by Ruel Hernandez Cedarbend Way Chu

Found at: 0x1bi.net:70/textfiles/file?internet/email_pr

                             Ruel T. Hernandez
                             801 Cedarbend Way
                       Chula Vista, California 92010
                           (619) 421-6517 (voice)
                          (CompuServe: 71450,3341)
                         (GEnie Mail: R.HERNANDEZ)
                              January 11, 1987
               Copyright (c) 1986, 1987 by Ruel T. Hernandez
     (This is an edited version of a law school seminar paper I wrote at
California Western School of Law.  A another version of the paper, entitled
"Electronic Mail - Your Right to Privacy," by Ruel T. Hernandez as told to
Dan Gookin, was published as the cover story in The Byte Buyer, San Diego's
Microcomputer Magazine, volume 4, number 24, December 5, 1986.  That version
may also be found on their BBS at 619/226-3304 or 619/573-0359.  Note,
citations to the Electronic Communications Privacy Act of 1986 refer to the
final version passed by the House of Representatives on October 2, 1986,
Congressional Record.)
     Two years ago, legislation was introduced into Congress that sought to
communications, such as electronic mail found on commercial computer systems
and on remote computer systems, commonly known as bulletin board systems
(BBS).  Old federal wiretap law only gave protection to normal audio
telephonic communications.  There was no contemplation of computers or their
operators using telephone lines to communicate.  The old federal wiretap law
transmitted on a telephone line.  Before the Electronic Communications
transmitted message once it was stored within a computer system.
     (1) Whether electronic mail and other intended private material stored
     (2) Should private electronic mail and other such material be accorded
the protection guidelines as with telephone communication and the U.S. Mail?
     Law enforcement seeks criminal evidence stored as E-Mail on either a
local, user-supported BBS, or on a commercial computer service, such as
CompuServe, GEnie or The Source.  (Note, this situation is equally
applicable to personal, private data stored on a remote system for later
     For instance, a computer user calls up a computer communication system.
Using the electronic mail function, he leaves a private message that can
only be read by an intended recipient.  The message is to inform the
that incriminating evidence may be found on the computer system.
     In 1982, such a situation occurred.  (Meeks, Brock, "Life at 300 Baud:
Crime on the BBS Network," Profiles, August, 1986, 12-13.)  A Detroit
federal grand jury, investigating a million-dollar cocaine ring, issued a
cocaine ring was using The Source as communication base to send messages to
members of the ring.  With such evidence, the grand jury could implicate or
ndict those suspected to be a part of the cocaine ring.  The Source refused
to obey the subpoena.  The prosecution argued The Source could not
vicariously assert a subscriber's privacy rights.  Constitutional rights are
Additionally, if the files containing messages were duplicated, any
battle ensued.  However, before a ruling could be made, the kingpin of the
cocaine ring entered a surprise guilty plea to federal drug trafficking
charges.  The case against the Source was discontinued.
     Publicly posted messages and other public material may be easily
that poses the problem.
     Law enforcement's task is then to gather enough evidence to
other private files, transmitted by suspected criminals.  A computer
communications service, as keeper and transmitter of private electronic
messages, would not want to turn over the private data.
                           INADEQUACY OF OLD LAW
     Brock Meeks of Profiles magazine noted that as of August, 1986, "no ...
agency can, for example, confiscate a local BBS and examine all the message
traffic," including and private files and E-Mail.  (Ibid.)
     In the next section, case law will be examined and statutory law prior
to the Electronic Communications Privacy Act of 1986 (ECPA) will be noted.
Seemingly applicable statutes, as they stood, provided no guidelines for
CompuServe, GEnie, and local, user-operated BBSs.
     There is little case law available on computer communications and
Fourth Amendment constitutional problems.  (M.D. Scott, Computer Law, 9-9
(1984 & Special Update, August 1, 1984).)  If not for the surprise
     Of the available cases, Scott noted those that primarily dealt with
financial information found in bank and consumer credit organization
computers.   In U.S. v. Davey, 426 F.2d 842, 845 (2 Cir. 1970), the
the manner in which it may be retrieved, so long as it pays the reasonable
costs of retrieval.  In a California case, Burrows v. Superior Court, 13
Cal. 3d 238, 243, 118 Cal. Rptr. 166, 169 (1974), a depositor was found to
of both those papers in check form originating from the depositor and the
U.S. v. Miller, 425 U.S. 435, 440 (1976), customer account records on a
banks' computer were held to not be private papers of the bank customer,
and, hence, there is no Fourth Amendment problem when they are subpoenaed
     The computer data and information in these cases have more of a
business character in contrast to personal E-Mail found on remote computer
as in the Detroit case, may try to analogize duplicated and backed up E-Mail
to business situations where data on business computer databases are also
backed up.  Both types of computer data are stored on a system and then
later retrieved.  The provider of the remote computing service or the sysop
Mail or centrally-based financial or credit data.  Duplication does not
necessarily make E-Mail the same as financial or credit data stored in
business computers.  Centrally-based business information is more concerned
communications between individuals where the sender transmits a private
message to be retrieved only by an intended recipient.  The sender and the
objectively is reasonable.  Therefore, there is a constitutionally protected
expectation of privacy under Katz v. U.S., 389 U.S. 347, 19 L.Ed. 88 S.Ct.
Ciraolo, -- U.S. --, 106 S.Ct. 1809 (1984), the users would have to protect
their electronic mail from any privacy intrusion.  The provider or operator
of the remote system has ultimate control of his system.  He has complete
access to all areas of the system.  He could easily examine the material.
The prosecution would note the user could not reasonably protect his private
dea of privacy.  If there is no privacy, there can be no search and
therefore no Fourth Amendment constitutional violation.  Law enforcement can
     The federal wiretap statutes, before the Electronic Communication
nterceptions.  This protection was made in 1968 in response to electronic
eavesdropping by government.  (Cohodas, Nadine, "Congress Races to stay
Ahead of Technology," Congressional Quarterly Weekly Report, May 31, 1986,
"wire communication," under the old law, it was limited to audio
transmissions by wire or cable and does not mention stored computer data.
(18 U.S.C. sec. 2510(1).)  The old law required that an interception of a
Therefore, a computer communication may come under the old law while being
transmitted.  After a caller's message is "sent" on a remote computer
communication's conversion into computer stored data, thus no longer in
transmission until retrieved, takes the communication out of the old
     "Eighteen years ago ... Congress could not appreciate - or in some
cases even contemplate - [today's] telecommunications and computer
technology...."  (132 Cong. Rec. S7992 (daily ed. June 19, 1986) (statement
of Sen. Leahy).)
     California's "invasion of privacy" and wiretap statutes (Cal. Penal
Code sec. 630 et seq.), appears to provide state protection for BBSs.
California Penal Code sec. 637 reads as:
     Every person not a party to a telegraphic or telephonic
     communication who willfully discloses the contents of a
     telegraphic or telephonic message, or any part thereof, addressed
     to another person, without the permission of such person, unless
     directed so to do by the lawful order of a court, is punishable
     by imprisonment in the state prison, or in the count jail not
     exceeding one year, or by fine not exceeding five thousand
     dollars ($5000), or by both fine and imprisonment.
     Again, the question here would be whether "telegraphic or telephonic
messages" include computer communications via modem where a transmitted
message is subsequently stored within a computer awaiting retrieval by its
ntended recipient.  Again, the storage of the data takes the computer
communications out of the statute.  When the statute was passed, the
California legislature, much like the Congress, could not foresee the
technological advances in computer communications.
     It should be noted that Assemblywoman Moore introduced legislation in
this.  Aside from political reasons for the lack of further action is one
computer privacy protection is specified in the state constitution, more
litigation may result to tie up the courts in cases deciding whether or not
there is privacy protection for other unspecified matters.  Although,
overall, the California state constitution is much more specific than the
United States Constitution, it may be best to not be any more specific with
     Statutory U.S. Mail protection provides a suggestion for statutory
communication systems.  The unauthorized taking out of and examining of the
contents of mail held in a "depository for mail matter" before it is
mprisonment, or both.  (18 U.S.C. sec. 1702.)
                           SOLUTION - THE NEW LAW
     There are two methods towards a solution:  (1) court decisions; and (2)
new legislated privacy protection.
     Courts may have chosen to read computer communications protection into
the old federal wiretap statute or into existing state law.  However, they
n this area] and some judges are openly asking Congress for help....
[F]ederal Appeals Court Judge Richard Posner in Chicago said Congress needed
to revise current law, adding that 'judges are not authorized to amend
to Stay Ahead of Technology," Congressional Quarterly Weekly Report, May 31,
     Last October 21, 1986, President Reagan signed the Electronic
Communications Privacy Act of 1986 amending the federal wiretap law.  The
new Act (P.L. 99-508) would not take immediate effect until three months
after the signing - presumably January 21, 1986.  (18 U.S.C. secs. 111 and
     When the new law does take effect, it would first provide privacy
     'electronic communication' ... [by] any transfer of signs,
     signals, writing, images, sounds, data or intelligence of any
     nature transmitted in whole or in part by a wire, radio,
     electromagnetic, photoelectronic or photooptical system that
     affects interstate or foreign commerce...."
(18 U.S.C. sec. 2510(10).)
     Second, and more importantly for this discussion, ECPA would protect
"stored wire and electronic communications," i.e. E-Mail stored and backed
up on disk or tape on an electronic computer communication system.  (18
U.S.C. sec. 2701(a)(1) and (2).)  The legislation makes it a federal
criminal offense to break into any electronic system holding copies of
messages or to exceed authorized access to alter or obtain the stored
messages.  (Ibid.)
     The legislation would protect electronic computer communication systems
from law enforcement invasion of user E-Mail without a court order.  (18
U.S.C. sec. 2703.)  Although the burden of preventing invasion of the E-Mail
s placed on the subscriber or user of the system, the government must give
or to vacate a court order seeking disclosure of his computer data.  (18
U.S.C. sec. 2704(b).)  However, the government may give delayed notice when
there are exigent circumstances as listed by the Act (18 U.S.C. sec. 2705.)
     The legislation gives a civil cause of action to the provider or
operator, subscriber, customer or user of the system aggrieved by an
nvasion of private material stored in the system in violation of ECPA.  (18
U.S.C. sec. 2702; see also 18 U.S.C. sec. 2520.)  If the provider or
operator has to disclose information stored on his system due to a court
order, warrant, subpoena, or certification under ECPA, there can be no cause
of action against him by any person aggrieved by such disclosure.  (18
U.S.C. sec. 2703(e); see also sec. 2702(b).)
     The electronic communications, under this new Act, must be sent by a
electronic communications sent by common carrier telephone lines.
     There may be some question as to whether or not ECPA is confined to
commercial systems and does not cover user-operated bulletin board systems.
That would be similar to arguing the old federal wiretap law was confined to
long distance communications and not to local telephone calls.  The House
ntended to be covered by the Act.  The House noted a difference between
commercial subscription systems and user-operated BBSs readily accessible by
the public.  However, it also noted the different levels of security found
on user-operated BBSs, i.e. the difference between system areas containing
Electronic communications that the operator attempts to keep confidential
features configured to be readily accessible by the general public.
Language in the Act also refers to "the person or entity providing the wire
or electronic communication service."  Such language may be seen to indicate
the inclusion of individuals who operate a BBS.  (18 U.S. secs. 2701(c)(1)
and 2702(a)(1) and (b).)  Additionally, a remote computing service was
computer storage or processing services to the public.  (18 U.S.C. sec.
s easily accessible to public with the simple dialing of a telephone number
by a modem-equipped computer.  On the political side, Senator Leahy, a
and operators' of BBSs] comments and encourage sensitivity to the needs of
BBS's in the legislation....  They are ... willing to listen to our side of
things."  (BBSLAW02.MSG, dated 07/24/85, information from Chip Berlet,
Secretary, National Lawyers Guild Civil Liberties Committee, transmitted by
Federal Legislation Affecting Computer Bulletin Boards, deposited on The
Legacy Network 213/553-1473.)
     Electronic mail stored on computer communication systems have Fourth
Amendment constitutional privacy protection.  Unfortunately, before the
Electronic Communications Privacy Act of 1986, such protection was not
articulated by federal or state statutory guidelines.  Case law also did
not provide any helpful guidance.  The peculiarities of computers and
computer storage posed problems which were not addressed by the old wiretap
laws.  They were also problems overwhelmed by constitutional privacy law as
     [For more information on ECPA, see 132 Cong. Rec. H8977 (daily ed.
October 2, 1986) or "Major Provisions of 1986 Electronic Privacy Act,"
Congressional Quarterly Weekly Report, October 11, 1986, 2558.]