E-Mail Spying May Not Violate the Wiretap Act
 
September 30, 2004
 

The First Circuit Court of Appeals ruled in June, 2004 that it is not a violation of Title I of the Electronic Communications Privacy Act (ECPA), commonly known as the Wiretap Act, for an e-mail provider to peruse customer e-mail in search of business opportunities, even before the customers received their e-mail. The ECPA is divided into two parts, the Wiretap Act and the Stored Communications Act.[1] The Wiretap Act imposes criminal penalties for intercepting or endeavoring to intercept any wire, oral, or electronic communication.

In the case of U.S. v. Councilman[2], the Court upheld the lower court’s dismissal of the U.S. government’s charge that the defendant had conspired to engage in conduct prohibited by various provisions of the Wiretap Act. The defendant had served as the Vice President of Interloc, Inc., an online rare and out-of-print book listing service that is now defunct. Interloc provided its rare-book-dealer customers with e-mail service by giving them use of a personal e-mail address which ended in “@interloc.com.” Interloc used the Unix utility program “procmail” as part of its e-mail server process.

According to the indictment, the defendant had directed employees to modify the “procmail” program to intercept, copy and store all incoming messages directed to its customers from Amazon.com.[3] He and other Interloc employees then allegedly examined the messages to “develop a list of books, learn about competitors and attain a commercial advantage.” Alibris, a California corporation that acquired Interloc in May 1998, previously pled guilty and paid a $250,000 fine. Interloc’s computer systems administrator also plead guilty and was placed on probation.

Before the e-mail messages in question were delivered to their intended recipients, they were copied for Interloc’s use by the defendant’s procmail program. Both parties agreed that the e-mail messages in question were also “in electronic storage,” either in RAM or on hard disk or both, when the messages were copied.[4]
 

The question thus became whether a message in storage could also be “intercepted” under the definition of the Wiretap Act. The Court held that it could not, ruling that messages in “electronic storage” were not “in transmission” when the defendant’s procmail program copied them, and thus were not “intercepted” under the Wiretap Act. The Court’s opinion was largely based on the parties’ stipulation regarding the technology in question,[5] and the Court’s focus on the exclusion of “electronic storage” from the definition of “electronic communication” under the Wiretap Act. Significantly, the Wiretap Act provides different definitions for a “wire communication” and an “electronic communication.” The definition of “wire communication” includes any message in “electronic storage,” however, the definition of “electronic communication” does not.

In dismissing the count of the indictment, the Court ruled that an electronic message must be “in transit” when it is intercepted to fall under the Act. So an e-mail message, which is in “electronic storage,” even when it is also “in transit,” would not be afforded protection under the Wiretap Act.

Councilman also argued that his actions were legal under the Stored Communications Act and, thus, could not violate ECPA. Because the majority found Councilman’s acts lawful under the Wiretap Act, and because the government did not charge Councilman with a violation of the Stored Communications Act, the majority did not rule on this issue, but simply noted that the intersection of the Wiretap Act and the Stored Communications Act is a complex and often convoluted area of law.

In a dissenting opinion, Judge Lipez reasoned that Congress intended to protect e-mail in storage, because providing privacy and security for electronic communications was the very purpose of the Stored Communications Act. He examined the legislative history of the Wiretap Act, which was first enacted in 1968 and updated in 1986 when Congress added the ECPA. Congress amended the law again in 1999, after it concluded that technology had again “outpaced” the Wiretap Act, and passed the Stored Communications Act to advance protection against potential intrusions on individual privacy that might occur because of wrongful use by government and private parties of e-mail messages, stored financial transactions, stored medical records and stored paper messages.

After a detailed analysis of the legislative history and precedent, Judge Lipez concluded that the ECPA does not clearly address the issue of whether a communication is an “electronic communication” when it is in electronic storage. He declined to join the majority opinion, however, out of concern that the defendant’s interpretation of the Wiretap Act “would undo decades of practice and precedent regarding the scope of the Wiretap Act and would essentially render the Act irrelevant to the protection of wire and electronic privacy.”

While the Court dismissed the Wiretap Act charge against Councilman, don’t head down to your IT department to set up your own e-mail spying program just yet. Within a few weeks of the decision, members of the House of Representatives introduced two similar bills to extend the protection of e-mail privacy to messages in electronic storage. Both bills would permit interception of e-mail by Internet Service Providers (ISPs), such as Interloc, only to the extent necessary to render service, protect rights or property of the ISP, or to honor a government request. Both bills have been submitted to the Committee on the Judiciary. While the bills offer no express examples of such exclusions, some legitimate reasons to intercept e-mail incident to the rendition of service or in protection of the property of the ISP might include providing junk mail (spam) control, parental filtering, e-mail forwarding and virus scanning, among others.

For more information, e-mail Cynthia A. Casby at cynthia.casby@hklaw.com or call toll free, 1-888-688-8500.

______________________

1. The Electronic Communications Privacy Act, Pub. L. No. 99-508, 100 Stat. 1848 (1999) is divided into Title I (“the Wiretap Act”) 18 U.S.C. §§2510-2522, and Title II (“the Stored Communications Act”) 18 U.S.C. §§ 2701-2711.

2. 373 F.3d 197 (1^st Cir. 2004).

3. At that time, Amazon did not offer rare or out-of-print books, but helped customers locate such books.

4. E-mail messages are typically transferred from one computer to another using a technique known as “store and forward.” A message is routed through a network from one computer to another until it reaches the recipient’s mail server, where it is stored until the recipient logs in with an e-mail program, such as Outlook, to retrieve the message. While the message moves through the network, intermediate computers may retain backup copies of the message, thus leaving the message both “in storage” and “in transmission” at the same time.

5. For more information on the “store and forward” e-mail technology involved, see the following Web site, cited in the Councilman opinion: Jonathan B. Postel, RFC 821 – Simple Mail Transfer Protocol (SMTP) http://www.faqs.org/rfcs/rfc821.html.