Expanded Protection for Online I. Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home.... Can it be that the Constitution affords no protection against such invasions of individual security?1 A. Overview Spirit of ECPA calls for expanded protection for Electronic Frontier Foundation, Inc. 1001 G Street, NW Suite 950 East Washington, DC 20001 Phone: (202)347-5400 In the eight years since the enactment of ECPA, society's patterns of using electronic communication technology have changed dramatically. Over twenty million people now have electronic mail addresses, numerous business, nonprofit and political groups conduct work over the Internet, and "cyberspace" has become a household world. Indeed, it is now commonplace to speak about "life online. Records of all of these activities -- who sends a message to whom, where a given communications device is located, which political party one contacts for information, and which online discussion group or virtual community one associates with -- are available both in real time and in stored form as part of the transactional information generated by advanced computer and communications networks. With increasing use of telecommunications, this transactional information reveals almost as much about our private lives as would be learned if someone literally followed us around on the street, watching our every move. As the ECPA drafters recognized, "the law must advance with the technology to ensure the continued vitality of the Fourth Amendment."2 Under current law, much of this transactional information may be available to law enforcement merely by subpoena which recites that the requested information is "relevant to an ongoing investigation." In response to dramatic changes in the way that people use electronic communication services, ECPA should be revised to reflect the increasingly sensitive nature of network transactional information 1 Olmstead v. United States, 277 U.S. 438, 467 (1928) (Brandeis, J., dissenting) (cited in ECPA Senate Report). 2 ECPA Senate Report, p.5 3 18 USC 2703(d). As will be discussed below, the statutory distinction betweer contents and records is unclear, so that current scope of law enforcement access is rot a matter of settled law. B. Proposal to protect network transactional information contents of the communication As this memorandum will demonstrate, the scope and depth of personal, sensitive information available through network transactional records has increased dramatically since the 1986 law was passed. Thus, EFF believes that the requirements for law enforcement access to certain categories of transactional records should be increased from a mere subpoena, which can be issued without independent judicial scrutiny, to a court order, which would only be issued upon a finding by a detached and neutral magistrate. All transactional records which: contain personally identifiable information related to an electronic reveal the content of the electronic communication should be accessible to law enforcement only with a court order. II. A. Online transactional information contains extensive personally identifiable information and thus deserves greater protection than telephone toll records Personally identifiable information in online The bulk of email addresses in use today are unique to an individual user. Either the address reveals on its face the identity of the user, or a simple command can be issued to translate the address into the owner's name. Email addresses are personally identifiable jberman@eff.org belongs to Jerry Berman whitfield.diffie@eng.sun.com belongs to Whitfield Diffie Therefore, unlike telephone toll records, a transaction indicating that a message is sent to or received from a particular email address is almost always a definitive record of a communication by an identifiable person. [For a detailed description of email transactional records, see Appendix A] Whereas, toll records record only the fact that a given telephone instrument connects an another instrument, a record of an email sent or received will establish the identity of the communicating party with some certainty. Ownership of a telephone instruments may be well-established, but without access to the content of the telephone communication, there is no proof that any individual was actually using the phone coincident with a communication recorded in toll records. In practice, courts also agree that toll records fall short of disclosing identity of the calling parties.4 Some early email systems tied the email address to a particular computer or terminal, just as a telephone number is tied to a given telephone instrument. But today, someone who owns an email address can use it from virtually any computer in the world. Moreover, no one else can easily use another person's email address, since the ability to send and receive mail with an address is generally controlled by password or other security device. While it is, in some cases, possible to use someone else's email address, this practice will increasingly be considered a fraud on the receiver of the message and a theft of service from the owner of the email account. By contrast, no fraud is required to use someone else's telephone number, unless one fails to pay the charges associated with the call. B. Transactional records reveal location of sender and Transactional information in new mobile communications services such as cellular network and Personal Communications Services (PCS) provide law enforcement with information about the location and travel of users. These services are designed in order to deliver calls and other communications to the subscriber, no matter where in the country he or she is. As a side effect of this feature, the network generates trails of transactional information that pinpoint the users location at any time that the user has the device turned on. For example, when a cellular phone is set to "roam" from one territory to another, it signals the network each time it crosses into a new service area, so that calls can be delivered to that phone and so that proper billing connections are established. Furthermore, transactional records from mobile communications services will also reveal the movement of an individual from place to place, in real time. As the target moves from one cell or service area to another, an electronic trace of the fact that a given geographical boundary line is crossed will be created. If law enforcement has access to such traces, it will be possible to determine not only the targets location, but also his or her direction of movement. Such location specific information goes far beyond simple calling and called number information contemplated by Congress when it authorized access to transactional information without a warrant or other judicial scrutiny. Where a probable cause warrant has been issued, we do not contest law enforcement's right have access to such information, where technically feasible. However, we believe that it is contrary to the Fourth Amendment and to the policy framework 4 In United States v. Anderson (542 F.2d 428, 1976), the 7th Circuit found that "toll records could not be relied on to show the contents of calls nor the parties thereto; ... identification of places called ... did not reveal the identity of the recipient or the nature of the call..." established in the 1968 Act and ECPA, to allow access to this increasingly rich source of information based on subpoena authority alone. C. Online transactional records deserve a greater degree of protection than telephone toll records In contrast to telephone toll records, online transactional information may reveal the identity of the communicating parties, and even the precise location of the communicators. These attributes distinguish online transactional records from traditional telephone toll records and other records generally available to law enforcement under subpoena power. III. Content of communication revealed by online transactional information In many instances, addressing information from online systems will reveal the content or subject of the electronic communication. As in the example below, messages are often directed to, or received from discussion groups on particular topics. This week significant progress was made on the Clipper front, but This message would be sent to everyone who is a participant in this particular group. Discussion groups (such as eff-crypto) are similar to telephone conference calls, except that they may last for days, weeks, or years. [See Appendix A for discussion of online transactional records logs which reveal such information.] Here again, email address records are dramatically more revealing than analogous telephone toll records. Telephone toll records might reveal the fact that the user of a particular telephone was connected to a conference call service, but would not indicate the subject of that conference. In the email example, above, the subject of the conference is embedded into the address line, along with other individual addressed. Furthermore, since the conference name is indistinguishable from an individual email address, there is no way to segregate such information out of the transactional record stream. B. Freedom of association and assembly implica.ed by Not only does the transactional log of such a discussion group reveal the contents of the discussion, but also, the names of the parties to the discussion are disclosed in the logs. This as an excerpt from an actual email log which records the progress of the above from the sender to all of the members of the online discussion group. 01 7/29 08:15:48 IIA12559: from=<dyweeff.org, megid-<199407291215.11A12559@etf.org> 02 7/29 08:15:49 IIA12559: to="/usr/local/etc/cryptoarchiver stat-Sent 03 7/29 08:15:50 IIA12559: to="/usr/local/etc/dmail2list eff-crypto eff-crypt explen: *. 04 7/29 08:15:51 IIA12565: from=owner-eff-crypto, msgid=<199407291215.IIA12559@eff.org> 05 7/29 08:15:51 IIA12565: to-gnu@toad.com (John Gilmore), delay 00:00:01, stat quened 06 7/29 08:15:51 IIA12565: to-mkapor@kei.com (Mitchell Kapor), delay=00:00:01, stat que .-<! 07 7/29 08:15:51 IIA12565: to=jberman@eff.org (Jerry Berman), delay 00:00:01, stat queue! 09 7/25 08:15:52 IIA12565: to jseiger@eff.org (Jonah Seiger), delay 00:00:01, stat queueri 09 7/29 08:15:51 IIA12565: to-djw@eff.org (Danny Weitzner), delay 00:00:01, stat=queued First, line 1 of the log reveals that a message was sent to the eff-crypto discussion group. Then, lines 5 through 9 reveal the identity of all of the recipients of that message, in other words, all of the participants in this particular group. For those who associate and assemble online, these email logs are equivalent to membership lists deserving of constitutional privacy protection. Inasmuch as online transactional records reveal the identity of the parties who are engaged in the discussion, fundamental constitutional rights such as freedom of association and freedom of assembly are implicated by any disclosure to the government. Since NAACP v. Alabama ex rel. Patterson, 357 US 449 (1958), courts have agreed that threats to privacy of association constitute impermissible intrusion on First Amendment freedom of association and freedom of assembly. The NAACP case involved a challenge to a government action which would have compelled the NAACP to disclose its membership list to the State of Alabama. The Supreme Court found that: Inviolability of privacy in group association may, in many circumstances, be indispensable to preservation of freedom of association. Id. at 462. Inasmuch as online transactional records reveal such group association, they should be given a high level of protection from government intrusion. The transactional records of online conferences discussed above and is shown in Appendix A, clearly reveal association with particular groups. IV. Quantity, Detail, and Ease of Analysis of transactional records With the passage of ECPA, electronic mail messages were given the same degree of privacy protection as first class mail. Notwithstanding the analogy drawn in 1986, there are significant differences between email addressing logs and information which may be obtained under a mail cover. A. Transactional logs of email contain significantly more |