidence. -

      1. In general. - A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.

      2. Period of retention. - Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.

    Sec. 2704. Backup preservation

    1. Backup Preservation.
        -
      1. A governmental entity acting under section 2703(b)
      2. may include in its subpoena or court order a requirement that the service provider to whom the request is directed create a backup copy of the contents of the electronic communications sought in order to preserve those communications. Without notifying the subscriber or customer of such subpoena or court order, such service provider shall create such backup copy as soon as practicable consistent with its regular business practices and shall confirm to the governmental entity that such backup copy has been made. Such backup copy shall be created within two business days after receipt by the service provider of the subpoena or court order.

      3. Notice to the subscriber or customer shall be made by the governmental entity within three days after receipt of such confirmation, unless such notice is delayed pursuant to section 2705(a).

      4. The service provider shall not destroy such backup copy until the later of -

        1. the delivery of the information; or

        2. ) the resolution of any proceedings (including appeals of any proceeding) concerning the government's subpoena or court order.

      5. The service provider shall release such backup copy to the requesting governmental entity no sooner than fourteen days after the governmental entity's notice to the subscriber or customer if such service provider -

        1. has not received notice from the subscriber or customer that the subscriber or customer has challenged the governmental entity's request; and
        2. has not initiated proceedings to challenge the request of the governmental entity.

      6. A governmental entity may seek to require the creation of a backup copy under subsection (a)(1) of this section if in its sole discretion such entity determines that there is reason to believe that notification under section 2703 of this title of the existence of the subpoena or court order may result in destruction of or tampering with evidence. This determination is not subject to challenge by the subscriber or customer or service provider.

        (b) Customer Challenges. - (1) Within fourteen days after notice by the governmental entity to the subscriber or customer under subsection (a)(2) of this section, such subscriber or customer may file a motion to quash such subpoena or vacate such court order, with copies served upon the governmental entity and with written notice of such challenge to the service provider. A motion to vacate a court order shall be filed in the court which issued such order. A motion to quash a subpoena shall be filed in the appropriate United States district court or State court. Such motion or application shall contain an affidavit or sworn statement -

        1. stating that the applicant is a customer or subscriber to the service from which the contents of electronic communications maintained for him have been sought; and
        2. stating the applicant's reasons for believing that the records sought are not relevant to a legitimate law enforcement inquiry or that there has not been substantial compliance with the provisions of this chapter in some other respect.

        1. Service shall be made under this section upon a governmental entity by delivering or mailing by registered or certified mail a copy of the papers to the person, office, or department specified in the notice which the customer has received pursuant to this chapter. For the purposes of this section, the term ''delivery'' has the meaning given that term in the Federal Rules of Civil Procedure.

        2. If the court finds that the customer has complied with paragraphs (1) and (2) of this subsection, the court shall order the governmental entity to file a sworn response, which may be filed in camera if the governmental entity includes in its response the reasons which make in camera review appropriate. If the court is unable to determine the motion or application on the basis of the parties' initial allegations and response, the court may conduct such additional proceedings as it deems appropriate. All such proceedings shall be completed and the motion or application decided as soon as practicable after the filing of the governmental entity's response.

        3. If the court finds that the applicant is not the subscriber or customer for whom the communications sought by the governmental entity are maintained, or that there is a reason to believe that the law enforcement inquiry is legitimate and that the communications sought are relevant to that inquiry, it shall deny the motion or application and order such process enforced. If the court finds that the applicant is the subscriber or customer for whom the communications sought by the governmental entity are maintained, and that there is not a reason to believe that the communications sought are relevant to a legitimate law enforcement inquiry, or that there has not been substantial compliance with the provisions of this chapter, it shall order the process quashed.

        4. A court order denying a motion or application under this section shall not be deemed a final order and no interlocutory appeal may be taken therefrom by the customer.

    Sec. 2705. Delayed notice

    1. Delay of Notification. -
      1. A governmental entity acting under section 2703(b) of this title may -

        1. where a court order is sought, include in the application a request, which the court shall grant, for an order delaying the notification required under section 2703(b) of this title for a period not to exceed ninety days, if the court determines that there is reason to believe that notification of the existence of the court order may have an adverse result described in paragraph (2) of this subsection; or

        2. where an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury subpoena is obtained, delay the notification required under section 2703(b) of this title for a period not to exceed ninety days upon the execution of a written certification of a supervisory official that there is reason to believe that notification of the existence of the subpoena may have an adverse result described in paragraph (2) of this subsection.

      2. An adverse result for the purposes of paragraph (1) of this subsection is -

        1. endangering the life or physical safety of an individual;

        2. flight from prosecution;

        3. destruction of or tampering with evidence;

        4. intimidation of potential witnesses; or

        5. otherwise seriously jeopardizing an investigation or unduly delaying a trial.

      3. The governmental entity shall maintain a true copy of certification under paragraph (1)(B).

      4. Extensions of the delay of notification provided in section 2703 of up to ninety days each may be granted by the court upon application, or by certification by a governmental entity, but only in accordance with subsection (b) of this section.

      5. Upon expiration of the period of delay of notification under paragraph (1) or (4) of this subsection, the governmental entity shall serve upon, or deliver by registered or first-class mail to, the customer or subscriber a copy of the process or request together with notice that -

        1. states with reasonable specificity the nature of the law enforcement inquiry; and
        2. informs such customer or subscriber -

        1. that information maintained for such customer or subscriber by the service provider named in such process or request was supplied to or requested by that governmental authority and the date on which the supplying or request took place;

        2. that notification of such customer or subscriber was delayed;

        3. what governmental entity or court made the certification or determination pursuant to which that delay was made; and
        4. which provision of this chapter allowed such delay.

      6. As used in this subsection, the term ''supervisory official'' means the investigative agent in charge or assistant investigative agent in charge or an equivalent of an investigating agency's headquarters or regional office, or the chief prosecuting attorney or the first assistant prosecuting attorney or an equivalent of a prosecuting attorney's headquarters or regional office.

    2. Preclusion of Notice to Subject of Governmental Access. - A governmental entity acting under section 2703, when it is not required to notify the subscriber or customer under section 2703
    3. (1), or to the extent that it may delay such notice pursuant to subsection (a) of this section, may apply to a court for an order commanding a provider of electronic communications service or remote computing service to whom a warrant, subpoena, or court order is directed, for such period as the court deems appropriate, not to notify any other person of the existence of the warrant, subpoena, or court order. The court shall enter such an order if it determines that there is reason to believe that notification of the existence of the warrant, subpoena, or court order will result in -

      1. endangering the life or physical safety of an individual;

      2. flight from prosecution;

      3. destruction of or tampering with evidence;

      4. intimidation of potential witnesses; or

      5. otherwise seriously jeopardizing an investigation or unduly delaying a trial.

      Sec. 2706. Cost reimbursement


      1. Payment. - Except as otherwise provided in subsection (c), a governmental entity obtaining the contents of communications, records, or other information under section 2702, 2703, or 2704 of this title shall pay to the person or entity assembling or providing such information a fee for reimbursement for such costs as are reasonably necessary and which have been directly incurred in searching for, assembling, reproducing, or otherwise providing such information. Such reimbursable costs shall include any costs due to necessary disruption of normal operations of any electronic communication service or remote computing service in which such information may be stored.

      2. Amount. - The amount of the fee provided by subsection (a) shall be as mutually agreed by the governmental entity and the person or entity providing the information, or, in the absence of agreement, shall be as determined by the court which issued the order for production of such information (or the court before which a criminal prosecution relating to such information would be brought, if no court order was issued for production of the information).

      3. Exception. - The requirement of subsection (a) of this section does not apply with respect to records or other information maintained by a communications common carrier that relate to telephone toll records and telephone listings obtained under section 2703 of this title. The court may, however, order a payment as described in subsection (a) if the court determines the information required is unusually voluminous in nature or otherwise caused an undue burden on the provider.

      Sec. 2707. Civil action

      1. Cause of Action. - Except as provided in section 2703(e), any provider of electronic communication service, subscriber, or other person aggrieved by any violation of this chapter in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity which engaged in that violation such relief as may be appropriate.

      2. Relief. - In a civil action under this section, appropriate relief includes -

        1. such preliminary and other equitable or declaratory relief as may be appropriate;

        2. damages under subsection (c); and
        3. a reasonable attorney's fee and other litigation costs reasonably incurred.

      3. Damages. - The court may assess as damages in a civil action under this section the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000. If the violation is willful or intentional, the court may assess punitive damages. In the case of a successful action to enforce liability under this section, the court may assess the costs of the action, together with reasonable attorney fees determined by the court.

      4. Disciplinary Actions for Violations. - If a court determines that any agency or department of the United States has violated this chapter and the court finds that the circumstances surrounding the violation raise the question whether or not an officer or employee of the agency or department acted willfully or intentionally with respect to the violation, the agency or department concerned shall promptly initiate a proceeding to determine whether or not disciplinary action is warranted against the officer or employee.

      5. Defense. - A good faith reliance on -

        1. a court warrant or order, a grand jury subpoena, a legislative authorization, or a statutory authorization;

        2. a request of an investigative or law enforcement officer under section 2518(7) of this title; or

        3. a good faith determination that section 2511(3) of this title permitted the conduct complained of; is a complete defense to any civil or criminal action brought under this chapter or any other law.

      6. Limitation. - A civil action under this section may not be commenced later than two years after the date upon which the claimant first discovered or had a reasonable opportunity to discover the violation.

      Sec. 2708. Exclusivity of remedies

      The remedies and sanctions described in this chapter are the only judicial remedies and sanctions for nonconstitutional violations of this chapter.

      Sec. 2709. Counterintelligence access to telephone toll and transactional records

      1. Duty to Provide. - A wire or electronic communication service provider shall comply with a request for subscriber information and toll billing records information, or electronic communication transactional records in its custody or possession made by the Director of the Federal Bureau of Investigation under subsection (b) of this section.

      2. Required Certification. - The Director of the Federal Bureau of Investigation, or his designee in a position not lower than Deputy Assistant Director, may -

        1. request the name, address, length of service, and local and long distance toll billing records of a person or entity if the Director (or his designee in a position not lower than Deputy Assistant Director) certifies in writing to the wire or electronic communication service provider to which the request is made that -

          1. the name, address, length of service, and toll billing records sought are relevant to an authorized foreign counter intelligence investigation; and
          2. there are specific and articulable facts giving reason to believe that the person or entity to whom the information sought pertains is a foreign power or an agent of a foreign power as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and
        2. request the name, address, and length of service of a person or entity if the Director (or his designee in a position not lower than Deputy Assistant Director) certifies in writing to the wire or electronic communication service provider to which the request is made that -

          1. the information sought is relevant to an authorized foreign counterintelligence investigation; and
          2. there are specific and articulable facts giving reason to believe that communication facilities registered in the name of the person or entity have been used, through the services of such provider, in communication with -

            1. an individual who is engaging or has engaged in international terrorism as defined in section 101(c) of the Foreign Intelligence Surveillance Act [1] or clandestine intelligence activities that involve or may involve a violation of the criminal statutes of the United States; or

            2. a foreign power or an agent of a foreign power under circumstances giving reason to believe that the communication concerned international terrorism as defined in section 101(c) of the Foreign Intelligence Surveillance Act (FOOTNOTE 1) or clandestine intelligence activities that involve or may involve a violation of the criminal statutes of the United States.

      3. Prohibition of Certain Disclosure. - No wire or electronic communication service provider, or officer, employee, or agent thereof, shall disclose to any person that the Federal Bureau of Investigation has sought or obtained access to information or records under this section.

      4. Dissemination by Bureau. - The Federal Bureau of Investigation may disseminate information and records obtained under this section only as provided in guidelines approved by the Attorney General for foreign intelligence collection and foreign counterintelligence investigations conducted by the Federal Bureau of Investigation, and, with respect to dissemination to an agency of the United States, only if such information is clearly relevant to the authorized responsibilities of such agency.

      5. Requirement That Certain Congressional Bodies Be Informed. - On a semiannual basis the Director of the Federal Bureau of Investigation shall fully inform the Permanent Select Committee on Intelligence of the House of Representatives and the Select Committee on Intelligence of the Senate, and the Committee on the Judiciary of the House of Representatives and the Committee on the Judiciary of the Senate, concerning all requests made under subsection (b) of this section.

      Sec. 2711. Definitions for chapter

      As used in this chapter -

      1. the terms defined in section 2510 of this title have, respectively, the definitions given such terms in that section; and
      2. the term ''remote computing service'' means the provision to the public of computer storage or processing services by means of an electronic communications system.

      Top

               
              .
                .

              ©2008 Alex Modelski, Business & Technology Law

              .
              .
              . .
              .
              . .