« PrécédentContinuer »
easy access to transactional information which raises an increased privacy interest in these records.
Extend the spirit of ECPA to cyberspace: Need to update
The guiding principle of ECPA was that new privacy protection should be extended to electronic communications, so that users of new communications technology would have confidence that their communications were free from unwarranted private or government intrusion. With the qualitative shift in communications activity that has occurred over the last decade, it is time to extend greater protection to the transactional information that records people activities online.
Gaps left by 1986 law -- Unclear definition of
The main focus of ECPA was to offer clear privacy protection for the contents of electronic communication despite the fact that the communication is handed over to a third party, namely the electronic communication service provider. 8 However, little consideration was given at the time to the proper treatment of transactional records. The records are mentioned in the statute, but not given any definition. The committee report from the Sénate does offer brief discussion of the nature of these records, but focuses primarily on customer lists and telephone toll records.9 The House report recognizes that electronic communications services create records that do not conform to legal categories for older technologies:
The newer technologies such as electronic mail and remote computing services maintain a type of records which do not neatly fit within the legal categories which exist for older technologies. 10
8. 'A letter sent by first class mail is afforded a high level of protection against unauthorized opening by a combination of constitutional provisions, case law.... But there are no comparable Federal statutory standards to protect the privacy and security of communications transmitted by new noncommon carrier communications services or new forms of computer technology. This is so even though American citizens and businesses are using these forms of technology in lieu of, or side-by-side with, first class mail and common carrier telephone services." ECPA Senate report, p5.
9 "Subsection (c) provides for access to records or other information pertaining to a subscriber to or customer of an electronic communications or remote computing service, not including the contents of electronic communications. This section permits the provider of the service to divulge, in the normal course of business, such information as customer lists and payments to anyone except a Government agency. It should be noted that the information involved is information about the customer's use of the service not the contents of the customer's communication." ECPA Senate Report, p. 38
10 House Report, p. 26
However, nowhere in eithe committee report is the issue of access to email transactional records discussed for the purposes of establishing the appropriate standard for government access.
Extension of protection is consistent with the spirit of
In the spirit of ECPA, we should recognize that it is again time to extend privacy protection to the personally identifiable transactional information that is, in may cases, indistinguishable from content.11 The drafters did not intend that electronic communication service providers should not disclose "profiles of users that were related to the contents of the communication. 12 Furthermore, discussions of transactional records was limited at the time to telephone toll records and other customer account billing and demographic information. 13
This memo has showri thai.
transactional records now reveal the content of communication,
the 1968 Act and the 1986 Act.
For more information, please contact the Electronic Frontier Foundation:
Jerry Berman, Executive Director <email@example.com>
Curiously, the original language in Tale III, before it was amended by ECPA, provided that the "contents of a communication included the 'identity of the parties to such communication or the existence, substance, purport, or meaning of the communication. Thus, in 1968, telephone toll records were accessible under a lower standard precisely because they did not reveal the identity of communicating parties or the existence of the communication. Any transactional information which reveals the identity of the parties, or the content of the communication, should therefore be accessible to law enforcement only with a court order.
12 ECPA House Report, p.64
13 "The type of records involved are billing records and telephone toll records (including record of long distance numbers and message unit information." ECPA House Report, p. 69.
Telephone Toll Records and Electronic Mail Logs
The most significant difference between a telephone toll record and an electronic mail log is that electronic mail addresses are unique to individual users. Unlike a telephone number, which corresponds only to a specific location (such as a home or business address), most electronic mail addresses are linked by a secret and unique password 14 to an individual regardless of physical location. Thus, while a record indicating that a certain telephone number was dialed from another telephone number indicates that a transaction occured, an electronic mail record indicates that a specific and unique individual has communicated with another individual or group of individuals.
Telephone Toll Records
The table below represents actual telephone toll records of a member of EFF's staff, obtained with his consent from Bell Atlantic 15.
202 222 2222 JUL 17 94 *IC LIVE P 7 B 26 1FR JONAH SEIGER
PB 8146 RT 45 AC 2-00
DEP 5 APT XXX
R1 INCL 309
СТ DDI 123456 LUC XXXX XXXXXXX RD NW
R2 8147 NTC NOB TAX F-L-S LCR 12 WASHINGTON DC 20009-2015 CI ELECTRONIC FRONTIER FOUNDATION STAFF 347
These records indicate the date, number dialed, its location, time, and duration of calls made from 202 222-2222, which is billed to Jonah Seiger. These records do not indicate that Jonah Seiger himself actually placed the calls, the identity of the recipients, or the nature of the communication (i.e, voice, modem, fax, etc).
14 All commercial on line services (AOL, Compuserve, Prodigy, etc), as well as most Internet providers require users to enter a password each time they log onto the service. Passwords are unique to each individual (similar to a PIN number used for cash machines at Banks), and in most cases the practice of using another persons password without permission is considered a breach of contract or user agreement.
15 The dialed numbers have been changed. The information described above has been certified by Bell Atlantic to be identical to information obtainable by law enforcement officers with proper subpoena authorization. Records indicate long distance toll calls. According to Bell Atlantic, only long distance dialed number records are collected. Law enforcement must use pen register or trap and trace devices to capture local dialed number records.
Electronic Mail Logs
The table below represents actual electronic mail logs from the Electronic Frontier Foundation's electronic mail server. These logs indicate a message sent by an individual user (in this case, firstname.lastname@example.org) to members of an online discussion titled <eff-crypto> (EFF's online forum on issues relating to cryptography and digital privacy in general). Although this example contains addresses unique to EFF, virtually all electronic mail software logs transactions in an identical way. In the course of accounting and processing electronic mail messages, the mail server assigns each message a unique message ID number. By tracking a message ID number, one can easily know who sent a message, and to whom that message was sent. (For ease of reading, line numbers have been added, and message ID numbers are indicated here in bold face type).
01 7/29 08:15:48 IIA12559: from=<email@example.com>, msgid=<firstname.lastname@example.org> 02 7/29 08:15:49 IAA12559: to='1/usr/local/etc/cryptoarchiver' stat=Sent 03 7/29 08:15:50 IIA12559: to='l /usr/local/etc/dma il2list eff-crypto eff-crypto-exploder, 04 7/29 08:15:51 TIA12565: from=owner-eff-crypto, msgid=<199407291215.IIA12559@eff.org> 05 7/29 08:15:51 IIA12565: email@example.com (John Gilmore), delay=00:00:01, stat=queued 06 7/29 08:15:51 IIA12565: firstname.lastname@example.org (Mitchell Kapor), delay=00:00:01, stat=queued 07 7/29 08:15:51 IIA12565: email@example.com (Jerry Berman), delay=00:00:01, stat=queued 08 7/29 08:15:52 11412565: firstname.lastname@example.org (Jonah Seiger), delay=00:00:01, stat-queued 09 7/29 08:15:51 IIA12565: email@example.com (Danny Weitzner), delay=00:00:01, statqueued
The table above follows a message sent by <firstname.lastname@example.org> to the recipients of
Comparison of Telephone Toll Records and Electronic Mail Logs
From these two examples, it is clear that electronic mail logs reveal a great deal more about both the destination and substance of a communication than does a telephone toll record. While the telephone toll record does show that a specific number was dialed at a certain time, it reveals nothing else about the nature of the communication, or the identity of the sender or the recipient. There is nothing inherent in a toll record to indicate that a specific individual communicated with another. In the example above, we only know that 202 222 2222 dialed 313 555-4545 on a certain date and time.
In contrast, because each electronic mail address is linked directly to an individual with a password unique to that address, a record of a communication in this medium indicates the occurrence of a communication between two specific individuals. Moreover, in the example above, the log reveals that an individual communicated with a group of individuals who belong to a subject specific group (in this case <eff-crypto>). Through a simple analysis of message identification numbers, one can very easily track the communication of one person, and know with certainty with whom that person is communicating.
File Transfer and Retrieval Logs
Tracing a File Directly to an Individual
Virtually all online information services, such as America On Line (AOL), Prodigy, Compuserve, and the Internet, contain a wealth of files and information in areas known as "file archives". There are many thousands of archives throughout cyberspace, containing files ranging from political information (e.g.: White House press releases, legislation, policy statements, etc.), shareware (free, public domain software), to images from the Hubble Space Telescope. Users can access file archives through a variety of ways depending on the service they subscribe to.
For purposes of maintenance, accounting and security, most online services keep records of all transactions involving file transfer and retrieval. Through a simple analysis of these records, one can easily trace a file directly to an individual user.
The example to follow will illustrate how such a trace can be accomplished using transactional records from the Internet File Transfer Protocol (ftp), the primary method for transferring and retrieving files over the Internet. FTP provides any Internet user with the ability to retrieve files from any computer on the network. Files available via ftp are stored in 'tp archives' which can be accessed by a user through the execution of a few relatively simple commands.
Every user on an online network is identified by an electronic identity, usually identical to their electronic mail (email) addresses. Individuals control access to their email addresses through a secret personal password. Because email addresses are tied to individual users, and because ftp logs indicate that a specific file has been retrieved, a simple analysis of ftp logs can easily reveal that an individual has retrieved a specific file.
FTP Transaction logs
This example will trace an individual user's retrieval of a file from the online archives of the Electronic Frontier Foundation (EFF). The file, named 'digitel.faq', contains answers to frequently asked questions about the Digital Telephony legislation. The records below are actual records from EFF's ftp archive (named <ftp.eff.org>) and main computer (<eff.org>)
All computers connected to the Internet have names. In this example, it is important to note that <ftp.eff.org> and <eff.org> are two distinct computers. The computer <ftp.eff.org> keeps separate records from the computer <eff.org>. Furthermore, each authorized user has a unique electronic identity, usually same as that individual's electronic mail address (e.g.: email@example.com is the