|
|
 |
| |
|
This article is published with the
permission of Alex Modelski to provide information to attorneys and
contract service personnel. It is intended to be informational and
does not constitute legal advice regarding any specific situation.
It may be reprinted without the express permission of Alex Modelski
so long as it is reprinted in its entirety including this title
page.If you have any questions or would like additional information,
contact Alex using the contact information provided
below.
|
|
EMAIL AND
THE LAW OF PRIVACY
October 14, 2001
Copyright ã 2001 Alex Modelski
TABLE OF
CONTENTS
Introduction
Common
Law Rights of Privacy
Constitutional Law
State Constitutional Issues and Statutory
Law
Electronic Communication Privacy Act
Carnivore
System Administrators and
Sniffer Software
Doubleclick
Litigation Computer Fraud and Abuse Act
WebBugs
Rights of ISP’s to Inspect and Disclose; Anonymous Posters
May An Employer Read
Employee Email?
Public
Employers
Email and Internet
Use Policies
Appendix A, Computer Fraud and Abuse Act
Appendix B, Amendments to Computer Fraud and Abuse Act in
Patriot Act of 2001
Appendix C, Chapter 119 - Wire And Electronic Communications
Interception And Interception Of Oral Communications
Appendix D, Chapter 121 - Stored Wire And Electronic
Communications And Transactional Records Access
Introduction
In his September 4, 2001 open letter to federal judges,
published in the Wall Street Journal, Ninth U.S. Circuit Court of Appeals Judge
Alex Kozinski wrote regarding the Judicial Conference C00ommittee on Automation
and Technology recommendation that federal courts monitor employee email and
Web usage:
The U.S. Bureau of Prisons maintains the following
sign next to all telephones used by inmates:
"The Bureau of Prisons reserves the authority to monitor conversations on
the telephone. Your use of institutional telephones constitutes consent to this
monitoring. . . ."
I'm planning to put signs like these next to the
telephones, computers, fax machines and other equipment used in my chambers
because, according to a policy that is up for a vote by the U.S. Judicial
Conference, we may soon start treating the 30,000 employees of the judiciary
pretty much the way we treat prison inmates.
Exaggeration? Not in the least. According to the
proposed policy, all judiciary employees--including
judges and their personal staff--must waive all privacy
in communications made using "office equipment," broadly
defined to include "personal computers . . . library
resources, telephones, facsimile machines, photocopiers,
[office supplies." There is a vague promise that the
policy may be narrowed in the future, but it is the
quoted language the Judicial Conference is being asked
to approve on Sept. 11.
Not surprisingly, the
proposed policy has raised a public furor…. I asked that
my response…be distributed to federal judges…but my
request was rejected. I must therefore take this avenue
for addressing my judicial colleagues on a matter of
vital importance to the judiciary and the public at
large. Like prisoners, judicial employees must
acknowledge that, by using this equipment, their
"consent to monitoring and recording is implied with or
without cause." Judicial opinions, memoranda to
colleagues, phone calls to your proctologist, faxes to
your bank, e-mails to your law clerks, prescriptions you
fill online--you must agree that bureaucrats are
entitled to monitor and record them all.
This is not how the federal judiciary conducts its business. For us,
confidentiality is inviolable. No one else--not even a higher court--has access
to internal case communications, drafts or votes. Like most judges, I had
assumed that keeping case deliberations confidential was a bedrock principle of
our judicial system. But under the proposed policy,
every federal judge will have to agree that court
communications can be monitored and recorded, if some
court administrator thinks he has a good enough reason
for doing so.
Another one of our bedrock principles has been trust
in our employees. I take pride in saying that we have
the finest work force of any organization in the
country; our employees show loyalty and dedication
seldom seen in private enterprise, much less in a
government agency. It is with their help--and only
because of their help--that we are able to keep abreast
of crushing caseloads that at times threaten to
overwhelm us. But loyalty and dedication wilt in the
face of mistrust. The proposed policy tells our 30,000
dedicated employees that we trust them so little that we
must monitor all their communications just to make sure
they are not wasting their work day cruising the
Internet.
How did we get to the point of even
considering such a draconian policy? Is there evidence
that judicial employees massively abuse Internet access?
Judge Nelson's memo suggests there is, but if you read
the fine print you will see that this is not the case.
Even accepting the dubious worst-case
statistics, only about three percent to seven percent of
Internet traffic is non-work related. However, the
proposed policy acknowledges that employees are entitled
to use their telephone and computer for personal errands
during lunchtime and on breaks. Because lunches and
breaks take up considerably more than three percent to
seven percent of the workday, we're already coming out
ahead. Moreover, after employees were alerted last March
that downloading of certain files put too much strain on
the system, bandwidth use dropped dramatically. Our
employees have shown they can be trusted to follow
directions.
Unbeknownst to the vast majority of judges and judicial employees, Mr.
Mecham secretly started gathering data on employee Internet use. When the Web
sites accessed from a particular computer affronted his sensibilities, Mr.
Mecham had his deputy send a letter suggesting that the employee using that
computer be sanctioned, and offering help in accomplishing this. Dozens of such
letters went out, and one can only guess how many judicial employees lost their
jobs or were otherwise sanctioned or humiliated as a consequence.
When judges of our circuit discovered this
surreptitious monitoring, we were shocked and dismayed.
We were worried that the practice was of dubious
morality and probably illegal.
In their hurry to
vindicate Mr. Mecham's unauthorized snooping, the
committee short-circuited the normal collegial process
of deliberation and consultation.
I therefore suggest that all federal judges
reading these words--indeed all concerned
citizens--write or call their Judicial Conference
representatives and urge them to vote against the
proposed policy. In addition, we must undo the harm we
have done to judicial employees who were victims of Mr.
Mecham's secret, and probably illegal, snooping. The
Judicial Conference must pass a resolution that offers
these employees an apology and expungement of their
records.
Moreover, we should appoint an independent investigator to determine whether
any civil or criminal violations of the Electronic Communications Privacy Act
were committed during the months when 30,000 judicial employees were subjected
to surreptitious monitoring. If we in the judiciary are not vigilant in
acknowledging and correcting mistakes made by those acting on our behalf, we
will surely lose the moral authority to pass judgment on the misconduct of
others. –quoted from "Help Stop Monitoring of the Internet at the Federal Judiciary", By Manny Klausner, FrontPageMagazine.com,
September 7, 2001, http://www.frontpagemag.com/guestcolumnists/klausner09-07-01.htm.
Agreeing
with Judge Kozinski, the Federal Judges Association, which represents 85
percent of the nation's 1,800 judges, adopted a resolution opposing the
proposed policy. In a letter to Judge Edwin Nelson, Chief Judge Edith H. Jones
of the Fifth Circuit criticized unrestricted monitoring as "the equivalent
of sanctioning wiretapping of telephones or searches of office files to prevent
unauthorized use of government property." Ultimately, the Judicial Conference
approved a revised version, which does not specifically permit monitoring of
e-mail and permits limited tracking of Web-surfing. [Judicial Conference Approves Recommendations on
Electronic Case File Availability and Internet Use -September 19, 2001, http://www.uscourts.gov/news.html.]On the other hand, the approved "model appropriate use
policy" banned court employees from using their office computers to access
file-sharing services, such as Napster and Gnutella, and from creating,
downloading, viewing, storing, copying or transmitting sexually explicit
materials or those related to gambling or illegal weapons. The dispute among federal judges and the
issues raised in Judge Kozinski’s open letter raise all of the essential
elements basic to an understanding of the law of privacy as it applies to
email.
Top
Common Law Rights of
Privacy
The word "privacy" does not appear in the U.S.
Constitution.Yet, it is now construed
to be a broad and inalienable right. The origin of this right is grounded
in tort law and a famous 1890 Harvard Law Review article by future Supreme
Court justice Louie Brandeis called "The Right to
Privacy". In it, Brandeis asserted that a person ought to be able to
sue someone who violates one's right to "privacy." In a most
famous passage Brandeis said:
That the individual shall have full
protection in person and in property is a principle
as old as the common law; but it has been found necessary from time to time to
define a new the exact nature and extent of such protection. Political, social, and
economic changes entail the recognition of new rights, and the common law, in its
eternal youth, grows to meet the demands of society. Thus, in very early times, the law gave a
remedy only for physical interference with life and property, for trespasses vi et
armis. Then the "right to life" served only to protect the subject from battery in
its various forms; liberty meant freedom from actual restraint; and the right to property secured to the
individual, his lands and his cattle. Later, there came a recognition of man's spiritual nature, of his
feelings and his intellect. Gradually, the scope of these legal rights broadened, and now
the right to life has come to mean the right to enjoy life -- the right to be
let alone; the right to liberty secures the exercise of extensive civil privileges; and the
term "property" has grown to compromise every form of possession -- intangible as well as
tangible.
The courts ultimately agreed and
began recognizing common law rights to privacy.Today, employees’ rights to e-mail privacy
are largely governed by state tort law. The Restatement (Second) of Torts summarizes these causes of action as
follows:
652A. General Principle
- One who invades the right
of privacy of another is subject to liability for
the resulting harm to the interests of the other.
- The right of privacy is
invaded by:
- unreasonable intrusion
upon the seclusion of another, as stated in 652B; or
- appropriation of the
other's name or likeness, as stated in 652C; or
- unreasonable publicity given
to the other's private life, as stated in 652D; or
- publicity that
unreasonably places the other in a false light
before the public,as stated in 652E.
652B. Intrusion upon Seclusion
One who intentionally intrudes, physically or otherwise, upon the solitude or
seclusion of another or his private affairs or concerns, is subject to
liability to the other for invasion of his privacy, if the intrusion would be
highly offensive to a reasonable person.
652C. Appropriation of Name or Likeness
One who appropriates to his own use or benefit the name or likeness of another is
subject to liability to the other for invasion of his privacy.
652D. Publicity Given to Private Life
One who gives publicity to a matter concerning the private life of another is
subject to liability to the other for invasion of his privacy, if the matter
publicized is of a kind that
- would be highly offensive to
a reasonable person, and
- is not of legitimate
concern to the public.
652E. Publicity Placing
Person in False Light
One
who gives publicity to a matter concerning another that places the other before
the public in a false light is subject to liability to the other for invasion
of his privacy, if
- the false light in which the
other was placed would be highly offensive to a
reasonable person, and
- the actor had knowledge of
or acted in reckless disregard as to the falsity of
the publicized matter and the false light in which
the other would be placed
The tort most relevant to e-mail interception by employers
is unreasonable intrusion upon the seclusion of another.
Top
Constitutional
Law
The Supreme Court
has found privacy rights implicit in the "penumbra" surrounding the First,
Third, Fourth, Fifth and Ninth Amendments.
Griswold v. Connecticut, 381 U.S. 479, 483-5 (1965). More specifically, however, the Fourth
Amendment of the U.S. Constitution prohibits unreasonable searches and seizures
by the United States government, and through the Fourteenth Amendment,
that prohibition has been extended to the States, counties and any other entity
that may act "under color of law".
As applied to
electronic communications, the landmark case of Katz v. U.S.,
389 U.S. 347 (1967) considered a wiretap on a public telephone booth. The Court
held that the police violated the defendant's constitutional right of privacy
and made an unreasonable seizure under the Fourth Amendment. In Justice Harlan's concurring opinion in Katz,
389 U.S. at 361, a two-part test was proposed: (1) Did the person have an
actual expectation of privacy in the communication? and (2) Does society
recognize this expectation as reasonable?
The U.S. Supreme Court accepted this two-part test in Smith
v. Maryland, 442 U.S. 735, 740 (1979) and restated their acceptance again
in California v. Ciraolo, 476 U.S. 207, 211 (1986). Further, the Supreme Court has held that a
warrantless search that violates a person’s reasonable expectation of privacy
will nonetheless be "reasonable" (and therefore constitutional) if it falls
within an established exception to the warrant requirement. See Illinois
v. Rodriguez, 497 U.S. 177, 183 (1990).
Accordingly, investigators must consider two issues when asking whether a
government search of a computer requires a warrant. First, does the search
violate a reasonable expectation of privacy? If so, the search may
nonetheless by reasonable because it falls within an exception to the warrant
requirement, such as consent (user, co-users, co-owner, parent, system
administrator), implied consent (individuals, such as prison guards, often enter
into agreements with the government in which they waive some of their Fourth
Amendment rights, and users of computer systems often must view a banner
conditioning use of the system upon a waiver of privacy rights), exigent
circumstances (in United States v. David, 756 F.
Supp. 1385 (D. Nev. 1991), agents saw the defendant deleting files on his
computer memo book, and seized the computer immediately), plain view (for
example, if an agent conducts a valid search of a hard drive and comes across
evidence of an unrelated crime while conducting the search, the agent may seize
the evidence under the plain view doctrine, United States
v. Carey, 172 F.3d 1268, 1273 (10th Cir. 1999)), search incident to lawful
arrest (See United States v. Reyes,
922 F. Supp. 818, 833 (S.D.N.Y. 1996) holding that accessing numbers in a pager
found in bag attached to defendant’s wheelchair within twenty minutes of arrest
falls within search-incident-to-arrest exception), inventory searches and
border searches ("routine searches" at the border or its functional equivalent
do not require a warrant, probable cause, or even reasonable suspicion that the
search may uncover contraband or evidence)
In the case of a communication that contains evidence of
criminal activity, there is no protection for the confidentiality of the
communication when the recipient discloses the contents to law enforcement
agents or at a criminal trial. U.S. v. White, 401
U.S. 745 (1971)(no violation of Fourth Amendment when defendant spoke to
informant who had concealed microphone and transmitter); Hoffa v. U.S., 385 U.S. 293
(1966)(statements made by Hoffa to undercover informant not protected by Fourth Amendment). Furthermore, there
is no protection under the Fifth Amendment to the U.S. Constitution for
production of documents at a criminal trial, U.S. v.
Doe, 465 U.S. 605 (1984). Thus, the author of an e-mail message generally
has no constitutional right to prevent disclosure of the message by the
recipient.
Top
State Constitutional Issues
And Statutory Law
Many state constitutions guarantee a right of privacy
that parallels the protections of the Fourth Amendment. See Alaska Constitution,
Article I, § 22; California Constitution, Article I, § 1; Florida Constitution,
Article I, § 23; Hawaii Constitution, Article I, § 6; Illinois Constitution,
Article I, § 6; Louisiana Constitution, Article 1, § 5; Montana Constitution,
Article II, § 10; South Carolina Constitution, Article I, § 10. Washington
Constitution Article No. 1, § 7. Generally, these constitutional provisions
apply only to governmental actors or those acting under "color of law", but
California's Constitution has been successfully used to challenge private
employer actions. See, e.g., Ryan v. Sara Lee Corp.,
No. S031479, 1993 Cal. LEXIS 2464 (Cal. Dist. Ct. App. April 29, 1993); Semore v. Pool, 266 Cal. Rptr. 280 (Cal. Dist. Ct. App.
1990) See also Luck v. Southern Pac. Transp. Co., 267 Cal. Rptr. 618 (privacy provision of California constitution may apply to private employers),
cert. denied, 498 U.S. 939 (1990). On the other hand, California's highest court has upheld a private
employer's drug testing program where the employer's legitimate regulatory objectives in conducting the
testing outweighed any expectation of privacy. Hill v. National Collegiate Athletic
Ass'n, 865 P.2d 633 (Cal. 1994) (upheld NCAA's use of
drug testing program for its student athletes).
Several states have statutes
protecting against the interception of electronic
communications. In 1998, Connecticut enacted legislation
requiring employers to give prior written notice of
electronic monitoring to all employees who may be
affected. Pub. Law 98-142. See also, New Jersey
Wiretapping and Electronic Surveillance Control Act,
N.J.S.A. 2A:156A-1 et seq.; Pennsylvania Wiretapping and
Electronic Surveillance Act, 18 Pa. Cons. Stat. Ann. §
5702 et seq. See also Cal. Penal Code § 629; Colo. Rev.
Stat. Ann. § 16-15-102; Md. Code Ann. §§10-4A-01-08; and
N.Y. Crim. Proc. Art. 700. These statutes are largely
patterned after the federal Electronic Communications
Privacy Act, discussed below.
Top
Electronic
Communications Privacy Act
The Electronic Communications
Privacy Act of 1986 ("ECPA") is the only federal statute
that specifically addresses the interception of email.
It expanded preexisting prohibitions on the unauthorized
interception of wire and oral communications to include
other forms of electronic communications. This is a
voluminous and complex statute. Subject to various
exceptions, the ECPA makes it illegal to intercept an
email at the point of transmission, while in transit,
when stored by an email router or server, or after
receipt by the intended recipient. Chapter 119, §§
2510-2522 (See Appendix C), deals with unlawful
interception, use and disclosure of wire, oral or
electronic communications, as well as lawful
governmental interception and use. Chapter 121, §§ 2701
through 2711 (See Appendix D), deals with unlawful
access and disclosure of stored communications, as well
as governmental access and use of such stored
communications. The sections dealing with governmental
access and use are very detailed and complex and provide
the legal basis for national security agency monitoring
of email through the Carnivore system.
The ECPA provides for both
criminal and civil liability. A civil plaintiff who
proves a violation of Chapter 119 may recover the
greater of either:
(1) actual damages suffered and
any profits made by the violator; or
(2) statutory damages
(the greater of $100 a day for each day of violation or
$10,000). 18 U.S.C. § 2520(c)(2). Further, attorneys'
fees, litigation costs, and other equitable relief may
be available. Id. § 2520(a)(3). The criminal penalty
includes up to five years imprisonment and fines up to
$5000. Id. § 2511(4)(a)-(b). Chapter 121 provides for
more severe remedies, including minimum damages of
$1,000, punitive damages in the event of willful
violation, and disciplinary action in the event of
governmental agency violation.
Neither chapter, however,
establishes a general right to e-mail privacy in the
workplace because of various exceptions it contains. For
example, the prohibition against intercepting
communications does not apply where one of the parties
to the communication consents to the interception 18
U.S.C. §2511(2)(d). An e-mail system provider and/or its
employees have the right to intercept and use electronic
communications in the normal course of employment while
engaged in an activity which is incident to the
rendition of the service or for the protection of the
rights or property of the provider. 18 U.S.C. §
2511(2)(a)(i). Furthermore, the definition of
"electronic communication" is limited to those affecting
interstate commerce. Therefore, e-mail messages
transmitted on an employer's completely internal e-mail
system may not be subject to the ECPA. In the case of Andersen Consulting LLP v. UOP and
Bickel & Brewer, 991 F. Supp. 1041 (N.D.Ill.
1998), the Court interpreted § 2702(a) of ECPA, which
provides that "a person or entity providing any
electronic communication service to the public shall not
knowingly divulge to any person or entity the contents
of a communication while in electronic storage by that
service." The court held that to be subject to this
statute, a defendant must provide electronic
communication service to the community at large. As UOP
only utilized its e-mail system for internal
communication, it did not supply service to the public
or community at large, even if the system permitted
communications over the Internet with third parties. As
a result, it was not subject to the statute, and the
claim thereunder was dismissed.
18 U.S.C. § 2701(a) prohibits
anyone from obtaining, altering, or preventing
authorized access to an electronic communication by
intentionally accessing, without authorization, a
facility through which electronic communications
services are provided, or by exceeding authorization to
access such a facility.
In the wake of the atrocities of
Sept. 11, pursuant to the request of President George W.
Bush, Congress amended much U.S. law as part of its
response to terrorism. (See "Congress Makes it Easier to
Snoop,"
http://www.csmonitor.com/2001/1011/p16s1-stct.html.) In
addition to the establishment of a counter-terrorism
fund, condemnation of discrimination against Arab and
Muslim Americans, authorization of the expansion of a
National Electronic Crime Task Force, authorization of
confiscation of property of foreign entities involved in
hostilities against the United States, provision for
increased border guard staffing, extension of access to
criminal record to the INS and State Departments,
changes in Habeas Corpus and Immigration Law,
establishment of humanitarian relief for victims of
terrorism, liberalization of proof standards regarding
death and disability of victims of terrorism,
authorization of payment of rewards to informants
against terrorists, extension of Secret Service
jurisdiction, expansion of access to educational
records, funding of increased crime victim assistance,
criminalization of attacks against transportation
systems, criminalization of harboring terrorists,
definition and criminalization of terrorism and
terrorist conspiracies, temporary deferral of the
obligation of reporting intelligence-related matters to
Congress, establishment of a foreign asset tracking
center and a virtual translation center, provision for
dam security and investigation of money laundering, the
Patriot Act of 2001 also amends sections of the ECPA,
the Wiretap Act, the Foreign Intelligence Surveillance
Act, and the pen register and trap and trap devices for
foreign intelligence purposes provisions. (See http://thomas.loc.gov/cgi-bin/query/D?c107:3:./temp/~c107WEcEDs::).These
changes generally ease or lift restrictions on the
ability of government agencies to access communications
and records of those communications and expand the
authority of law enforcement agencies to share the
communications obtained through surveillance. Pursuant
to a Sunset provision, the amendments terminate as of
Dec. 31, 2003, 2004 and 2006.
Generally speaking, three
exceptions are provided to Chapter 2701’s prohibitions
on access to stored communications. The Act does not
prohibit conduct which is authorized: (1) by the party
or entity providing the electronic communications
service; (2) by users of electronic communications sent,
or intended for, such users; and (3) for certain
activities of governmental or law enforcement entities.
The Patriot Act of 2001 has added another exception
allowing disclosure by the electronic communications
service to a governmental entity, if the provider
reasonably believes that an emergency involving
immediate danger of death or serious physical injury to
any person justifies disclosure of the information
(Patriot Act of 2001, § 212). It amends 18 U.S.C. § 2702
to prohibit disclosure of records or other information
regarding subscribers or users of electronic
communications services and remote computing services
"not including the contents [of such communications] to
any government agency" (§ 210). Though difficult to
interpret, this amendment may always authorize
disclosure of such contents to government agencies or
merely enable the disclosure in case of emergency.
The Patriot Act of 2001 also
makes clear that a "computer trespasser" has no
reasonable expectation of privacy, thereby permitting
disclosure with regard to his electronic communications
(Patriot Act of 2001, § 217). It also exempts the
Federal Government from civil liability under 18 U.S.C.
§ 2707 and adds an entirely new § 2712 dealing with
civil liability of the Federal Government ((Patriot Act
of 2001, § 223). The Act also allows the federal
government to learn ISP subscriber numbers, identities,
temporarily assigned network addresses and means and
source of payment (including any credit card or bank
account number) of subscribers (Patriot Act of 2001, §
210).
18 U.S.C. § 2703 provides that a
governmental entity may require the disclosure by a
provider of electronic communication service of the
contents of an electronic communication that is in
electronic storage in an electronic communications
system for one-hundred and eighty days or less only
pursuant to a warrant issued under the Federal Rules of
Criminal Procedure or equivalent State warrant. However,
the Section does not protect users against disclosure of
information to non-governmental entities.
Top
Carnivore
Carnivore is a system used to
implement court-ordered surveillance of electronic
communication. It has received a great deal of online
press in the last year, and has been a focus of
anti-terrorist investigation since the attacks of Sept.
11, 2001. Groups such as the American Civil Liberties
Union and the Center for Democracy and Technology view
Carnivore as an unwarranted invasion of privacy (See
"CDT Statement Preserving Democratic Freedoms In Times
Of Peril," September 14, 2001, http://www.cdt.org/security/010914cdtstatement.shtml ).
Carnivore is used when other methods (e.g. having an ISP
provide the requested data) do not meet the needs of the
investigators or the restrictions placed by the court.
Carnivore can be used to collect full content of
communications under 18 U.S.C §§ 2510-2522 (ECPA) and 50
U.S.C §§ 1801-1846 (Foreign Intelligence Surveillance
Act) or only address information (i.e., pen register)
under 18 U.S.C §§ 3121-3127 and 50 U.S.C §§ 1841-1846
(pen registers and trap and trap devices for foreign
intelligence purposes). Law enforcement agents follow a
rigorous, detailed procedure to obtain court orders and
surveillance is performed under the supervision of the
court issuing the order. The Carnivore architecture
comprises: (1) a one way tap into an Ethernet data
stream; (2) a general purpose computer to filter and
collect data; (3) additional general purpose computers
to control the collection and examine the data; and (4)
a telephone link to the collection computer. The
collection computer is typically installed without a
keyboard or monitor. Symantec’s PcAnywhere, allows the
additional computers to control the collection computer
via the telephone link. The link is protected by an
electronic key such that only a computer with a matching
key can connect. Carnivore software is typically loaded
on the collection computer while Packeteer and Coolminer
are installed on the control computers. When placed at
an ISP, the collection computer receives all packets on
the Ethernet segment to which it is connected and
records packets or packet segments that match Carnivore
filter settings. The one-way tap ensures that Carnivore
cannot transmit data on the network, and the absence of
an installed Internet protocol (IP) stack ensures that
Carnivore cannot process any packets other than to
filter and optionally record them. Carnivore can neither
alter packets destined for other systems on the network
nor initiate packets. In pen mode, the operator can see
the TO and FROM email addresses and the IP addresses of
computers involved in File Transfer Protocol (FTP) and
Hypertext Transfer Protocol (HTTP) sessions. In
full-collection mode, the operator can view the content
of email messages, HTTP pages, FTP sessions, etc.
Top
System
Administrators and Sniffer Software
The legality of employing Sniffer
software to protect ones’ email network has yet to be
tested in Court. Crackers (evil hackers) utilize sniffer
software to locate passwords, entry points into
networks, etc. Network administrators utilize sniffer
software, (commonly available brand names include
EtherPeek, NAI Sniffer Portable, Win Sniffer 1.2,
Analyzer v.2.02) to "sniff out" unusual or problematic
activity on a network, including entry by crackers. Such
software can be set to intercept any packet visible to
the network interface card on which the software is
installed and it can be set to capture only those
packets transmitted to a particular IP or Ethernet
address or all packets which utilize a particular
protocol, such as IP, TCP/IP or IP/HTTP. After packets
are captured, the user can cause the software to
reconstruct the session and then examine the contents in
a graphical display or display plain text in readable
ASCII format.
The first legal issue arises from
the fact that 18 U.S.C. 2512 prohibits manufacture,
assembly, possession or sale
of "any electronic, mechanical, or other device, knowing
or having reason to know that the design of such device
renders it primarily useful for the purpose of
surreptitious interception of wire or oral or electronic
communications." The computer onto which the sniffer
software is loaded may or may not qualify as such a
"device". Also, both cracker and system administrator
could argue that the software is primarily useful for
analyzing the nature of packet traffic, such as size,
type, and patterns of traffic, rather than inspecting
the contents of the packets. It appears that this issue
has yet to be litigated.
The second legal issue arises
from the fact that 18 U.S.C. 2511 prohibits the
interception of wire or oral or electronic
communications.Andersen
Consulting might lead one to believe that use of
sniffer software to view contents of email on a
completely internal email system would be acceptable.
However, Andersen Consulting
interpreted 18 U.S.C. 2702, not 2511. § 2511(a) does not
mention electronic communication service.Therefore, a
complaining party would not need to prove that the
system is open to the public. Further, 18 U.S.C.
2511(2)(a)(i) provides that:
It shall not be unlawful under
this chapter for an operator of a switchboard, or an
officer, employee, or agent of a provider of wire or electronic communication
service, whose facilities are used in the
transmission of a wire or electronic communication, to
intercept, disclose, or use that communication in the
normal course of his employment while engaged in any
activity which is a necessary incident to the rendition
of his service or to the protection of the rights or
property of the provider of that service, except that a
provider of wire communication service to the public
shall not utilize service observing or random monitoring
except for mechanical or service quality control
checks.
If Andersen Consulting controls,
the system administrator does not qualify for the
protection of § 2511(2)(a)(i) inasmuch as his system is
not open to the public.Therefore, § 2511(a) would seem
to prohibit his interception of email, whether by
sniffer software or otherwise, at least to the extent
that such email qualifies as an "electronic
communication", that is so long as it affects interstate
commerce.
18 U.S.C. § 2511(2)(d) permits
interception of an "electronic communication" when the
person intercepting same:
(d) is a party to the
communication or where one of the parties to the
communication has given prior consent to such
interception unless such communication is intercepted
for the purpose of committing any criminal or tortious
act in violation of the Constitution or laws of the
United States or of any State.
To take advantage of this
exception, computer networks frequently make use of
computer banners that appear whenever a person logs onto
the network. A banner is text which appears whenever a
user attempts to enter a network from a designated point
of entry known as a "port." Banners vary substantially
in wording, but they usually inform the user that: (1)
the user is on a private network; and (2) by proceeding,
the user is consenting to all forms of monitoring. The
following is an example:
This computer network
belongs to the Widget Corporation and may be used only
by Widget Corporation employees and only for
work-related purposes and subject to Widget Corporation
policies and procedures. Any other use (including use
in violation of Widget Corporation policies and
procedures) of this network is unauthorized. The Widget
Corporation reserves the right to monitor use of this network
to ensure network security and to respond to
specific allegations of employee and non-employee
misuse. Use of this network shall constitute consent to
monitoring for such purposes. In addition, the
Widget Corporation reserves the right to consent to a
valid law enforcement request to search the network for
evidence of a crime stored within the network.
Top
Doubleclick Litigation
The recent case of In Re Doubleclick, Inc. Privacy
Litigation, 00 Civ. 0641 (S.D.N.Y., March 28, 2001),
presented a creative attempt by Plaintiffs to extend the
ECPA and Wiretap Act to use of "cookies". This
consolidated multi-district class action litigation grew
out of Doubleclick’s use of "cookies" on client
websites. "Cookies" are programs which the site
downloads to users’ computers to: 1. gather information
regarding a user’s search engine query string; 2. gather
user provided information; and 3. track user movement on
a website. Whenever a user visits a site which has
consented to Doubleclick’s presence, software loaded on
the host server downloads the information collected by
the "cookies" loaded onto the user’s computer. The Court
dismissed the Plaintiffs’ action because:
1. for purposes of § 2701(a), the
conduct was authorized by the user of the electronic
communications system (the website owners) for whom
Plaintiff’s communication (the transmitted contents of
the "cookies") was "intended";
2.
for purposes of § 2701(a), the cookies are not stored
in "electronic storage" as it is defined (temporary
intermediate storage or storage at an electronic
communication service);
3. for purposes of § 2511(a), Doubleclick and
its client websites consented to the "interception" of
Plaintiff’s "communications"; 4. for purposes of
§ 2511(a), the consensual purpose of Doubleclick’s actions
was not "primarily criminal or tortious" -
rather it was to assist the client sites and
Doubleclick to make money.
Computer
Fraud and Abuse Act
The Computer Fraud and Abuse
Act (CFAA), 18 U.S.C. § 1030, et. seq., (See Appendix
A) prohibits trafficking in passwords and prohibits
unauthorized access, by someone without authority or
in excess of authority, to a computer (used in
interstate commerce or to a government computer) for
purposes of obtaining information, committing fraud or
extortion, interfering with operation of the accessed
computer, and prohibits knowingly causing a
transmission which damages such a computer. This
statute has been widely utilized by law enforcement
agencies to punish crackers and purveyors of "worms"
and "viruses". In addition to criminal penalties, the
CFAA provides for compensatory damages, injunctive
relief and other equitable relief. A growing list of
cases provides an idea of the scope of prohibited
actions.America Online, Inc.
v. Christian Brothers (SDNY, December 9, 2000)
(finding that sending spam caused violations of both
(a)(5) and (a)(5)(C)); America
Online, Inc. v. LCGM, 1998 US Dist. LEXIS 20144
(finding a spammer violated the CFAA); America Online, Inc. v. National
Health Care Discount, Inc. 2000 WL 1724884 (N.D.
Iowa Sept. 25, 2000) (sending unwanted email is
"access" for purposes of CFAA and large volume of
email impairs the availability of a computer system;
also finding that scraping email addresses could
violate (a)(2)(C)); Hotmail
Corporation v. Van$ Money Pie Inc., 1998 WL 388389
(N.D. Cal., April 20, 1998) (a default judgment
finding, among other things, that spamming with
falsified return email addresses with the intention of
causing bounced back emails and complaints to damage
Hotmail Corporation was a violation of the Computer
Fraud and Abuse Act); In re
Intuit Privacy Litigation, 2001 WL 370081 (C.D.
Cal. April 10, 2001) (dismissing a claim that placing
cookies violates the CFAA); Register.com v. Verio (SDNY
Dec. 8, 2000) (access by search robots could give rise
to (a)(5)(C) and (a)(2) violation; Shurgard Storage Centers, Inc. v.
Safeguard Self Storage, Inc. (W.D. Wash.
10/26/2000), 119 F. Supp. 2d 1121 (culprit acted
"without authority" when, while still employed by the
plaintiff, but acting as an agent for the defendant,
he sent e-mails to the defendant containing various
trade secrets and proprietary information belonging to
the plaintiff. In the cited case of In Re Doubleclick, Inc. Privacy
Litigation, 00 Civ. 0641 (S.D.N.Y., March 28,
2001), the Court noted that the CFAA’s prohibitions
against obtaining information without authorization
apply only to interstate or foreign communications,
damages are limited to economic damages, such economic
damage must exceed $5,000, and they must result from a
single wrongful act. Further, the Court pointed out
that there is no cost to disabling cookies inasmuch as
most browser software allows cookies to be "turned
off" and inasmuch as Doubleclick offers an "opt out"
cookie for free download from its site.
The Patriot Act of 2001
contains substantial amendments to the CFAA (§ 814)(
See Appendix B). It reverses Doubleclick with regard to the
requirement that the $5,000 damage threshold must be
met by a single act; it increases criminal penalties;
it clarifies that the term "loss" includes any
reasonable cost to any victim, including the cost of
responding to an offense, conducting a damage
assessment, and restoring the data, program, system,
or information to its condition prior to the offense,
and any revenue lost, cost incurred, or other
consequential damages incurred because of interruption
of service; it clarifies that "person" includes
corporations and other entities; it permits recovery
of damages in some situations without proof of
economic damages; it includes among the actionable
damages the modification or impairment, or potential
modification or impairment, of the medical
examination, diagnosis, treatment, or care of 1 or
more individuals; it provides that no action may be
brought for the negligent design or manufacture of
computer hardware, computer software, or firmware.
Top
Web Bugs
Those who utilize "opt-in"
email enjoy receiving relevant HTML content pushed to
their computer on a regular basis. What they don’t
know is that that content sometimes includes a "Web
bug". Web bugs typically use Java Script, a
programming language embedded in the HTML text, to
collect certain information that allows a user’s
movements online to be tracked. Such bugs are also
contained in Web page HTML and software downloads.
Among the information collected is the IP address of
the computer in which the bug is installed, the URL of
the page from which the bug is downloaded, and the
time the page was viewed. The bug enables the
collected information to be sent to its originator,
such as at the time it is forwarded to other
recipients.
Unlike cookies, Web bugs are
invisible. This gives rise to a host of privacy
concerns, because the Web bug’s use is often not
adequately disclosed. The undisclosed use of tracking
technology to monitor or collect consumer information,
or to share such information with third parties, can
result in civil and criminal penalties. Recently, the US
District Court for the Southern District of New York
issued an important order in Specht v. Netscape Communications
Corp., 00 Civ. 4871, 2001 U.S. Dist. LEXIS 9073
(S.D.N.Y. 7/3/01). The case involves Netscape’s
"SmartDownload" software, which is intended to make it
easier for its users to download files from the
Internet without losing their interim progress if they
lose their Internet connection. At the time of free
download from the Netscape site, Plaintiffs were
invited to "please review…the license agreement" which
contained an arbitration clause (one Plaintiff
downloaded the software from another site where the
invitation to review the license agreement was not
even present). The Court denied Netscape’s Motion to
Compel arbitration, holding that there was no proof
that the Plaintiffs had assented to the license
agreement. More importantly, for purposes of this
discussion, the Plaintiffs allege that the software
transmits to Netscape private information about the
user’s file transfer activity on the Internet, thereby
effecting an electronic surveillance of the user’s
activity in violation of ECPA and CFAA. It is hard to
imagine that the placement of such bugs could result
in $5,000 in economic damages required by the CFAA
(though this may become easier to prove given the
above-noted amendments contained in the Patriot Act of
2001). For purposes of 18 U.S.C. 2701(a) it may be
that the transmission of the user information is
authorized by the user of the electronic
communications system (Netscape) for whom Plaintiff’s
communication (the user information) was "intended".
For purposes of § 2701(a), the bugs don’t seem to be
stored in "electronic storage" as it is defined
(temporary intermediate storage or storage at an
electronic communication service). For purposes of §
2511(a), it would seem that one of the parties to the
communication, Netscape, consented to the
"interception" of Plaintiff’s "communications".
Finally, for purposes of § 2511(a), the placement of
the bugs does not seem to be "primarily criminal or
tortious"—rather it was for some business purpose.
Perhaps criminal or civil trespass or conversion would
be more appropriate causes of action.
Top
Rights of ISP’s to Inspect and
Disclose; Anonymous Posters
At the time that users contract
with their Internet Service Provider (ISP), they
contractually agree that the ISP shall have the right to
review and take certain actions with regard to the
user’s data and transmissions. For example, AOL provides
in its Screen Name Service Terms of Use:
You acknowledge that AOL
reserves the right at all times to disclose any
information concerning your use of the Screen Name
Service or Participating Sites and Services to comply
with valid legal process such as a search warrant,
subpoena or court order, or in special cases such as a
physical threat to you or others. AOL also reserves
the right to edit, refuse to post, or to remove any
information, posting or material, in whole or in part,
without any prior notification to you. AOL is not
responsible for any failure or delay in removing such
material.
....use of the content or
materials available on the Screen Name Service for any
purpose not expressly permitted in these Terms of Use
is prohibited.
Mindspring’sInternet Service
Agreement provides:
Monitoring the Services
EarthLink has no obligation to
monitor the Services, but may do so and disclose
information regarding use of the Services for any
reason if EarthLink, in its sole discretion, believes
that it is reasonable to do so, including to: satisfy
laws, regulations, or governmental or legal requests;
operate the Services properly; or protect itself and
its Members. Please see our Privacy Policy .
EarthLink may immediately remove your material or
information from EarthLink’s servers, in whole or in
part, which EarthLink, in its sole and absolute
discretion, determines to infringe another’s property
rights or to violate our Acceptable use
policy
Mindspring’s Privacy Policy goes
on to provide:
Special Cases
....EarthLink may disclose
personal information about Visitors or Members, or
information regarding your use of the Services or Web
sites accessible through our Services, for any reason
if, in our sole discretion, we believe that it is
reasonable to do so, including: to satisfy laws, such
as the Electronic Communications Privacy Act,
regulations, or governmental or legal requests for
such information; to disclose information that is
necessary to identify, contact, or bring legal action
against someone who may be violating our Acceptable Use
Policy or other user policies; to operate the
Services properly; or to protect EarthLink and our
Members.
In 1998, AOL drew criticism when
it admitted that it violated its own privacy policy by
releasing information showing that a customer being
investigated by the U.S. Navy was a homosexual.(See "AOL
sides with anonymous posters" by Aaron Elstein, ZDNet News, WSJ Interactive
Edition, March 5, 2001,
http://www.zdnet.com/zdnn/stories/news/0,4586,2692564,00.html.)
Recently, despite the fact that
ISP’s have great latitude to make disclosure pursuant to
the clauses quoted above, they have in fact taken on the
role of privacy shield with regard to anonymous posters
on ISP sponsored message boards. AOL, Yahoo! and other
ISP’s are being deluged with subpoena’s issued in John
Doe defamation actions being used by publicly traded
corporations seeking to uncover the identities of those
posters whose comments are particularly offensive,
damaging or suspicious. In fact, representatives of AOL
have stated that in Year 2000 they received over 475
subpoenas, a 40% increase over 1999. Id. AOL has argued that such
suits can constitute an illegitimate use of the courts
to silence and retaliate against speakers whose
statements, while unpleasant from the standpoint of the
Plaintiff, are not unlawful. Id. Yahoo! has told a
California Superior Court that it receives thousands
such subpoenas. (See "A Victory, of Sorts, for Spouting
Off" by Jane Black, BusinessWeek
online, July 20, 2001,
http://www.businessweek.com/bwdaily/dnflash/jul2001/nf20010720_543.htm.)
On July 11, 2001, the New Jersey
Superior Court issued two opinions in cases in which
Yahoo! challenged subpoenas for private information
regarding posters. Dendrite
International, Inc. v. John Doe No. 3, (Superior,
N.J., July 11, 2001); Immunomedics, Inc. v. John Does
1-10, John Foe, A/K/A "bioledger," and John Foes
2-10 (Superior, N.J., July 11, 2001).In Dendrite, the Court quashed the
subpoena and in Immunomedics,
the Court denied the Motion to Quash Subpoena Duces
Tecum. In analyzing the cases, the Court gave the
following guidance:
We offer the following
guidelines to trial courts when faced with an
application by a plaintiff for expedited discovery
seeking an order compelling an ISP to honor a subpoena
and disclose the identity of anonymous Internet
posters who are sued for allegedly violating the
rights of individuals, corporations or businesses. The
trial court must consider and decide those
applications by striking a balance between the
well-established First Amendment
right to speak anonymously,
and the right of the plaintiff to protect
its proprietary interests and reputation through the assertion of
recognizable claims based on the actionable conduct of the
anonymous, fictitiously-named defendants.
We hold that when such an application is
made, the trial court should first require the
plaintiff to undertake efforts to notify the anonymous
posters that they are the subject of a subpoena or
application for an order of disclosure, and withhold
action to afford the fictitiously-named defendants a
reasonable opportunity to file and serve opposition to
the application. These notification efforts should
include posting a message of notification of the
identity discovery request to the anonymous user on
the ISP's pertinent message board.
The court shall also require the plaintiff to
identify and set forth the exact statements
purportedly made by each anonymous poster that
plaintiff alleges constitutes actionable
speech.
The complaint and all information
provided to the court should be carefully reviewed to
determine whether plaintiff has set forth a prima
facie cause of action against the fictitiously-named
anonymous defendants. In addition to establishing that
its action can withstand a motion to dismiss for
failure to state a claim upon which relief can be
granted pursuant to R. 4:6-2(f),
the plaintiff must produce sufficient evidence
supporting each element of its cause of action, on a
prima facie basis, prior to a court ordering the
disclosure of the identity of the unnamed
defendant.
Finally, assuming the court concludes
that the plaintiff has presented a prima facie cause
of action, the court must balance the defendant's First Amendment
right of anonymous free speech against the strength of
the prima facie case presented and the necessity for
the disclosure of the anonymous defendant's identity
to allow the plaintiff to properly proceed.
The application of these procedures and standards
must be undertaken and analyzed on a case-by-case
basis. The guiding principle is a result based on a
meaningful analysis and a proper balancing of the
equities and rights at issue.
Applying this methodology to
both cases, the Court quashed the subpoena requested by
Dendrite due to its failure to offer evidence
establishing that the poster’s statements sufficiently
harmed Dendrite. The Court refused to quash the subpoena
requested by Immunomedics because the poster identified
herself as an employee, and the suit alleged harm
resulting from disclosures of confidential information
contained in the postings.
Similar analysis was utilized by
the Virginia Supreme Court in America Online, Inc. V. Anonymous
Publicly Traded Company, (March 2, 2001) 2001 Va.
LEXIS 38; 29 Media L. Rep. 1442. In that case, the
Virginia Supreme Court held that AOL would not have to
respond to a subpoena issued by an Indiana Court in a
defamation suit on behalf of Plaintiff anonymous
publicly traded corporation against an anonymous
defendant, "John Doe." The court stated that a court
might allow a party to proceed anonymously only upon
showing of special circumstances when a party's need for
anonymity outweighs the public's interest in knowing the
party's identity and outweighs the prejudice to the
opposing party. The Court found the Plaintiff’s
allegations of potential economic harm to be conclusory.
Some litigants who have sought
to prevent disclosure of their private information have
alleged that disclosures would violate the Electronic
Communications Privacy Act (ECPA)(which is further
discussed below. In Jessup-Morgan v. America Online,
Inc., 20 F.Supp.2d 1105 (E.D. Mich 1998) the
Plaintiff alleged that AOL violated the ECPA when her
identity was divulged to her husband’s ex-wife, pursuant
to subpoena, when the ex-wife attempted to learn who had
been posting sexual solicitations under her name on an
AOL message board. The Court analyzed these allegations
as follows:
The prohibitions of the
Electronic Communication Privacy Act (ECPA), 18 U.S.C.
§§ 2701 et seq., are
inapplicable. The ECPA prohibits disclosure of the
contents of an electronic communication to any person
or entity (18 U.S.C. § 2702) or to the government (18
U.S.C. § 2703) without first meeting certain
restrictions. 18 U.S.C. § 2711 states that the
definitions in 18 U.S.C. § 2510 apply to the ECPA’s
provisions. 18 U.S.C. § 2510 states that "‘contents’,
when used with respect to any wire, oral, or
electronic communication, includes any information
concerning the substance, purport, or meaning of that
communication," [not information concerning the
identity of the author of the communication]. 18
U.S.C. § 25 10(8). The "content" of a communication is
not at issue in this case. Disclosure of information
identifying an AOL electronic communication account
customer is at issue. In 18 U.S.C. § 2703(c)(1)(C)
this identifying information is specifically
acknowledged as separate from the "content" of
electronic communications. The ECPA actually
authorizes AOL’s disclosure:
Except as provided in
subparagraph (B), a provider of electronic
communication service or remote computing service may disclose a record or
other information pertaining to a subscriber to or
customer of such service (not including the contents
of communications covered by subsection (a) or (b) of
this section) to any person other than a governmental
entity.
18 U.S.C. 2703(c)(1)(A)
(emphasis added) (subsections (a) and (b) do not apply
to the AOL disclosure). AOL made the disclosure, not
to the public, but to a private individual, Barbara
Smith’s attorney, pursuant to a properly executed
subpoena. Because the prohibitions of the ECPA do not
apply to the AOL disclosure in this case, Jessup’s
claim that AOL violated the Electronic Communication
Privacy Act fails, and AOL is entitled to dismissal of
this claim because of her failure to state a claim
upon which relief can be granted. FED. R. Civ. P.1 2(b)(6).
AOL has posts the following
language on its site:
AOL’s Terms of Service
provide that AOL will release account information or
information sufficient to identify a member "only to
comply with valid legal process such as a search
warrant, subpoena or court order . . ." Thus, if you
seek such identity or account information in
connection with a civil legal matter, you must serve
AOL with a valid subpoena.
AOL is headquartered in
Loudoun County, Virginia and subject to the
jurisdiction of Loudoun County Circuit
Court and the United States District Court for the
Eastern District of Virginia. For applicable
requirements governing the issuance of subpoenas in
these jurisdictions, please consult Va. Code Ann. §
8.01-411and Virginia Supreme Court
Rules 4:9(c) and/or Rule 45 of the Federal
Rules of Civil Procedure.
Upon receipt of a valid
subpoena, it is AOL’s policy to promptly notify the
Member(s) whose information is sought. In
non-emergency circumstances, AOL will not produce the
subpoenaed Member identity information until
approximately two weeks after receipt of the subpoena,
so that the Member whose information is sought will
have adequate opportunity to move to quash the
subpoena in court. AOL invoices for costs
associated with subpoena compliance. We charge $75.00
per hour for research, $14.00 per Federal Express and
25 cents per copy. Subpoenas should be directed
to:
AOL Custodian of Records
22000 AOL Way
Dulles, VA, 20166
Please be advised that the Electronic
Communications Privacy Act; 18 U.S.C. §2701 et
seq., prohibits an electronic communications
service provider from producing the contents of
electronic communications, even pursuant to subpoena
or court order, except in limited circumstances.
Further, AOL’s e-mail system retains e-mail for a
period of only approximately two days after the e-mail
has been read. After that time, the e-mail is
automatically deleted. Unread and sent e-mail is
preserved on our system for approximately 28 days. If
a member deletes any e-mail, that e-mail is
automatically deleted after 24 hours from the AOL
systems. Finally, AOL does not retain the
contents of chat room or instant message
communications, nor does it store information about
member Internet usage or websites visited.
Finally, it is AOL’s policy to
release information sufficient to identify an AOL
member only where the party seeking the information
has filed a legal action that implicates the AOL
member in some legally cognizable impropriety or
wrongdoing. AOL requests a copy of the complaint and
any supporting documentation to indicate how the AOL
e-mail address is related to the pending litigation.
The policy statement raises the
question, "when does the ECPA prohibit disclosure
pursuant to subpoena? That issue was addressed in Federal Trade Commission v.
Netscape Communications Corp., No. CV-00-00026
(N.D.Cal. 04/24/2000). In that case, the FTC filed a
civil action in the United States District Court for the
Eastern District of Virginia against various defendants,
alleging violations of 15 U.S.C. § 45(a), the FTC unfair
competition statute. Netscape was not a defendant in
that action. The FTC issued a discovery subpoena as part
of pre-trial discovery to uncover documents indicating
personal information relating to the identity of certain
individuals. The Court held that the FTC’s subpoena was
barred by 18 U.S.C. § 2703(c)(1)(C), part of the ECPA,
which allows an "electronic communication provider" to
honor only trial subpoenas and not pre-trial discovery
subpoenas.
In light of the amendments
contained in the Patriot Act of 2001, AOL’s policy may
soon be amended to provide that disclosure may be
voluntarily made to a governmental entity, especially if
AOL reasonably believes that an emergency involving
immediate danger of death or serious physical injury to
any person justifies disclosure of the information.
Finally, in criminal cases,
Courts have generally ruled against criminal defendant
ISP customers who have attempted to block government
access to their account information and against those
who attempt to exclude evidence gathered from ISP’s
pursuant to warrants. Courts generally find that the
defendants have "no reasonable expectation of privacy."
See United States v.
Kennedy, No.
99-10105-01 (D. Kan. Jan. 3, 2000)(ISP customer with
child pornography on his web site hosted by Road Runner
did not have a reasonable expectation of privacy in the
information he gave when subscribing to the ISP, Road
Runner). United States v.
Hambrick 55 F.
Supp. 2d 504 (W.D. Va.1999). (Government investigator in
sting operation obtained personal information about
defendant from ISP based on warrant that was later
admitted to be defective. The court held that a valid
warrant was not required due to the lack of expectation
of privacy, and that the ISP was not subject to civil
liability under the Electronic Communications Privacy
Act because it acted pursuant to a warrant it believed
to be valid at the time).But, see Steve Jackson Games v. U.S. Secret
Service, 816 F.Supp. 432 (W.D.Tex. 1993), aff'd, 36 F.3d 457 (5thCir.
1994) (where four plaintiffs claimed that the Secret
Service had read and deleted their private e-mail,
without their consent, Court found the Secret Service
intentionally seized and read communications and
thereafter deleted or destroyed some of them either
intentionally or accidentally, finding Secret Service
liable under the ECPA, 18 U.S.C. 2701, awarding
statutory damages of $ 1000 per plaintiff plus $195,000
in attorneys' fees and approximately $ 57,000 in costs
to plaintiffs).
Top
May An Employer Read Employee
Email?
Employers are increasingly
concerned that they may become exposed to civil
liability or criminal charges associated with employee
misuse of email—e.g., importation of viruses and worms,
transmission of pornography, defamation, discriminatory
statements, trade secrets, etc. Employers typically seek
to reduce the chance of potential abuse by periodically
monitoring employee use of email and the Internet.
Further, upon termination of employment, employers often
audit and collect information from employee email
accounts and continue to receive, respond to and dispose
of email which continues to arrive after the employee is
terminated.
The tort most relevant to e-mail
interception by employers is unreasonable intrusion upon
the seclusion of another. Liability under this tort does
not require that the information acquired be publicized
or used by the employer. Restatement (Second) of Torts,
Comment a. However, to establish the tort, the intrusion
must be highly offensive to a reasonable person. Courts
generally consider electronic surveillance, such as
telephone monitoring, an "intrusion" sufficient to
establish that element of the tort. Courts generally
consider electronic surveillance, such as telephone
monitoring, an "intrusion" sufficient to establish that
element of the tort. See, e.g., Billings v. Atkinson, 489
S.W.2d 858 (Tex. 1973); Nader v.
General Motors Corp., 255 N.E.2d 765 (N.Y. 1970)
(telephone wiretapping). In determining the
offensiveness of the intrusion, courts examine "the
degree of intrusion, the context, conduct and
circumstances surrounding the intrusion, as well as the
intruder's motives and objectives, the setting into
which he intrudes, and the expectations of those whose
privacy is invaded. See Miller
v. National Broadcasting Co., 232 Cal. Rptr. 668,
679 (Cal. Ct. App. 1986). While express or implied
consent is one defense to liability, the mere good faith
belief that consent has been given is normally not a
defense.
In deciding whether an intrusion
invades a private matter, courts require both that the
employee have a subjective expectation of privacy and
that the expectation be objectively reasonable. State
courts responding to such tort claims have generally
attempted to balance an employee's reasonable
expectation of privacy against the employer's business
justification for monitoring. Thus, the critical issues
to examine when determining employer tort liability for
monitoring or intercepting employee e-mail messages are:
(1) does the plaintiff have a reasonable expectation of
privacy and, if so, (2) was there a legitimate business
justification for the intrusion sufficient to override
that privacy expectation.
The most frequently cited early
case to address the privacy rights of employees with
respect to e-mail messages applied Pennsylvania state
law. Smyth v. The Pillsbury
Co., 914 F. Supp. 97 (E.D. Pa. 1996). The plaintiff,
Michael A. Smyth, exchanged e-mails with his supervisor
which contained offensive references including threats
to kill the company's sales management and references to
the holiday party as the "Jim Jones Koolaid affair."
Company executives terminated Smyth for "inappropriate
and unprofessional comments over Defendant's e-mail
system."Plaintiff filed a wrongful discharge action
alleging that the employer's conduct violated
Pennsylvania's public policy protecting his right of
privacy. The court found that: 1. there is no reasonable
expectation of privacy in e-mail communications
voluntarily made to a supervisor over a company-wide
e-mail system despite the fact that the employer assured
the plaintiff that the e-mail messages would not be
intercepted by management; 2. even if there was a
reasonable expectation of privacy, a reasonable person
would not consider the employer's interception to be a
substantial and highly offensive intrusion upon
seclusion; 3. the company's interest in preventing
inappropriate and unprofessional comments or even
illegal activity over its e-mail system outweighed any
privacy interest the employee may have had in his
comments.
Subsequent significant cases
include:
Bourke
v. Nissan Motor Corp., No. BO68705 (Cal.Ct. App.
July 26, 1993) (unreported decision), (Defendant
employee, conducting training seminar about the use of
its e-mail system, randomly accessed an e-mail message
written by the plaintiff, which contained information of
a personal, sexual nature, leading to review of other
employee email, leading to reprimands and terminations.
Plaintiffs sued Nissan for invasion of privacy,
violation of criminal wiretapping statutes, and wrongful
discharge. Court found that Plaintiffs had no reasonable
expectation of privacy in their e-mail messages because
they had signed a waiver stating that it was company
policy that employees restrict their use of
company-owned computer hardware and software to company
business, and because many months before their
terminations, Plaintiffs had learned that their e-mail
messages were periodically read by employees other than
the intended recipients, despite fact that plaintiffs
were given passwords.)
Wesley
College v. Pitts 974
F.Supp. 375, (D.Del. 1997) Inadvertent glimpse of email
message displayed on a computer screen did not rise to
the level of an "interception" as contemplated by the
Electronic Communications Privacy Act. Further,
under ECPA, where an unknown person makes a copy of
e-mail and gives it away, other people who do not
provide an electronic communication service can lawfully
further distributions of copies of that private
e-mail.
McLaren
v. Microsoft Corp , No.
05-97-00824-CV (Texas Ct. App., May 28, 1999). Although
employee used private password to encrypt email messages
stored on office computer, this did not create
reasonable expectation of privacy that would prevent
company from decrypting and viewing files. Email account
and workstation to use it were provided for business,
not personal, use, and company had legitimate access to
data stored there.
Fraser
v. Nationwide Mutual Insurance Co. E.D. Pa., No.
98-CV-6726, 3/27/01. Plaintiff independent
insurance agent, alleged that Nationwide intercepted his
email communication in violation of the Federal
Wiretap Act, 18 U.S.C. § 2511 and the Pennsylvania
Wiretap Act, 18 Pa.C.S. § 5702 et seq. and that
Nationwide unlawfully accessed Fraser's e-mail from
storage, in violation of the federal and state Stored
Communications Acts, 18 U.S.C. § 2701 et seq. , and 18 Pa.C.S.
§ 5741. The court found that no
interception had taken place for the purpose of the
Wiretap Act, because the retrieval of a message from
storage after transmission is not an "interception." The
Stored Communications act prohibits unauthorized access
to an electronic communication while in electronic
storage. Electronic storage means temporary storage
incidental to the electronic transfer or storage by an
electronic communications server kept for the purpose of
backup. Therefore retrieval of a message from storage
after transmission is not illegal under the Act.
Top
Public Employers
Courts often find that public
employees lack a reasonable expectation of privacy. In
United States v. Simons , 206 F.3d 392 (4th Cir. 2000),
a government employee was charged with violating federal
laws against possession of child pornography. The
employing agency identified incriminating documents on
his computer. The court held that the employee did not
have a reasonable expectation of privacy as to the
fruits of his Internet use where the agency had notified
employees of limitations and a policy of periodic audits
to ensure compliance. Other courts have agreed with
the approach articulated in Simons and have held that
banners and policies generally eliminate a reasonable
expectation of privacy in contents stored in a
government employee’s network account. See Wasson v. Sonoma County Junior
College, 4 F. Supp.2d 893, 905-06 (N.D. Cal. 1997)
(holding that public employer’s computer policy giving
the employer "the right to access all information stored
on [the employer’s] computers" defeats an employee’s
reasonable expectation of privacy in files stored on
employer’s computers); Bohach v.
City of Reno, 932 F. Supp. 1232, 1235 (D. Nev. 1996)
(holding that police officers did not retain a
reasonable expectation of privacy in their use of a
pager system, in part because the Chief of Police had
issued an order announcing that all messages would be
logged); United States v.
Monroe, 52 M.J. 326 (C.A.A.F. 2000) (holding that
Air Force sergeant did not have a reasonable expectation
of privacy in his government e-mail account because
e-mail use was reserved for official business and
network banner informed each user upon logging on to the
network that use was subject to monitoring). But see DeMaine v. Samuels, 2000 WL
1658586, at *7 (D. Conn. 2000) (suggesting that the
existence of an employment manual explicitly authorizing
searches "weighs heavily" in the determination of
whether a government employee retained a reasonable
expectation of privacy at work, but "does not, on its
own, dispose of the question").
Typically, a warrant must be
obtained before a public agency can conduct a search
that violates an individual’s reasonable expectation of
privacy. Public employers, however, present a
special case. In O’Connor
v. Ortega, 480 U.S. 709 (1987), the Supreme Court
held that a public employer may conduct a workplace
search that violates a public employee’s reasonable
expectation of privacy so long as the search is
"reasonable." The Court reasoned that the need for
government officials to pursue legitimate
non-law-enforcement aims justifies a relaxing of the
warrant requirement because "the burden of obtaining a
warrant is likely to frustrate the [non-law-enforcement]
governmental purpose behind the search." O’Connor, 480 U.S. at 720
(quoting Camara v. Municipal
Court, 387 U.S. 523, 533 (1967)).
According to O’Connor, a warrantless search
must satisfy two requirements to qualify as
"reasonable." First, the employer or his agents
must participate in the search for a work-related
reason, rather than merely to obtain evidence for use in
criminal proceedings. Second, the search must be
justified at its inception and permissible in its
scope. The first element of O’Connor’s reasonableness test
limits the O’Connor
exception to circumstances in which the government
actors who conduct the search act in their capacity as
employers, rather than law enforcers. The Court
specified two such circumstances. First, the Court
concluded that public employers can conduct reasonable
work-related noninvestigatory intrusions, such as
entering an employee’s office to retrieve a file or
report while the employee is out. See id. at 722 (plurality);
Id. at 732 (Scalia, J.,
concurring). Second, the Court concluded that
employers can conduct reasonable investigations into an
employee’s work-related misconduct, such as entering an
employee’s office to investigate employee misfeasance
that threatens the efficient and proper operation of the
office. See id. at 724 (plurality); Id. at 732 (Scalia, J.,
concurring).
In general, the presence and
involvement of law enforcement officers will not
invalidate the search so long as the employer or his
agent participates in the search for legitimate
work-related reasons. See,
e.g., Gossmeyer v. McDonald, 128 F.3d
481, 492 (7th Cir. 1997) (presence of law enforcement
officers in team searching for evidence of work-related
misconduct did not invalidate search); Taketa, 923 F.2d at 674 (search
of DEA office space by DEA agents investigating
allegations of illegal wiretapping "was an internal
investigation directed at uncovering work-related
employee misconduct."). Shields
v. Burge, 874 F.2d 1201, 1202-05 (7th Cir. 1989)
(internal affairs investigation of a police sergeant
appropriate despite parallel criminal investigation); Ross v. Hinton, 740 F. Supp.
451, 458 (S.D. Ohio 1990) (concluding that a public
employer’s discussions with law enforcement officer
concerning employee’s alleged criminal misconduct,
culminating in officer’s advice to "secure" the
employee’s files, did not transform employer’s
subsequent search of employee’s office into a law
enforcement search).
It appears that the identity of
the person conducting the search will play a major role
in a Court’s determination as to whether a search has a
work related purpose. For example, in United States v. Simons, 206
F.3d 392, 400 (4th Cir. 2000), the Fourth Circuit
concluded that O’Connor
authorized the search of a government employee’s office
by his supervisor even though the dominant purpose of
the search was to uncover evidence of a crime.
("[The employer] did not lose its special need for the
efficient and proper operation of the workplace merely
because the evidence obtained was evidence of a crime.")
(internal quotations and citations omitted). On
the other hand, the Court in Rossi v. Town of Pelham, 35 F.
Supp.2d 58 (D.N.H. 1997) held that the O’Connor exception did not
apply when a government employer sent a uniformed police
officer to an employee’s office, even though the purpose
of the police officer’s presence was entirely
work-related.
To be "reasonable" under the
Fourth Amendment, a work-related employer search of the
type endorsed in O’Connor
must also be both "justified at its inception," and
"permissible in its scope." O’Connor, 480 U.S. at 726
(plurality). A search will be justified at its
inception "when there are reasonable grounds for
suspecting that the search will turn up evidence that
the employee is guilty of work-related misconduct, or
that the search is necessary for a noninvestigatory
work-related purpose." Id. A search will be
"permissible in its scope" when "the measures adopted
are reasonably related to the objectives of the search
and [are] not excessively intrusive in light of the
nature of the misconduct." O’Connor, 480 U.S. at 726
(plurality) (internal quotations omitted).
Although public employers may
search employees’ workplaces without a warrant for
work-related reasons, public employers acting in their
official capacity generally cannot consent to a law
enforcement search of their employees’ offices. See United States v. Blok, 188
F.2d 1019, 1021 (D.C. Cir. 1951) (concluding that a
government supervisor cannot consent to a law
enforcement search of a government employee’s desk); Taketa, 923 F.2d at 673; Kahan, 350 F. Supp. at
791. The rationale for this result is that the
Fourth Amendment cannot permit one government official
to consent to a search by another. Therefore, law
enforcement searches conducted pursuant to a public
employer’s consent must be evaluated under O’Connor rather than the
third-party consent rules of Matlock. The question in
such cases is not whether the public employer had common
authority to consent to the search, but rather whether
the combined law enforcement and employer search
satisfied the Fourth Amendment standards of O’Connor v. Ortega.
Top
Email and Internet Use Policies
In light of the foregoing
discussion of common law tort of non-consensual
intrusion upon seclusion, the ECPA, the CFAA, and the
Fourth Amendment, employer’s counsel should be convinced
of the need for clear email and Internet use
policies. For maximum protection of the employer,
such policies must: notify users of employer monitoring;
restrict usage to business purposes; prohibit
solicitation (including, but not limited, to those that
solicit for personal business ventures, religious or
other personal causes); define misuse (gambling,
transmitting derogatory, abusive, offensive, demeaning
or disruptive statements, defamation, discriminatory
statements, sexual harassment, propagation of
pornography, transmission of jokes, cartoons, chain
e-mails, and spam); inform employees that misuse is
prohibited and can be the basis for discipline,
including dismissal; inform users that any and all
communications may be turned over to law enforcement
agencies; prohibit third party access; notify all users
that the email system is owned by the business, and that
nothing stored on, or transmitted by, the system will be
considered confidential or private, even if protected by
password or encryption, except when such confidentiality
is for the benefit of the corporation. Employees
should be told to treat e-mail messages as they would
postcards or shared paper documents and, as such, the
e-mail messages should not include any information or
statements that they would mind having a third party
read or have read in open court. Further, the network
should bear a banner of the sort described in the
discussion of the CFAA and employees should be required
to sign a statement (which re-states the policy)
acknowledging receipt of the policy.
On the other hand, employers
should also consider that draconian policies sometimes
reduce productivity. Preventing employees from
shopping on Amazon from the office during the Holiday
season may result in the employee missing half a day of
work. Network administrator access to a CEO’s email or
that of a sitting federal judge may reduce
security. Therefore, each employer and network must
consider the special needs of its users when
establishing policies and consider utilizing technical
tools such as encryption and extraordinary procedures
for monitoring of highly sensitive email.
On the other hand, all employees
should be admonished not to engage in illegal copying of
copyright protected works, or making available copies of
such works. They should be cautioned to observe
copyright and licensing agreements that may apply to
files, documents and software they wish to download.
They should also be required to obtain approval from the
employer’s supervisory personnel before downloading any
materials for which a registration fee is
requested. They should be informed that software
containing encryption functionality must not be placed
on the Internet for downloading outside the United
States, because United States export control laws
closely regulate such software; users are to comply with
all laws and government regulations.
In practice, the employer should
utilize the least intrusive means of monitoring and
limit monitoring to that needed to protect the
employer’s business purposes. Another purpose of
such policies is to protect the intellectual property
and trade secrets of the employer. Therefore, it is
good practice to inform employees that: deleting
email does not eliminate the message from the system;
email attachments sometimes include prior revisions of
documents, which may reveal secrets or embarrassing
detail; highly confidential, sensitive or otherwise
proprietary information should not be sent by email
without appropriate encryption; users may not, without
specific authority from the Chief Information Officer,
establish ports for entry into Employer’s systems; when
using any computer attached to the employer network,
users should not access the Internet except through an
employer-approved Internet Firewall and they should not
access the Internet directly, whether through a modem or
through another service provider, unless their accessing
computer is disconnected from all employer networks; all
files downloaded from the Internet must be checked for
possible viruses; files (other than brand new programs
from approved vendors) contained on some other media,
such as diskette, CD, zip disk, etc. must be downloaded
by appropriately trained representatives of the CIO.
Top
APPENDIX A
COMPUTER
FRAUD AND ABUSE ACT
TITLE 18 UNITED STATES CODE
Sec.
1030. Fraud and related activity in connection with
computers
-
Whoever -
-
having knowingly accessed a
computer without authorization or exceeding
authorized access, and by means of such conduct
having obtained information that has been determined
by the United States Government pursuant to an
Executive order or statute to require protection
against unauthorized disclosure for reasons of
national defense or foreign relations, or any
restricted data, as defined in paragraph y. of
section 11 of the Atomic Energy Act of 1954, with
reason to believe that such information so obtained
could be used to the injury of the United States, or
to the advantage of any foreign nation willfully
communicates, delivers, transmits, or causes to be
communicated, delivered, or transmitted, or attempts
to communicate, deliver, transmit or cause to be
communicated, delivered, or transmitted the same to
any person not entitled to receive it, or willfully
retains the same and fails to deliver it to the
officer or employee of the United States entitled to
receive it;
-
intentionally accesses a
computer without authorization or exceeds authorized
access, and thereby obtains -
- information contained in
a financial record of a financial institution, or
of a card issuer as defined in section 1602(n) of
title 15, or contained in a file of a consumer
reporting agency on a consumer, as such terms are
defined in the Fair Credit Reporting Act (15
U.S.C. 1681 et seq.);
- information from any
department or agency of the United States; or
- information from any
protected computer if the conduct involved an
interstate or foreign communication;
- intentionally, without
authorization to access any nonpublic computer of a
department or agency of the United States, accesses
such a computer of that department or agency that is
exclusively for the use of the Government of the
United States or, in the case of a computer not
exclusively for such use, is used by or for the
Government of the United States and such conduct
affects that use by or for the Government of the
United States;
- knowingly and with intent
to defraud, accesses a protected computer without
authorization, or exceeds authorized access, and by
means of such conduct furthers the intended fraud
and obtains anything of value, unless the object of
the fraud and the thing obtained consists only of
the use of the computer and the value of such use is
not more than $5,000 in any 1-year period;
-
- knowingly causes the
transmission of a program, information, code, or
command, and as a result of such conduct,
intentionally causes damage without authorization,
to a protected computer;
-
intentionally accesses a
protected computer without authorization, and as a
result of such conduct, recklessly causes damage;
or
-
intentionally accesses a
protected computer without authorization, and as a
result of such conduct, causes damage;
- knowingly and with intent
to defraud traffics (as defined in section 1029) in any
password or similar information through which a
computer may be accessed without authorization, if -
- such trafficking affects
interstate or foreign commerce; or
- such computer is used by
or for the Government of the United States; [1]
- with intent to extort from
any person, firm, association, educational
institution, financial institution, government
entity, or other legal entity, any money or other
thing of value, transmits in interstate or foreign
commerce any communication containing any threat to
cause damage to a protected computer; shall be
punished as provided in subsection (c) of this
section.
-
Whoever attempts to commit an
offense under subsection (a) of this section shall be
punished as provided in subsection (c) of this
section.
-
The punishment for an offense
under subsection (a) or (b) of this section is -
- a fine under this title
or imprisonment for not more than ten years, or
both, in the case of an offense under subsection
(a)(1) of this section which does not occur after
a conviction for another offense under this
section, or an attempt to commit an offense
punishable under this subparagraph; and
- a fine under this title
or imprisonment for not more than twenty years, or
both, in the case of an offense under subsection
(a)(1) of this section which occurs after a
conviction for another offense under this section,
or an attempt to commit an offense punishable
under this subparagraph;
-
- a fine under this title
or imprisonment for not more than one year, or
both, in the case of an offense under subsection
(a)(2), (a)(3), (a)(5)(C), or (a)(6) of this
section which does not occur after a conviction
for another offense under this section, or an
attempt to commit an offense punishable under this
subparagraph; and [2]
- a fine under this title
or imprisonment for not more than 5 years, or
both, in the case of an offense under subsection
(a)(2), if -
- the offense was
committed for purposes of commercial advantage
or private financial gain;
- the offense was
committed in furtherance of any criminal or
tortious act in violation of the Constitution or
laws of the United States or of any State; or
- the value of the
information obtained exceeds $5,000; [3]
- a fine under this title
or imprisonment for not more than ten years, or
both, in the case of an offense under subsection
(a)(2), (a)(3) or (a)(6) of this section which
occurs after a conviction for another offense
under this section, or an attempt to commit an
offense punishable under this subparagraph; and
(3)(A) a fine under this title or imprisonment for
not more than five years, or both, in the case of
an offense under subsection (a)(4), (a)(5)(A),
(a)(5)(B), or (a)(7) of this section which does
not occur after a conviction for another offense
under this section, or an attempt to commit an
offense punishable under this subparagraph; and
(B) a fine under this title or imprisonment for
not more than ten years, or both, in the case of
an offense under subsection (a)(4), (a)(5)(A),
(a)(5)(B), (a)(5)(C), or (a)(7) of this section
which occurs after a conviction for another
offense under this section, or an attempt to
commit an offense punishable under this
subparagraph; and [4]
- The United States Secret
Service shall, in addition to any other agency
having such authority, have the authority to
investigate offenses under subsections (a)(2)(A),
(a)(2)(B),
() The United States
Secret Service shall, in addition to any of the
United States Secret Service shall be exercised
in accordance with an agreement which shall be
entered into by the Secretary of the Treasury
and the Attorney General.
- As used in this section -
- the term ''computer''
means an electronic, magnetic, optical,
electrochemical, or other high speed data
processing device performing logical,
arithmetic, or storage functions, and includes
any data storage facility or communications
facility directly related to or operating in
conjunction with such device, but such term does
not include an automated typewriter or
typesetter, a portable hand held calculator, or
other similar device;
- the term ''protected
computer'' means a computer -
- exclusively for the use
of a financial institution or the United States
Government, or, in the case of a computer not
exclusively for such use, used by or for a
financial institution or the United States
Government and the conduct constituting the
offense affects that use by or for the financial
institution or the Government; or
- which is used in
interstate or foreign commerce or communication;
- the term ''State''
includes the District of Columbia, the
Commonwealth of Puerto Rico, and any other
commonwealth, possession or territory of the
United States;
- the term ''financial
institution'' means -
- an institution, with
deposits insured by the Federal Deposit
Insurance Corporation;
- the Federal Reserve or
a member of the Federal Reserve including any
Federal Reserve Bank;
- a credit union with
accounts insured by the National Credit Union
Administration;
- a member of the Federal
home loan bank system and any home loan bank;
- any institution of the
Farm Credit System under the Farm Credit Act of
1971;
- a broker-dealer
registered with the Securities and Exchange
Commission pursuant to section 15 of the
Securities Exchange Act of 1934;
- the Securities Investor
Protection Corporation;
- a branch or agency of a
foreign bank (as such terms are defined in
paragraphs (1) and (3) of section 1(b) of the
International Banking Act of 1978); and
- an organization
operating under section 25 or
section 25(a) [5] of the
Federal Reserve Act. [6]
- the term ''financial
record'' means information derived from any
record held by a financial institution
pertaining to a customer's relationship with the
financial institution;
- the term ''exceeds
authorized access'' means to access a computer
with authorization and to use such access to
obtain or alter information in the computer that
the accesser is not entitled so to obtain or
alter;
- the term ''department
of the United States'' means the legislative or
judicial branch of the Government or one of the
executive departments enumerated in section 101 of title
5; and [7]
- the term ''damage''
means any impairment to the integrity or
availability of data, a program, a system, or
information, that -
- causes loss aggregating
at least $5,000 in value during any 1-year
period to one or more individuals;
- modifies or impairs, or
potentially modifies or impairs, the medical
examination, diagnosis, treatment, or care of
one or more individuals;
- causes physical injury
to any person; or
- threatens public health
or safety; and
- the term ''government
entity'' includes the Government of the United
States, any State or political subdivision of
the United States, any foreign country, and any
state, province, municipality, or other
political subdivision of a foreign country.
- This section does not
prohibit any lawfully authorized investigative,
protective, or intelligence activity of a law
enforcement agency of the United States, a State,
or a political subdivision of a State, or of an
intelligence agency of the United States.
- Any person who suffers
damage or loss by reason of a violation of this
section may maintain a civil action against the
violator to obtain compensatory damages and
injunctive relief or other equitable relief.
Damages for violations involving damage as defined
in subsection (e)(8)(A) are limited to economic
damages. No action may be brought under this
subsection unless such action is begun within 2
years of the date of the act complained of or the
date of the discovery of the damage.
- The Attorney General and
the Secretary of the Treasury shall report to the
Congress annually, during the first 3 years
following the date of the enactment of this
subsection, concerning investigations and
prosecutions under subsection (a)(5).
Footnotes
[1] So in
original. Probably should be followed by ''or''.
[2] So in
original. The word ''and'' probably should not
appear.
[3] So in
original. Probably should be followed by ''and''.
[4] So in
original. The ''; and'' probably should be a
period.
[5] See
References in Text note below.
[6] So in
original. The period probably should be a
semicolon.
[7] So in
original. The word ''and'' probably should not
appear.
Top
APPENDIX B
Amendments
to Computer Fraud and Abuse Act in Patriot Act of 2001
- CLARIFICATION OF PROTECTION
OF PROTECTED COMPUTERS- Section 1030(a)(5) of title
18, United States Code, is amended--
- by inserting '(i)' after
(A),
- by redesignating
subparagraphs (B) and (C) as clauses (ii) and (iii),
respectively;
- by adding 'and' at the end
of clause (iii), as so redesignated; and
- by adding at the end the
following:
(B) caused (or, in the case
of an attempted offense, would, if completed, have
caused) conduct described in in clause (i), (ii), or
(iii) of subparagraph (A) that resulted in--
- loss to 1 or more persons
during any 1-year period (including loss resulting
from a related course of conduct affecting 1 or more
other protected computers) aggregating at least
$5,000 in value;
- the modification or
impairment, or potential modification or impairment,
of the medical examination, diagnosis, treatment, or
care of 1 or more individuals;
- physical injury to any
person;
- a threat to public health
or safety; or
- damage affecting a computer
system used by or for a Government entity in
furtherance of the ministration of justice, national
defense, or national security;'.
- PENALTIES- Section 1030(c) of
title 18, United States Code is amended--
- in paragraph (2)--
- in subparagraph (A) --
- by inserting 'except as
provided in subparagraph (B),' before 'a fine';
- ) by striking
'(a)(5)(C)' and inserting '(a)(5)(A)(iii)'; and
- by striking 'and' at
the end;
- in subparagraph (B), by
inserting 'or an attempt to commit an offense
punishable under this subparagraph,' after
'subsection (a)(2),' in the matter preceding
clause (i); and
- in subparagraph (C), by
striking 'and' at the end;
- in paragraph (3)--
- by striking ', (a)(5)(A),
(a)(5)(B),' both places it appears; and
- by striking 'and' at the
end; and
- by striking '(a)(5)(C)' and
inserting '(a)(5)(A)(iii)'; and
- by adding at the end the
following new paragraphs:
- a fine under this title,
imprisonment for not more than 10 years, or both,
in the case of an offense under subsection
(a)(5)(A)(i), or an attempt to commit an offense
punishable under that subsection;
- a fine under this title,
imprisonment for not more than 5 years, or both,
in the case of an offense under subsection
(a)(5)(A)(ii), or an attempt to commit an offense
punishable under that subsection;
- a fine under this title,
imprisonment for not more than 20 years, or both,
in the case of an offense under subsection
(a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to
commit an offense punishable under either
subsection, that occurs after a conviction for
another offense under this section.'.
- DEFINITIONS- Subsection (e)
of section 1030 of title 18, United States Code is
amended--
- in paragraph (2)(B), by
inserting ', including a computer located outside
the United States' before the semicolon;
- in paragraph (7), by
striking 'and' at the end;
- by striking paragraph (8)
and inserting the following new paragraph (8):
(8) the term 'damage' means
any impairment to the integrity or availability of
data, a program, a system, or information
- in paragraph (9), by
striking the period at the end and inserting a
semicolon; and
- by adding at the end the
following new paragraphs:
(10) the term 'conviction'
shall include a conviction under the law of any
State for a crime punishable by imprisonment for
more than 1 year, an element of which is
unauthorized access, or exceeding authorized access,
to a computer;
(11) the term 'loss'
includes any reasonable cost to any victim,
including the cost of responding to an offense,
conducting a damage assessment, and restoring the
data, program, system, or information to its
condition prior to the offense, and any revenue
lost, cost incurred, or other consequential damages
incurred because of interruption of service;
(12) the term `person' means
any individual, firm, corporation, educational
institution, financial institution, governmental
entity, or legal or other entity;'.
- DAMAGES IN CIVIL ACTIONS-
Subsection (g) of section 1030 of title 18, United
States Code is amended--
- by striking the second
sentence and inserting the following new sentences:
`A suit for a violation of subsection (a)(5) may be
brought only if the conduct involves one of the
factors enumerated in subsection (a)(5)(B). Damages
for a violation involving only conduct described in
subsection (a)(5)(B)(i) are limited to economic
damages.'; and
- by adding at the end the
following: `No action may be brought under this
subsection for the negligent design or manufacture
of computer hardware, computer software, or
firmware.'.
- AMENDMENT OF SENTENCING
GUIDELINES RELATING TO CERTAIN COMPUTER FRAUD AND
ABUSE- Pursuant to its authority under section 994(p)
of title 28, United States Code, the United States
Sentencing Commission shall amend the Federal
sentencing guidelines to ensure that any individual
convicted of a violation of section 1030 of title 18,
United States Code, can be subjected to appropriate
penalties, without regard to any mandatory minimum
term of imprisonment.
Top
14.
APPENDIX C
TITLE 18 UNITED
STATES CODE
CHAPTER 119 - WIRE
AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND
INTERCEPTION OF ORAL COMMUNICATIONS
Sec.
2510. Definitions
As used in this chapter -
- ''wire communication'' means
any aural transfer made in whole or in part through
the use of facilities for the transmission of
communications by the aid of wire, cable, or other
like connection between the point of origin and the
point of reception (including the use of such
connection in a switching station) furnished or
operated by any person engaged in providing or
operating such facilities for the transmission of
interstate or foreign communications or communications
affecting interstate or foreign commerce and such term
includes any electronic storage of such communication;
- ''oral communication'' means
any oral communication uttered by a person exhibiting
an expectation that such communication is not subject
to interception under circumstances justifying such
expectation, but such term does not include any
electronic communication;
- ''State'' means any State of
the United States, the District of Columbia, the
Commonwealth of Puerto Rico, and any territory or
possession of the United States;
- ''intercept'' means the aural
or other acquisition of the contents of any wire,
electronic, or oral communication through the use of
any electronic, mechanical, or other device.
- ''electronic, mechanical, or
other device'' means any device or apparatus which can
be used to intercept a wire, oral, or electronic
communication other than -
- any telephone or telegraph
instrument, equipment or facility, or any component
thereof, (i) furnished to the subscriber or user by
a provider of wire or electronic communication
service in the ordinary course of its business and
being used by the subscriber or user in the ordinary
course of its business or furnished by such
subscriber or user for connection to the facilities
of such service and used in the ordinary course of
its business; or (ii) being used by a provider of
wire or electronic communication service in the
ordinary course of its business, or by an
investigative or law enforcement officer in the
ordinary course of his duties;
- a hearing aid or similar
device being used to correct subnormal hearing to
not better than normal;
- ''person'' means any
employee, or agent of the United States or any State
or political subdivision thereof, and any individual,
partnership, association, joint stock company, trust,
or corporation;
- ''Investigative or law
enforcement officer'' means any officer of the United
States or of a State or political subdivision thereof,
who is empowered by law to conduct investigations of
or to make arrests for offenses enumerated in this
chapter, and any attorney authorized by law to
prosecute or participate in the prosecution of such
offenses;
- ''contents'', when used with
respect to any wire, oral, or electronic
communication, includes any information concerning the
substance, purport, or meaning of that communication;
- ''Judge of competent
jurisdiction'' means -
- a judge of a United States
district court or a United States court of appeals;
and
- a judge of any court of
general criminal jurisdiction of a State who is
authorized by a statute of that State to enter
orders authorizing interceptions of wire, oral, or
electronic communications;
- ''communication common
carrier'' shall have the same meaning which is given
the term ''common carrier'' by section 153(h) [1] of title 47 of the
United States Code;
- ''aggrieved person'' means a
person who was a party to any intercepted wire, oral,
or electronic communication or a person against whom
the interception was directed;
- ''electronic communication''
means any transfer of signs, signals, writing, images,
sounds, data, or intelligence of any nature
transmitted in whole or in part by a wire, radio,
electromagnetic, photoelectronic or photooptical
system that affects interstate or foreign commerce,
but does not include -
- any wire or oral
communication;
- any communication made
through a tone-only paging device;
- any communication from a
tracking device (as defined in section 3117 of this
title); or
- electronic funds transfer
information stored by a financial institution in a
communications system used for the electronic
storage and transfer of funds;
- ''user'' means any person or
entity who -
- uses an electronic
communication service; and
- is duly authorized by the
provider of such service to engage in such use;
- ''electronic communications
system'' means any wire, radio, electromagnetic,
photooptical or photoelectronic facilities for the
transmission of electronic communications, and any
computer facilities or related electronic equipment
for the electronic storage of such communications;
- ''electronic communication
service'' means any service which provides to users
thereof the ability to send or receive wire or
electronic communications;
- ''readily accessible to the
general public'' means, with respect to a radio
communication, that such communication is not -
- scrambled or encrypted;
- transmitted using
modulation techniques whose essential parameters
have been withheld from the public with the
intention of preserving the privacy of such
communication;
- carried on a subcarrier or
other signal subsidiary to a radio transmission;
- transmitted over a
communication system provided by a common carrier,
unless the communication is a tone only paging
system communication; or
- transmitted on frequencies
allocated under part 25, subpart D, E, or F of part
74, or part 94 of the Rules of the Federal
Communications Commission, unless, in the case of a
communication transmitted on a frequency allocated
under part 74 that is not exclusively allocated to
broadcast auxiliary services, the communication is a
two-way voice communication by radio;
- ''electronic storage'' means
-
- any temporary, intermediate
storage of a wire or electronic communication
incidental to the electronic transmission thereof;
and
- any storage of such
communication by an electronic communication service
for purposes of backup protection of such
communication; and
- ''aural transfer'' means a
transfer containing the human voice at any point
between and including the point of origin and the
point of reception.
Sec.
2511. Interception and disclosure of wire, oral, or
electronic communications prohibited
- Except as otherwise
specifically provided in this chapter any person who -
- intentionally intercepts,
endeavors to intercept, or procures any other person
to intercept or endeavor to intercept, any wire,
oral, or electronic communication;
- intentionally uses,
endeavors to use, or procures any other person to
use or endeavor to use any electronic, mechanical,
or other device to intercept any oral communication
when -
- such device is affixed
to, or otherwise transmits a signal through, a
wire, cable, or other like connection used in wire
communication; or
- such device transmits
communications by radio, or interferes with the
transmission of such communication; or
- such person knows, or has
reason to know, that such device or any component
thereof has been sent through the mail or
transported in interstate or foreign commerce; or
- such use or endeavor to
use (A) takes place on the premises of any
business or other commercial establishment the
operations of which affect interstate or foreign
commerce; or
(B) obtains or is for the
purpose of obtaining information relating to the
operations of any business or other commercial
establishment the operations of which affect
interstate or foreign commerce; or
- such person acts in the
District of Columbia, the Commonwealth of Puerto
Rico, or any territory or possession of the United
States;
- intentionally discloses, or
endeavors to disclose, to any other person the
contents of any wire, oral, or electronic
communication, knowing or having reason to know that
the information was obtained through the
interception of a wire, oral, or electronic
communication in violation of this subsection;
- intentionally uses, or
endeavors to use, the contents of any wire, oral, or
electronic communication, knowing or having reason
to know that the information was obtained through
the interception of a wire, oral, or electronic
communication in violation of this subsection; or
- intentionally discloses,
or endeavors to disclose, to any other person the
contents of any wire, oral, or electronic
communication, intercepted by means authorized by
sections 2511(2)(a)(ii), 2511(2)(b)-(c),
2511(2)(e), 2516, and 2518 of this chapter,
- ) knowing or having
reason to know that the information was obtained
through the interception of such a communication
in connection with a criminal investigation,
- having obtained or
received the information in connection with a
criminal investigation, and
- with intent to improperly
obstruct, impede, or interfere with a duly
authorized criminal investigation, shall be
punished as provided in subsection (4) or shall be
subject to suit as provided in subsection (5).
-
-
- It shall not be unlawful
under this chapter for an operator of a
switchboard, or an officer, employee, or agent of
a provider of wire or electronic communication
service, whose facilities are used in the
transmission of a wire or electronic
communication, to intercept, disclose, or use that
communication in the normal course of his
employment while engaged in any activity which is
a necessary incident to the rendition of his
service or to the protection of the rights or
property of the provider of that service, except
that a provider of wire communication service to
the public shall not utilize service observing or
random monitoring except for mechanical or service
quality control checks.
- Notwithstanding any other
law, providers of wire or electronic communication
service, their officers, employees, and agents,
landlords, custodians, or other persons, are
authorized to provide information, facilities, or
technical assistance to persons authorized by law
to intercept wire, oral, or electronic
communications or to conduct electronic
surveillance, as defined in section 101 of the
Foreign Intelligence Surveillance Act of 1978, if
such provider, its officers, employees, or agents,
landlord, custodian, or other specified person,
has been provided with -
- a court order directing
such assistance signed by the authorizing judge,
or
- a certification in
writing by a person specified in section 2518(7)
of this title or the Attorney General of the
United States that no warrant or court order is
required by law, that all statutory requirements
have been met, and that the specified assistance
is required, setting forth the period of time
during which the provision of the information,
facilities, or technical assistance is
authorized and specifying the information,
facilities, or technical assistance required. No
provider of wire or electronic communication
service, officer, employee, or agent thereof, or
landlord, custodian, or other specified person
shall disclose the existence of any interception
or surveillance or the device used to accomplish
the interception or surveillance with respect to
which the person has been furnished a court
order or certification under this chapter,
except as may otherwise be required by legal
process and then only after prior notification
to the Attorney General or to the principal
prosecuting attorney of a State or any political
subdivision of a State, as may be appropriate.
Any such disclosure, shall render such person
liable for the civil damages provided for in
section 2520. No
cause of action shall lie in any court against
any provider of wire or electronic communication
service, its officers, employees, or agents,
landlord, custodian, or other specified person
for providing information, facilities, or
assistance in accordance with the terms of a
court order or certification under this chapter.
- It shall not be unlawful
under this chapter for an officer, employee, or
agent of the Federal Communications Commission, in
the normal course of his employment and in discharge
of the monitoring responsibilities exercised by the
Commission in the enforcement of chapter 5 of title 47 of
the United States Code, to intercept a wire or
electronic communication, or oral communication
transmitted by radio, or to disclose or use the
information thereby obtained.
- It shall not be unlawful
under this chapter for a person acting under color
of law to intercept a wire, oral, or electronic
communication, where such person is a party to the
communication or one of the parties to the
communication has given prior consent to such
interception.
- It shall not be unlawful
under this chapter for a person not acting under
color of law to intercept a wire, oral, or
electronic communication where such person is a
party to the communication or where one of the
parties to the communication has given prior consent
to such interception unless such communication is
intercepted for the purpose of committing any
criminal or tortious act in violation of the
Constitution or laws of the United States or of any
State.
- Notwithstanding any other
provision of this title or section 705 or 706 of
the Communications Act of 1934, it shall not be
unlawful for an officer, employee, or agent of the
United States in the normal course of his official
duty to conduct electronic surveillance, as defined
in section 101 of the Foreign Intelligence
Surveillance Act of 1978, as authorized by that Act.
- Nothing contained in this
chapter or chapter 121, or section
705 of the Communications Act of 1934, shall be
deemed to affect the acquisition by the United
States Government of foreign intelligence
information from international or foreign
communications, or foreign intelligence activities
conducted in accordance with otherwise applicable
Federal law involving a foreign electronic
communications system, utilizing a means other than
electronic surveillance as defined in section 101 of
the Foreign Intelligence Surveillance Act of 1978,
and procedures in this chapter or chapter 121 and the
Foreign Intelligence Surveillance Act of 1978 shall
be the exclusive means by which electronic
surveillance, as defined in section 101 of such Act,
and the interception of domestic wire and oral
communications may be conducted.
- It shall not be unlawful
under this chapter or chapter 121 of this
title for any person -
- to intercept or access an
electronic communication made through an
electronic communication system that is configured
so that such electronic communication is readily
accessible to the general public;
- to intercept any radio
communication which is transmitted -
- by any station for the
use of the general public, or that relates to
ships, aircraft, vehicles, or persons in
distress;
- by any governmental,
law enforcement, civil defense, private land
mobile, or public safety communications system,
including police and fire, readily accessible to
the general public;
- by a station operating
on an authorized frequency within the bands
allocated to the amateur, citizens band, or
general mobile radio services; or
- by any marine or
aeronautical communications system;
- to engage in any conduct
which -
- is prohibited by
section 633 of the Communications Act of 1934;
or
- is excepted from the
application of section 705(a) of the
Communications Act of 1934 by section 705(b) of
that Act;
- to intercept any wire or
electronic communication the transmission of which
is causing harmful interference to any lawfully
operating station or consumer electronic
equipment, to the extent necessary to identify the
source of such interference; or
- for other users of the
same frequency to intercept any radio
communication made through a system that utilizes
frequencies monitored by individuals engaged in
the provision or the use of such system, if such
communication is not scrambled or encrypted.
- It shall not be unlawful
under this chapter -
- to use a pen register or
a trap and trace device (as those terms are
defined for the purposes of chapter 206 (relating
to pen registers and trap and trace devices) of
this title); or
- for a provider of
electronic communication service to record the
fact that a wire or electronic communication was
initiated or completed in order to protect such
provider, another provider furnishing service
toward the completion of the wire or electronic
communication, or a user of that service, from
fraudulent, unlawful or abusive use of such
service.
-
- Except as provided in
paragraph (b) of this subsection, a person or entity
providing an electronic communication service to the
public shall not intentionally divulge the contents
of any communication (other than one to such person
or entity, or an agent thereof) while in
transmission on that service to any person or entity
other than an addressee or intended recipient of
such communication or an agent of such addressee or
intended recipient.
- A person or entity
providing electronic communication service to the
public may divulge the contents of any such
communication -
- as otherwise authorized
in section 2511(2)(a) or
2517 of this title;
- with the lawful consent
of the originator or any addressee or intended
recipient of such communication;
- to a person employed or
authorized, or whose facilities are used, to
forward such communication to its destination; or
- which were inadvertently
obtained by the service provider and which appear
to pertain to the commission of a crime, if such
divulgence is made to a law enforcement agency.
-
- Except as provided in
paragraph (b) of this subsection or in subsection
(5), whoever violates subsection (1) of this section
shall be fined under this title or imprisoned not
more than five years, or both.
- If the offense is a first
offense under paragraph (a) of this subsection and
is not for a tortious or illegal purpose or for
purposes of direct or indirect commercial advantage
or private commercial gain, and the wire or
electronic communication with respect to which the
offense under paragraph (a) is a radio communication
that is not scrambled, encrypted, or transmitted
using modulation techniques the essential parameters
of which have been withheld from the public with the
intention of preserving the privacy of such
communication, then -
- if the communication is
not the radio portion of a cellular telephone
communication, a cordless telephone communication
that is transmitted between the cordless telephone
handset and the base unit, a public land mobile
radio service communication or a paging service
communication, and the conduct is not that
described in subsection (5), the offender shall be
fined under this title or imprisoned not more than
one year, or both; and
- if the communication is
the radio portion of a cellular telephone
communication, a cordless telephone communication
that is transmitted between the cordless telephone
handset and the base unit, a public land mobile
radio service communication or a paging service
communication, the offender shall be fined under
this title.
- Conduct otherwise an
offense under this subsection that consists of or
relates to the interception of a satellite
transmission that is not encrypted or scrambled and
that is transmitted -
- to a broadcasting station
for purposes of retransmission to the general
public; or
- as an audio subcarrier
intended for redistribution to facilities open to
the public, but not including data transmissions
or telephone calls, is not an offense under this
subsection unless the conduct is for the purposes
of direct or indirect commercial advantage or
private financial gain.
-
(a)
- If the communication is -
- a private satellite video
communication that is not scrambled or encrypted
and the conduct in violation of this chapter is
the private viewing of that communication and is
not for a tortious or illegal purpose or for
purposes of direct or indirect commercial
advantage or private commercial gain; or
- a radio communication
that is transmitted on frequencies allocated under
subpart D of part 74 of the rules of the Federal
Communications Commission that is not scrambled or
encrypted and the conduct in violation of this
chapter is not for a tortious or illegal purpose
or for purposes of direct or indirect commercial
advantage or private commercial gain, then the
person who engages in such conduct shall be
subject to suit by the Federal Government in a
court of competent jurisdiction.
- In an action under this
subsection -
- if the violation of this
chapter is a first offense for the person under
paragraph (a) of subsection (4) and such person
has not been found liable in a civil action under
section 2520 of this title, the Federal Government
shall be entitled to appropriate injunctive
relief; and
- if the violation of this
chapter is a second or subsequent offense under
paragraph (a) of subsection (4) or such person has
been found liable in any prior civil action under
section 2520, the
person shall be subject to a mandatory $500 civil
fine.
- The court may use any means
within its authority to enforce an injunction issued
under paragraph (ii)(A), and shall impose a civil fine
of not less than $500 for each violation of such an
injunction.
Sec.
2512. Manufacture, distribution, possession, and
advertising of wire, oral, or electronic communication
intercepting devices prohibited
- Except as otherwise
specifically provided in this chapter, any person who
intentionally -
- sends through the mail, or
sends or carries in interstate or foreign commerce,
any electronic, mechanical, or other device, knowing
or having reason to know that the design of such
device renders it primarily useful for the purpose
of the surreptitious interception of wire, oral, or
electronic communications;
- manufactures, assembles,
possesses, or sells any electronic, mechanical, or
other device, knowing or having reason to know that
the design of such device renders it primarily
useful for the purpose of the surreptitious
interception of wire, oral, or electronic
communications, and that such device or any
component thereof has been or will be sent through
the mail or transported in interstate or foreign
commerce; or
- places in any newspaper,
magazine, handbill, or other publication any
advertisement of -
- any electronic,
mechanical, or other device knowing or having
reason to know that the design of such device
renders it primarily useful for the purpose of the
surreptitious interception of wire, oral, or
electronic communications; or
- any other electronic,
mechanical, or other device, where such
advertisement promotes the use of such device for
the purpose of the surreptitious interception of
wire, oral, or electronic communications, knowing
or having reason to know that such advertisement
will be sent through the mail or transported in
interstate or foreign commerce, shall be fined
under this title or imprisoned not more than five
years, or both.
- It shall not be unlawful
under this section for -
- a provider of wire or
electronic communication service or an officer,
agent, or employee of, or a person under contract
with, such a provider, in the normal course of the
business of providing that wire or electronic
communication service, or
- an officer, agent, or
employee of, or a person under contract with, the
United States, a State, or a political subdivision
thereof, in the normal course of the activities of
the United States, a State, or a political
subdivision thereof, to send through the mail, send
or carry in interstate or foreign commerce, or
manufacture, assemble, possess, or sell any
electronic, mechanical, or other device knowing or
having reason to know that the design of such device
renders it primarily useful for the purpose of the
surreptitious interception of wire, oral, or
electronic communications.
- It shall not be unlawful
under this section to advertise for sale a device
described in subsection (1) of this section if the
advertisement is mailed, sent, or carried in
interstate or foreign commerce solely to a domestic
provider of wire or electronic communication service
or to an agency of the United States, a State, or a
political subdivision thereof which is duly authorized
to use such device.
Sec.
2513. Confiscation of wire, oral, or electronic
communication intercepting devices
Any electronic, mechanical, or
other device used, sent, carried, manufactured,
assembled, possessed, sold, or advertised in violation
of section 2511 or section 2512 of this chapter
may be seized and forfeited to the United States. All
provisions of law relating to (1) the seizure, summary
and judicial forfeiture, and condemnation of vessels,
vehicles, merchandise, and baggage for violations of the
customs laws contained in title 19 of the United States
Code, (2) the disposition of such vessels, vehicles,
merchandise, and baggage or the proceeds from the sale
thereof, (3) the remission or mitigation of such
forfeiture, (4) the compromise of claims, and (5) the
award of compensation to informers in respect of such
forfeitures, shall apply to seizures and forfeitures
incurred, or alleged to have been incurred, under the
provisions of this section, insofar as applicable and
not inconsistent with the provisions of this section;
except that such duties as are imposed upon the
collector of customs or any other person with respect to
the seizure and forfeiture of vessels, vehicles,
merchandise, and baggage under the provisions of the
customs laws contained in title 19 of the United States
Code shall be performed with respect to seizure and
forfeiture of electronic, mechanical, or other
intercepting devices under this section by such
officers, agents, or other persons as may be authorized
or designated for that purpose by the Attorney General.
Sec.
2515. Prohibition of use as evidence of intercepted wire
or oral communications
Whenever any wire or oral
communication has been intercepted, no part of the
contents of such communication and no evidence derived
therefrom may be received in evidence in any trial,
hearing, or other proceeding in or before any court,
grand jury, department, officer, agency, regulatory
body, legislative committee, or other authority of the
United States, a State, or a political subdivision
thereof if the disclosure of that information would be
in violation of this chapter.
Sec.
2516. Authorization for interception of wire, oral, or
electronic communications
- The Attorney General, Deputy
Attorney General, Associate Attorney General, [1] or any Assistant
Attorney General, any acting Assistant Attorney
General, or any Deputy Assistant Attorney General or
acting Deputy Assistant Attorney General in the
Criminal Division specially designated by the Attorney
General, may authorize an application to a Federal
judge of competent jurisdiction for, and such judge
may grant in conformity with section 2518 of this
chapter an order authorizing or approving the
interception of wire or oral communications by the
Federal Bureau of Investigation, or a Federal agency
having responsibility for the investigation of the
offense as to which the application is made, when such
interception may provide or has provided evidence of -
- any offense punishable by
death or by imprisonment for more than one year
under sections 2274 through
2277 of title 42 of the United States Code (relating
to the enforcement of the Atomic Energy Act of
1954), section 2284 of title 42
of the United States Code (relating to sabotage of
nuclear facilities or fuel), or under the following
chapters of this title: chapter 37 (relating to
espionage), chapter 90 (relating to
protection of trade secrets), chapter 105 (relating to
sabotage), chapter 115 (relating to
treason), chapter 102 (relating to
riots), chapter 65 (relating to malicious mischief),
chapter 111 (relating to
destruction of vessels), or chapter 81 (relating to
piracy);
- a violation of section 186 or section
501c of title
29, United States Code (dealing with restrictions on
payments and loans to labor organizations), or any
offense which involves murder, kidnapping, robbery,
or extortion, and which is punishable under this
title;
- any offense which is
punishable under the following sections of this
title: section 201 (bribery of public officials and
witnesses), section 215 (relating to
bribery of bank officials), section 224 (bribery in
sporting contests), subsection (d), (e), (f), (g),
(h), or (i) of section 844 (unlawful
use of explosives), section 1032 (relating
to concealment of assets), section 1084
(transmission of wagering information), section 751 (relating to
escape), section 1014 (relating
to loans and credit applications generally; renewals
and discounts), sections 1503, 1512, and 1513
(influencing or injuring an officer, juror, or
witness generally), section 1510
(obstruction of criminal investigations), section 1511
(obstruction of State or local law enforcement),
section 1751
(Presidential and Presidential staff assassination,
kidnapping, and assault), section 1951
(interference with commerce by threats or violence),
section 1952 (interstate
and foreign travel or transportation in aid of
racketeering enterprises), section 1958 (relating
to use of interstate commerce facilities in the
commission of murder for hire), section 1959 (relating
to violent crimes in aid of racketeering activity),
section 1954 (offer,
acceptance, or solicitation to influence operations
of employee benefit plan), section 1955
(prohibition of business enterprises of gambling),
section 1956 (laundering
of monetary instruments), section 1957 (relating
to engaging in monetary transactions in property
derived from specified unlawful activity), section
659 (theft from
interstate shipment), section 664
(embezzlement from pension and welfare funds),
section 1343 (fraud by
wire, radio, or television), section 1344 (relating
to bank fraud), sections 2251 and 2252 (sexual
exploitation of children), sections 2312, 2313,
2314, and 2315 (interstate transportation of stolen
property), section 2321 (relating
to trafficking in certain motor vehicles or motor
vehicle parts), section 1203 (relating
to hostage taking), section 1029 (relating
to fraud and related activity in connection with
access devices), section 3146 (relating
to penalty for failure to appear), section 3521(b)(3)
(relating to witness relocation and assistance),
section 32 (relating to
destruction of aircraft or aircraft facilities),
section 38 (relating to
aircraft parts fraud), section 1963 (violations
with respect to racketeer influenced and corrupt
organizations), section 115 (relating to
threatening or retaliating against a Federal
official), and section 1341 (relating
to mail fraud), section 351 (violations
with respect to congressional, Cabinet, or Supreme
Court assassinations, kidnapping, and assault),
section 831 (relating to
prohibited transactions involving nuclear
materials), section 33 (relating to
destruction of motor vehicles or motor vehicle
facilities), section 175 (relating to
biological weapons), section 1992 (relating
to wrecking trains), a felony violation of section
1028 (relating
to production of false identification
documentation), section 1425 (relating
to the procurement of citizenship or nationalization
unlawfully), section 1426 (relating
to the reproduction of naturalization or citizenship
papers), section 1427 (relating to the sale of
naturalization or citizenship papers), section 1541 (relating
to passport issuance without authority), section 1542 (relating
to false statements in passport applications),
section 1543 (relating
to forgery or false use of passports), section 1544 (relating
to misuse of passports), or section 1546 (relating
to fraud and misuse of visas, permits, and other
documents);
- any offense involving
counterfeiting punishable under section 471, 472, or 473 of
this title;
- any offense involving fraud
connected with a case under title 11 or the
manufacture, importation, receiving, concealment,
buying, selling, or otherwise dealing in narcotic
drugs, marihuana, or other dangerous drugs,
punishable under any law of the United States;
- any offense including
extortionate credit transactions under sections 892, 893, or 894 of
this title;
- a violation of section 5322 of title
31, United States Code (dealing with the reporting
of currency transactions);
- any felony violation of
sections 2511 and 2512
(relating to interception and disclosure of certain
communications and to certain intercepting devices)
of this title;
- any felony violation of
chapter 71 (relating to
obscenity) of this title;
- any violation of section 60123(b)
(relating to destruction of a natural gas pipeline)
or section 46502 (relating
to aircraft piracy) of title 49;
- any criminal violation of
section 2778 of title 22
(relating to the Arms Export Control Act);
- the location of any
fugitive from justice from an offense described in
this section;
- a violation of section 274, 277, or 278 of
the Immigration and Nationality Act (8 U.S.C. 1324,
1327, or 1328) (relating to the smuggling of
aliens);
- any felony violation of
sections 922 and 924 of
title 18, United States Code (relating to firearms);
- any violation of section
5861 of the Internal Revenue Code of 1986 (relating
to firearms);
- [2] a felony
violation of section 1028 (relating
to production of false identification documents),
section 1542 (relating
to false statements in passport applications),
section 1546 (relating to fraud and misuse of visas,
permits, and other documents) of this title or a
violation of section 274, 277, or 278 of
the Immigration and Nationality Act (relating to the
smuggling of aliens); or [2] So in original.
Two subpars. (p) have been enacted.
[2] any conspiracy to
commit any offense described in any subparagraph of
this paragraph.
- The principal prosecuting
attorney of any State, or the principal prosecuting
attorney of any political subdivision thereof, if such
attorney is authorized by a statute of that State to
make application to a State court judge of competent
jurisdiction for an order authorizing or approving the
interception of wire, oral, or electronic
communications, may apply to such judge for, and such
judge may grant in conformity with section 2518 of this
chapter and with the applicable State statute an order
authorizing, or approving the interception of wire,
oral, or electronic communications by investigative or
law enforcement officers having responsibility for the
investigation of the offense as to which the
application is made, when such interception may
provide or has provided evidence of the commission of
the offense of murder, kidnapping, gambling, robbery,
bribery, extortion, or dealing in narcotic drugs,
marihuana or other dangerous drugs, or other crime
dangerous to life, limb, or property, and punishable
by imprisonment for more than one year, designated in
any applicable State statute authorizing such
interception, or any conspiracy to commit any of the
foregoing offenses.
- Any attorney for the
Government (as such term is defined for the purposes
of the Federal Rules of Criminal Procedure) may
authorize an application to a Federal judge of
competent jurisdiction for, and such judge may grant,
in conformity with section 2518 of this
title, an order authorizing or approving the
interception of electronic communications by an
investigative or law enforcement officer having
responsibility for the investigation of the offense as
to which the application is made, when such
interception may provide or has provided evidence of
any Federal felony.
Sec.
2517. Authorization for disclosure and use of
intercepted wire, oral, or electronic communications
- Any investigative or law
enforcement officer who, by any means authorized by
this chapter, has obtained knowledge of the contents
of any wire, oral, or electronic communication, or
evidence derived therefrom, may disclose such contents
to another investigative or law enforcement officer to
the extent that such disclosure is appropriate to the
proper performance of the official duties of the
officer making or receiving the disclosure.
- Any investigative or law
enforcement officer who, by any means authorized by
this chapter, has obtained knowledge of the contents
of any wire, oral, or electronic communication or
evidence derived therefrom may use such contents to
the extent such use is appropriate to the proper
performance of his official duties.
- Any person who has received,
by any means authorized by this chapter, any
information concerning a wire, oral, or electronic
communication, or evidence derived therefrom
intercepted in accordance with the provisions of this
chapter may disclose the contents of that
communication or such derivative evidence while giving
testimony under oath or affirmation in any proceeding
held under the authority of the United States or of
any State or political subdivision thereof.
- No otherwise privileged wire,
oral, or electronic communication intercepted in
accordance with, or in violation of, the provisions of
this chapter shall lose its privileged character.
- When an investigative or law
enforcement officer, while engaged in intercepting
wire, oral, or electronic communications in the manner
authorized herein, intercepts wire, oral, or
electronic communications relating to offenses other
than those specified in the order of authorization or
approval, the contents thereof, and evidence derived
therefrom, may be disclosed or used as provided in
subsections (1) and (2) of this section. Such contents
and any evidence derived therefrom may be used under
subsection (3) of this section when authorized or
approved by a judge of competent jurisdiction where
such judge finds on subsequent application that the
contents were otherwise intercepted in accordance with
the provisions of this chapter. Such application shall
be made as soon as practicable.
Sec.
2518. Procedure for interception of wire, oral, or
electronic communications
- Each application for an order
authorizing or approving the interception of a wire,
oral, or electronic communication under this chapter
shall be made in writing upon oath or affirmation to a
judge of competent jurisdiction and shall state the
applicant's authority to make such application. Each
application shall include the following information:
- the identity of the
investigative or law enforcement officer making the
application, and the officer authorizing the
application;
- a full and complete
statement of the facts and circumstances relied upon
by the applicant, to justify his belief that an
order should be issued, including (i) details as to
the particular offense that has been, is being, or
is about to be committed, (ii) except as provided in
subsection (11), a particular description of the
nature and location of the facilities from which or
the place where the communication is to be
intercepted, (iii) a particular description of the
type of communications sought to be intercepted,
(iv) the identity of the person, if known,
committing the offense and whose communications are
to be intercepted;
- a full and complete
statement as to whether or not other investigative
procedures have been tried and failed or why they
reasonably appear to be unlikely to succeed if tried
or to be too dangerous;
- a statement of the period
of time for which the interception is required to be
maintained. If the nature of the investigation is
such that the authorization for interception should
not automatically terminate when the described type
of communication has been first obtained, a
particular description of facts establishing
probable cause to believe that additional
communications of the same type will occur
thereafter;
- a full and complete
statement of the facts concerning all previous
applications known to the individual authorizing and
making the application, made to any judge for
authorization to intercept, or for approval of
interceptions of, wire, oral, or electronic
communications involving any of the same persons,
facilities or places specified in the application,
and the action taken by the judge on each such
application; and (f) where the application is for
the extension of an order, a statement setting forth
the results thus far obtained from the interception,
or a reasonable explanation of the failure to obtain
such results.
- The judge may require the
applicant to furnish additional testimony or
documentary evidence in support of the application.
- Upon such application the
judge may enter an ex parte order, as requested or as
modified, authorizing or approving interception of
wire, oral, or electronic communications within the
territorial jurisdiction of the court in which the
judge is sitting (and outside that jurisdiction but
within the United States in the case of a mobile
interception device authorized by a Federal court
within such jurisdiction), if the judge determines on
the basis of the facts submitted by the applicant that
-
- there is probable cause for
belief that an individual is committing, has
committed, or is about to commit a particular
offense enumerated in section 2516 of this
chapter;
- there is probable cause for
belief that particular communications concerning
that offense will be obtained through such
interception;
- normal investigative
procedures have been tried and have failed or
reasonably appear to be unlikely to succeed if tried
or to be too dangerous;
- except as provided in
subsection (11), there is probable cause for belief
that the facilities from which, or the place where,
the wire, oral, or electronic communications are to
be intercepted are being used, or are about to be
used, in connection with the commission of such
offense, or are leased to, listed in the name of, or
commonly used by such person.
- Each order authorizing or
approving the interception of any wire, oral, or
electronic communication under this chapter shall
specify -
- the identity of the person,
if known, whose communications are to be
intercepted;
- the nature and location of
the communications facilities as to which, or the
place where, authority to intercept is granted;
- a particular description of
the type of communication sought to be intercepted,
and a statement of the particular offense to which
it relates;
- the identity of the agency
authorized to intercept the communications, and of
the person authorizing the application; and
- the period of time during
which such interception is authorized, including a
statement as to whether or not the interception
shall automatically terminate when the described
communication has been first obtained. An order
authorizing the interception of a wire, oral, or
electronic communication under this chapter shall,
upon request of the applicant, direct that a
provider of wire or electronic communication
service, landlord, custodian or other person shall
furnish the applicant forthwith all information,
facilities, and technical assistance necessary to
accomplish the interception unobtrusively and with a
minimum of interference with the services that such
service provider, landlord, custodian, or person is
according the person whose communications are to be
intercepted. Any provider of wire or electronic
communication service, landlord, custodian or other
person furnishing such facilities or technical
assistance shall be compensated therefor by the
applicant for reasonable expenses incurred in
providing such facilities or assistance. Pursuant to
section 2522 of this
chapter, an order may also be issued to enforce the
assistance capability and capacity requirements
under the Communications Assistance for Law
Enforcement Act.
- No order entered under this
section may authorize or approve the interception of
any wire, oral, or electronic communication for any
period longer than is necessary to achieve the
objective of the authorization, nor in any event
longer than thirty days. Such thirty-day period begins
on the earlier of the day on which the investigative
or law enforcement officer first begins to conduct an
interception under the order or ten days after the
order is entered. Extensions of an order may be
granted, but only upon application for an extension
made in accordance with subsection (1) of this section
and the court making the findings required by
subsection (3) of this section. The period of
extension shall be no longer than the authorizing
judge deems necessary to achieve the purposes for
which it was granted and in no event for longer than
thirty days. Every order and extension thereof shall
contain a provision that the authorization to
intercept shall be executed as soon as practicable,
shall be conducted in such a way as to minimize the
interception of communications not otherwise subject
to interception under this chapter, and must terminate
upon attainment of the authorized objective, or in any
event in thirty days. In the event the intercepted
communication is in a code or foreign language, and an
expert in that foreign language or code is not
reasonably available during the interception period,
minimization may be accomplished as soon as
practicable after such interception. An interception
under this chapter may be conducted in whole or in
part by Government personnel, or by an individual
operating under a contract with the Government, acting
under the supervision of an investigative or law
enforcement officer authorized to conduct the
interception.
- Whenever an order authorizing
interception is entered pursuant to this chapter, the
order may require reports to be made to the judge who
issued the order showing what progress has been made
toward achievement of the authorized objective and the
need for continued interception. Such reports shall be
made at such intervals as the judge may require.
- Notwithstanding any other
provision of this chapter, any investigative or law
enforcement officer, specially designated by the
Attorney General, the Deputy Attorney General, the
Associate Attorney General, or by the principal
prosecuting attorney of any State or subdivision
thereof acting pursuant to a statute of that State,
who reasonably determines that -
- an emergency situation
exists that involves -
- immediate danger of death
or serious physical injury to any person,
- conspiratorial activities
threatening the national security interest, or
- conspiratorial activities
characteristic of organized crime, that requires a
wire, oral, or electronic communication to be
intercepted before an order authorizing such
interception can, with due diligence, be obtained,
and
- there are grounds upon
which an order could be entered under this chapter
to authorize such interception, may intercept such
wire, oral, or electronic communication if an
application for an order approving the interception
is made in accordance with this section within
forty-eight hours after the interception has
occurred, or begins to occur. In the absence of an
order, such interception shall immediately terminate
when the communication sought is obtained or when
the application for the order is denied, whichever
is earlier. In the event such application for
approval is denied, or in any other case where the
interception is terminated without an order having
been issued, the contents of any wire, oral, or
electronic communication intercepted shall be
treated as having been obtained in violation of this
chapter, and an inventory shall be served as
provided for in subsection (d) of this section on
the person named in the application.
-
- The contents of any wire,
oral, or electronic communication intercepted by any
means authorized by this chapter shall, if possible,
be recorded on tape or wire or other comparable
device. The recording of the contents of any wire,
oral, or electronic communication under this
subsection shall be done in such a way as will
protect the recording from editing or other
alterations. Immediately upon the expiration of the
period of the order, or extensions thereof, such
recordings shall be made available to the judge
issuing such order and sealed under his directions.
Custody of the recordings shall be wherever the
judge orders. They shall not be destroyed except
upon an order of the issuing or denying judge and in
any event shall be kept for ten years. Duplicate
recordings may be made for use or disclosure
pursuant to the provisions of subsections (1) and
(2) of section 2517 of this
chapter for investigations. The presence of the seal
provided for by this subsection, or a satisfactory
explanation for the absence thereof, shall be a
prerequisite for the use or disclosure of the
contents of any wire, oral, or electronic
communication or evidence derived therefrom under
subsection (3) of section 2517.
- Applications made and
orders granted under this chapter shall be sealed by
the judge. Custody of the applications and orders
shall be wherever the judge directs. Such
applications and orders shall be disclosed only upon
a showing of good cause before a judge of competent
jurisdiction and shall not be destroyed except on
order of the issuing or denying judge, and in any
event shall be kept for ten years.
- Any violation of the
provisions of this subsection may be punished as
contempt of the issuing or denying judge.
- Within a reasonable time
but not later than ninety days after the filing of
an application for an order of approval under
section 2518(7)(b) which
is denied or the termination of the period of an
order or extensions thereof, the issuing or denying
judge shall cause to be served, on the persons named
in the order or the application, and such other
parties to intercepted communications as the judge
may determine in his discretion that is in the
interest of justice, an inventory which shall
include notice of -
- the fact of the entry of
the order or the application;
- the date of the entry and
the period of authorized, approved or disapproved
interception, or the denial of the application; and
- the fact that during the
period wire, oral, or electronic communications were
or were not intercepted. The judge, upon the filing
of a motion, may in his discretion make available to
such person or his counsel for inspection such
portions of the intercepted communications,
applications and orders as the judge determines to
be in the interest of justice. On an ex parte
showing of good cause to a judge of competent
jurisdiction the serving of the inventory required
by this subsection may be postponed.
- The contents of any wire,
oral, or electronic communication intercepted pursuant
to this chapter or evidence derived therefrom shall
not be received in evidence or otherwise disclosed in
any trial, hearing, or other proceeding in a Federal
or State court unless each party, not less than ten
days before the trial, hearing, or proceeding, has
been furnished with a copy of the court order, and
accompanying application, under which the interception
was authorized or approved. This ten-day period may be
waived by the judge if he finds that it was not
possible to furnish the party with the above
information ten days before the trial, hearing, or
proceeding and that the party will not be prejudiced
by the delay in receiving such information.
-
- Any aggrieved person in any
trial, hearing, or proceeding in or before any
court, department, officer, agency, regulatory body,
or other authority of the United States, a State, or
a political subdivision thereof, may move to
suppress the contents of any wire or oral
communication intercepted pursuant to this chapter,
or evidence derived therefrom, on the grounds that -
- the communication was
unlawfully intercepted;
- the order of
authorization or approval under which it was
intercepted is insufficient on its face; or
- the interception was not
made in conformity with the order of authorization
or approval. Such motion shall be made before the
trial, hearing, or proceeding unless there was no
opportunity to make such motion or the person was
not aware of the grounds of the motion. If the
motion is granted, the contents of the intercepted
wire or oral communication, or evidence derived
therefrom, shall be treated as having been
obtained in violation of this chapter. The judge,
upon the filing of such motion by the aggrieved
person, may in his discretion make available to
the aggrieved person or his counsel for inspection
such portions of the intercepted communication or
evidence derived therefrom as the judge determines
to be in the interests of justice.
- In addition to any other
right to appeal, the United States shall have the
right to appeal from an order granting a motion to
suppress made under paragraph (a) of this
subsection, or the denial of an application for an
order of approval, if the United States attorney
shall certify to the judge or other official
granting such motion or denying such application
that the appeal is not taken for purposes of delay.
Such appeal shall be taken within thirty days after
the date the order was entered and shall be
diligently prosecuted.
- The remedies and sanctions
described in this chapter with respect to the
interception of electronic communications are the
only judicial remedies and sanctions for
nonconstitutional violations of this chapter
involving such communications.
- The requirements of
subsections (1)(b)(ii) and (3)(d) of this section
relating to the specification of the facilities from
which, or the place where, the communication is to be
intercepted do not apply if -
- in the case of an
application with respect to the interception of an
oral communication -
- the application is by a
Federal investigative or law enforcement officer
and is approved by the Attorney General, the
Deputy Attorney General, the Associate Attorney
General, an Assistant Attorney General, or an
acting Assistant Attorney General;
- the application contains
a full and complete statement as to why such
specification is not practical and identifies the
person committing the offense and whose
communications are to be intercepted; and
- the judge finds that such
specification is not practical; and (b) in the
case of an application with respect to a wire or
electronic communication -
- the application is by a
Federal investigative or law enforcement officer
and is approved by the Attorney General, the
Deputy Attorney General, the Associate Attorney
General, an Assistant Attorney General, or an
acting Assistant Attorney General;
- the application
identifies the person believed to be committing
the offense and whose communications are to be
intercepted and the applicant makes a showing that
there is probable cause to believe that the
person's actions could have the effect of
thwarting interception from a specified facility;
- the judge finds that such
showing has been adequately made; and
- the order authorizing or
approving the interception is limited to
interception only for such time as it is
reasonable to presume that the person identified
in the application is or was reasonably proximate
to the instrument through which such communication
will be or was transmitted.
- An interception of a
communication under an order with respect to which the
requirements of subsections (1)(b)(ii) and (3)(d) of
this section do not apply by reason of subsection
(11)(a) shall not begin until the place where the
communication is to be intercepted is ascertained by
the person implementing the interception order. A
provider of wire or electronic communications service
that has received an order as provided for in
subsection (11)(b) may move the court to modify or
quash the order on the ground that its assistance with
respect to the interception cannot be performed in a
timely or reasonable fashion. The court, upon notice
to the government, shall decide such a motion
expeditiously.
Sec.
2519. Reports concerning intercepted wire, oral, or
electronic communications
- Within thirty days after the
expiration of an order (or each extension thereof)
entered under section 2518, or the
denial of an order approving an interception, the
issuing or denying judge shall report to the
Administrative Office of the United States Courts -
- the fact that an order or
extension was applied for;
- the kind of order or
extension applied for (including whether or not the
order was an order with respect to which the
requirements of sections 2518(1)(b)(ii)
and 2518(3)(d) of this title did not apply by reason
of section 2518(11) of this
title);
- the fact that the order or
extension was granted as applied for, was modified,
or was denied;
- the period of interceptions
authorized by the order, and the number and duration
of any extensions of the order;
- the offense specified in
the order or application, or extension of an order;
- the identity of the
applying investigative or law enforcement officer
and agency making the application and the person
authorizing the application; and (g) the nature of
the facilities from which or the place where
communications were to be intercepted.
- In January of each year the
Attorney General, an Assistant Attorney General
specially designated by the Attorney General, or the
principal prosecuting attorney of a State, or the
principal prosecuting attorney for any political
subdivision of a State, shall report to the
Administrative Office of the United States Courts -
- the information required by
paragraphs (a) through (g) of subsection (1) of this
section with respect to each application for an
order or extension made during the preceding
calendar year;
- a general description of
the interceptions made under such order or
extension, including (i) the approximate nature and
frequency of incriminating communications
intercepted, (ii) the approximate nature and
frequency of other communications intercepted, (iii)
the approximate number of persons whose
communications were intercepted, (iv) the number of
orders in which encryption was encountered and
whether such encryption prevented law enforcement
from obtaining the plain text of communications
intercepted pursuant to such order, and (v) the
approximate nature, amount, and cost of the manpower
and other resources used in the interceptions;
- the number of arrests
resulting from interceptions made under such order
or extension, and the offenses for which arrests
were made;
- the number of trials
resulting from such interceptions;
- the number of motions to
suppress made with respect to such interceptions,
and the number granted or denied;
- the number of convictions
resulting from such interceptions and the offenses
for which the convictions were obtained and a
general assessment of the importance of the
interceptions; and
- the information required by
paragraphs (b) through (f) of this subsection with
respect to orders or extensions obtained in a
preceding calendar year.
- In April of each year the
Director of the Administrative Office of the United
States Courts shall transmit to the Congress a full
and complete report concerning the number of
applications for orders authorizing or approving the
interception of wire, oral, or electronic
communications pursuant to this chapter and the number
of orders and extensions granted or denied pursuant to
this chapter during the preceding calendar year. Such
report shall include a summary and analysis of the
data required to be filed with the Administrative
Office by subsections (1) and (2) of this section. The
Director of the Administrative Office of the United
States Courts is authorized to issue binding
regulations dealing with the content and form of the
reports required to be filed by subsections (1) and
(2) of this section.
Sec.
2520. Recovery of civil damages authorized
- In General. - Except as
provided in section 2511(2)(a)(ii),
any person whose wire, oral, or electronic
communication is intercepted, disclosed, or
intentionally used in violation of this chapter may in
a civil action recover from the person or entity which
engaged in that violation such relief as may be
appropriate.
- Relief. - In an action under
this section, appropriate relief includes -
- such preliminary and other
equitable or declaratory relief as may be
appropriate;
- damages under subsection
(c) and punitive damages in appropriate cases; and
- a reasonable attorney's fee
and other litigation costs reasonably incurred.
- Computation of Damages. - (1)
In an action under this section, if the conduct in
violation of this chapter is the private viewing of a
private satellite video communication that is not
scrambled or encrypted or if the communication is a
radio communication that is transmitted on frequencies
allocated under subpart D of part 74 of the rules of
the Federal Communications Commission that is not
scrambled or encrypted and the conduct is not for a
tortious or illegal purpose or for purposes of direct
or indirect commercial advantage or private commercial
gain, then the court shall assess damages as follows:
- If the person who engaged
in that conduct has not previously been enjoined
under section 2511(5) and has
not been found liable in a prior civil action under
this section, the court shall assess the greater of
the sum of actual damages suffered by the plaintiff,
or statutory damages of not less than $50 and not
more than $500.
- If, on one prior occasion,
the person who engaged in that conduct has been
enjoined under section 2511(5) or has
been found liable in a civil action under this
section, the court shall assess the greater of the
sum of actual damages suffered by the plaintiff, or
statutory damages of not less than $100 and not more
than $1000.
(2) In any other action
under this section, the court may assess as damages
whichever is the greater of -
- the sum of the actual
damages suffered by the plaintiff and any profits
made by the violator as a result of the violation;
or
- statutory damages of
whichever is the greater of $100 a day for each day
of violation or $10,000.
- Defense. - A good faith
reliance on -
- a court warrant or order, a
grand jury subpoena, a legislative authorization, or
a statutory authorization;
- a request of an
investigative or law enforcement officer under
section 2518(7) of this
title; or
- a good faith determination
that section 2511(3) of this
title permitted the conduct complained of; is a
complete defense against any civil or criminal
action brought under this chapter or any other law.
- Limitation. - A civil action
under this section may not be commenced later than two
years after the date upon which the claimant first has
a reasonable opportunity to discover the violation.
Sec.
2521. Injunction against illegal interception
Whenever it shall appear that
any person is engaged or is about to engage in any act
which constitutes or will constitute a felony violation
of this chapter, the Attorney General may initiate a
civil action in a district court of the United States to
enjoin such violation. The court shall proceed as soon
as practicable to the hearing and determination of such
an action, and may, at any time before final
determination, enter such a restraining order or
prohibition, or take such other action, as is warranted
to prevent a continuing and substantial injury to the
United States or to any person or class of persons for
whose protection the action is brought. A proceeding
under this section is governed by the Federal Rules of
Civil Procedure, except that, if an indictment has been
returned against the respondent, discovery is governed
by the Federal Rules of Criminal Procedure.
Sec.
2522. Enforcement of the Communications Assistance for
Law Enforcement Act
- Enforcement by Court Issuing
Surveillance Order. - If a court authorizing an
interception under this chapter, a State statute, or
the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1801 et seq.) or authorizing use of a pen
register or a trap and trace device under chapter 206 or a State
statute finds that a telecommunications carrier has
failed to comply with the requirements of the
Communications Assistance for Law Enforcement Act, the
court may, in accordance with section 108 of such Act,
direct that the carrier comply forthwith and may
direct that a provider of support services to the
carrier or the manufacturer of the carrier's
transmission or switching equipment furnish forthwith
modifications necessary for the carrier to comply.
- Enforcement Upon Application
by Attorney General. - The Attorney General may, in a
civil action in the appropriate United States district
court, obtain an order, in accordance with section 108
of the Communications Assistance for Law Enforcement
Act, directing that a telecommunications carrier, a
manufacturer of telecommunications transmission or
switching equipment, or a provider of
telecommunications support services comply with such
Act.
- Civil Penalty. -
- In general. - A court
issuing an order under this section against a
telecommunications carrier, a manufacturer of
telecommunications transmission or switching
equipment, or a provider of telecommunications
support services may impose a civil penalty of up to
$10,000 per day for each day in violation after the
issuance of the order or after such future date as
the court may specify.
- Considerations. - In
determining whether to impose a civil penalty and in
determining its amount, the court shall take into
account -
- the nature, circumstances,
and extent of the violation;
- the violator's ability to
pay, the violator's good faith efforts to comply in
a timely manner, any effect on the violator's
ability to continue to do business, the degree of
culpability, and the length of any delay in
undertaking efforts to comply; and
- such other matters as
justice may require.
- Definitions. - As used in
this section, the terms defined in section 102 of the
Communications Assistance for Law Enforcement Act have
the meanings provided, respectively, in such section.
Top
APPENDIX D
TITLE 18 UNITED
STATES CODE
CHAPTER 121 -
STORED WIRE AND ELECTRONIC COMMUNICATIONS AND
TRANSACTIONAL RECORDS ACCESS Sec. 2701.
Unlawful access to stored communications
- Offense. - Except as provided
in subsection (c) of this section whoever -
- intentionally accesses
without authorization a facility through which an
electronic communication service is provided; or
- intentionally exceeds an
authorization to access that facility; and thereby
obtains, alters, or prevents authorized access to a
wire or electronic communication while it is in
electronic storage in such system shall be punished
as provided in subsection (b) of this section.
- Punishment. - The punishment
for an offense under subsection (a) of this section is
-
- if the offense is committed
for purposes of commercial advantage, malicious
destruction or damage, or private commercial gain -
- a fine under this title
or imprisonment for not more than one year, or
both, in the case of a first offense under this
subparagraph; and
- a fine under this title
or imprisonment for not more than two years, or
both, for any subsequent offense under this
subparagraph; and
- a fine under this title
or imprisonment for not more than six months, or
both, in any other case.
- Exceptions. - Subsection (a)
of this section does not apply with respect to conduct
authorized -
- by the person or entity
providing a wire or electronic communications
service;
- by a user of that service
with respect to a communication of or intended for
that user; or
- in section 2703, 2704 or 2518 of
this title.
Sec.
2702. Disclosure of contents
- Prohibitions. - Except as
provided in subsection (b) -
- a person or entity
providing an electronic communication service to the
public shall not knowingly divulge to any person or
entity the contents of a communication while in
electronic storage by that service; and
- a person or entity
providing remote computing service to the public
shall not knowingly divulge to any person or entity
the contents of any communication which is carried
or maintained on that service -
- on behalf of, and
received by means of electronic transmission from
(or created by means of computer processing of
communications received by means of electronic
transmission from), a subscriber or customer of
such service; and
- solely for the purpose of
providing storage or computer processing services
to such subscriber or customer, if the provider is
not authorized to access the contents of any such
communications for purposes of providing any
services other than storage or computer
processing.
- Exceptions. - A person or
entity may divulge the contents of a communication -
- to an addressee or intended
recipient of such communication or an agent of such
addressee or intended recipient;
- as otherwise authorized in
section 2517, 2511(2)(a), or
2703 of this title;
- with the lawful consent of
the originator or an addressee or intended recipient
of such communication, or the subscriber in the case
of remote computing service;
- to a person employed or
authorized or whose facilities are used to forward
such communication to its destination;
- as may be necessarily
incident to the rendition of the service or to the
protection of the rights or property of the provider
of that service; or
- to a law enforcement agency
-
- if the contents -
- were inadvertently
obtained by the service provider; and
- appear to pertain to the
commission of a crime; or
- if required by section 227
of the Crime Control Act of 1990.
Sec.
2703. Requirements for governmental access
- Contents of Electronic
Communications in Electronic Storage. - A governmental
entity may require the disclosure by a provider of
electronic communication service of the contents of an
electronic communication, that is in electronic
storage in an electronic communications system for one
hundred and eighty days or less, only pursuant to a
warrant issued under the Federal Rules of Criminal
Procedure or equivalent State warrant. A governmental
entity may require the disclosure by a provider of
electronic communications services of the contents of
an electronic communication that has been in
electronic storage in an electronic communications
system for more than one hundred and eighty days by
the means available under subsection (b) of this
section.
- Contents of Electronic
Communications in a Remote Computing Service. - (1) A
governmental entity may require a provider of remote
computing service to disclose the contents of any
electronic communication to which this paragraph is
made applicable by paragraph (2) of this subsection -
- without required notice to
the subscriber or customer, if the governmental
entity obtains a warrant issued under the Federal
Rules of Criminal Procedure or equivalent State
warrant; or
- with prior notice from the
governmental entity to the subscriber or customer if
the governmental entity -
- uses an administrative
subpoena authorized by a Federal or State statute
or a Federal or State grand jury or trial
subpoena; or
- obtains a court order for
such disclosure under subsection (d) of this
section; except that delayed notice may be given
pursuant to section 2705 of this
title.
2 Paragraph (1) is
applicable with respect to any electronic
communication that is held or maintained on that
service -
- on behalf of, and received
by means of electronic transmission from (or created
by means of computer processing of communications
received by means of electronic transmission from),
a subscriber or customer of such remote computing
service; and
- solely for the purpose of
providing storage or computer processing services to
such subscriber or customer, if the provider is not
authorized to access the contents of any such
communications for purposes of providing any
services other than storage or computer processing.
- Records Concerning Electronic
Communication Service or Remote Computing Service. -
(1)
- Except as provided in
subparagraph (B), a provider of electronic
communication service or remote computing service
may disclose a record or other information
pertaining to a subscriber to or customer of such
service (not including the contents of
communications covered by subsection (a) or (b) of
this section) to any person other than a
governmental entity.
- A provider of electronic
communication service or remote computing service
shall disclose a record or other information
pertaining to a subscriber to or customer of such
service (not including the contents of
communications covered by subsection (a) or (b) of
this section) to a governmental entity only when
the governmental entity -
- obtains a warrant
issued under the Federal Rules of Criminal
Procedure or equivalent State warrant;
- obtains a court order
for such disclosure under subsection (d) of this
section;
- has the consent of the
subscriber or customer to such disclosure; or
- submits a formal
written request relevant to a law enforcement
investigation concerning telemarketing fraud for
the name, address, and place of business of a
subscriber or customer of such provider, which
subscriber or customer is engaged in
telemarketing (as such term is defined in
section 2325 of this
title).
- A provider of electronic
communication service or remote computing service
shall disclose to a governmental entity the name,
address, local and long distance telephone toll
billing records, telephone number or other
subscriber number or identity, and length of
service of a subscriber to or customer of such
service and the types of services the subscriber
or customer utilized, when the governmental entity
uses an administrative subpoena authorized by a
Federal or State statute or a Federal or State
grand jury or trial subpoena or any means
available under subparagraph (B).
(2) A governmental entity
receiving records or information under this
subsection is not required to provide notice to a
subscriber or customer.
- Requirements for Court Order.
- A court order for disclosure under subsection (b) or
(c) may be issued by any court that is a court of
competent jurisdiction described in section 3127(2)(A) and
shall issue only if the governmental entity offers
specific and articulable facts showing that there are
reasonable grounds to believe that the contents of a
wire or electronic communication, or the records or
other information sought, are relevant and material to
an ongoing criminal investigation. In the case of a
State governmental authority, such a court order shall
not issue if prohibited by the law of such State. A
court issuing an order pursuant to this section, on a
motion made promptly by the service provider, may
quash or modify such order, if the information or
records requested are unusually voluminous in nature
or compliance with such order otherwise would cause an
undue burden on such provider.
- No Cause of Action Against a
Provider Disclosing Information Under This Chapter. -
No cause of action shall lie in any court against any
provider of wire or electronic communication service,
its officers, employees, agents, or other specified
persons for providing information, facilities, or
assistance in accordance with the terms of a court
order, warrant, subpoena, or certification under this
chapter.
- Requirement To Preserve
Evidence. -
- In general. - A provider of
wire or electronic communication services or a
remote computing service, upon the request of a
governmental entity, shall take all necessary steps
to preserve records and other evidence in its
possession pending the issuance of a court order or
other process.
- Period of retention. -
Records referred to in paragraph (1) shall be
retained for a period of 90 days, which shall be
extended for an additional 90-day period upon a
renewed request by the governmental entity.
Sec.
2704. Backup preservation
- Backup Preservation.
-
- A governmental entity
acting under section 2703(b)
- may include in its subpoena
or court order a requirement that the service
provider to whom the request is directed create a
backup copy of the contents of the electronic
communications sought in order to preserve those
communications. Without notifying the subscriber or
customer of such subpoena or court order, such
service provider shall create such backup copy as
soon as practicable consistent with its regular
business practices and shall confirm to the
governmental entity that such backup copy has been
made. Such backup copy shall be created within two
business days after receipt by the service provider
of the subpoena or court order.
- Notice to the subscriber or
customer shall be made by the governmental entity
within three days after receipt of such
confirmation, unless such notice is delayed pursuant
to section 2705(a).
- The service provider shall
not destroy such backup copy until the later of -
- the delivery of the
information; or
- ) the resolution of any
proceedings (including appeals of any proceeding)
concerning the government's subpoena or court
order.
- The service provider shall
release such backup copy to the requesting
governmental entity no sooner than fourteen days
after the governmental entity's notice to the
subscriber or customer if such service provider -
- has not received notice
from the subscriber or customer that the
subscriber or customer has challenged the
governmental entity's request; and
- has not initiated
proceedings to challenge the request of the
governmental entity.
- A governmental entity may
seek to require the creation of a backup copy under
subsection (a)(1) of this section if in its sole
discretion such entity determines that there is
reason to believe that notification under section 2703 of this
title of the existence of the subpoena or court
order may result in destruction of or tampering with
evidence. This determination is not subject to
challenge by the subscriber or customer or service
provider.
(b) Customer Challenges. -
(1) Within fourteen days after notice by the
governmental entity to the subscriber or customer
under subsection (a)(2) of this section, such
subscriber or customer may file a motion to quash
such subpoena or vacate such court order, with
copies served upon the governmental entity and with
written notice of such challenge to the service
provider. A motion to vacate a court order shall be
filed in the court which issued such order. A motion
to quash a subpoena shall be filed in the
appropriate United States district court or State
court. Such motion or application shall contain an
affidavit or sworn statement -
- stating that the
applicant is a customer or subscriber to the
service from which the contents of electronic
communications maintained for him have been
sought; and
- stating the applicant's
reasons for believing that the records sought are
not relevant to a legitimate law enforcement
inquiry or that there has not been substantial
compliance with the provisions of this chapter in
some other respect.
- Service shall be made
under this section upon a governmental entity by
delivering or mailing by registered or certified
mail a copy of the papers to the person, office,
or department specified in the notice which the
customer has received pursuant to this chapter.
For the purposes of this section, the term
''delivery'' has the meaning given that term in
the Federal Rules of Civil Procedure.
- If the court finds that
the customer has complied with paragraphs (1) and
(2) of this subsection, the court shall order the
governmental entity to file a sworn response,
which may be filed in camera if the governmental
entity includes in its response the reasons which
make in camera review appropriate. If the court is
unable to determine the motion or application on
the basis of the parties' initial allegations and
response, the court may conduct such additional
proceedings as it deems appropriate. All such
proceedings shall be completed and the motion or
application decided as soon as practicable after
the filing of the governmental entity's response.
- If the court finds that
the applicant is not the subscriber or customer
for whom the communications sought by the
governmental entity are maintained, or that there
is a reason to believe that the law enforcement
inquiry is legitimate and that the communications
sought are relevant to that inquiry, it shall deny
the motion or application and order such process
enforced. If the court finds that the applicant is
the subscriber or customer for whom the
communications sought by the governmental entity
are maintained, and that there is not a reason to
believe that the communications sought are
relevant to a legitimate law enforcement inquiry,
or that there has not been substantial compliance
with the provisions of this chapter, it shall
order the process quashed.
- A court order denying a
motion or application under this section shall not
be deemed a final order and no interlocutory
appeal may be taken therefrom by the customer.
Sec.
2705. Delayed notice
- Delay of Notification. -
- A governmental entity
acting under section 2703(b) of this
title may -
- where a court order is
sought, include in the application a request,
which the court shall grant, for an order delaying
the notification required under section 2703(b) of
this title for a period not to exceed ninety days,
if the court determines that there is reason to
believe that notification of the existence of the
court order may have an adverse result described
in paragraph (2) of this subsection; or
- where an administrative
subpoena authorized by a Federal or State statute
or a Federal or State grand jury subpoena is
obtained, delay the notification required under
section 2703(b) of
this title for a period not to exceed ninety days
upon the execution of a written certification of a
supervisory official that there is reason to
believe that notification of the existence of the
subpoena may have an adverse result described in
paragraph (2) of this subsection.
- An adverse result for the
purposes of paragraph (1) of this subsection is -
- endangering the life or
physical safety of an individual;
- flight from prosecution;
- destruction of or
tampering with evidence;
- intimidation of potential
witnesses; or
- otherwise seriously
jeopardizing an investigation or unduly delaying a
trial.
- The governmental entity
shall maintain a true copy of certification under
paragraph (1)(B).
- Extensions of the delay of
notification provided in section 2703 of up to
ninety days each may be granted by the court upon
application, or by certification by a governmental
entity, but only in accordance with subsection (b)
of this section.
- Upon expiration of the
period of delay of notification under paragraph (1)
or (4) of this subsection, the governmental entity
shall serve upon, or deliver by registered or
first-class mail to, the customer or subscriber a
copy of the process or request together with notice
that -
- states with reasonable
specificity the nature of the law enforcement
inquiry; and
- informs such customer or
subscriber -
- that information
maintained for such customer or subscriber by the
service provider named in such process or request
was supplied to or requested by that governmental
authority and the date on which the supplying or
request took place;
- that notification of such
customer or subscriber was delayed;
- what governmental entity
or court made the certification or determination
pursuant to which that delay was made; and
- which provision of this
chapter allowed such delay.
- As used in this subsection,
the term ''supervisory official'' means the
investigative agent in charge or assistant
investigative agent in charge or an equivalent of an
investigating agency's headquarters or regional
office, or the chief prosecuting attorney or the
first assistant prosecuting attorney or an
equivalent of a prosecuting attorney's headquarters
or regional office.
- Preclusion of Notice to
Subject of Governmental Access. - A governmental
entity acting under section 2703, when it is
not required to notify the subscriber or customer
under section 2703
- (1), or to the extent that it
may delay such notice pursuant to subsection (a) of
this section, may apply to a court for an order
commanding a provider of electronic communications
service or remote computing service to whom a warrant,
subpoena, or court order is directed, for such period
as the court deems appropriate, not to notify any
other person of the existence of the warrant,
subpoena, or court order. The court shall enter such
an order if it determines that there is reason to
believe that notification of the existence of the
warrant, subpoena, or court order will result in -
- endangering the life or
physical safety of an individual;
- flight from prosecution;
- destruction of or tampering
with evidence;
- intimidation of potential
witnesses; or
- otherwise seriously
jeopardizing an investigation or unduly delaying a
trial.
Sec.
2706. Cost reimbursement
Payment. - Except as
otherwise provided in subsection (c), a governmental
entity obtaining the contents of communications,
records, or other information under section 2702, 2703, or 2704 of
this title shall pay to the person or entity
assembling or providing such information a fee for
reimbursement for such costs as are reasonably
necessary and which have been directly incurred in
searching for, assembling, reproducing, or otherwise
providing such information. Such reimbursable costs
shall include any costs due to necessary disruption of
normal operations of any electronic communication
service or remote computing service in which such
information may be stored.
Amount. - The amount of the
fee provided by subsection (a) shall be as mutually
agreed by the governmental entity and the person or
entity providing the information, or, in the absence
of agreement, shall be as determined by the court
which issued the order for production of such
information (or the court before which a criminal
prosecution relating to such information would be
brought, if no court order was issued for production
of the information).
Exception. - The requirement
of subsection (a) of this section does not apply with
respect to records or other information maintained by
a communications common carrier that relate to
telephone toll records and telephone listings obtained
under section 2703 of this
title. The court may, however, order a payment as
described in subsection (a) if the court determines
the information required is unusually voluminous in
nature or otherwise caused an undue burden on the
provider.
Sec.
2707. Civil action
- Cause of Action. - Except as
provided in section 2703(e), any
provider of electronic communication service,
subscriber, or other person aggrieved by any violation
of this chapter in which the conduct constituting the
violation is engaged in with a knowing or intentional
state of mind may, in a civil action, recover from the
person or entity which engaged in that violation such
relief as may be appropriate.
- Relief. - In a civil action
under this section, appropriate relief includes -
- such preliminary and other
equitable or declaratory relief as may be
appropriate;
- damages under subsection
(c); and
- a reasonable attorney's fee
and other litigation costs reasonably incurred.
- Damages. - The court may
assess as damages in a civil action under this section
the sum of the actual damages suffered by the
plaintiff and any profits made by the violator as a
result of the violation, but in no case shall a person
entitled to recover receive less than the sum of
$1,000. If the violation is willful or intentional,
the court may assess punitive damages. In the case of
a successful action to enforce liability under this
section, the court may assess the costs of the action,
together with reasonable attorney fees determined by
the court.
- Disciplinary Actions for
Violations. - If a court determines that any agency or
department of the United States has violated this
chapter and the court finds that the circumstances
surrounding the violation raise the question whether
or not an officer or employee of the agency or
department acted willfully or intentionally with
respect to the violation, the agency or department
concerned shall promptly initiate a proceeding to
determine whether or not disciplinary action is
warranted against the officer or employee.
- Defense. - A good faith
reliance on -
- a court warrant or order, a
grand jury subpoena, a legislative authorization, or
a statutory authorization;
- a request of an
investigative or law enforcement officer under
section 2518(7) of this
title; or
- a good faith determination
that section 2511(3) of this
title permitted the conduct complained of; is a
complete defense to any civil or criminal action
brought under this chapter or any other law.
- Limitation. - A civil action
under this section may not be commenced later than two
years after the date upon which the claimant first
discovered or had a reasonable opportunity to discover
the violation.
Sec.
2708. Exclusivity of remedies
The
remedies and sanctions described in this chapter are the
only judicial remedies and sanctions for
nonconstitutional violations of this chapter.
Sec.
2709. Counterintelligence access to telephone toll and
transactional records
- Duty to Provide. - A wire or
electronic communication service provider shall comply
with a request for subscriber information and toll
billing records information, or electronic
communication transactional records in its custody or
possession made by the Director of the Federal Bureau
of Investigation under subsection (b) of this section.
- Required Certification. - The
Director of the Federal Bureau of Investigation, or
his designee in a position not lower than Deputy
Assistant Director, may -
- request the name, address,
length of service, and local and long distance toll
billing records of a person or entity if the
Director (or his designee in a position not lower
than Deputy Assistant Director) certifies in writing
to the wire or electronic communication service
provider to which the request is made that -
- the name, address, length
of service, and toll billing records sought are
relevant to an authorized foreign counter
intelligence investigation; and
- there are specific and
articulable facts giving reason to believe that
the person or entity to whom the information
sought pertains is a foreign power or an agent of
a foreign power as defined in section 101 of the
Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1801); and
- request the name, address,
and length of service of a person or entity if the
Director (or his designee in a position not lower
than Deputy Assistant Director) certifies in writing
to the wire or electronic communication service
provider to which the request is made that -
- the information sought is
relevant to an authorized foreign
counterintelligence investigation; and
- there are specific and
articulable facts giving reason to believe that
communication facilities registered in the name of
the person or entity have been used, through the
services of such provider, in communication with -
- an individual who is
engaging or has engaged in international
terrorism as defined in section 101(c) of the
Foreign Intelligence Surveillance Act [1] or
clandestine intelligence activities that involve
or may involve a violation of the criminal
statutes of the United States; or
- a foreign power or an
agent of a foreign power under circumstances
giving reason to believe that the communication
concerned international terrorism as defined in
section 101(c) of the Foreign Intelligence
Surveillance Act (FOOTNOTE 1) or clandestine
intelligence activities that involve or may
involve a violation of the criminal statutes of
the United States.
- Prohibition of Certain
Disclosure. - No wire or electronic communication
service provider, or officer, employee, or agent
thereof, shall disclose to any person that the Federal
Bureau of Investigation has sought or obtained access
to information or records under this section.
- Dissemination by Bureau. -
The Federal Bureau of Investigation may disseminate
information and records obtained under this section
only as provided in guidelines approved by the
Attorney General for foreign intelligence collection
and foreign counterintelligence investigations
conducted by the Federal Bureau of Investigation, and,
with respect to dissemination to an agency of the
United States, only if such information is clearly
relevant to the authorized responsibilities of such
agency.
- Requirement That Certain
Congressional Bodies Be Informed. - On a semiannual
basis the Director of the Federal Bureau of
Investigation shall fully inform the Permanent Select
Committee on Intelligence of the House of
Representatives and the Select Committee on
Intelligence of the Senate, and the Committee on the
Judiciary of the House of Representatives and the
Committee on the Judiciary of the Senate, concerning
all requests made under subsection (b) of this
section.
Sec.
2711. Definitions for chapter
As
used in this chapter -
- the terms defined in section
2510 of this title
have, respectively, the definitions given such terms
in that section; and
- the term ''remote computing
service'' means the provision to the public of
computer storage or processing services by means of an
electronic communications system.
Top
|
| |
| |
|
| |
. |
©2008
Alex Modelski, Business & Technology Law | |
|
|
|
|
|
|
|
| |
