THE ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986                              A LAYMAN'S VIEW                                     by                             Michael H. Riddle(Copyright 1988, Michael H. Riddle.  This article may be further reproducedand disseminated provided that no fees are charged beyond normalreproduction costs and further provided that the following disclaimer isincluded.)DISCLAIMER: The author is not an lawyer.  This article represents onelayman's views of the background and contents of PL 99-508, the ElectronicCommunications Privacy Act of 1986.  Anyone needing legal advice shouldconsult with the attorney of their choice.Those of us who remember life before the Pepsi Generation can attest to thechange brought into our lives by advances in electronic technology.Starting with the widespread use of the transistor, and continuing into theintegrated circuit, the large scale integrated circuit, the very largescale integrated circuit, etc., electronic "miracles" have becomecommonplace and cheap.  Perhaps the single best illustration of that changeis in the field of "information technology."  The advent of the personalcomputer, the blurring of the lines between telecommunications andcomputing, the breakup of the Bell system, and the growing technologicalawareness of the general population have caused what can only be called arevolution in the way we communicate with each other.  Not too many yearsago, we learned of world events from newspapers--today from television andradio.  Not too many years ago we exchanged personal messages by mail--todaywe telephone.  Not too many years ago, businesses in a hurry would send mailspecial delivery--today they use overnight express or facsimile.  And,increasingly, businesses and individuals use computer communications insteadof or in addition to these other means of passing information around oursociety.Anytime someone passes what they hope to be a private communication toanother, they expect that their fellow citizens will respect its privacy.Not only do the customs of society enforce this expectation, statute lawshave been enacted to insure it.  Thus, everyone knows, or should know, notto tamper with the mail.  Everyone knows, or should know, not toelectronically eavesdrop ("bug") someone else's telephone calls.  Andeveryone knows, or should know, not to do likewise with computercommunications.Alas, not everyone knows that.  If everyone did, we wouldn't need laws toprotect what ought to be our reasonable expectations of privacy.  Not toolong ago, the Congress of the United States passed PL 99-508, the ElectronicCommunications Privacy Act of 1986.  In doing so, Congress was recognizingthe way technology has changed society and trying to react to that change.The Act contains two main parts, or Titles.  Title I--Interception ofCommunications and Related Matters, merely updates existing laws to reflectwhat I've said above.  Where the law used to say you can't bug privatetelephone communications, it now says you can't bug private computercommunications.  Where it preserved your right to listen in to public radiotransmissions, it preserves your right to "listen in" to public computerizedtransmissions (here the Congress particularly was thinking of unencryptedsatellite television, although the law is written in more general terms).It allows the "provider of electronic communication service" (sysops, toelectronic bulletin board users) to keep records of who called and when, toprotect themselves from the fraudulent, unlawful or abusive use of suchservice.Title II--Stored Wire and Electronic Communications and TransactionalRecords Access, is the section that has caused the biggest concern amongbulletin board system operators and users.  Unfortunately, while a lot ofwell-intentioned people knew that a law had been passed, most of themstarted discussing it without taking the trouble to read it first.  As aresult, there has been a lot of misinformation about what it says, and a lotof reaction and overreaction that was unnecessary.The first thing we need to realize is that Title II adds a new chapter toTitle 18 of the United States Code (USC).  The USC fills most of two shelvesin the Omaha library.  It covers in general detail virtually everything thefederal government does.  In many places it gives departments and agenciesto pass rules and regulations that have the force of law.  If it didn't,instead of filling two shelves it would probably fill two floors, andCongress would be so bogged down in detail work it would get even less donethat it does now.  Of all the USC, Title 18 deals with Crimes and CriminalProcedure.  That's where PL 99-508 talks about electronic communications.It makes certain acts federal crimes.  Equally important, it protectscertain common-sense rights of sysops.Under the Act, it is now a federal offense to access a system withoutauthorization.  That's right.  Using your "war-games dialer," you find amodem tone on a number you didn't know about before and try to log on.  Fromthe way I read the law, you can try to log on without penalty.  After all,you might not have used a war-games dialer.  You might just have got a wrongnumber.  (Don't laugh, it's happened to me right here in Omaha!)  At thepoint you realize its not the board you think you called, you ought to hangup, because at the point where you gain access to that neat, new, unknownsystem, you've just violated 18 USC 2701.A lot of us are users of systems with "levels" of access.  In the BBS world,levels may distinguish between old and new users, between club members andnon-members, or sysops from users.  In the corporate and government world,levels may protect different types of proprietary information or tradesecrets.  Section 2701 also makes it a federal offense to exceed yourauthorized access on a system.What about electronic mail, or "e-mail?"  E-Mail has been the single biggestarea of misinformation about the new law.  First, section 2701 does make ita federal offense to read someone else's electronic mail.  That would beexceeding your authorization, since "private" e-mail systems do not intendfor anyone other than the sender or receiver to see that mail.  But, and abig but, sysops are excluded.  Whoever staffed the bill for Congressrealized that system operators were going to have access to informationstored on their systems.  There are practical technical reasons for this,but there are also practical legal reasons.  While the Act does not directlyaddress the liability of sysops for the use of their systems in illegalacts, it recognizes they might have some liability, and so allows them toprotect themselves from illegal use.  Sysops are given a specialresponsibility to go along with this special privilege.  Just like a lettercarrier can't give your mail to someone else, just like a telegraph operatorcan't pass your telegram to someone else, just like a telephone operatoroverhearing your call can't tell someone else what it was about, so sysopsare prohibited from disclosing your e-mail traffic to anyone, unless you (orthe other party to the traffic) give them permission.Common sense, right.  So far all I think we've seen is that the law haschanged to recognize changes in technology.  But then, what about thepolice?  If they can legally bug phones with a court order, if they canlegally subpoena telephone records, what can they do with bulletin boards?Pretty much the same things.  The remaining sections of the Act go intogreat detail about what the police can do and how they can do it.  Thedetail is too much to get into in this article, and I would suggest that ifa sysop or user ever needed to know this information, that would be a casewhen they ought to be seeing their attorney.  I will give a couple ofdetails, however:  if a sysop is served, they can be required to make abackup copy of whatever information is on their system (limited, of course,to that listed in the warrant or subpoena).  They must do this withouttelling the persons under investigation.  They do not at this point,generally, give the police the records.  They just tell the police that itsbeen done.  Then, the courts notify the user that this information has beenrequested and the user has a chance to challenge it.  Eventually, after itall gets sorted out, the information goes to the police or is destroyed,whichever.  Again, if a sysop or user ever finds themselves in thissituation, don't rely on this article--see your lawyer.  And, see him/hersoon, because the Act imposes time limits.If the Act makes all of this stuff federal crimes, what penalties does itestablish?  Again, generally, there are two cases.  The first is the onemost BBS operators and users will be concerned with.  "A fine of not morethan $5,000 or imprisonment for not more than six months, or both."Actually, in the law, that's the second case.  The first is where businesseswere conducting industrial espionage--"for purposes of commercial advantage,malicious destruction or damage, or private commercial gain."  In this case,"a fine of not more that $250,000 or imprisonment for not more than one year,or both, in the case of a first offense," and "a fine or imprisonment for notmore that two years, or both, for a subsequent offense."What all this has said is that the federal criminal code now protectselectronic communications the way it previously protected written ones.  Itunderstands that mailmen, physical or electronic, have access to the mailthey carry, so it tells them not to tell.  It sets up some hefty penaltiesfor those who don't take privacy seriously enough.   And finally, it sets upprocedures for the contents of bulletin board and other electronic systemsto be sought for official investigation.  This is, of course, one layman'sopinion.  As long as the reader doesn't have criminal intent or hasn't beenserved with some type of request for system records, it's probably adequate.If, however, the reader finds him/herself confronting the law "up close andpersonal," then this article should be noted for one and only one piece ofadvice: see a lawyer, and soon!