Those of us who remember life before the Pepsi
Generation can attest to the change brought into our lives by
advances in electronic technology. Starting with the
widespread use of the transistor, and continuing into the
integrated circuit, the large scale integrated circuit, the
very large scale integrated circuit, etc., electronic
"miracles" have become commonplace and cheap. Perhaps the
single best illustration of that change is in the field of
"information technology." The advent of the personal computer,
the blurring of the lines between telecommunications and
computing, the breakup of the Bell system, and the growing
technological awareness of the general population have caused
what can only be called a revolution in the way we communicate
with each other. Not too many years ago, we learned of world
events from newspapers--today from television and radio. Not
too many years ago we exchanged personal messages by
mail—today we telephone. Not too many years ago, businesses in
a hurry would send mail special delivery--today they use
overnight express or facsimile. And, increasingly, businesses
and individuals use computer communications instead of or in
addition to these other means of passing information around
our society.
Anytime someone passes what they hope to be a
private communication to another, they expect that their
fellow citizens will respect its privacy. Not only do the
customs of society enforce this expectation, statute laws have
been enacted to insure it. Thus, everyone knows, or should
know, not to tamper with the mail. Everyone knows, or should
know, not to electronically eavesdrop ("bug") someone else's
telephone calls. And everyone knows, or should know, not to do
likewise with computer communications.
Alas, not everyone knows that. If everyone
did, we wouldn't need laws to protect what ought to be our
reasonable expectations of privacy. Not too long ago, the
Congress of the United States passed PL 99-508, the Electronic
Communications Privacy Act of 1986. In doing so, Congress was
recognizing the way technology has changed society and trying
to react to that change.
The Act contains two main parts, or Titles.
Title I--Interception of Communications and Related Matters,
merely updates existing laws to reflect what I've said above.
Where the law used to say you can't bug private telephone
communications, it now says you can't bug private computer
communications. Where it preserved your right to listen in to
public radio transmissions, it preserves your right to "listen
in" to public computerized transmissions (here the Congress
particularly was thinking of unencrypted satellite television,
although the law is written in more general terms). It allows
the "provider of electronic communication service" (sysops, to
electronic bulletin board users) to keep records of who called
and when, to protect themselves from the fraudulent, unlawful
or abusive use of such service.
Title II--Stored Wire and Electronic
Communications and Transactional Records Access, is the
section that has caused the biggest concern among bulletin
board system operators and users. Unfortunately, while a lot
of well-intentioned people knew that a law had been passed,
most of them started discussing it without taking the trouble
to read it first. As a result, there has been a lot of
misinformation about what it says, and a lot of reaction and
overreaction that was unnecessary.
The first thing we need to realize is that
Title II adds a new chapter to Title 18 of the United States
Code (USC). The USC fills most of two shelves in the Omaha
library. It covers in general detail virtually everything the
federal government does. In many places it gives departments
and agencies to pass rules and regulations that have the force
of law. If it didn't, instead of filling two shelves it would
probably fill two floors, and Congress would be so bogged down
in detail work it would get even less done that it does now.
Of all the USC, Title 18 deals with Crimes and Criminal
Procedure. That's where PL 99-508 talks about electronic
communications. It makes certain acts federal crimes. Equally
important, it protects certain common-sense rights of sysops.
Under the Act, it is now a federal offense to
access a system without authorization. That's right. Using
your "war-games dialer," you find a modem tone on a number you
didn't know about before and try to log on. From the way I
read the law, you can try to log on without penalty. After
all, you might not have used a war-games dialer. You might
just have got a wrong number. (Don't laugh, it's happened to
me right here in Omaha!) At the point you realize its not the
board you think you called, you ought to hang up, because at
the point where you gain access to that neat, new, unknown
system, you've just violated 18 USC 2701.
A lot of us are users of systems with "levels"
of access. In the BBS world, levels may distinguish between
old and new users, between club members and non-members, or
sysops from users. In the corporate and government world,
levels may protect different types of proprietary information
or trade secrets. Section 2701 also makes it a federal offense
to exceed your authorized access on a system.
What about electronic mail, or "e-mail?"
E-Mail has been the single biggest area of misinformation
about the new law. First, section 2701 does make it a federal
offense to read someone else's electronic mail. That would be
exceeding your authorization, since "private" e-mail systems
do not intend for anyone other than the sender or receiver to
see that mail. But, and a big but, sysops are excluded.
Whoever staffed the bill for Congress realized that system
operators were going to have access to information stored on
their systems. There are practical technical reasons for this,
but there are also practical legal reasons. While the Act does
not directly address the liability of sysops for the use of
their systems in illegal acts, it recognizes they might have
some liability, and so allows them to protect themselves from
illegal use. Sysops are given a special responsibility to go
along with this special privilege. Just like a letter carrier
can't give your mail to someone else, just like a telegraph
operator can't pass your telegram to someone else, just like a
telephone operator overhearing your call can't tell someone
else what it was about, so sysops are prohibited from
disclosing your e-mail traffic to anyone, unless you (or the
other party to the traffic) give them permission.
Common sense, right. So far all I think we've
seen is that the law has changed to recognize changes in
technology. But then, what about the police? If they can
legally bug phones with a court order, if they can legally
subpoena telephone records, what can they do with bulletin
boards? Pretty much the same things. The remaining sections of
the Act go into great detail about what the police can do and
how they can do it. The detail is too much to get into in this
article, and I would suggest that if a sysop or user ever
needed to know this information, that would be a case when
they ought to be seeing their attorney. I will give a couple
of details, however: if a sysop is served, they can be
required to make a backup copy of whatever information is on
their system (limited, of course, to that listed in the
warrant or subpoena). They must do this without telling the
persons under investigation. They do not at this point,
generally, give the police the records. They just tell the
police that its been done. Then, the courts notify the user
that this information has been requested and the user has a
chance to challenge it. Eventually, after it all gets sorted
out, the information goes to the police or is destroyed,
whichever. Again, if a sysop or user ever finds themselves in
this situation, don't rely on this article--see your lawyer.
And, see him/her soon, because the Act imposes time limits.
If the Act makes all of this stuff federal
crimes, what penalties does it establish? Again, generally,
there are two cases. The first is the one most BBS operators
and users will be concerned with. "A fine of not more than
$5,000 or imprisonment for not more than six months, or both."
Actually, in the law, that's the second case. The first is
where businesses were conducting industrial espionage--"for
purposes of commercial advantage, malicious destruction or
damage, or private commercial gain." In this case, "a fine of
not more that $250,000 or imprisonment for not more than one
year, or both, in the case of a first offense," and "a fine or
imprisonment for not more that two years, or both, for a
subsequent offense."
What all this has said is that the federal
criminal code now protects electronic communications the way
it previously protected written ones. It understands that
mailmen, physical or electronic, have access to the mail they
carry, so it tells them not to tell. It sets up some hefty
penalties for those who don't take privacy seriously enough.
And finally, it sets up procedures for the contents of
bulletin board and other electronic systems to be sought for
official investigation. This is, of course, one layman's
opinion. As long as the reader doesn't have criminal intent or
hasn't been served with some type of request for system
records, it's probably adequate. If, however, the reader finds
him/herself confronting the law "up close and personal," then
this article should be noted for one and only one piece of
advice: see a lawyer, and soon!
