ECPA Reference

Law

Electronic Communications Privacy Act (ECPA)

• Legislative History
• H.R. Rep. No. 103-827, at 10, 17, 31 (1994), reprinted in 1994 U.S.C.C.A.N. 3489, 3490, 3497, 3511
• Electronic Communications Privacy Act: Hearings on H.R. 3378 Before the Subcomm. on Courts, Civil Liberties, and the Admin. of Justice, House Comm. on the Judiciary, 99th Cong. 214, 230 (1986)
• Electronic Communications Privacy Act of 1986, S. 2575, 99th Cong. (1986)
• 132 Cong. Rec. S14,441 (Oct. 1, 1986).
• 132 Cong. Rec. S7,991 (June 19, 1986).
• 132 Cong. Rec. H4,039 (June 23, 1986).
• H.R. Rep. No. 99-647 (1986), at 35
• The term 'electronic communication' is intended to cover a broad range of communication activities . . . . As a rule, a communication is an electronic communication if it is neither carried by sound waves nor can fairly be characterized as one containing the human voice (carried in part by wire).
  Communications consisting solely of data, for example . . . would be electronic communications.
• 18 U.S.C. § 2511(2)(g) : no expectation of privacy for public radio transmissions, ship or vehicle radio, distress radio transmissions, government radio, amateur or CB radio, radio transmissions causing harmful interference.
  • 18 U.S.C. § 2511(2)(g)(i) : “It shall not be unlawful … to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.”
• 18 USC § 2701Unlawful access to stored communications
• 18 USC § 3121 (pen register and trap and trace)

Copies of ECPA

• Cornell
• Northern Virginia Community College
• CPSR Public Law 99-508
• Ohio State Public Law 99-508
• GSA

Homeland Security Act, PL 107-296, § 225(d), 116 Stat. 2157 (2002).

Stored Communications Act (ECPA Title II)

See Rule 41 of the Federal Rules of Criminal Procedure or state warrant rules.

Caselaw

• Supreme Court
• Ortega, 480 U.S. at 715 (“We have no talisman that determines in all cases those privacy expectations that society is prepared to accept as reasonable.”)
• Oliver v. United States, 466 U.S. 170, 179 (1984) (a workplace computer simply “do[es] not provide the setting for those intimate activities that the [Fourth]
  Amendment is intended to shelter from government interference or surveillance.”)
• Illinois v. Andreas, 463 US 765 (1983)
• Smith v. Maryland, 442 U.S. 735, 740 (1979).
• United States v. Caceres, 440 U.S. 741 (1979)
• Smith v. Maryland, 442 U.S. 735 (1979) According to the Supreme Court, individuals do not have an expectation of privacy in phone numbers and therefore the Fourth Amendment does not apply.
• United States v. Miller, 425 U.S. 435 (1976) (no expectation of privacy in bank records of financial dealings)
• United States v. White, 401 U.S. 745 (1971)
• Berger v. New York, 388 U.S. 41 (1967)
• Katz v. US, 389 US 347 (1967).
• Olmstead v. United States, 277 U.S. 438 (1928).
• Appellate Court
  • US v Forrester, (9th Cir July 6, 2007) (pen register that monitor's defendant's Internet and email activity, providing ip number and email address information, lawful as defendants "had no reasonable expectation that IP addresses and to/from lines of emails would remain private since such activity is transmitted through a third party")
  • Warshak v US, 2007 WL 1730094 (6th Cir. June 18, 2007) (finding expectation of privacy in email and that disclosure of emails without a warrant violated Fourth Amendment; 2703(d) Order was not sufficient)
  • US v. Ziegler, No. 05-30177 (9th Cir. Aug. 8, 2006)
  • United States v. Gourde, 440 F.3d 1065, 1077 (9th Cir. 2006) (en banc) (Kleinfeld, J., dissenting)
  • United States v. Councilman, ___ F3d ___ (1st Cir. Aug 11, 2005) (rehearing en banc)
    • "the purpose of the broad definition of electronic storage was to enlarge privacy protections for stored data under the Wiretap Act, not to exclude e-mail messages stored during transmission from those strong protections. Moreover, Congress's sole purpose in adding electronic storage to the definition of "wire communication" was to protect voice mail, and not to affect e-mail at all." Slip at 18.
    • 373 F3d 197, 201-03 (1st Cir 2004) (holding that copying emails at the server level was not an interception and citing with approval circuit court decisions requiring interception to be contemporaneous with transmission. Relied on Konop)
    • United States v. Councilman , 245 F. Supp. 2d 319, 320 (D. Mass. 2003) (definition of electronic communications is “extraordinarily – indeed, almost breathtakingly – broad”).
    • Taking counsel from Councilman: E-mail message in transient electronic storage is an "electronic communication" under the ECPA, Internet Cases 9/2/2005
  • United States v. Caymen, 404 F.3d 1196, 1199 (9th Cir. 2005)
  • Biby v. Bd. of Regents, 419 F.3d 845, 850-51 (8th Cir. 2005) (holding that no reasonable expectation of privacy existed where a policy
    reserved the employer’s right to search an employee’s computer for a legitimate reason)
  • Hall v. EarthLink Network, Inc., 396 F.3d 500, 503 n.1 (2d Cir. 2005) (rejecting arguments that "communication over the Internet can only be electronic communication while it is in transit, not while it is in electronic storage").
  • United States v. Thorn, 375 F.3d 679, 683 (8th Cir. 2004), cert. granted and judgment vacated on other grounds by 543 U.S. 1112 (2005) (holding that a public agency’s computer-use policy, which prohibited accessing sexual images, expressly denied employees any personal privacy rights in the use of the computer systems, and provided the employer the right to access any computer in order to audit its use, precluded any reasonable expectation of privacy);
  • United States v. Steiger, 318 F3d 1039, 1048-49 (11th Cir 2003), cert. denied, 538 U.S. 1051 (2003)
    • "[W]e hold that a contemporaneous interception—i.e., an acquisition during 'flight'—is required to implicate the Wiretap Act with respect to electronic communications."
  • United States v. Shryock, 342 F.3d 948, 978 (9th Cir. 2003).
  • Blumofe v. Pharmatrak, Inc. (In re Pharmatrak Privacy Litig.), 329 F.3d 9, 21 (1st Cir. 2003) (a rigid "storage-transit dichotomy . . . may be less than apt to address current problems")
  • United States v. Angevine, 281 F.3d 1130, 1133-35 (10th Cir. 2002) (holding that the employer’s computer-use policy, which included monitoring and claimed a right of access to equipment, and the employer’s ownership of the computers defeated any reasonable expectation of privacy)
  • Konop v. Hawaiian Airlines, Inc., 302 F3d 868, 878 (9th Cir 2002), cert. denied, 537 U.S. 1193 (2003)("We therefore hold that for a website such as Konop's to be 'intercepted' in violation of the Wiretap Act, it must be acquired during transmission, not while it is in electronic storage.")
    • Reinhardt, J., concurring in part, dissenting in part) ("I dissent, however, from Part B of Section I, which holds that the term 'intercept' in the Wiretap Act, as applied to electronic communications, refers solely to contemporaneous acquisition.").
    • Konop v Hawaiian Airlines, No. 99-55106 9th Cir January 8, 2001
  • Muick v. Glenayre Electronics, 280 F.3d 741 (7th Cir. 2002)
    • 743 (“Glenayre had announced that it could inspect the laptops that it furnished for the use of its employees, and this destroyed any reasonable expectation of privacy . . . .”)
    • 743] “[T]he abuse of access to workplace computers is so common (workers being prone to use them as media of gossip, titillation, and other entertainment and distraction) that reserving a right of inspection is so far from being unreasonable that the failure to do so might well be thought irresponsible.”
  • United States v. Silva, 247 F.3d 1051, 1055 (9th Cir. 2001) (noting that “[t]he reasonableness of an expectation of privacy is evaluated . . . ‘[by reference] to understandings that are recognized and permitted by society’ ” (quoting Rakas v. Illinois, 439 U.S. 128, 143 n.12 (1978)))
  • Guest v. Leis, 255 F.3d 325 (6th Cir. 2001)
  • U.S. v. Smith, 155 F.3d 1051 (9th Cir. 1998)
    • prior to the Patriot Act, court held that officer needed a wiretap order to seize voice mail
    • 1056 ("[T]he Stored Communications Act expressly rules out exclusion as a remedy")
  • Davis v. Gracey, 111 F.3d 1472 (10th Cir. 1997).
  • United States v. Pervaz, 118 F.3d 1 (1st Cir. 1997).
  • United States v. Gaytan, 74 F.3d 545 (5th Cir. 1996)
  • Tucker v. Waddell, 83 F.3d 688, 693 (4th Cir. 1996) ("[T]he language of § 2703(c) does not prohibit any governmental conduct, and thus a governmental entity may not violate that subsection by simply accessing information improperly")
  • United States v. Fregoso, 60 F.3d 1314, 1320 (8th Cir. 1995) ("The judicial role in approving use of trap and trace devices is ministerial in nature.").”
  • Steve Jackson Games v. U.S. Secret Service, 36 F.3d 457 (5th Cir. 1994) (ECPA is "famous (if not infamous for its lack of clarity.")
  • holding that seizure of stored but unread email messages was not an interception and citing with approval the lower court's requiring interception to be contemporaneous with transmission.
  • Steve Jackson Games, Inc. v. U.S. Secret Service, 816 F.Supp. 432 (W.D. Tex. 1993) Secret Service violated ECPA
  • United States v. Mullins, 992 F.2d 1472, 1478 (9th Cir. 1993), cert. denied, 509 US 905 (1993) (airline that provides travel agents with computerized travel reservation system accessed through separate computer terminals can be a provider of electronic communication service).”
  • United States v. Bianco, 998 F.2d 1112 (2d Cir. 1993), cert. denied, 114 S. Ct. 1644 (1994)
  • United States v. Petti, 973 F.2d 1441 (9th Cir. 1992), cert. denied, 113 S.Ct. 1859 (1993)
  • United States v. Villegas , 899 F.2d 1324, 1337 (2d Cir. 1990) (law enforcement officers must show “good reason” for delayed notice).
  • Nabozny v. Marshall, 781 F.2d 83 (6th Cir.), cert. denied, 476 U.S. 1161 (1986) (kidnapping and extortion scenario constituted an emergency situation).
  • United States v. Seidlitz, 589 F.2d 152, 158 (4th Cir. 1978), cert. denied, 441 U.S. 922 (1979) (owner of computer is a party to the communication and can consent to government monitoring);
• District Court
• United States v. Long, U.S. Court of Appeals for the Armed Forces No. 05-5002, September 27, 2006 (supressing email, finding expectation of privacy where email account was password protected and log-on banner said monitoring would take place only for administrative purposes, not legal or investigative).
• U.S. v. Jones, 2005 WL 850991, ___ F Supp 2d ___ (DCD Utah 2005) the email in question intercepted by a private individual “may not be suppressed because §2515 does not apply to electronic communications, and there is no other applicable suppression remedy under the Wiretap Act.”.
• Fischer v. Mt.Olive Lutheran Church , 207 F. Supp. 2d 914 (W.D. Wis. 2002) (court held that email in a Hotmail account that had been opened but remained on the Hotmail server remained “stored” communications).
• Fraser v. Nationwide Mut. Ins. Co., 135 F.Supp.2d 623 (E.D.Pa 2001): Insurance company on its network reviewed email transmitted from one contractor to another after it had been opened. Court held that the Wiretap Act did not apply because this did not constitute an interception of a communication; the communication had already been transmitted. Furthermore, the stored communications provisions of ECPA did not apply because this was not storage incident to transmission. The email had been received, open and read. Therefore reading of email by company was not barred by ECPA. See also HR Rep. No. 99-647, at 64-65 (1986).
• Chance v. Avenue A, Inc., 165 F.Supp.2d 1153 (W.D.Wash.2001)
• In re Intuit Privacy Litigation, 138 F.Supp.2d 1272 (C.D.Cal.2001) (holding that accessing cookies could constitute a violation of ECPA).
• In re Doubleclick Inc. Privacy Litigation, 154 F.Supp.2d 487, 511-12 (SDNY 2001)
• Crowley v. Cybersource Corp., 166 F.Supp.2d 1263, 1270 (NDCa 2001) (finding that Amazon.com was a user of a network and not a ECS, rejecting plaintiff’s argument that it sends and receives messages from Amazon).
• Hill v. MCI Worldcom , 120 F. Supp. 2d 1194 (S.D. Iowa 2000) ("concluding that the "names, addresses, and phone numbers of parties . . . called" constituted "a record or other information pertaining to a subscriber or customer of such service" for a telephone account).”
• United States v. Allen, 53 M.J. 402, 409 (C.A.A.F. 2000) (concluding that "a log identifying the date, time, user, and detailed internet address of sites accessed" by a user constituted "a record or other information pertaining to a subscriber or customer of such service" under ECPA).”
• United States v. Kennedy, 81 F. Supp. 2d 1103, 1109-11 (D. Kan. 2000)
  • “A Law enforcement official can not slide by with merely proposing that it has “specific and articulable facts”; the official must set them forth. “(concluding that a conclusory application for a § 2703(d) order "did not meet the requirements of the statute.").”
  • 1110 ("[S]uppression is not a remedy contemplated under the ECPA.")
• United States v. Hambrick, 55 F. Supp. 2d 504, 507 (W.D. Va. 1999), aff'd, 225 F.3d 656, 2000 WL 1062039 (4th Cir. 2000) ("Congress did not provide for suppression where a party obtains stored data or transactional records in violation of the Act.")
• United States v. Charles, 1998 WL 204696, at *21 (D. Mass. 1998) ("ECPA provides only a civil remedy for a violation of § 2703")
• United States v. Barth, 26 F. Supp. 2d 929, 936-37 (W.D. Tex. 1998) (finding reasonable expectation of privacy in files stored on hard drive of personal computer)
• McClelland v. McGrath, 31 F.Supp.2d 616 (NDIll 1998) (monitoring of telephone call must be reasonably connected with protection of service).
• Jessup-Morgan v. America Online, Inc. , 20 F. Supp. 2d 1105 (E.D. Mich. 1998) (finding ECPA does not regulate disclosure to private individual of identity of a subscriber of an electronic communication service)
• McVeigh v. Cohen, 983 F. Supp. 215 (DDC 1998)
  • CDT, Navy Breaks 'Don't Ask, Don't Tell' Privacy Law
  • McVeigh Ruling Now Permanent
  • Wired Strategies
  • Dave's Gay Military Site
  • Timothy McVeigh's Website (allegedly)
• Wasson v. Sonoma County Jr. Coll. Dist., 4 F. Supp. 2d 893, 905-06 (N.D. Cal. 1997) (holding that a policy giving the employer “the right to access all information stored on [the employer’s] computers” defeated an expectation of privacy)
• United States v. Reyes, 922 F. Supp. 818, (S.D.N.Y. 1996)
  • 832-33 (finding reasonable expectation of privacy in data stored in a pager)
  • 837-38 ("Exclusion of the evidence is not an available remedy for this violation of the ECPA. . . . The remedy for violation of [18 U.S.C. § 2701-11] lies in a civil action.").”
• Sega Enterprises Ltd v. MAPHIA, 948 F.Supp. 923, 930-31 (NDCal. 1996) (video game manufacturer that accessed private email stored on another company’s bulletin board service in order to expose copyright infringement was not a provider of electronic communication service)
• Bohach v. City of Reno , 932 F.Supp. 1232, 1236 (D.Nev 1996) (city that provided pager service to its police officers can be a provider of electronic communications service)
• United States v. Orena, 883 F. Supp. 849 (E.D.N.Y. 1995)
• State Wide Photocopy v. Tokai Fin. Servs. Inc., 909 F.Supp. 137, 145 (SDNY 1995) (financing company that used fax machines and computers but did not provide the ability to send or receive communications was not provider of electronic communication service).
• United States v. Lynch, 908 F. Supp. 284, 287 (D.V.I. 1995)
• In re Application of the United States , 846 F. Supp. 1555, 1558-59 (M.D. Fla. 1994). “The court will not conduct an "independent judicial inquiry into the veracity of the attested facts."
• United States v. Chan, 830 F. Supp. 531, 535 (N.D. Cal. 1993)
• United States v. Villegas, 1993 WL 535013 (S.D.N.Y. December 22, 1993)
• United States v. Blas, 1990 WL 265179, at *21 (E.D. Wis. Dec. 4, 1990) ("[A]n individual has the same expectation of privacy in a pager, computer, or other electronic data storage and retrieval device as in a closed container.").”
• United States v. Crouch, 666 F. Supp. 1414 (N.D. Cal. 1987)(wiretap evidence suppressed because there was no imminent threat of death or serious injury)

Government Activity

• Government Guides
  • DOJ US Attorney's Manual
    • Title 9-7.00 Electronic Surveillance
    • Title 9-7.301 Electronic Surveillance: Consensual Monitoring -- General Use
  • Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, USDOJ Sec. III.B. (July 2002)
    • Appendix A: Sample Network Banner Language
    • Appendix B: Sample 18 U.S.C. § 2703(d) Application and Order
    • Appendix C: Sample Language for Preservation Request Letters under 18 U.S.C. § 2703(f)
    • Appendix D: Model form for IP trap and trace on a web-based email account; Model form for pen register/trap and trace; and Model form for IP pen register/trap and trace on a computer network intruder.
    • Appendix E: Sample Subpoena Language
    • Appendix F: Sample Language for Search Warrants and Accompanying Affidavits to Search and Seize Computers
    • Appendix G: Sample Letter for Provider Monitoring
    • Appendix H: Sample Authorization For Monitoring of Computer Trespasser Activity
  • DOJ, Criminal Resource Manual: 1053 Exceptions to the Prohibitions -- Interceptions by Providers of Wire or Electronic Communications Services (1997). “The provision allows telephone companies to combat "blue box" toll fraud by intercepting portions of telephone calls which have been completed by circumventing the companies' billing systems. See United States v. Auler, 539 F.2d 642 (7th Cir. 1976); United States v. Clegg, 509 F.2d 605 (5th Cir. 1975).”
  • Patriot Act 2001 (Oct 2001) (“DOJ can call up ISPs and have them start the monitoring, with court orders to follow.”).
  • Tracking a Computer Hacker, US Attorneys Bulletin May 2001
• Papers
  • President's Working Group on Unlawful Conduct on the Internet, The Electronic Frontier: The Challenge of Unlawful Conduct Involving the Use of the Internet (March 2000).
  • Office of Technology Assessment, Federal Government Information Technology:
    Electronic Surveillance and Civil Liberties, (Oct. 1985)
• Hearings
  • Statement of Kevin V. Di Gregory, Deputy Assistant Attorney General, US Department of Justice Before the Subcommittee on the Constitution of the House Committee on the Judiciary, The Fourth Amendment and the Internet (April 6, 2000).
• Other
  • Letter from Jamie Brown, Acting Assistant Attorney General, to The Honorable F. James Sensenbrenner, Page 23 (May 13, 2003) (answering questions concerning the Patriot Act).

Papers

• Orin S. Kerr , Searches and Seizures in a Digital World, SSRN 4/8/2005
• Peter Swire, Katz is Dead. Long Live Katz., SSRN 2/18/2004
• Orin S. Kerr, Internet Surveillance Law After the USA Patriot Act: The Big Brother that Isn't, 97 Nw. U. L. Rev. 607, 613-14 (2003)
• New, Revised Electronic Search & Seizure Manual Available, DOJ 8/23/02
• Robert A. Pikowsky, An Overview of the Law of Electronic Surveillance Post September 11, 2001, 94 Law Libr. J. 601 (2002)
• US DOJ Search Manual:  ECPA
• House Report to Accompany ECPA HR 5018
• Summary of H.R. 5018, The Electronic Communications Privacy Act of 2000
• Brad Ney, Law Clerk, Bricker & Eckler LLP, July 2000
• Jones Telecommunications and Multimedia Encyclopedia ECPA Electronic Communications Privacy Act
• CDT Communications Privacy in the Digital Age June 1997
• Matthew W. Finkin, Employee Privacy, American Values, and the Law, 72 CHI.-KENT L. REV. 221, 226 (1996) (“[T]o the extent the reasonableness of the legitimate expectation of privacy is determined on objective grounds, it would rest upon employer policies, practices, or assurances in the matter . . . . [T]his bids fair to eviscerate any claim to privacy at all.” (citation omitted))
• NANOG:  ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act, Mark Eckenweiler, US DOJ Powerpoint HTML
• AOL Legal Department
• What Is The Electronic Communications Privacy Act ("ECPA")
• Testimony Of Jerry Berman Executive Director Electronic Frontier Foundation Accompanied By Ronald L. Plesser Piper & Marbury On Behalf Of The Electronic Frontier Foundation And The Digital Privacy And Security Working Group Concerning The Digital Telephony And Communications Privacy Improvement Act Of 1994 Before The Senate Judiciary Subcommittee On Technology And Law And House Judiciary Subcommittee On Civil And Constitutional Rights March 18, 1994

Books

• Cliff Stoll, The Cuckoo’s Egg (Simon & Schuster 1989) : The twisted tale of tracking a Soviet paid spy as he hacked his way into the Lawrence Berkeley Lab, through the ARPANet, and into sensitive US Government computers, at a time when US law enforcement officials neither comprehended nor cared about an insignificant 75-cent computer intrusion.

Links

• Can We Tape – Reporters Committee for Freedom of the Press

Notes

• "The first 'data wiretap' was reportedly used to apprehend some of the principal actors in the Phonemaster case." PBS

News

• Feds Need A Warrant To Search Email, Techdirt 6/19/2007
• Email Protected by 4th Amendment, Court Says, Freedom to Tinker 6/19/2007
• Court Protects Email from Secret Government Searches, EFF 6/19/2007
• No reasonable expectation of privacy in Internet subscriber information, InternetCases 8/19/2005
• US judge raises bar on net privacy, Register 9/30/2004
• Interception of E-Mail Raises Questions, CRN 7/2/2004
• Court Rules For ISP Who Read E-Mail, Techweb 7/2/2004
• Child-porn probe used first live Internet wiretap, sacbee 5/20/2004
• Briefly: Google denies FBI link to Gmail, CNET 4/30/2004
• ACLU Challenges FBI On Obtaining ISP Records, USA Today 4/30/2004

Archive

• ISP Wiretap Hotline CIX ISPC ISPBF (Wiretap hotline has been terminated)
  • Hotline to Help ISPs Understand Electronic Surveillance And Network Integrity Nov 7, 2000 prnewswire
  • Internet Organizations Create Wiretap Hotline Nov 7, 2000 cnn
  • WireTap Legal Hotline Established Nov 7, 2000 infoworld
• CIX White Paper:  The Legal Standard for Government Tracing of Internet Communications:  The Misuse of Pen Register Court Orders for Real Time Acquisition of Transactional Information October 2000 | Press Release |