Back to Lesson Index



Lesson 20 - Privacy 8:

Exceptions to ECPA Protection

In our last message we described 4 Sysop-specific exceptions to the protections against the "interception" of electronic communications that the Electronic Communication Privacy Act (ECPA) provides. In this message, we describe some more general exceptions, that in operation, might sweep quite broadly.

First there are exceptions to protect the service provider (AOL, Compuserve, etc.). These allow the service provider to protect itself against the harm that a user might cause, or against illegality that the user might be engaged in. To this end, it is not a violation of ECPA for the service provider to:

(1) keep a log of the messages sent and received, for example, to protect against fraud or abuse; (2) assist an authorized law enforcement official to intercept a message; (3) intercept messages when necessary to assure the continuation of service or to protect the rights of the service provider.

Second, consent can be a basis of the interception. If one of the parties to the communication has given consent, prior to the interception, then:

  1. a police officer, or someone acting as if they have the authority of law behind them, can intercept an electronic message;

  2. any private citizen can intercept the message, so long as the purpose of that interception is not to commit some crime, or other wrong protected by the law;

  3. publicity can be the basis of a lawful interception. If you are posting a message to a public bulletin board, or to USENET, then it is not a violation of ECPA for someone to intercept or disclose your message;

  4. finally, you may have waived you rights to protection under ECPA. If the contract with your electronic service provider, for example, says that the service provider can intercept your messages, then you can't complain if the provider does. The same may be true with your employer - but that is a topic we discuss later.

In general, these exceptions can be summarized like this: First, if you are doing harm and there is reason to believe you are doing the harm, or if the system provider is protecting against harm, then you don't have a right not to have your message intercepted. Second, if you have agreed to have your message intercepted, whether explicitly (through the agreement you have with your provider), or implicitly (by posting to a public bulletin board, or because of an employment relationship), then you don't have a right not to have your message intercepted. Next time we discuss protections against access to communications you might have stored on your computer.


authors:
Larry LessigDavid PostEugene Volokh



Back to Lesson Index

Copyright © 1999 Social Science Electronic Publishing, Inc. All Rights Reserved