Electronic Communications Privacy Act of 1986

Citation: Electronic Communications Privacy Act of 1986, 18 U.S.C. §§2510-22, 2701-11, 3121-26. The ECPA has been amended several times. The ECPA was amended, and its privacy protections weakened, by the USA PATRIOT Act (Pub. L. No. 107-56, Oct. 26, 2001). It was again amended by the USA PATRIOT Act Improvement and Reauthorization Act of 2005 (Pub. L. No. 109-177, Mar. 9, 2006). Finally, it was again amended by the FISA Amendments Act of 2008 (Pub. L. No. 110-261, July 10, 2008).

The Electronic Communications Privacy Act of 1986 (ECPA) amended and augmented Title III.

Part I - Wiretap Act (18 U.S.C. §2510 et seq.)
The Wiretap Act as it applies to Internet and network investigations focuses on the inter­ception of the content of communications while the communications are in transit and governs the disclosure of intercepted communications. Examples of such interceptions may include &mdash;


 * Wiretapping a telephone.


 * Real-time network monitoring.


 * Sniffer software.

As a basic rule, the Wiretap Act prohibits anyone who is not a participating party to a private communication from intercepting the communication between or among the participating parties using an “electronic, mechanical, or other device,” unless one of several statutory exceptions applies.

One exception is the issuance of an order by a court of competent jurisdiction that authorizes interception. The requirements to obtain such an order are substantial. Violation of the Wiretap Act can lead to criminal and civil liability. In the case of wire and oral communications, a violation by government officials may result in the suppression of evidence.

To ensure compliance, law enforcement must determine whether &mdash;
 * The communication to be monitored is one of the protected communications defined in the statute.


 * The proposed surveillance constitutes an “interception” of the communication.

If both conditions are present, an evaluation should be conducted to determine whether a statutory exception applies that permits the interception.

Part II - Stored Wire and Electronic Communications (18 U.S.C. §2701 et seq.)
The stored communications chapter of the ECPA provides customers and subscribers of certain communications service providers with privacy protections. ECPA provides a higher level of privacy protection to the contents of communications and files stored with a provider than to records detailing the use of the service or the subscriber’s identity.

ECPA may dictate what type of legal process is necessary to compel a provider to disclose specific types of customer/subscriber information to law enforcement agents. ECPA also limits what a provider may and may not voluntarily disclose to others, includ­ing the government.

ECPA applies when a law enforcement agent seeks certain information from a provider of electronic communications service or remote computing service, including &mdash;


 * Subscriber information.


 * Transactional information.


 * Content.

The ECPA does not apply when the agent seeks to obtain information from the customer/subscriber’s computer.

Subscriber information
Law enforcement agents may use a subpoena, if allowed by their State law, to obtain certain information listed in ECPA relating to the identity of a customer/subscriber, the customer/subscriber’s relationship with the service provider, and basic session connec­tion records. Specifically, a subpoena is effective to compel a service provider to disclose the following information about the customer/subscriber:


 * Name.


 * Address.


 * Local and long distance telephone connection records or records of session times and durations.


 * Length of service (including start date) and types of service utilized.


 * Telephone or instrument number or other subscriber number or identity, the Internet Protocol address used to establish the account, and any temporarily assigned network IP address.


 * The means and source of payment for such service (including any credit card or bank account numbers).

Extensive transaction-related records, such as logging information revealing the e-mail addresses of persons with whom a customer corresponded during prior sessions, are not available by subpoena. However, the use of a subpoena with notice can allow the dis­covery of the same evidence as a §2703(d) order and can be utilized when seeking this type of information.

Transactional information
A law enforcement agent will need to obtain a court order under 18 U.S.C. §2703(d) to compel a provider to disclose more detailed, noncontent subscriber and session information, commonly referred to as transactional information, about the use of the services by a customer/subscriber. These records could include &mdash;


 * Account activity logs that reflect what IP addresses the subscriber visited over time.


 * E-mail addresses of others from whom or to whom the subscriber exchanged e-mail.

Any Federal magistrate or district court with jurisdiction over the offense under investiga­tion may issue a 2703(d) order. State court judges authorized by the law of the State to enter orders authorizing the use of a pen/trap device may also issue 2703(d) orders. The application must offer “specific and articulable facts showing that there are reasonable grounds to believe that. . . the records or other information sought are relevant and material to an ongoing criminal investigation.”

A law enforcement agent also can use a 2703(d) order to compel a cellular telephone service provider to turn over, in real time, records showing the cell-site location informa­tion for calls made from a subscriber’s cellular phone. This information shows more of the subscriber’s use of the system than that available by subpoena, but it does not include the content of the communications.

Content
ECPA distinguishes between communications in storage that have already been retrieved by the customer or subscriber and those that have not. The statute also distinguishes between retrieved communications that are held by an electronic communications ser­vice, which can be public or private, and those held by a remote computing service, which only provides service to the public.

Additional Issues
Retrieved communications, unretrieved communications older than 180 days, and other files stored with a public provider—subpoena with notice or 2703(d) court order with notice, or search warrant. ECPA applies to stored communications that a customer or subscriber has retrieved but left on the server of the communications ser­vice provider, if the service provider offers those services to the public. Under the statute, such a provider is considered a “remote computing service” and is not permitted to voluntarily disclose such content to the government unless certain circumstances exist (see 18 U.S.C. §2702(b) and 18 U.S.C. §2701(c) for information on the “circum­stances”). These communications include any files that a customer may have stored on the public provider’s system. If the provider does not offer those services to the public, no constraints are imposed by ECPA on the right of the provider to disclose such informa­tion voluntarily.

The ECPA may apply if the e-mail sought resides on the employer’s server and has not yet been retrieved by the employee.

Prior notice to subscriber. Law enforcement may use either a subpoena or a 2703(d) court order to compel a public service provider to disclose the contents of stored com­munications that have been retrieved or communications that are unretrieved but have been on the server more than 180 days by a customer or subscriber. In both cases, law enforcement is required to either give prior notice to the subscriber or comply with delayed notice provisions of section 2705(a). Law enforcement can also use a search warrant, which does not require notice to the subscriber to obtain this information.

Section 2705(a) in ECPA allows agents to delay notice to the customer or sub­scriber when notice would jeopardize a pending investigation or endanger the life or physical safety of an individual. However, pursuant to 2705(b), a “no-notice provision” included with the subpoena or search warrant may prevent the ISP from making disclo­sure to the subscriber.

Note: If the investigating agency is located within the jurisdiction of the U.S. Court of Appeals for the Ninth Circuit (California, Oregon, Washington, Arizona, Montana, Idaho, Nevada, Alaska, Hawaii, Guam, and the Northern Mariana Islands), the investigator must use a search warrant to compel disclosure of all communications, retrieved or unre­trieved. If the investigating agency is located outside the Ninth Circuit, the investigator may follow the traditional ECPA interpretation, under which retrieved communications are available pursuant to a subpoena or 2703(d) court order with notice, even if the provider is located in the Ninth Circuit. However, many large providers, including AOL, Yahoo!, and Hotmail, may only provide content informa­tion pursuant to a search warrant based on [Theofel v. Farey-Jones]], 359 F.3d 1066 (9th Cir. 2004).

Unretrieved communications. Unretrieved communications (including voice mail) held by the provider for 180 days or fewer have the highest level of protection available under the ECPA. The ECPA covers such communications whether the service provider is private or public.

Law enforcement may seek a search warrant to compel the production of unretrieved communications in storage with a service provider. No prior notice to the customer/subscriber is required if information is obtained with a search warrant. A search warrant may also be used to obtain subscriber and transactional information.

Voluntary disclosure of electronic communications &mdash; 18 U.S.C. § 2702(b)(6)(C). Providers of services not available to the public may freely disclose both contents and other records relating to stored communications. ECPA imposes restrictions on voluntary disclosures by providers of services to the public, but it also includes exceptions to those restrictions.

ECPA provides for the voluntary disclosure of contents of electronic communications when the provider “reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of the information without delay.” Note: Some States may have applicable laws that are more restrictive than the ECPA. The ECPA does not preempt these laws unless Federal agents are conducting the investigation. State and local law enforcement agents must comply with any such State act, even if there is no violation of the Federal statute.

Remedy: civil damages. Civil damages are the exclusive remedy for violations of Part II of the ECPA. The ECPA does not contain a provision to suppress evidence obtained in violation of Part II of the Act.

Disclosure Rules of Part II of the ECPA



Part III - Pen Registers/Trap and Trace Devices (18 U.S.C. §3121 et seq.)
Part III of the ECPA regulates the use of pen registers, and trap and trace devices. It governs the real-time acquisition of dialing, routing, addressing, and signaling information relating to communications. The statute does not cover the acquisition of the content of communications; rather, it covers the transactional informa­tion about communications.

A pen register order authorizes the recording of outgoing connection information includ­ing every phone number that a specific phone dialed. A pen register order does not authorize the collection of numbers dialed after the connection is established (e.g., account number or PIN) because they constitute content. Conversely, a trap and trace order authorizes the recording of incoming connection information.

The statute also applies to real-time capture of transactional information related to Internet and network communications. For example, every e-mail communication contains “to” and “from” information. Also, Internet/network packets may contain source and destination addresses.

The ECPA authorizes court orders for the installation and use of pen registers as well as trap and trace devices, which identify source and address of communications, but not the contents of the conversation. These orders may be issued on the basis of relevancy to a criminal investigation and their results need not be disclosed to the individuals whose communications are their targets. Perhaps because in the case of Internet communications header information is more revealing than the mere identification of source and addressee telephone numbers, results of such orders must be reported to the issuing court under seal.