|
CyberCrime: ECPA |
Rule By Exceptions
Rule: It is illegal for anyone to intercept electronic communications. [18 U.S.C. § 2511(1) (interception of communications)] [18 U.S.C. § 2702 (disclosure by service provider)]. This prohibition applies to private individuals as well as government men in dark suits. It involves all types of transmissions (those individuals swiping satellite signals can find their potential punishment in 18 U.S.C. § 2511(4)(c)). Anyone installing a sniffer, from Carnivore to a system administrator wanting to measure the amount of pornography or music downloads on the network, for whatever reason, potentially could be violating the law. Even if one did not do the interception, if one knowingly uses or releases the information intercepted, that person too could be in trouble. [18 U.S.C. § 2511(c), (d) & (e)] Of course, one activity that hackers are frequently engaged in is interception of packets and use of the information disclosed. This activity is a violation of ECPA and has been one of the grounds upon which hackers have been prosecuted. Exceptions: There are certain critical exceptions to ECPA. If the situation falls within an exception, the communications may be disclosed. [18 U.S.C. § 2511(1)] [18 U.S.C. § 2702(b)].
Where an individual lacks an expectation of privacy, law enforcement officers do not need a warrant to listen in. [Andreas] [Katz] ECPA would not bar "intercepting" the communications in these instances. [18 U.S.C. § 2511(2)(g)(i)] [See also 18 U.S.C. § 2511(2)(g)]. Examples of this may include public chat rooms, websites or IRC channels. Where one has an expectation of privacy is not always clear. If I set up a rendezvous with an acquaintance in a secluded public park in the middle of the day, sitting on a solitary park bench, do we have an expectation of privacy? According to DOJ,
[Search & Seizure Manual Sec. I.B.1.] One can general expect that the contents of a closed container are private. A computer is considered a “closed container” and thus an owner may have an expectation of privacy. [Search & Seizure Manual Sec. I.B.1.] [Barth 936-37] [Reyes 832-33] [Lynch 287] [Chan 535] [Blas 21]
Where one of the parties consents to the interception, interception is permissible. [18 U.S.C. § 2511(2)(c), (2)(d), & (3)(b)(ii) (interception of communication); 18 U.S.C. § 2702(b)(3) (service provider disclosure of content of communications); 18 U.S.C. § 2702(c)(2) (service provider disclosure of customer records); 18 U.S.C. § 3121(b)(3) (pen register / trap and trace).] [Mullins 1478] [Seidlitz 158] [Caceres] [White] [DOJ Manual Title 9-7.301] Note that such consent could conceivably be granted through login banners or subscription agreements.[Search & Seizure Manual Appendix A]
It is not a violation of ECPA to receive wireless signals that are transmitted to the general public, to intercept signals that are causing harmful interference for the purpose of identifying the source, and for users of a shared radio system, signals that are not scrambled or encrypted. 18 USC § 2511(2)(g). This is particularly relevant to those cases addressesing unauthorized use of open WiFi networks.
The government can receive court-authorization for interceptions. This breaks down into a three-tier system of authorization. "In general, the government needs a search warrant to obtain the content of unopened communications (like e-mail), a court order to obtain transactional records, and a subpoena to obtain subscriber information." [Statement of Gregory] These will be discussed below. |
