Date: Sun, 4 Jul 2004 13:27:09 -0400
To: "Mark Eckenwiler" <eck@xxxxxxxxx>, stephen.henderson@xxxxxxxxxxxx
From: Marc Rotenberg <rotenberg@xxxxxxxx>
Subject: Re: Councilman -- OK to wiretap emails if you do it carefully
Cc: okerr@xxxxxxxxxxx, cyberprof_list@xxxxxxxxxxxxxxxxxxxx
Sender: owner-cyberprof_list@xxxxxxxxxxxxxxxxxx
This is a very interesting discussion. I agree with Dan Solove,
Patricia Bellia and others that there are obviously larger concerns
with ECPA than how Councilman was decided.
It might be useful to explain some of the events that contributed to
the 1986 amendments. The ECPA is an unusual privacy statute. It was
not a response to a particular "privacy Chernobyl," to borrow
Senator Wyden's phrase, such as the death of Rebecca Schaeffer which
led to the Drivers Privacy Protection Act or the disclosure of Judge
Bork's video rental records which produced the Video Privacy
Protection Act. It was the result of the convergence of many factors
and a fairly deliberative process.
There was, first of all, the emergence of commercial email service
providers, such as Compuserve and MCIMail in the early '80s. While
Internet email existed for some time, the operators were typically
universities and private federal contractors, such as BB&N. The rise
of the email business with paying customers and terms of service
required closer consideration of legal rules.
Next, there was a letter from the Attorney General to Senator Leahy
expressing the view that traditional "Title III" standards, a
reference to the provision in the 1968 act which created the federal
wiretap law, did not apply to this new form of communication. This
created an opportunity for Congress and the Department of Justice to
begin a discussion about updates to the federal wiretap law.
There were some privacy problems that Congress wanted to fix, such
as the recent decision in Smith v. Maryland, which had held that
there was no Fourth Amendment protection for access to pen register
information. There were also some law enforcement concerns that the
Department of Justice hoped to address.
And then there were other developments that shaped Congressional
perceptions of both privacy concerns and new communications
services. 1984 was a big year in the privacy world because of
Orwell's novel. The House Judiciary Committee undertook an extensive
series of hearings on "Civil Liberties and the National Security
State." Conclusion: lots of new threats to privacy, but also an
opportunity for Congress to update the law. Rep. Kastenmeier, who
organized these hearings, would later became the House sponsor of
the '86 amendments to the federal wiretap act.
1984 also was the year of Judge Green's decision and the MFJ that
led to the break-up of AT&T, as well as passage of the Cable Act.
There was a growing recognition that there would be more private
sector communication services. Significantly, the deregulatory push
for new communications services was not seen as a reason to avoid
privacy legislation. That coupling did not emerge until the Internet
boom of the late '90s. And, as Mark E. noted, the Cable Act of 1984
incorporated the strongest privacy standards of any US privacy law.
In broad strokes, ECPA sought to achieve two goals. First, to apply
Title III protections to "electronic communications," not simply
wire communications. Second, to establish legal standards for access
to email in the possession of the service provider. While it is
clear that there are different standards under the the Wiretap Act
and the Stored Communication Act, the categories that resulted from
the 1986 amendments were then viewed as complimentary efforts to
protect the privacy of electronic communications. The "tiering" that
some have noted resulted more from the effort to address specific
problems -- extend coverage to electronic communication, create
safeguards for stored communications, establish statutory standards
for access to pen register and trap and trace data -- than to
formally order the privacy protection for each type of information.
This is the significance of the dissent in Councilman. Judge Lipez
captured the intent of the Act and the problems that will result
from the majority's decision. It is hard to imagine that the
Congress that passed the 1986 amendments believed that an ISP would
afterward be able to routinely review the contents of subscriber
email.
Orin may be right that the simple solution at this point is to
amend the definition of intercept. Still, one wonders what Congress
could have done differently in 1986 to produce a different result
in Councilman.
An interesting contrast with the US efforts to establish privacy
protection for electronic communications can be found in the EU
Directive on Privacy and Electronic Communication. The Europeans
have tried to address some of the post-1986 electronic privacy
issues, including Caller ID, transactional data, and locational
information. But they have also encountered new challenges such as
whether to require the retention of customer data. Data protection
laws generally discourage the collection of transactional data, but
law enforcement concerns joined with post 9-11 datamining efforts
have put pressure on ISPs and telcos to keep customer data, and the
legislative resolution has largely been left to the member states.
Marc Rotenberg.