1 / 37

Mark Eckenwiler Computer Crime and Intellectual Property Section U.S. Department of Justice

ISPs and Federal Privacy Law: Everything You Need to Know About the Electronic Communications Privacy Act (ECPA). Mark Eckenwiler Computer Crime and Intellectual Property Section U.S. Department of Justice. The Computer Crime and Intellectual Property Section.

adamdaniel
Download Presentation

Mark Eckenwiler Computer Crime and Intellectual Property Section U.S. Department of Justice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ISPs and Federal Privacy Law:Everything You Need to Know About the Electronic Communications Privacy Act (ECPA) Mark Eckenwiler Computer Crime and Intellectual Property Section U.S. Department of Justice

  2. The Computer Crime and Intellectual Property Section • Founded in 1991 as Computer Crime Unit • Current staff of 22 attorneys • Mission of CCIPS • Combat computer crime and IP crimes • Develop enforcement policy • Train agents and prosecutors • Contribute to public awareness of the issues • Promote international cooperation • Propose and comment on federal legislation

  3. Why You Might Care About ECPA • Comprehensive privacy framework for communications providers • Regulates conduct between • different users • provider and customer • government and provider • Civil and criminal penalties for violations • Note: state laws may impose additional restrictions/obligations

  4. Why ECPA Matters toLaw Enforcement • As people take their lives online, crime follows; no different from the real world • Online records are often the key to investigating and prosecuting criminal activity • “cyber” crimes (network intrusions) • traditional crimes (threats, fraud, etc.) • ECPA says how and when government can (and cannot) obtain those records

  5. Substantive Provisionsof ECPA Or, Everything you know is wrong

  6. ECPA & The Courts:A Love Affair • “famous (if not infamous) for its lack of clarity” • Steve Jackson Games v. United States Secret Service, 36 F.3d 457, 462 (5th Cir. 1994) • “fraught with trip wires” • Forsyth v. Barr, 19 F.3d 1527, 1543 (5th Cir. 1994) • “a fog of inclusions and exclusions” • Briggs v. American Air Filter, 630 F.2d 414, 415 (5th Cir. 1980)

  7. The Matrix

  8. Real-Time Acquisition of Communications (Interception) • The default rule under § 2511(1): do not • eavesdrop on others’ communications • use or disclose illegally intercepted contents • Applies to oral/wire/electronic comms. • Violations may lead to • criminal penalties (5-year felony) [§ 2511(4)] • exception for first offense, wireless comms. • civil damages of $10,000 per violation • suppression

  9. Relevance to Computer Networks • Makes it illegal to install an unauthorized packet sniffer • In several recent federal prosecutions, defendants have pled guilty to interception violations • e.g., Cloverdale minors

  10. Exceptions to the General Prohibition • Publicly accessible system [§ 2511(2)(g)(i)] • open chat room/IRC channel • Consent of a party • System provider privileges • Court-authorized intercepts

  11. Consent of a Party • May be implied through • login banner • terms of service • Implied consent may give an ISP authority to pass information to law enforcement and other officials

  12. System Operator Privileges • Provider may monitor private real-time communications to protect its rights or property [§ 2511(2)(a)(i)] • e.g., logging every keystroke typed by a suspected intruder • phone companies more restricted than ISPs • Under same subsection, a provider may also intercept communications if inherently necessary to providing the service

  13. Court-Authorized Monitoring • Requires a kind of “super-warrant” • a/k/a “Title III order” (or T-3) • § 2518 • Good for 30 days maximum • Necessity, minimization requirements • Ten-day reporting • Sealing

  14. Types of Wiretap OrdersYou May Encounter • Keystroking • common in network intrusion cases • Cloning an e-mail account

  15. The Matrix

  16. Real-Time Transactional Records • The pen register/trap and trace statute (same as for telephones) applies • Law enforcement may obtain a court order to gather prospective non-content information about a user, such as • addresses on in/outbound e-mail • inbound FTP connections • where remote user is logging in from (dialup? remote IP address?)

  17. The Matrix

  18. Stored Communicationsand Historical Records

  19. Dichotomies ‘R’ Us • Permissive disclosure vs. mandatory • “may” vs. “must” • Content of communications vs. non-content • content • unopened e-mail vs. opened e-mail • non-content • transactional records vs. subscriber information • Basic rule: content receives more protection

  20. Penalties for Stored Records & Communications Violations • Civil remedies [18 U.S.C. § 2707] • $1,000 minimum per violation • attorneys’ fees • Criminal remedies [§ 2701] • only for accessing stored communications without authorization (e.g., one user snooping in another’s inbox) • inapplicable to the provider [§ 2701(c)(3)]

  21. Subscriber Content and the System Provider • Any provider may freely read stored e-mail or files of its customers • Bohach v. City of Reno, 932 F. Supp. 1232 (D. Nev. 1996) (pager messages) • While ECPA imposes no prohibition, contractual agreement with customer may limit right of access

  22. Public Providers and Permissive Disclosure • General rule: a public provider (e.g., an ISP) may not freely disclose customer content to others [18 U.S.C. § 2702] • Exceptions include • subscriber consent • necessary to protect rights or property of service provider • to law enforcement if contents inadvertently obtained, pertains to the commission of a crime

  23. Government Access to Stored Communications Content • For unretrieved e-mail < 181 days old stored on a provider’s system, government must obtain a search warrant [18 U.S.C. § 2703(a)] • Warrant operates like a subpoena

  24. Government Access to Stored Communications Content • For opened e-mail (or other stored files), government may send provider a subpoena and notify subscriber in advance [18 U.S.C. § 2703(b)] • government may delay notice 90 days in certain cases (§ 2705(a)) • no notice to subscriber required if not a provider “to the public”

  25. The Matrix

  26. Permissive Disclosure and Non-Content Subscriber Information • Rule is short and sweet • Provider may disclose non-content records to anyone except a governmental entity • Government needs • appropriate legal process • or consent of subscriber

  27. The Two Categories ofNon-Content Information • Basic subscriber information • §2703(c)(1)(C) • Transactional records • § 2703(c)(1)(B)

  28. Basic Subscriber Information • Can be obtained through subpoena • Provider must give government • name of subscriber • address • local and LD telephone toll billing records • telephone number or other account identifier • type of service provided • length of service rendered

  29. Transactional Records • Not content, not basic subscriber info • Everything in between • past audit trails/logs • addresses of past e-mail correspondents • Government may compel via a “section 2703(d) court order”

  30. Section 2703(d) Court Orders • a/k/a “articulable facts” order • “specific and articulable facts showing that there are reasonable grounds to believe that [the specified records] are relevant and material to an ongoing criminal investigation” • A lower standard than probable cause • Like warrant (& unlike subpoena), requires judicial oversight & factfinding

  31. The Matrix

  32. Summary: Legal Process & ECPA • Warrant • unopened e-mail • Court order under § 2703(d) • transactional records • Subpoena • opened e-mail, unopened e-mail >180 days old, or stored files • basic subscriber info • Higher-order process always valid • e.g., warrant can compel transactional logs

  33. ECPA In Practice: A Scenario • A victim reports a threat of physical injury via e-mail from StalkNU@isp.com • To determine StalkNU’s identity, gov’t would serve a on isp.com • For the target’s login records, gov’t serves a _______ on isp.com • To obtain all the e-mail (opened and unopened) in target’s account, gov’t serves a ________

  34. Preclusion of Notice • In criminal investigations, general policy is to avoid tipping off target • Under ECPA, government may ask a court to prohibit ISP from notifying subscriber that records have been requested from ISP [§ 2705(b)]

  35. § 2703(f) Requests to Preserve • Government can ask for any existing records (content or non-content) to be preserved • no court order required • does not apply prospectively • Government must still satisfy the usual standards if it wants to receive the preserved data

  36. Summary • For better or worse, ECPA shapes your destiny • Benefits of understanding (and complying with) the statute include • avoiding civil & criminal liability • smoother relations with law enforcement

  37. Where To Get More Information • Computer Crime Section’s phone number: 202-514-1026 • Computer Crime Section’s home page: http://www.cybercrime.gov

More Related