brock@well.UUCP (Brock N. Meeks) (04/02/88)
What follows is an article that Brock N. Meeks wrote for McGraw-Hill News Service about the first suit filed under the ECPA of 1986. He gave me permission to post it to the Usenet, but not any other electronic service; he is a freelance computer industry writer, and is doing me (and you) a favor by allowing this, so please don't erode his republication rights further by copying this to other BBS's or commercial computer conferencing systems. Followups have been directed to comp.dcom.telecom newsgroup, which is moderated. FYI, Erik E. Fair ucbvax!fair fair@ucbarpa.berkeley.edu Federal Privacy Suit Filed Against Bulletin Board Sysop by Brock N. Meeks (c) copyright 1988 McGraw-Hill News Service Microbytes Daily Electronic privacy rights. They fall into a grey area of the law that is ill-defined, despite the 1986 passage of the federal Electronic Communications Privacy Act, and remain untested by the U.S. legal system. That could all change with a lawsuit, filed by Linda Thompson, an Illinois bulletin board system user, against a local sysop, alleging a violation of electronic privacy rights. Thompson, who filed suit in the US District Court for the Southern District of Indiana, civil division, alleges that BBS operator, Bob Predaina violated her privacy rights as they relate to her electronic correspondence. The suit cites 10 counts under the federal Electronic Communications Privacy Act of 1986 and Indiana state law. She is asking for $112,000 in damages. The lawsuit looks to be a landmark case as no litigation involving electronic privacy has yet been tried under the ECPA. The ECPA mandates the protection and privacy of electronic communications, including cellular phone conversations and electronic mail, found on commercial and bulletin board systems. Predaina's board, known as "The Professional's Choice Bulletin Board" is a fee-based system. "The definition of privacy is outlined in the ECPA very clearly, and the courts won't have to deal with that, the act is very specific as to the tampering of files," said Robert Smith, editor of the Washington, D.C-based Privacy Journal. "If private files were tampered with, then the sysop is going to be accountable under the law." The ECPA clearly outlines that anyone using an electronic conferencing or Email system has an expectation of privacy, regardless of the fact that a sysop can peruse any files stored on the system. "The analogy would be to a hotel PBX system," said Smith. "The caller knows that an operator has every opportunity to listen in; however there is an expectation of privacy which is accorded to him by law, which strictly prohibits the unauthorized eavesdropping on telephone conversations." So although the sysop has a certain "license" to roam around through files (for routine maintenance, for example) that sysop does not have the right to make those files public knowledge without the consent or knowledge of the recipient or author. Thompson's sworn complaint, obtained by Microbytes Daily, claims that during December 1987 Predaina allegedly allowed several other "non-designated recipients" to read the contents of her electronic correspondence in what she alleges was a private file area of the fee-based BBS. In addition, the suit charges some of Thompson's previously deleted private messages were restored and placed in an open conference so others could read them; Thompson's private Email were among some of those messages. This action was repeated in January of 1988, according to the text of the complaint. The suit charges that the sysop, "[I]ntentionally or recklessly intercepted and restored to the public portion of the board," private messages that Thompson had deleted, and therefore, she assumed, were erased from the disk. In addition, some Thompson's private messages were apparently restored to an open conference that is also a "echo conference" meaning that the message traffic contained in that conference is automatically uploaded to other BBSs linked via an "echo mail" program. Thompson charges further aggravation due to a "lock out" action by the sysop; she was denied access to the BBS, even though she had paid for the service. Requests by Thompson to regain access on the grounds that such actions were in violation of the law went unheeded by Predaina. "Initially I said to him, 'Let's shake hands and stipulate to dismiss the case,' and he agreed, or I thought we had agreed, this was before I ever filed in federal court, but then he got an attorney, and he asked for a continuance," Thompson said. Predaina refused to comment when contacted by Microbytes Daily, instead referring all questions to his attorney, Philip Stults. "Anybody can run into court and file a complaint if they plop down the filing fee. The plaintiff is also a sysop and a third year law student. I'm not totally sure, there were claims of violation of federal law here. "By the way, this is the second lawsuit the plaintiff has brought in the last 60 days. She originally filed a lawsuit in small claims in Indianapolis. I don't know what other courts are going to be left to file in." Stults, who is also a sysop, said that the case has no current court date, "We're doing everything we can to settle this matter out of court." Thompson agrees: "I hope we can settle out of court. I'm sure we will. I really have no desire to be remembered as 'The Person That Sued The Sysop' and set the precedent for future ECPA rulings." Beyond the simple privacy issues, however, Thompson is claiming personal damages. Counts nine and ten of the complaint cite that the sysop, "[I]ntentionally, maliciously or with reckless disregard for the truth, made statements which on their face are damaging to the professional and personal reputation of [Thompson] in public and to another person subjecting [Thompson] to humiliation, personal anguish and ridicule." In addition, the suit claims that Predaina made other damaging comments in open conferences for other users to see. Thompson, who is submitting the suit pro se, on her own behalf without an attorney, told Microbytes Daily that, "I've filed the complaint because he [Predaina] didn't seem to be making a good faith effort to resolve this issue. If a sysop is going to run a board that claims to give some sort of privacy, then I have a reasonable expectation that my messages are indeed private and not spread all over the board for others to see." "Clearly, a fee-based system that maintains that it provides a private messaging capability is covered by the ECPA," Mike Cavanagh, executive director of the Washington, D.C.-based Electronic Mail Association, said in a phone interview. Although Cavanagh states that he isn't familiar with the details of the case, he says the crux of the lawsuit is how private messages have been traditionally treated on this particular BBS. "If it's common practice for this sysop to openly display private mail, then this is common knowledge and no one should be surprised," he said. Cavanagh noted, however, such a practice is highly undesirable. Cavanagh related the availability of private messages on a local BBS to the thousands of "mom and pop owned" rural telephone systems. "Just because those are small time operations, doesn't give them the right to wiretap or eavesdrop on private conversations. These small telephone systems are subject to the same laws and regulations as the Bell Operating Companies. The analogy to small BBS systems, and the private correspondence they carry is the same," Cavanagh said. The lawsuit does indeed foreshadow a new climate of awareness among systems operators. "This is an important event," says Cavanagh. "Obviously, there is going to be some concern from sysops. Clearly, this is going to inform some people that the new law is in effect. "We are going to have uniform responsibility under the law; that's that ECPA is intended to do. The point that sysops should understand is that the ECPA doesn't have to be onerous. Sysops will have to be aware: if you really want to offer some sort of private system to the public, then you can't fool around with them. Either the system is private or it isn't. If it isn't, then some sort of disclaimer should be plainly stated, otherwise, they [sysops] are going to be held accountable under the law." Thompson admits to being more than a little surprised at the sudden attention surrounding her suit. "To be truthful, I didn't even know the statute (ECPA) existed when I started looking into this," she said. "I just thought that if there wasn't some kind of law against making private messages public, then there should be. That's when I discovered the ECPA." Thompson, however, fears that more will be made of the case than she intends. "I'm afraid that sysops will just adopt a 'there's no privacy here' stance, to guard against any future action like this. And that's just the opposite reaction I'd hope to see come of all this."