X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The USA Patriot Act was enacted on Oct. 24, 2001, only six weeks after the September 11 terrorist attack. While the act’s passage generated considerable controversy at the time, certain safeguards were included to allow Congress and the public to subsequently reconsider many of the act’s provisions, presumably at a time when the immediate impact of terrorist threats to the safety of our country and the world in general was less on our collective minds. That “later time” is now, due, in part, to a section of the act generically described as the “sunset provision.” Title II of the Patriot Act, entitled “Enhanced Surveillance Procedures,” provides governmental agencies with several tools to help combat terrorism. Section 224 of the Patriot Act requires, however, that 16 provisions in Title II will expire, or “sunset,” on Dec. 31, 2005, unless extended by Congress. (The remaining portions of Title II are not subject to automatic expiration.) UNDER ATTACK And there is a very real basis to believe that despite the continued and substantial presence of terrorist threats, the sunsetable Patriot Act provisions may not be extended. First, several of Title II sections have received enormous criticism from both the public and the media, such as the ones familiarly known as the “library records provision” (Section 215), the “roving wiretap provision” (Section 206) and the “sneak and peek provision” (Section 213). Second, over 300 communities across the country have passed local legislation since 2001 intended to invalidate the applicability of the Patriot Act in their respective jurisdictions. Third, even Congress has recently demonstrated some equivocation. Last month, the House passed, by a 238-187 vote, a bill intended to limit government’s ability to access people’s library usage, a bill which President George W. Bush has threatened to veto if passed by the Senate. And just last week the Associated Press announced there is considerable disagreement between the respective chairs of the Judiciary Committees in the House and Senate as to whether to extend the Patriot Act provisions at risk. For prosecutors and law enforcement officers involved in the daily war on computer and Internet crime, however, there are provisions found in Title II of the Patriot Act unrelated to the ones that have been the focus of all the controversy, which are also subject to the sunset requirement but are desperately needed to fix long-standing incongruities between the law and technology. This article will primarily focus its analysis on these provisions of the act, because it is feared that if none of the sunsetable sections are extended, the Legislature, in bowing to the intense pressure the Patriot Act is receiving, may very well be throwing out the proverbial baby with the bath water. HISTORICAL OVERVIEW To appreciate the significance of these various Patriot Act provisions to the high-tech law enforcement community, it is necessary to take a step back in time several years before 9/11 to some of the origins of this less-than-perfect marriage of the needs of law enforcement and the evolution of computer-generated communications. It can only be from such a perspective that the importance of what is at stake can be fully understood. The foundation of our present-day computer communication statutes dates back to the mid-1960s, when the law relating to the ability of law enforcement to intercept telephonic communications was rapidly evolving. In 1967, the U.S. Supreme Court ruled New York’s wiretap laws unconstitutional in Berger v. New York, 87 US 41. Partially in response to that decision, Congress enacted the Omnibus Crime Control and Safe Street Act of 1968, Title III of which (also referred to as “the Wiretap Act”) established the legal standards for law enforcement’s ability to conduct eavesdropping, standards that exist to this day and that have been adopted by many states, including New York. The Wiretap Act, however, only addressed the ability of law enforcement to eavesdrop on voice communications occurring over a medium such as a telephone (labeled “wire communications” by the Wiretap Act) or those communications occurring “face-to-face” (labeled “oral communications”). With the earliest version of the Internet (called “ARPANET”) reaching full deployment by 1969, however, it was only a matter of time before the law would have to also address the ability of law enforcement to monitor electronic forms of communication. PRIVACY ACT Congress’ first attempt to extend law enforcement’s abilities to include access to computer and other electronic forms of communications was the Electronic Communications Privacy Act of 1986 (ECPA). Federal case law has recognized that “the principal purpose of the ECPA amendments to Title III was to extend to ‘electronic communications’ the same protections against unauthorized interceptions that Title III had been providing for ‘oral’ and ‘wire’ communications,” Brown v. Waddell, 50 F3d 285, 289 (4th Cir, 1995). There has been, however, an inherent inability of the law to deal as smoothly with its treatment of law enforcement’s access to electronic communications as it has been able to deal with wire and oral communications. A great deal of that has to do with the relative stability of the different forms of communications. Communications occurring via computer are still subject to a rapidly and constantly evolving form of technology. By comparison, the technology that produces telephonic communication, even with the explosion of cellular service over the last 10 to 15 years, has been relatively stable for several decades. Beyond the mere ever-changing nature of computer technology being a source of this difficulty in the law’s treatment of electronic communications, it is also the nature of the technology itself which is causing some of the problems. Telephonic communications are structured in a way so that no one can listen in unless an affirmative step is taken by someone with the technical ability to effectively tap into such communications. The same is not true with electronic communications. THIRD-PARTY ACCESS Practically every form of electronic communication arrives into the viewable possession of a third-party at some point along the trip through cyberspace from sender to recipient. The easiest way to conceptualize this is to consider how electronic mail is transmitted over the Internet. Many people employ the use of an Internet Service Provider (ISP) such as America Online (AOL), Microsoft Network, OptimumOnline, Road Runner, etc., or a Web-based e-mail service such as, Hotmail, Yahoo, Gmail, etc., to communicate via e-mail. When an e-mail is sent out using one or more of these services it actually sits on the computer of the recipient’s ISP or Web-based e-mail service until opened by the recipient. More importantly, unless the sender and recipient has agreed in advance to a method of “sealing” the e-mail (for example, through the use of encryption), that e-mail is completely “open” to the third-party company holding the e-mail while awaiting for the intended recipient to access the communication. The easiest way to visualize this scenario is to think of a postcard traveling through the U.S. Postal Service. Every person who comes in contact with the postcard can read the message. E-mail typically travels through cyberspace in the same manner because most e-mailers do not want to take the time, or do not have the technical knowledge, to “seal” it. EXPECTATION OF PRIVACY As a result of this basic attribute of electronic communication, the legal paradigm that has been historically applied to telephonic communication is not a perfect fit. Participants in a telephone conversation have a reasonable expectation of privacy because no third party is able to listen in without some form of active intervention. In virtually every form of electronic communication, however, the participants willingly permit the active involvement of another party (even if the participants are not completely aware of this intervention). Therefore, under present-day legal theory, the participants have waived any constitutional privacy rights to that communication, and, consistent with that legal theory, law enforcement, arguably, has unfettered access to such communications. Hence, whatever privacy rights that may exist for participants in an electronic communication are not the constitutionally protected Fourth Amendment rights that presently exist with respect to telephonic communications. Privacy protections for electronic communications must derive solely from those that are granted legislatively. At least one federal decision has acknowledged that “[w]hile it is clear to this court that Congress intended to create a statutory expectation of privacy in e-mail files, it is less clear that an analogous expectation of privacy derives from the Constitution,” US v. Bach, 310 F3d 1063 (8th Cir, 2002). This apparent reality magnifies the importance played by Privacy Act and related legislation. It is with this historical background in place that Congress attempted to tackle the monumental task of creating a workable statutory scheme in 1986 with the creation of Electronic Communications Privacy Act that intended to balance law enforcement’s need to access criminal electronic communications while protecting the individual from law enforcement’s unfettered access to those communications having nothing to with criminal activity. LOOPHOLES AND GAPS It is hardly surprising, however, that numerous loopholes and gaps quickly developed in the Electronic Communications Privacy Act’s ability to effectively handle the various issues that arose. One merely has to consider the state of computer-based technology at the time Congress created the act to see how inevitable it was for the act to become outdated, at least to some extent. In 1986, most personal computers lacked hard drives and virtually none were connected to any type of network. Although the earliest form of the Internet came into existence in late 1969, it took the creation of the World Wide Web in 1991 and the development of the more powerful personal computers in the mid-1990s to turn the Internet into the driving economic force and entertainment medium that makes it so popular with the general public today. Even AOL, which began in 1985, was light-years from the type of ISP it would become by the mid-1990s. And as computer technology advanced and the Internet grew in popularity, circumstances developed that did not even exist when the Electronic Communications Privacy Act was enacted. For example, AOL originally charged its customers on a per-minute basis for Internet access. Out of necessity, it had to record each customer’s log-on and log-off times in order to know how much to charge its customers. Even though AOL eventually changed its billing practice to unlimited access based on a monthly fee, it still records customers’ log-on and log-off times, records which are attainable by law enforcement. The problem was the Electronic Communications Privacy Act never considered the availability of such information, and disputes between law enforcement and ISPs ensued over whether the act required customers’ access times to be secured by law enforcement merely via subpoena (as is typically done with comparable telephone records) or via more involved forms of legal process such as a search warrant. PATRIOT ACT FIXES TO ECPA These are some of the issues the Patriot Act attempted to address. While the resolution of the dispute regarding law enforcement’s access to ISP billing records is one of the Patriot Act sections not subject to the sunset provision, sections of the Patriot Act enacted to fill in other gaps and loopholes in the Electronic Communications Privacy Act, however, are at risk of expiring at the end of this year. Some of these at-risk provisions include �209, dealing with government’s ability to access wire communications held in temporary storage by entities such as an ISP; �212, which allows an entity such as an ISP to voluntarily disclose to law enforcement information regarding a communication when the ISP reasonably believes that an emergency involving immediate danger or death or serious physical injury requires disclosure; and �220, which designates what courts can issue certain disclosure orders regarding computer-generated communications CONCLUSION To allow the Patriot Act provisions amending the Electronic Communications Privacy Act to sunset would be incredibly short-sighted. The fact that it took 15 years after the Privacy Act’s enactment for there to be the first serious attempt to update such statutes involving computerized communications, and for it to have taken the greatest terrorist attack in the history of mankind to accomplish such necessary modifications, shows what forces must come into play to make even the most elementary of advances in this area of law. Hopefully, Congress will allow law enforcement to operate more in the 21st century and not revert the law back in time to the mid-20th century by failing to extend these provisions of the Patriot Act. Stephen Treglia is chief of the Technology Crime Unit in the Nassau County District Attorney’s Office in New York.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.