jbuck@epimass.EPI.COM (Joe Buck) (05/26/87)
Date: 22 MAY 1987 12:52:33 EST
From: <LEICHTER-JERRY@YALE.ARPA>
To: risks@csl.sri.com
Subject: Privacy and Email - The Law Takes Notice
(Forwarded (ultimately) from a UDEL NEWS bboard.) Jerry
This is a copy of a letter published in MIT Tech Talk. Anyone who
did not read that memo should look read it. Be sure to note that
operators of electronic communication systems now have legal
responsibilities for the privacy of data.
MEMORANDUM
To: The MIT Community
From: James D.Bruce, Vice President for Information Systems
Re: The Electronic Communications Privacy Act
The Electronic Communications Privacy Act of 1986 was enacted by
the United States Congress in October of last year to protect the
privacy of users of wire and electronic communications.
Legal counsel has advised MIT that its computer network and the
files stored on its computers are covered by the law's provisions.
Specifically, individuals who access electronic files without
appropriate authorization could find themselves subject to criminal
penalties under this new law.
At this time, we can only make broad generalizations about the
impact of the Act on MIT's computing environment. Its actual scope
will develop as federal actions are brought against individuals who
are charged with inappropriate access to electronic mail and other
electronic files.
It is clear, however, that under the Act, an individual who,
without authorization, accesses an electronic mail queue is liable and
may be subject to a fine of $5,000 and up to six months in prison, if
charged and convicted. Penalties are higher if the objective is
malicious destruction or damage of information, or private gain.
The law also bars unauthorized disclosure of information within an
electronic mail system by the provider of the service. This bars MIT
(and other providers) from disclosing information from an individual's
electronic data files without authorization from the individual.
MIT students and staff should be aware that it is against
Institute policy and federal law to access the private files of others
without authorization. MIT employees should also note that they are
personally liable under the Act if they exceed their authorization to
access electronic files.
--
- Joe Buck jbuck@epimass.EPI.COM (in the brave new world of domains!)
{seismo,ucbvax,sun,decwrl,<smart-site>}!epimass.epi.com!jbuckmetro@asi.UUCP (05/26/87)
I have been following this discussion on and off for the past month.
Some thing seems to be missing with the concept of "violating" a user's
privacy.
Doesn't there first have to be some sort of contract between the user and
the computer system to provide email services for the federal laws to
apply?
I would think there must be a distinction made between MCI's or Compuserve's
email service and our local UNIX inter-office mail system.
Even the users of USNET have no contractual rights on the network either
to access, or service. For example:
1. You are not guarrenteed that any mail sent by you has any chance
what-so-ever of reaching the intended recipient (correctly addressed
or not).
2. You are not guarrenteed that any mail sent to you has any chance
what-so-ever of reaching you (again correctly addressed or not).
Again, I would think there has to be some distinction made between a
contracted EMAIL service and a casual email facility.
One last example:
If I give a correctly address letter (unstamped) to an associate who
just happens to be going to where the letter is addressed, what legal
obligation does he have when he accepts the letter from me?
1. To not open the letter?
2. To not lose the letter?
3. To deliver the letter at his earliest convenience?
4. To not forget about the letter?
I am not a lawyer, and have little experience in contracts, so please
take this mail with the correct intent -- to clarify the discussion in
my mind.
--
Metro T. Sauper, Jr. Assessment Systems, Inc.
Director, Remote Systems Development 210 South Fourth Street
(215) 592-8900 ..!asi!metro Philadelphia, PA 19106gnu@hoptoad.UUCP (05/29/87)
In article <106@asi.UUCP>, metro@asi.UUCP (Metro T. Sauper) writes: > I would think there must be a distinction made between MCI's or Compuserve's > email service and our local UNIX inter-office mail system. The law is deliberately unclear on this point. The people who wrote it were actually interested in making it illegal to listen to cellular telephones, and to make it easier for the government to get wiretaps. The rest of the bill was just riders and random ideas thrown together. Since nobody has been charged with any crimes under this bill, no court has decided what it covers and what it doesn't. In other words, it is a badly drafted law and we have no idea if it covers us or not. I am not a lawyer either. I did discover a few things while the bill was still before the Congress: 1. You can send a 20-word telegram to every member of Congress, and the President, for something like $75. I did. 2. They don't care whether you do or not. Only one recipient actually knew the current status of the bill. Another 5 sent me letters thanking me for expressing my opinion and telling me the bill was sitting in a House subcommittee (it was before the full Senate at the time). Another 5 had sent me letters thanking me in generic terms and not even mentioning the bill. The rest ignored me. They had no idea that when they attached the bill to the omnibus drug bill as a rider, and passed it, that they were making wiretapping by administrative fiat legal, and calling the legal status of the Usenet into question. And they didn't care, either. I guess our Congressmen are way too busy passing new laws to ever read them... -- Copyright 1987 John Gilmore; you may redistribute only if your recipients may. (This is an effort to bend Stargate to work with Usenet, not against it.) {sun,ptsfa,lll-crg,ihnp4,ucbvax}!hoptoad!gnu gnu@ingres.berkeley.edu