ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986

 


                ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986

                                  H.R. 4952

 

        The House has already passed the Electronic Communications

        Act of 1986, H.R. 4952, and the Senate is now considering

        it. According to the Washington Post, and most political

        observers, the Act is going to pass and become law.


        Some of its provisions are important to BBS sysops and

        users. The following is an excerpt from the House Report

        (Report 99-647), which accompanied the passage of the bill

        in the house.


           CHAPTER 121--STORED WIRE AND ELECTRONIC COMMUNICATIONS

                       AND TRANSACTION RECORDS ACCESS


        Section 2701. Unlawful access to stored communicatons

        (a) Offense. -- Except as provided in subsection 9c) of this

        section whoever --

             (1) intentionally accesses without authorization a facility

        through which an electronic communication service is provided; or

             (2) intentionally exceeds an authorization to access that

        facility and thereby obtains, alters, or prevents authorized

        access to a wire or electronic communication while it is in elec-

        tronic storage in such system shall be punished as provided in

        subsection (b) of this section.


        (b) Punishment. -- The punishment for an offense under subsection

        (a) of this section is --

             (1) if the offense is committed for purposes of commercial

        advantage, malicious destruction or damages, or private commercial

        gain --

                  (A) a fine of not more than $250,000 or imprisonment for

        not more than one year, or both, in the case of a first offense

        under this subparagraph; and

                  (B) a fine under this title or imprisonment for not more

        than two years or both for any subsequent offense under this

        subparagraph; and

        (2) a fine of not more than $5,000 or imprisonment for not

        more than six months, or both in any other case.


        Section 2702. Disclosure of Contents


        (a) Prohibitions. -- Except as provided in subsection (b) --

             (1) a person or entitle providing an electronic communi-

        cation service to the public shall not knowingly divulge to any

        person or entity the contents of a communicaton while in electronic

        storage by that service; and

             (2) a person or entity providing remote computing service

        to the public shall not knowingly divulge to any person or entity

        the contents of any communication which is carried or maintained

        on that service --

                  (A) on behalf of, and received by means of electronic

        transmission from (or created by means of computer processing of

        communications received by means of electronic transmission from),

        a subscriber or customer of such service; and

                  (B) solely for the purpose of providing storage or

        computer processing services to such subscriber or customer, if

        the provider is not authorized to access the contents of any such

        communications for purposes of providing any services other than

        storage or computer processing.


        (b) Exceptions. -- A person or entity may divulge the contents of

        a communication ---

             (1) to an addressee or intended recipient of such communi-

        cation or an agent of such addressee or intended recipient;

             (2) as otherwise authorized in section 2516, 2511(2)(a) or

        2703 of this title;

             (3) with the lawful consent of the originator or an addresee

        or intended recipient of such communication, or the subscriber in

        the case of remote computing service;

             (4) to a person employed or authorized or whose facilities

        are used to forward such communication to its destination;

             (5) as may be necessarily incident to the rendition of the

        service or to the protection of the rights or property of the

        provider of that service; or

             (6) to a law enforcement agency, if such contents --

                (A) were inadvertently obtained by service provider; and

                (B) appear to pertain to the commission of a crime.


                                   *******


                               REPORT LANGUAGE


        Proposed section 2701 provides  a new criminal offense. The

        offense consists of either: (1) intentionally accessing, with-

        out authorization, a facility through which an electronic

        communication service is provided or (2) intentionally exceed-

        ing the authorization of such facility. In addition, the offense

        requires that the offender must, as a result of such conduct,

        obtain, alter, or prevent unauthorized access to a wire or

        electronic communication while it is in electronic storage in

        such a system. The term electronic storage is defined in section

        2510(17) of Title 18. Electronic storage means any temporary,

        intermediate storage of a wire or electronic communication

        incidental to the electronic transmission thereof and the

        storage of such communication by an electronic communications

        service for the purpose of back-up protection of such communi-

        cation.


        Section 2701(a) makes it an offense intentionally to access

        without authorization, or to exceed an authorization to

        access, an electronic communciation service and thereby

        obtain later, or prevent authorized access to, a wire or an

        electronic communication while it is in electronic storage

        in such system. This provision addresses the growing problem

        of unauthorized persons deliberately gaining access to, and

        sometimes tampering with, electronic or wire communication that

        are not intended to be available to the public. ****** (emphasis

        added) ****** The Committee recognizes however that some elec-

        tronic communication services offer specific features, sometimes

        known as computer "electronic bulletin boards," through which

        interested person may communicate openly with the public to

        exchange computer programs in the public domain and other

        types of information that may be distributed without legal

        constraint.


        It is not the intent to hinder the development or use of

        "electronic bulletin boards" or other comparable services.

        The Committee believes that where communications are readily

        accessible to the general public, the sender has, for purposes

        of Section 2701(a), extended an "authorization" to the public

        to access those communications. A person may reasonably conclude

        that a communication is readily accessible to the general public

        if the telephone number of the system and other means of access

        are widely known, and if a person does not, in the course of

        gaining access, encounter any warnings, encryptions, password

        requests or other indication of intended privacy. To access a

        communication on such a system should not be a violation of the

        law.


        Some communication systems offer a mixture of services, some,

        such as bulletin boards, which maybe readily accessible to

        the general public, while others -- such as electronic mail --

        may be intended to be confidential. Such a system typically has

        two or more distinct levels of security. A user may be able to

        access electronic bulletin boards and the like merely with a

        password he assigns to himself, while access to such features

        as electronic mail ordinarily entails a higher level of security

        (i.e., the mail must be addressed to the user to be accessible

        specifically). Section 2701 would apply differently to the

        different services. These wire or electronic communications

        which the service provider attempts to keep confidential would

        be protected, while the statute would impose no liability for

        access to feature configured to be readily acessible to the

        general public.


        Section 2702 specifes that a person or entity providing wire

        or electronic communication service to the public may divulge

        the contents of a communication while in electronic storage by

        that service with the lawful consent of the originator or any

        addressee or intended addressee or intended recipient of such

        communication. The Commmittee emphasizes that "lawful consent"

        in this context, need not take the form of a formal written

        document of consent. A grant of consent electronically would

        protect the service provider from liability for disclosure under

        section 2702. Under various circumstances, consent might be

        inferred to have arisen from a course of dealing between the

        service provider and the customer or subscriber -- e.g. where

        a history of transactions between the parties offers a basis

        for a resonable understanding that a consent to disclosure

        attaches to a particular class of communications. Consent may

        also flow from a user having had a reasonable basis for

        knowing that disclosure or use may be made with respect to a

        communications, and having taken action that evidences acquies-

        cence to such disclosure or use -- e.g., continued use of such

        an electronic communication system. Another type of implied

        consent might be inferred from the very nature of the electronic

        transaction. For example, a subscriber who places a communi-

        cation on a computer "electronic bulletin board",  with a rea-

        sonable basis for knowing that such communications are freely

        made available to the public, should be considered to have given

        consent to the disclosure or use of the communication. If con-

        ditions governing disclosure or use are spelled out in the rules

        of an electronic communication service, and those rules are

        available to users or in contracts for the provison of such

        services, it would be appropriate to imply consent on the part

        of a user to disclosures or uses consistent with those rules.


        Section 2702(a) specifies that a person or entity providing

        a wire or electronic communication service or remote computer

        services to the public shall not knowingly divulge the contents

        of any communication while in electronic storage by that service

        to any person or entity other than the addressee or intended

        recipient of such communication or an agent of such addressee

        or intended recipient of the communications. Under some circum-

        stances, however, a customer or suscriber to a wire or electron-

        ic communication service may place a communication on the ser-

        vice without specifying an addressee. The Committee intends, in

        that situation, that the communication at a minimum be deemed

        addressed to the service provider for purposes of Section 2702(b).

        Because an addressee may consent to the disclosure of a communi-

        cation to any other person, a service provider or system operator,

        as imputed address, may disclose the contents of an unaddressed

        communcation.


        A person may be an "intended recipient" of a communication, for

        purpose of section 2702, even if he is not individually identified

        by name or otherwise. A communication may be addressed to the

        members of a group, for example. In the case of an electronic

        bulletin board, for  instance, a communication might be directed

        to all members of a previously formed "special interest group" or,

        alternatively, to all members of the public who are interested in

        a particular topic of disucssion. In such an instance, the service

        provider would not be liable for disclosure to any peson who might

        reasonably be considered to fall in the class of intended recip-

        ients.



                                    *****


                                  COMMENTS


        The entire document has to be read and studied to draw final

        conclusions on a number of important issues. However, the

        following observations I think are fair at this point:


        1.  SYSOPS are, under the Act, going to be considered providers

        of an electronic communications service. In other words, whenever

        a BBS goes up, it becomes an electronic communication service

        subject to the requirements of the new law, should it be enacted.


        2. Users of the BBS are protected by the law, and may have

        grounds to take action against or ask that criminal charges

        be brought if their communications are improperly disclosed.


        3. SYSOPs do have added protection against hackers, and

        federal law enforcement should now be available.


        4. Any "general" messages addressed to all members of the

        board, provided the board is open to the general public, may

        be disclosed and are not protected.


        5. How other messages and files are handled gets complex very

        thereafter.




Comments

Popular posts from this blog

BOTTOM LIVE script

Evidence supporting quantum information processing in animals

ARMIES OF CHAOS