home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Media Share 9
/
MEDIASHARE_09.ISO
/
comm
/
bbslaw.zip
/
BBSLAW.TXT
< prev
next >
Wrap
Text File
|
1987-04-19
|
16KB
|
275 lines
ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
H.R. 4952
The House has already passed the Electronic Communications
Act of 1986, H.R. 4952, and the Senate is now considering
it. According to the Washington Post, and most political
observers, the Act is going to pass and become law.
Some of its provisions are important to BBS sysops and
users. The following is an excerpt from the House Report
(Report 99-647), which accompanied the passage of the bill
in the house.
CHAPTER 121--STORED WIRE AND ELECTRONIC COMMUNICATIONS
AND TRANSACTION RECORDS ACCESS
Section 2701. Unlawful access to stored communicatons
(a) Offense.--Except as provided in subsection 9c) of this
section whoever--
(1) intentionally accesses without authorization a facility
through which an electronic communiction service is provided;or
(2) intentionally exceeds an authorization to access that faciliy
and thereby obtains, alters, or prevents authoroized access to a
wire or electronic communicaqtion while it is in electronic
storage in such system shall be punished as provided in
subsection (b) of this section.
(b) Punishment.-- The punishment for an offense under sub section
(a) of this section is--
(1) if the offense is committed for purposes of commercial
advantage, malicious destruction or damages, or porivate
commercial gain--
(A)a fine of not more than $250,000 or imprisonment for
not more than one year, or both, in the case of a first offense
under this subparagraph; and
(B)a fine under this title or imprisonment for not more
than two yeras or both for an subsequent offense under this
subparagraph; and
(2) a fine of nor more than $5,000 or imprisonment for not
more than six months, or both in any other case.
Section 2702. Disclosure of Contents
(a) Prohibitions.--Except as provided in subsection (b)--
(1) a person or entitle providing an electronic
communication service to the public shall not knowingly divulge
to any person or entity the contents of a communicaton while in
electronic storgy by that service;and
(2) a person or entity providing remote computing service
to the public shall not knowingly divulge to any person or entity
the contents of ay communication which is carried or maintained
on that service--
(A) on behalf of, and received by means of electronic
tranwmission from (or created by means of computer porcessing of
communications received by means of electronic trasnmission from),
a subscriber or customer of such service; and
(B) solely for the purpose of providing storage or
computer processing services to such subscriber or customer, if
the provider is not authorized to access the contents of any such
communications for purposes of providing any services other than
storage or computer processing.
(b) Exceptions.--A person or entity may divulge the contents of a
communication ---
(1) to an addressee or intended recipient of such
communication or an agent of such addressee or intended recipient;
(2) as otherwise authorized in section 2516, 2511(2)(a) or
2703 of this title;
(3) with the lawful consent of the originator or an addresee
or intended recipient of such comunication, or the subscriber in
the case of remote computing service;
(4)to a person employed or authorized or whose facilities
are sued to forward such communication to its destination;
(5)as may be necessarily incident to the rendition of the
service or to the protection of the rights or property of the
provider of that service;or
(6)to a law enforcement agency, if such contents--
(A) were inadvertently obtained by service provider;and
(B) appear to pertain to the commission of a crime.
*******
REPORT LANGUAGE
Proposed section 2701 provides a new criminal offense. The
offense consists of either:(1)intentionally accessing,
without authorization, a facility through which an
electronic communication service is provided or (2)
intentionally exceeding the authorization of such facility.
in addition, the offense requires that the offender must, as
a result of such conduct, obtain, alter, or prevent
unauthorized access to a wire or electronic communication
while it is in electronic storage in such a system. The
term electronic storage is defined in section 2510(17) of
Title 18. Electronic storage measn any temporary,
intermediate storage of a wire or electronic communication
incidental to the electronic transmission thereof and the
storage of such communication by an electronic
communications service for the purpose of back-up protection
of such communciation.
Section 2701(a) makes it an offense intentionally to access
without authorization, or to exceed an authorization to
access, an electronic communciation service and thereby
obtain, later or prevent authorized access to a wire or or
electronic communication while it is in electronic storage
in such system. This provision addresses the growing
problem of unauthorized persons deliberately gaining access
to, and sometimes tampering with, electronic or wrie
communication that are not intended to be available to the
public. *******(emphasis added)**** The Committee
recognizes however that some electronic communication
services offer specific features, sometimes known as
computer "electronic bulletin boards," through which
interested person may communicate openly with the public to
exchange computer programs in the public domain and other
types of information that may be distributed without legal
constraint.
It is not the intent to hinder hte development or use of
"electronic bulletin boards" or other comparable services.
The Committee believes that where communciations are
readily accessible to the general public, the sender has,
for purposes of Section 2701(a) , extended an
"authorization" to the public to access those
communications. A person may reasonably conclude that a
communication is readily accessible to the general public
if the telephone number of the system and other means of
accesas are widely known, and if a person does not, in the
course of gaining access, encounter any warnings,
encryptions, password requests or other indicia of intended
privacy. To access a communication on such a system should
not be a violation of the law.
Some communcation systems offer a mixture of services,some,
such as bulletin boards, which maybe readily accessible to
the general public, while others--such as electronic
mail--may be intended to be confidential. Such a system
typically has two or more distinct levels of security. A
user may be able to access electronic bulletin boards and
the like merely with a password he assigns to himself,
while access to such features as electronic mail ordinarily
entails a higher level of security (i.e., the mail must be
addressed to the user to be accessible specifically).
Section 2701 would apply diffrently to the different
services. Thse wire or electronic communications which the
service provider attempts to keep confidential would be
protected, while the statute would impose no liability for
access to feature configured to be readily acessible to the
general public.
*****
Section 2702 specifes that a person or entity providing wire
or electronic communication service to the public may
divulge the contents of a communication while in electronic
storage by that service with the lawful consent of the
originator or any addressee or intended addressee or
intended recipient of such communicaiton. The commmittee
emphasizes that "lawful consent" in this context, need not
take the form of a formal written document of consent. A
grant of consent electronically would protect the service
provider from liability for disclosure under section 2702.
Under various circumstances, consent might be inferred to
have arisen from a course of dealing between the service
provider and the customer or subscriber--e.g. where a
history of transactions between the parties offers a basis
for a resonable understanding that a consent to disclosure
attaches to a particular class of communications. Consent
may also flow from a user having had a reasonable basis for
knowing that disclosure or use may be made with respect to a
communications , and having taken action that evidences
acquiescence to such disclosure or use--e.g., continued use
of such an electronic communication system. Another type of
implied consent might be inferred from the very nature of
the electronic transaction. for example, a subscriber who
places a communication on a computer "electronic bulletin
board," with a reasonble basis for knowing that such
communications are freely made available to the public,
should be considered to have given consent to the disclosure
or use of the communication. if conditions governing
disclosure or use are spelled out in the rules of an
electronic communication service, and those rules are
available to users or in contracts for the provison of such
services, it would be appropriate to imply consent on the
part of a user to disclosures or uses consistent with those
rules.
Section 2702(a) specifies that a person or entity providing
a wire or electronic communciation service or remote
computer services to the public shall not knowingly divulge
the contents of any communication while in electronic
storage by that service to any person or entity other than
the addressee or intended recipient of such communication or
an agent of such addressee or intended recipient of the
communications. Under some circumstances, however, a
customer orf or suscriber to a wire or electronic
communication service may place a communication on the
service without specifying an addressee. The Committee in
tends, in that situation, that the communication at a
minimum be deemed addressed to the service provider for
purposes of Section 2702(b). Because an addressee may
consent to the disclosure of a communication to any other
person, a service provider or system operator, as imputed
address, may disclose the contents of an unaddressed
communcation.
A person may be an "intended recipient" of a
communciaiton, for purpose of section 2702 , even if he is
not individually identified by name or otherwise. A
communicaiton may be addressed to the members of a group,
for example. In the case of an electronic bulletin board,
for instance, a communication might be directed to all
members of a previously formed "special interest group" or,
alternatively, to all members of the public who are
interested in a particular topic of disucssion. In such an
intance, the service provider would not be liable for
disclosure to any peson who might reasonably be considered
to fall in the class of intended recipients.
COMMENTS
The entire document has to be read and studied to draw final
conclusions on a number of important issues. However, the
following observations I think are fair at this point:
1. SYSOPS are, under the Act, going to be considered
providers of an electronic communications service. In other
words, whenever a BBS goes up, it becomes an electronic
communication service subject to the requirements of the new
law, should it be enacted.
2. Users of the BBS are protected by the law, and may have
grounds to take action against or ask that criminal charges
be brought if their communictions are improperly disclosed.
3. SYSOPs do have added protection against hackers, and
federal law enforcement should now be available.
4. Any "general" messages addressed to all members of the
board, provided the board is open to the general public, may
be disclosed and are not protected.
5. How other messages and files are handled gets complex
thereafter.
a. It is unclear whether a sysop may legally read private
mail on his board addrssed to another user, unless sysop
discloses in a warning message that he/she may read such
messages.
b. Conferences that are not generally open to the public
probably create an expectation of privacy and there will be
limited rights to disclose information.
c. Major changes in security procedures might require user
consent, or their messages might have to be removed.
6. It would be prudent to have a major disclaimer in the
introduction of each BBS session, stating that there is no
expectation of privacy and that anything left on the board
may be read or disclosed by the sysop.