Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Cyber Law :: houseact.txt

The Electronic Communications Privacy Act





                  ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
                                    H.R. 4952

          The  House  has already passed the Electronic Communications
          Act of 1986, H.R. 4952, and  the  Senate  is now consdering
          it.   According  to the Washington Post, and most  political
          observers, the Act is gong to pass and become law. 

          Some  of  its provisions are important  to  BBS  sysops  and
          users.  The following is an excerpt  from  the House Report
          (Report 99-647), which accompanied  the  passage of the bill
          in the house. 

          

             CHAPTER 121--STORED WIRE AND ELECTRONIC COMMUNICATIONS
                         AND TRANSACTIO
 RECORDS ACCESS

          

          Section 2701.  Unlawfull access to stored communicatons


          (a) Offense.--Except as provided in subsection 9c) of this
          section whoever--
               (1) intentionally accesses without auhorization a facility
          through which an electronic communiction service is provided;or
               (2) intentionally exceeds an authorization to access that
                facility and thereby obtains, alters, or prevents authoroized
           access to a wire or electronic communicaqtion while it is in
          electronic
          storage in such system shall be punished as provided in
          subsection (b) of this section.

          (b) Punishment.-- The punishment for an offense under sub sectio

          (a) of this section is--
               (1)  if the offense is committed for purposes of commercial
          advantage, malicious destruction or damages, or porivate
          commercial gain--
                    (A)a fine of not more than $250,000 or imprisonment for
          not more than one year, or both, in the case of a first offense
          under this subparagraph; and
                    (B)a fine under this title or imprisonment for not more
          than two yeras or both  for an subsequent offense under this
          subparagraph; and
               (2)  a fine of nor more than $5,000 or imprisonment for not
          more than six months, or both in any other case.

          Section 2702. Disclosure of Contents

          (a) Prohibitions.--Except as provided in subsection (b)--
               (1) a person or entitle providing an elec tronic
          communication servi8ce to the public shall not knowingly divulge
          to any person or entity the content  of a communicaton while in
          electronic storgy by that service;and
               (2)  a person or entity providing remote computing service
          to the public shall not knowingly divulge to any person or entity
          the contents of ay communication  which is carried or maintained
          on that service--
                    (A) on behalf of, and received by means of electronic
          tranwmission from (or created by means of computer porcessing of
          communications eceived by means of electronic trasnmission from),
          a subscriber or customer of such service; and
                    (B) solely for the purpose of providing storage or
          computer processing services to such subscriber or customer, if
          the provider is not authorized to access the contents of any such
          communications for purposes of providing any services other than
          storage or computer processing.

          (b) Exceptions.--A person or entity may divulge the contents of a
          communication ---
               (1) to an addressee or intended recipient of such
          communication or an agent of such addressee or intended recipient;
               (2) as otherwise authorized in section 2516, 251(2)(a) or
          2703 of this title;
               (3) with the lawful consent of the originator or an addresee
          or intended recipient of such comunication, or the subscxriber in
          the case of remote computing service;
               (4)to a person employed or authorized or whose facilities
          are sued to forward such communication to its destination;
               (5)as may be necessarily incident to the rendition of the
          service or to the protection of the rihts or property of the
          provider of that service;or
                   (6)to a law enforcement agency, if such contents--
                    (A) were inadvertently obtained by service provider;and
                    (B) appear to pertain to the commission of a crime.

                                     *******

          
                                 REPORT LANGUAGE

          Proposed section 2701 provides  a new criminal offense.  The
          offense   consists  of  either:
     
        1)intentionally   accessing, without  authorization, a facility
          through  which   an electronic  communication  service  is 
          provided or (2)intentionally exceeding the authorization
          of such facility. 
          In addition, the offense requires that the offender must, as
          a  result  of  such  conduct,  obtain,  alter,  or   prevent
          unauthorized access to a wire  or  electronic  communication
          while it  is  in  electronic  storage in  such a system. The term
          electronic storage is  defined  in  section 2510(17) of title 18.
          Electronic   storage   measn   any   temporary,
          intermediate sstorage  of a wire or electronic communication
          incidental  to  the electronic transmission tehreof and  the
          storage   of   such   communication    by    an   electronic
          communications service for the purpose of back-up protection
          of such communciation. 

          Section 27 1(a) makes it  an  offense intentionally to access
          without  authroization, or to  exceed  an  authorization  to
          access,  an  electronic communciation  service  and  thereby
          obtain, later or prevent authorized access to a wire  or or
          electronic communication  while  it is in electronic storage
          in  such  system.   This  provision  addresses  the  growing
          problem of unauthroized persons deliberately gaining  access
          to,  and   sometimes  tampering  with,  electronic  or  wrie
          communication that are nto intended to be available  to  the
          public.     *******(emphasisze    added)****The    Committee
          recognizes   however   that  some  electronic  communication
          services   offer  specific  features,  sometimes  known   as
          computer  "electronic   bulletin   boards,"   through  which
          interested person may communicate  openly with the public to
          exchange  computer  programs in teh public domain and  other
          types of information taht  may  be distributed without legal
          constraint. 

          It is not the intent to  hinder  hte  development  or use of
          "electronic bulletin  boards" or other comparable services. 
          The  Committee  belieives  that  where  communciations   are
          readily accessible to the  general  public,  the sender has,
          for   purposes   of   Section   2701(a)    ,   extended   an
          "authorization"    to    the   public   to   access    those
          communications.   A person may reasonably  conculde  that  a
          communication is readilyh accssible to the  genereal  public
          if the telephone number  of  the  system  and other means of
          accesas are widely known, and if a  person  does not, in the
          course  of   gaining   access,   encounter   any   warnings,
          encryptions, password requests or other indicia  of intended
          privacy.  To access a communication on  such a system should
          not be a violation of the law. 

          Some  communcation systems offer a mixture of services,some,
          such as bulletin boards,  which  maybe readily accessible to
          the   general  public,  while  others--such  as   electronic
          mail--may  be  intended  to be confidential.  Such a  system
          typically  has two or more distinct levels of  security.   A
          user may  be  able  to access electronic bulletin boards and
          the  like merely with a password  he  assigns  to  himselkf,
          while access to such  features as electronic mail ordinarily
          entails a higher level of security (i.e., the  mail  must be
          addressed  to  the  user  to  be  accessible specifically). 
          Section  2701   would  apply  diffrently  to  the  different
          services.   Thse wire or electronic communications which the
          servcie  providr  attempts  to  keep confidential  would  be
          protected, while the statute  would  impose no liability for
          access to feature configured to be readily  acessible to the
          general public. 

                                      *****

          Section 2702 specifies that a person or entity providing wire
          or  electronic  communication  service  to  the  public  may
          divulge the contents of a communication while in  electronic
          storage  by  that  service with the lawful  cosnent  of  the
          originator  or  any  addressee  or  intended   addressee  or
          intended recipient  of  such  communicaiton.  The commmittee
          emphasizes  that "lawful consent" in this context, need  not
          take the form of a formal written document  of  consent.  A
          grant  of  consent  electronically would protect hte service
          provider from liability  for dislclosure under section 2702.
          Under  various  circumstances,  consent might be inferred to
          have arisen from a  course  of  dealing  between the service
          provider  and  the  customer or  subscriber--e.g.   where  a
          history  of transactions betweent he parties offers a  basis
          for  a resonable understanding that a consent to  disclosure
          attaches to a particular class  of  communications.  Consent
          may also flow  from a user having had a reasonable basis for
          knowing that disclosure or use may be made with respect to a
          communications  ,  and having taken  action  that  evidences
          acquiescence  to such disclosure or use--e.g., continued use
          of such an electronic communication system.  Anotehr type of
          implied consent might be  inferred  from  the very nature of
          the electronic transaction.   fo  example,  a subscriber who
          places  a  communication on a computer  "electronic  buletin
          board,"  with  a  reasonble  basis  for  knowing  that  such
          communication  are  freely  made  available to the  public,
          should be considered to have given consent to the disclosure
          or  use  of   the  communication.   if  conditons  governing
          disclosure or  use  are  spelled  out  in  the  rules  of an
          electronic  communication  servcie,  and  those  rules  are
          availabvle to users or in contracts for hte provison of such
          servcies, it would  be  appropriate  to imply consent on the
          part of a user to disclosures or uses consistent with  those
          rules. 

          Section 2702(a) specifies that  a person or entity providing
          a  wire   or  electronic  communciation  service  or  remote
          computer services to the  public shall not knowingly divulge
          the  contents  of  any  communication  while  in  electronic
          storage by  that service to any  person or entity other than
          the addressee or intended recipient of such communication or
          an  agent   of such addressee or inintended recipient of  the
          communications.    Under  some  circumstances,   however,  a
          customer  orf  or  suscriber   to   a   wire  or  electronic
          communication  service  may  place  a  communication on  the
          service  without specifying an addressee.  The Committee  in
          tends,  in  that situation,  that  the  communication  at  a
          minimum be deemed addressed  to  the  service  provider  for
          purposes  of  Section  2702(b).  Because  an  addressee  may
          consent to the disclosure of  a  communication  to any other
          person,  a  service provider or system operator, as  imputed
          address,   may  disclose  the  contents  of  an  unaddressed
          communcation. 

          A   person  may   be   an   "intended   recipient"    of   a
          communciaiton, for purpose of  section  2702 , even if he is
          not  individually  identified  by  name   or  otherwise.   A
          communicaiton may be addressed to the members  of  a  group,
          for example.  In the case of an  electronic  bulletin board,
          for  instance, a communication  might  be  directed  to  all
          members of a previously formed "special interest group"  or,
          alternatively,  to  all  members   of  the  public  who  are
          interested in  a particular topic of disucssion.  In such an
          intance,  the  service  provider  would  not  be liable  for
          disclosure to any peson  who  might reasonably be considered
          to fall in the calss of intended recipients. 
                                    COMMENTS

          The entire document has to be read and studied to draw final
          conclusions on a number  of  important issues.  However, the
          following observations I think are fair at this point:

          1.  SYSOPS  are,  under the  Act,  going  to  be  considered
          providers of  an electronic communications service. In other
          words,  whenever  a  BBS  goes  up, it becomes an electronic
          communication service subject to the requirements of the new
          law, should it be enacted. 

          2. Users of the  BBS  are protected by the law, and may have
          grounds to take action against or ask that criminal  charges
          be brought if their communictions are improperly disclosed. 

          3. SYSOPs do have  added  protection  against  hackers,  and
          federal law enforcement should now be available. 

          4. Any "general" messages addressed to  all  members  of the
          board, provided the board is open to the general public, may
          be disclosed and are not protected. 

          5. Now other messages and  files  are  handled  gets complex
             thereafter. 

          a.  It  is  unclear whether a sysop may legally read private
          mail  on  his  board addrssed to antoher user, unless  sysop
          discloses in a warning message  that  he/she  may  read such
          messages. 

          b.  Conferences that are not generally open  to  the  public
          probably create an expectation of privacy and there  will be
          limited rights to disclose information. 

          c.  Major changes in security procedures might require  user
          consent, or their messages might have to be removed. 

          6. It would be  prudent  to  have  a major disclaimer in the
          introduction of each BBS session,  stating  that there is no
          expectation of privacy and that  anything  left on the board
          may be read or disclosed by the sysop. 



 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH