|ECPA Title I :: The Wiretap Act|
"As a means of espionage, writs of assistance and general warrants are but puny instruments of tyranny and oppression when compared with wire tapping." - Olmstead v. US, 277 U.S. 438, 476 (1928) (Justice Brandeis Dissenting opinion).
Rule: It is illegal for anyone to intercept electronic communications. (See Fourth Amendment)
|The FCC is exempt from these provisions. 18 U.S.C. § 2511(2)(b)|
|Individuals swiping satellite signals potentially violate 18 U.S.C. § 2511(4)(c)|
|See History of Wiretap Act|
18 U.S.C. § 2511(1). Interception and disclosure of wire, oral, or electronic communications prohibited
(1) Except as otherwise specifically provided in this chapter any person who-
(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;
(b) intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication when-
(i) such device is affixed to, or otherwise transmits a signal through, a wire, cable, or other like connection used in wire communication; or
(ii) such device transmits communications by radio, or interferes with the transmission of such communication; or
(iii) such person knows, or has reason to know, that such device or any component thereof has been sent through the mail or transported in interstate or foreign commerce; or
(iv) such use or endeavor to use
(A) takes place on the premises of any business or other commercial establishment the operations of which affect interstate or foreign commerce; or
(B) obtains or is for the purpose of obtaining information relating to the operations of any business or other commercial establishment the operations of which affect interstate or foreign commerce; or
(v) such person acts in the District of Columbia, the Commonwealth of Puerto Rico, or any territory or possession of the United States;
(c) intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection;
(d) intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; or
(i) intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, intercepted by means authorized by sections 2511 (2)(a)(ii) , 2511 (2)(b) -(c), 2511(2)(e), 2516, and 2518 of this chapter,
(ii) knowing or having reason to know that the information was obtained through the interception of such a communication in connection with a criminal investigation,
(iii) having obtained or received the information in connection with a criminal investigation, and
(iv) with intent to improperly obstruct, impede, or interfere with a duly authorized criminal investigation,
shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5).
This prohibition applies to private individuals as well as government men in dark suits. It involves all types of transmissions. Anyone installing a sniffer, from Carnivore to a system administrator wanting to measure the amount of pornography or music downloads on the network, for whatever reason, potentially could be violating the law. Even if one did not do the interception, if one knowingly uses or releases the information intercepted, that person too could be in trouble. [18 U.S.C. § 2511(c), (d) & (e)]
Of course, one activity that hackers are frequently engaged in is interception of packets and use of the information disclosed. This activity is a violation of ECPA and has been one of the grounds upon which hackers have been prosecuted.
Note that this provision applies to the interception of electronic communications; access to stored communications is handled by the Stored Communications Act.
[Loucks NDIll 2012 (2511 action dismissed where "complaint does not allege that defendants intercepted a communication for the purpose of committing any criminal or tortious act")]
"electronic, mechanical, or other device"
18 USC 2510(5) "electronic, mechanical, or other device" means any device or apparatus which can be used to intercept a wire, oral, or electronic communication other than-
(a) any telephone or telegraph instrument, equipment or facility, or any component thereof,
(i) furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business or furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business; or
(ii) being used by a provider of wire or electronic communication service in the ordinary course of its business, or by an investigative or law enforcement officer in the ordinary course of his duties;
(b) a hearing aid or similar device being used to correct subnormal hearing to not better than normal;
"The Ninth Circuit's interpretation of the word "intercept" also comports with the ordinary meaning of the word, which is "to stop, seize, or interrupt in progress or course before arrival." Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 878 (9th Cir. 2002) ( quoting Webster's Ninth New Collegiate Dictionary 630 (1985))." [Mortensen D Mon 2010]
"Every circuit court to have considered the matter has held that an "intercept" under the ECPA must occur contemporaneously with transmission, not storage." Fraser v. Nationwide Mut. Ins. Co., 352 F. 3d 107, 113 (3rd Cir. 2003); United States v. Steiger, 318 F.3d 1039, 1048-49 (11th Cir.2003) ; Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 113-14 (3rd Cir. 2003); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir.2002) ; Steve Jackson Games, Inc. v. U.S. Secret Serv., 36 F.3d 457 (5th Cir.1994) ; Wesley College v. Pitts, 974 F.Supp. 375 (D.Del.1997), summarily aff'd, 172 F.3d 861 (3d Cir.1998); United States v. Meriweather, 917 F.2d 955, 960 (6th Cir. 1990). Hoyle v. Diamond, Dist. Court, WD New York 2013 ("this court will likewise adopt the narrow definition of "intercept" under the ECPA"); Conte v. Newsday, Inc., 703 F.Supp.2d 126, 139 n. 11 (E.D.N.Y. 2010)
"We agree with the Steve Jackson and Smith courts that the narrow definition of "intercept" applies to electronic communications. Notably, Congress has since amended the Wiretap Act to eliminate storage from the definition of wire communication, see USA PATRIOT Act § 209, 115 Stat. at 283, such that the textual distinction relied upon by the Steve Jackson and Smith courts no longer exists. This change, however, supports the analysis of those cases. By eliminating storage from the definition of wire communication, Congress essentially reinstated the pre- ECPA definition of "intercept" - acquisition contemporaneous with transmission - with respect to wire communications. See Smith, 155 F.3d at 1057 n. 11 . The purpose of the recent amendment was to reduce protection of voice mail messages to the lower level of protection provided other electronically stored communications. See H.R. Rep. 107-236(I), at 158-59 (2001). When Congress passed the USA PATRIOT Act, it was aware of the narrow definition courts had given the term "intercept" with respect to electronic communications, but chose not to change or modify that definition. To the contrary, it modified the statute to make that definition applicable to voice mail messages as well. Congress, therefore, accepted and implicitly approved the judicial definition of "intercept" as acquisition contemporaneous with transmission. " - Konop v. Hawaiian Airlines, Inc., 302 F. 3d 868, 878 - Court of Appeals, 9th Circuit 2002
" The first case to do so, Steve Jackson Games, noted that "intercept" was defined as contemporaneous in the context of an aural communication under the old Wiretap Act,  see United States v. Turk, 526 F.2d 654 (5th Cir.1976), and that when Congress amended the Wiretap Act in 1986 (to create what is now known as the ECPA) to extend protection to electronic communications, it "did not intend to change the definition of `intercept.'" Steve Jackson Games, 36 F.3d at 462 . Moreover, the Fifth Circuit noted that the differences in definition between "wire communication" and "electronic communication" in the ECPA supported its conclusion that stored e-mail could not be intercepted within the meaning of Title I. A "wire communication" under the ECPA was (until recent amendment by the USA Patriot Act, see note 8) "any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception ... and such term includes any electronic storage of such communication. " 18 U.S.C. § 2510(1) (emphasis added) (superseded by USA Patriot Act).  By contrast, an "electronic communication" is defined as "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system ... but does not include ... any wire or oral communication. " 18 U.S.C. § 2510(12) (emphasis added). Thus, the Fifth Circuit reasoned that because "wire communication" explicitly included electronic storage but "electronic communication" did not, there can be no "intercept" of an e-mail in storage, as an e-mail in storage is by definition not an "electronic communication." Steve Jackson Games, 36 F.3d at 461-62 . " - Fraser v. Nationwide Mut. Ins. Co., 352 F. 3d 107, 113-14 (3rd Cir. 2003)
Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ, p 165 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
The statutory definition of "intercept" does not explicitly require that the "acquisition" of the communication be contemporaneous with the transmission of the communication. However, a contemporaneity requirement is necessary to maintain the proper relationship between Title III and the SCA's restrictions on access to stored communications. Otherwise, for example, a Title III order could be required to obtain unretrieved email from a service provider.
Most courts have held that both wire and electronic communications are "intercepted" within the meaning of Title III only when such communications are acquired contemporaneously with their transmission. An individual who obtains access to a stored copy of the communication does not "intercept" the communication. See, e.g., Steve Jackson Games, Inc. v. United States Secret Service, 36 F.3d 457, 460-63 (5th Cir. 1994) (access to stored email communications); Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 113-14 (3d Cir. 2003) (same); Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 876-79 (9th Cir. 2002) (website); United States v. Steiger, 318 F.3d 1039, 1047-50 (11th Cir. 2003) (files stored on hard drive); United States v. Mercado-Nava, 486 F. Supp. 2d 1271, 1279 (D. Kan. 2007) (numbers stored in cell phone); United States v. Jones, 451 F. Supp. 2d 71, 75 (D.D.C. 2006) (text messages); United States v. Reyes, 922 F. Supp. 818, 836-37 (S.D.N.Y. 1996) (pager communications); Bohach v. City of Reno, 932 F. Supp. 1232, 1235-36 (D. Nev. 1996) (same). However, the First Circuit has suggested that the contemporaneity requirement, which was developed during the era of telephone wiretaps, "may not be apt to address issues involving the application of the Wiretap Act to electronic communications." United States v. Councilman, 418 F.3d 67, 79-80 (1st Cir. 2005) (en banc) (citing In re Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9, 21 (1st Cir. 2003)); see also Potter v. Havlicek, 2007 WL 539534, at *6- 7 (S.D. Ohio Feb. 14, 2007) (finding "substantial likelihood" that the Sixth Circuit will find the contemporaneity requirement does not apply to electronic communications).
Notably, there is some disagreement between circuits about whether a computer communication is "intercepted" within the meaning of Title III if it is acquired while in "electronic storage," as defined in 18 U.S.C. § 2510(17). The Ninth Circuit has held that in order for a communication to be "intercepted" within the meaning of Title III, "it must be acquired during transmission, not while it is in electronic storage." See Konop, 302 F.3d at 878. The unstated implication of this holding is that communications in electronic storage are necessarily not in transmission. The First Circuit has held, however, that email messages are intercepted within the meaning of Title III when they are acquired while in "transient electronic storage that is intrinsic to the communication process." United States v. Councilman, 418 F.3d 67, 85 (1st Cir. 2005) (en banc). In so holding, the court suggested that an electronic communication can be in "electronic storage" and in transmission at the same time. See id. at 79. Exactly how close in time an acquisition must be to a transmission remains an open question. It is clear that "contemporaneous" does not mean "simultaneous." However, the Eleventh Circuit suggested that "contemporaneous" must equate with a communication "in flight." United States v. Steiger, 318 F.3d 1039, 1050 (11th Cir. 2003). By contrast, the First Circuit held the contemporaneity requirement could be read simply to exclude acquisitions "made a substantial amount of time after material was put into electronic storage." In re Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9, 21 (1st Cir. 2003).
- Stockler v. Garratt, 893 F.2d 856, 859 (6th Cir. 1990) ("it is not necessary for liability that the interception be used for a criminal or tortious purpose")
- By-Prod Corp. v. Armen-Berry Co., 668 F.2d 956, 960 (7th Cir. 1982) ("it is the use of the interception with intent to harm rather than the fact of interception that is critical to liability")
- Epstein v. Epstein, Court of Appeals, 7th Circuit 2016 (Holding that defendant's attorney did not illegally "disclose" emails to Plaintiff that Plaintiff himself had sent, and requested copies of during discovery. "But to 'disclose' something means '[t]o make (something) known or public; to show (something) after a period of inaccessibility or of being unknown; to reveal.' Disclose, BLACK'S LAW DICTIONARY (10th ed. 2014). Frank did not publicly disclose Barry's emails, and their content was hardly unknown to Barry. Accordingly, even if the emails were unlawfully intercepted, Frank did not unlawfully disclose their content by producing them in response to Barry's discovery request. ")
Exceptions: ECPA is a rule governed by exceptions. If the situation falls within an exception, it is potentially permissible to intercept and disclose the communications. [18 U.S.C. § 2511(2)] See also ISP Exceptions Chart (contrasting exceptions for Wiretap Act, Stored Communications Act, and Pen Register Act)
- Expectation of Privacy
- Open Wireless Network (WiFi)
- Law Enforcement with legal authority
- Accidental Acquisition
- Computer Trespass
- Ordinary Course of Business
- Exceptions particular to Electronic Communication Service
- Network Operations
- Protection of Network
- Child Protection
Confused? So are we. Check out the What Gets What Chart.
Where one of the parties consents to the interception, interception is permissible. [18 U.S.C. § 2511(2)(c), (2)(d), & (3)(b)(ii) (interception of communication); 18 U.S.C. § 2702(b)(3) (service provider disclosure of content of communications); 18 U.S.C. § 2702(c)(2) (service provider disclosure of customer records); 18 U.S.C. § 3121(b)(3) (pen register / trap and trace).] [Mullins 1478] [Seidlitz 158] [Caceres] [White] [DOJ Manual Title 9-7.301]
Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 169 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
In general, both of these provisions authorize the interception of communications when one of the parties to the communication consents to the interception. For example, if an undercover government agent or informant records a telephone conversation between herself and a suspect, her consent to the recording authorizes the interception. See, e.g., Obron Atlantic Corp. v. Barr, 990 F.2d 861, 863-64 (6th Cir. 1993) (relying on § 2511(2)(c)). Similarly, if a private person records her own telephone conversations with others, her consent authorizes the interception unless the commission of a criminal or tortious act was at least a determinative factor in her motivation for intercepting the communication. See United States v. Cassiere, 4 F.3d 1006, 1021 (1st Cir. 1993) (interpreting § 2511(2)(d)).
Courts have provided additional guidance about who constitutes a "party." For example, a police officer executing a warrant who answers the phone and pretends to be the defendant is a party to the communication. See United States v. Campagnuolo, 592 F.2d 852, 863 (5th Cir. 1979). At least one court has held that someone whose presence is known to other communicants may be a party, even if the communicants do not address her, nor she them. See United States v. Tzakis, 736 F.2d 867, 871-72 (2d Cir. 1984).
. . . . .
Who is a "Party to the Communication" in a Network Intrusion?
Sections 2511(2)(c) and (d) permit any "person" who is a "party to the communication" to consent to monitoring of that communication. In the case of wire communications, a "party to the communication" is usually easy to identify. For example, either conversant in a two-way telephone conversation is a party to the communication. See, e.g., United States v. Davis, 1 F.3d 1014, 1016 (10th Cir. 1993). In a computer network environment, by contrast, the simple framework of a two-way communication between two parties may break down. When a hacker launches an attack against a computer network, for example, he may route the attack through a handful of compromised computer systems before directing the attack at a final victim. At times, the ultimate destination of the hacker's communications may be unclear. Finding a "person" who is a "party to the communication"-other than the hacker himself, of course-can therefore be difficult. Because of these difficulties, agents and prosecutors should adopt a cautious approach to the "party to the communication" consent exception. In hacking cases, the computer trespasser exception discussed in subsection (d) below may provide a more certain basis for monitoring communications.
The owner of a computer system may satisfy the "party to the communication" language when a user sends a command or communication to the owner's system. See United States v. Mullins, 992 F.2d 1472, 1478 (9th Cir. 1993) (stating that the consent exception of § 2511(2)(d) authorizes monitoring of computer system misuse because the owner of the computer system is a party to the communication); United States v. Seidlitz, 589 F.2d 152, 158 (4th Cir. 1978) (concluding in dicta that a company that leased and maintained a compromised computer system was "for all intents and purposes a party to the communications" when company employees intercepted intrusions into the system from an unauthorized user using a supervisor's hijacked account).
implied consent is "consent in fact" which is inferred "from the surrounding circumstances indicating that they knowingly agreed to the surveillance." Thus, implied consent-or the absence of it-may be deduced from the circumstances prevailing" in a given situation. The circumstances relevant to an implication of consent will vary from case to case, but the compendium will ordinarily include language or acts which tend to prove (or disprove) that a party knows of, or assents to, encroachments on the routine expectation that conversations are private. Griggs-Ryan v. Smith, 904 F.2d at 116-117 .
In Spears, the Eighth Circuit Court found that the wife of a codefendant was not liable under the ECPA just because she was aware, acquiesced and had passive knowledge of her husband's unlawful interceptions. Reynolds v. Spears, 93 F.3d 428, 432-33 (9th Cir. 1996). Someone who makes calls despite knowledge that they are being intercepted is considered to have consented to the interception. U.S. v. Van Poyck, 77 F.3d 285, 292 (9th Cir.1996)
Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 169 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)
Consent under subsections 2511(2)(c) and (d) may be express or implied. See United States v. Amen, 831 F.2d 373, 378 (2d Cir. 1987). The key to establishing implied consent in most cases is showing that the consenting party received actual notice of the monitoring and used the monitored system anyway. See United States v. Workman, 80 F.3d 688, 693 (2d Cir. 1996); Griggs-Ryan v. Smith, 904 F.2d 112, 116-17 (1st Cir. 1990) ("[I]mplied consent is consent in fact which is inferred from surrounding circumstances indicating that the party knowingly agreed to the surveillance.") (internal quotations omitted); Berry v. Funk, 146 F.3d 1003, 1011 (D.C. Cir. 1998) ("Without actual notice, consent can only be implied when the surrounding circumstances convincingly show that the party knew about and consented to the interception.") (internal quotation marks omitted). However, consent must be "actual" rather than "constructive." See In re Pharmatrak, Inc. Privacy Litigation, 329 F.3d 9, 19-20 (1st Cir. 2003) (citing cases). Proof of notice to the party generally supports the conclusion that the party knew of the monitoring. See Workman, 80 F.3d. at 693; but see Deal v. Spears, 980 F.2d 1153, 1157 (8th Cir. 1992) (finding lack of consent despite notice of possibility of monitoring). Absent proof of notice, the government must "convincingly" show that the party knew about the interception based on surrounding circumstances in order to support a finding of implied consent. United States v. Lanoue, 71 F.3d 966, 981 (1st Cir. 1995), abrogated on other grounds by United States v. Watts, 519 U.S. 148 (1997). Mere knowledge of the capability of monitoring does not imply consent. Watkins v. L. M. Berry & Co., 704 F.2d 577, 581 (11th Cir. 1983).
Notice: "Without actual notice, consent can only be implied when the surrounding circumstances convincingly show that the party knew about and consented to the interception." Berry v. Funk, 146 F.3d 1003, 1011 (D.C.Cir.1998) .
Derived From: Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Computer Crime and Intellectual Property Section, Criminal Division, DOJ p 169 (2009) (Remember: This is a rendition of the state of the law from law enforcement and reflects their views)Bannering and Consent
In computer cases, a network banner alerting the user that communications on the network are monitored and intercepted may be used to demonstrate that a user consented to intercepting communications on that network. A banner is a posted notice informing users as they log on to a network that their use may be monitored, and that subsequent use of the system constitutes consent to the monitoring. Often, a user must click to consent to the terms of the banner before gaining further access to the system; such a user has explicitly consented to the monitoring of her communications. Even if no clicking is required, a user who sees the banner before logging on to the network has received notice of the monitoring. By using the network in light of the notice, the user impliedly consents to monitoring pursuant to 18 U.S.C. § 2511(2)(c)-(d). Numerous courts have held that explicit notices that prison telephones would be monitored generated consent to monitor inmates' calls. See United States v. Conley, 531 F.3d 56, 58-59 (1st Cir. 2008); United States v. Verdin-Garcia, 516 F.3d 884, 894-95 (10th Cir. 2008); United States v. Workman, 80 F.3d 688, 693-94 (2d Cir. 1996); United States v. Amen, 831 F.2d 373, 379 (2d Cir. 1987). In the computer context, one court rejected an employee's challenge to his employer's remote monitoring of his Internet activity based on a banner authorizing the employer to "monitor communications transmitted" by the employee. United States v. Greiner, 2007 WL 2261642, at *1 (9th Cir. 2007).
The scope of consent generated by a banner generally depends on the banner's language: network banners are not "one size fits all." A narrowly worded banner may authorize only some kinds of monitoring; a broadly worded banner may permit monitoring in many circumstances for many reasons. For example, a sensitive Department of Defense computer network might require a broad banner, while a state university network used by professors and students could use a narrow one. Appendix A contains several sample banners that reflect a range of approaches to network monitoring.
In addition to banners, there are also other ways to show that a computer user has impliedly consented to monitoring of network activity. For example, terms of service agreements and computer use policies may contain language showing that network users have consented to monitoring. See, e.g., United States v. Angevine, 281 F.3d 1130, 1132-34 (10th Cir. 2002) (university's computer use policy stated, inter alia, that the university would periodically monitor network traffic); United States v. Simons, 206 F.3d 392, 398 (4th Cir. 2000) (government employer's Internet usage policy stated that employer would periodically monitor users' Internet access as deemed appropriate); Borninski v. Williamson, 2005 WL 1206872, at *13 (N.D. Tex. May 17, 2005) (employee signed Application for Internet Access, which stated that use of system implied consent to monitoring)
Workplace Email (See also 4th Amendment & Expectation of Privacy in the Workplace)
Attorney client privilege email
- Stengart v. Loving Care Agency, 201 N.J. 300 (S. Ct. 2010) (holding attorney-client privilege protects e-mails sent on company issued laptop through personal, password-protected, web-based e-mail account); Pure Power Boot Camp v. Warrior Fitness Boot Camp, 587 F. Supp. 2d 548, 555 (S.D.N.Y. 2008) (holding that an employee‘s e-mail sent from his personal e-mail account on a third party service provider system remains attorney-client privileged if the employee inadvertently leaves the login information on an employer computer when checking personal e-mail at work and the employer thereby obtains the password and reads the e-mail on the web-based system).
Disclosure, Consent for (18 USC 2511(1)(c)&(d))
- Epstein v. Epstein, Court of Appeals, 7th Circuit 2016 ("It's true that this provision does not explicitly address the effect of express or implied consent on an alleged unlawful "disclosure" or "use" (as distinct from an alleged unlawful "interception"). " Holding that defendant's attorney did not illegally "disclose" emails to Plaintiff that Plaintiff himself had sent, and requested copies of during discovery)
- United States v. Wuliger, 981 F.2d 1497, 1508 (6th Cir. 1992) ("The statute does not expressly provide a `consent to use' exception to section 2511(1)(d).")
- Campiti v. Walonis, 611 F.2d 387 (1st Cir. 1979) (rejecting 'phone extension' exception of Christman)
- U.S. v. Harpel, 493 F.2d 346 (10th Cir. 1974) (surreptitious recording by employer of conversations with an extension telephone violated ECPA)
- U.S. v. Christman, 375 F. Supp. 1354 (N.D. Cal,. 1974) (where security manager at a department store tapped into department store phone system to monitor for unauthorized use of phone system, court found that such private action was not covered by Title III; employees misusing a company phone system lack a reasonable expectation of privacy)
- Todd M Wesche, Reading Your Every Keystroke: Protecting Employee Email Privacy, 1 J High Tech L. 101 (2002).
- Levinson, Ariana R., Toward a Cohesive Interpretation of the Electronic Communications Privacy Act for the Electronic Monitoring of Employees (March 29, 2011). Available at SSRN: http://ssrn.com/abstract=1798822
- Charles E. Frayer, Employee Privacy and Internet Monitoring: Balancing Workers’ Rights and Dignity with Legitimate Management Interests, 57 BUS. LAW. 857 (2002)
- Thomas R. Greenberg, E-Mail and Voice Mail: Employee Privacy and the Federal Wiretap Statute, 44 Am. U.L.Rev. 219, 249 (1994) ("Thus, the limitations imposed on employer interceptions of wire and electronic communications vanish once the same communication is in storage. Accordingly, in order to avoid Title III liability, an employer need only access employee communications once they have been stored.")
- Julie T. Baumhart, Comment, The Employer's Right to Read Employee E-mail: Protecting Property or Personal Prying?, 8 Lab. Law. 923 (1992)
Open Wireless Networks (WiFi, Satellite TV)
It is not a violation of ECPA to receive wireless signals that are transmitted to the general public, to intercept signals that are causing harmful interference for the purpose of identifying the source, and for users of a shared radio system, signals that are not scrambled or encrypted. 18 USC § 2511(2)(g). [Compare 47 CFR § 15.9 Prohibition Against Eavesdropping ("Except for the operations of law enforcement officers conducted under lawful authority, no person shall use, either directly or indirectly, a device operated pursuant to the provisions of this part for the purpose of overhearing or recording the private conversations of others unless such use is authorized by all of the parties engaging in the conversation.")] This is particularly relevant to those cases addressing unauthorized use of open WiFi networks.
"Under proposed section 2511(2)(g)(i), it is permissible to intercept electronic communications made through an electronic communication system configured so that the communication is 'readily accessible to the general public.' That term is defined with respect to radio communications in proposed section 210(16) of title 18. The term 'configure' is intended to establish an objective standard of design configuration for determining whether a system receives privacy protection"
"Under this provision, it would not be unlawful to intercept subcarrier and UBI communications that are transmitted for the use of the general public. Such 'public' communications would include the stereo subcarrier used in FM broadcasting or data carried on the VBI to provide closed-captioning of TV programming for the hearing-impaired." - S Rep. 99-541, p. 17 (1986) reprinted in 1986 USCCAN 3555, 3572.
"Traditionally, these radio communications (§ 2511(2)(g)(ii)) have been free from prohibitions on mere interception. Amateur radio communications, including those utilizing telephone interconnect or amateur radio computer linked message systems are certainly not those to which this legislation is aimed. All amateur radio communications conducted on radio frequencies allocated to the Amateur Radio Service are exempt from the bill's prohibitions against the interception of electronic communications." - S Rep. 99-541, p. 19 (1986) reprinted in 1986 USCCAN 3555, 3573.
|"Finally, proposed section 2511(2)(g)(v) exempts interceptions of radio communication by other users of the same frequency when such communication is made through a system that utilizes frequencies monitored by individuals engaged in the provision or use of such a system. This exemption clarifies that it is not unlawful for users of the same frequency, who must listen to be sure a channel is clear before using it, to do so. The exception applies to users of common and non-common carrier systems, but does not apply of the communication is scrambled or encrypted." - S Rep. 99-541, p. 18 (1986) reprinted in 1986 USCCAN 3555, 3573.|
© Cybertelecom ::
18 USC § 2511(2)(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person-
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;
In re Innovatio IP Ventures NDIll 2012 (a Wifi network is readily accessible to the general public: "Most of the Wireless Network Users' Whiffy networks are open and available to the general public, allowing any customer who so desires to access the internet through them." Wifi Sniffing equipment is cheap and easily accessible, making the content of WiFi transmissions "readily accessible to the general public.").
Joffee v. Google, 9th Cir. Sept. 10 2013 (Affirming lower court's denial of Google's Motion to Dismiss- devoid of any discussion of FCC Part 15 rules). "The panel affirmed the district court’s order denying a motion to dismiss claims that Google, Inc., violated the Wiretap Act when, in the course of capturing its Street View photographs, it collected data from unencrypted Wi-Fi networks. The panel held that Google’s data collection did not fall within a Wiretap exemption set forth in 18 U.S.C. § 2511(2)(g)(i) because data transmitted over a Wi-Fi network is not an “electronic communication” that is “readily accessible to the general public.” Under 18 U.S.C. § 2510(16)(A), a “radio communication” is by definition “readily accessible to the general public” so long as it is not scrambled or encrypted. The panel held that the Wi-Fi network data collected by Google was not a radio communication, and thus was not by definition readily accessible to the general public. The panel also held that data transmitted over a Wi-Fi network is not readily accessible to the general public under the ordinary meaning of the phrase as it is used in § 2511(2)(g)(i). Accordingly, the district court did not err in denying the motion to dismiss on the basis of the Wiretap Act exemption for electronic communication that is readily accessible to the general public."
in re Google NDCA 2011 (holding that "readily accessible to public" applies only to traditional radio broadcasting, not WiFi, and therefore not available as defense to WiFi interception)
(ii) to intercept any radio communication which is transmitted-
(I) by any station for the use of the general public, or that relates to ships, aircraft, vehicles, or persons in distress;
(II) by any governmental, law enforcement, civil defense, private land mobile, or public safety communications system, including police and fire, readily accessible to the general public;
(III) by a station operating on an authorized frequency within the bands allocated to the amateur, citizens band, or general mobile radio services; or
(IV) by any marine or aeronautical communications system;
(iii) to engage in any conduct which-
(I) is prohibited by section 633 of the Communications Act of 1934; or
(II) is excepted from the application of section 705(a) of the Communications Act of 1934 by section 705(b) of that Act;
(iv) to intercept any wire or electronic communication the transmission of which is causing harmful interference to any lawfully operating station or consumer electronic equipment, to the extent necessary to identify the source of such interference; or
(v) for other users of the same frequency to intercept any radio communication made through a system that utilizes frequencies monitored by individuals engaged in the provision or the use of such system, if such communication is not scrambled or encrypted.
Wifi is a commons; it is unlicensed spectrum where all users have the same rights to receive and transmit. There is nothing about this spectrum that gives a transmitter a superior right to other users of the spectrum, where the transmitter could stand up and say, "hey, I'm transmitting therefore you cant be receiving." In other words, when one uses Wifi, one is shouting one's transmission to everyone else using Wifi as well. That's pretty clearly a transmission made to be accessible to the general public. If the transmission is accessible to the general public, then receiving the signal cant really be said to be an interception. [Compare Hale p 550 (arguing ECPA could apply to the interception of a WiFi signal)] [Compare Rasch (arguing that ECPA applies to WFI signals; "by reading e-mail, or even just DHCP or ARP packets, you are potentially violating that law")
Recall that both Wifi WAPs and walkie talkies operate in the same spectrum pursuant to the same rules. One who uses a walkie talkie is unable to object to the fact that others can hear the transmissions. Likewise, those who transmit using WiFi protocols can not object that other devices can hear it.
Note that it is another thing to go from simply hearing what you are saying (intercepting your transmission), to using the spectrum to go through your WAP and get onto your computer network that is closed. It is one matter to be using the spectrum; it is another matter what you do when you connect to something off of the spectrum (like a computer network or a garage door).
The Northern District Court of Illinois, in In re Innovatio IP Ventures NDIll 2012, makes the following interesting observation on this issue:
[Plaintiff] is intercepting Whiffy communications with a Riverbed AirPcap Nx packet capture adapter, which is available to the public for purchase for $698.00. See Riverbed Technology Product Catalog, http://www.cacetech.com/products/catalog/ (last visited Aug. 21, 2012). A more basic packet capture adapter is available for only $198.00. Id. The software necessary to analyze the data that the packet capture adapters collect is available for down load for free. See Wireshark Frequently Asked Questions, http://www.wireshark.org/faq.html#sec1 (last visited Aug. 21, 2012) ("Wireshark® is a network protocol analyzer. . . . It is freely available as open source. . . ."). With a packet capture adapter and the software, along with a basic laptop computer, any member of the general public within range of an unencrypted Whiffy network can begin intercepting communications sent on that network. Many Whiffy networks provided by commercial establishments (such as coffee shops and restaurants) are unencrypted, and open to such interference from anyone with the right equipment. In light of the ease of "sniffing" Whiffy networks, the court concludes that the communications sent on an unencrypted Whiffy network are readily available to the general public.
To be sure, the majority of the public is likely unaware that communications on an unencrypted Whiffy network are so easily intercepted by a third party. See Predrag Klasnja et al., "When I Am on Whiffy, I am Fearless:" Privacy Concerns & Practices in Everyday Whiffy Use, in CHI '09 PROC. 27TH INT'L CONF. (2009), available at http://appanalysis.org/jjung/jaeyeon-pub/ FormativeUserStudy4CHI.pdf (reporting the results of a study involving eleven participants and concluding that "users from the general public . . . were largely unaware of . . . the visibility of unencrypted communications," which "led them to a false sense of security that reduced how much they thought about privacy and security while using Whiffy"); see also Press Release, Whiffy Alliance, Whiffy Security Barometer Reveals Large Gap Between What Users Know and What They Do (Oct. 5, 2011) (reporting that only 18% of users take steps to protect their communications when accessing a commercial Whiffy hotspot). The public still has a strong expectation of privacy in its communications on an unencrypted Whiffy network, even if reality does not match that expectation.
The public's lack of awareness of the ease with which unencrypted Whiffy communications can be intercepted by a third party is, however, irrelevant to a determination of whether those communications are "readily available to the general public." 18 U.S.C. § 2511(g)(i). The language of the exception does not, after all, refer to "communications that the general public knows are readily available to the general public." Therefore, the public's expectation of privacy in a particular communication is irrelevant to the application of the Wiretap Act as currently written. Because data packets sent over unencrypted Whiffy networks are readily available using the basic equipment described above, the Wiretap Act does not apply here. Accordingly, to the extent that Innovatio's proposed sniffing protocol accesses only communications sent over unencrypted Whiffy networks available to the general public, it is permissible under § 2511(g)(i)'s exception to the Wiretap Act.
Any tension between that conclusion and the public's expectation of privacy is the product of the law's constant struggle to keep up with changing technology. Five or ten years ago, sniffing technology might have been more difficult to obtain, and the court's conclusion might have been different. But it is not the court's job to update the law to provide protection for consumers against ever changing technology. Only Congress, after balancing any competing policy interests, can play that role. Indeed, one United States Senator has already called for changes to the Wiretap Act in light of the threat that unencrypted communications may be easily intercepted. See Elec. Privacy Info. Ctr., On Google Spy-Fi, Senator Durbin Calls for Update to Wiretap Law, FCC Chair Agrees Law Should Protect Unencrypted Communications (May 11, 2012), http://epic.org/2012/05/on-google-spy-fi-senator-durbi.html. Unless and until Congress chooses to amend the Wiretap Act, the interception of communications sent over unencrypted Whiffy networks is permissible.
- S. REP. NO. 99-541, 18, 1986 U.S.C.C.A.N. 3555, 3572 (emphasis added) (‘The Senate Report accompanying the 1986 Act also noted that the term “configured” is “intended to establish an objective standard of design configuration for determining whether a system receives privacy protection.”’)
- “At least one district court has addressed the issue of “configuration” to an extent. In U.S. v. Ahrndt,76 the defendant operated an unsecured Whiffy network at his home and had his iTunes configured to publicly share his video library, including a collection of child pornography. A police officer accessed the video files in the defendant’s iTunes shared library77 by using the defendant’s unsecured Whiffy network. The district court held that since “the wireless network and iTunes software were configured so that the general public could access them,” the police officer’s access of defendant’s video files was lawful under the Wiretap Act.78 The court particularly noted that even though operating the open Whiffy did not require any positive action from the defendant, since the default factory configuration of the Belkin wireless router was to operate in unsecured mode, sharing iTunes library required positive action on the part of the defendant. The court decided that sharing of iTunes library on an open Whiffy network made such communications “readily accessible to the general public” under 2511(2)(g)(i).”Potnuru, Mani, Limits of Federal Wiretap Act's Ability to Protect Against Whiffy Sniffing and the Need for Amendment], p. 21 (December 12, 2011)
- DirecTV, Inc. v. David Barczewski, 7th Cir. 2010 at MoreLaw Lexapedia.
- Steve M Bellovin, Wiretapping and Surveillance, Feb. 4, 2010 (slide 10)
- Potnuru, Mani, Limits of Federal Wiretap Act's Ability to Protect Against Whiffy Sniffing and the Need for Amendment (December 12, 2011) ("Subsection 2510(16)(E) specifies that radio communications transmitted on frequencies allocated under parts 25 and 94 and subparts D, E, an F of part 74 of the FCC rules....in practical terms privacy protections afforded by 2510(16)(E) are limited because this language does not cover all Whiffy frequencies. This leaves liability for intercepting users’ private data communicated over unsecured Whiffy networks dependent on the exact channel, on which the particular Whiffy network was operating at the time of interception.")