Automatic email transaction trail

Email systems create detailed transaction logs as a matter of course, whereas the postal service only keeps address logs if specifically required to do so by valid legal process. Thus, in the case of email surveillance, law enforcement may decide after the fact of a particular transmission, to seek access to transactional records.

Automatic attachment of return address information

When using US Postal Service mail, the addition of a return address which identifies the sender is entirely optional and requires an affirmative step by the sender. In contrast, most email systems automatically append a return address to each electronic mail message, thus guarantying that anyone who examines the email log, will be able to identify both the sender and recipient.

Email co-mingles functions traditionally

accomplished with voice, fax, paper mail, and even
face-to-face communications

Email communication is often a substitute for many other forms of communications. An email message can replace a fax, a voice telephone call, a short note sent through the US mail, and even face-to-face communication. Therefore access to logs of such communication is vastly more revealing than a log of any other single form of communication. Courts have recognized an increased privacy interest in co-mingled information as compared to the same information in disaggregated form.

B.

Increased privacy Interest in compilations

The volume and detailed nature of email transactions raise much more serious privacy concerns than do either toll records or mail cover logs. The Supreme Court and the US Congress have recognized that computerized compilations of information raise unique privacy concerns. Beginning with the Privacy Act of 1974, Congress has acknowledged that "computerized data banks... present issues considerably more difficult than, and certainly very different from, a case involving the source records themselves."5 Later, in Whalen v. Roe, the Supreme Court found that "[t]he central storage and easy accessibility of computerized data vastly increase the potential for abuse of that information." And finally, in US Department of Justice v. Reporter's Committee, the Court found that a "strong privacy interest inheres in the nondisclosure of compiled computerized information...."7 It is precisely the great volume of and

5 H.R. Rep. No. 1416, 93d Cong., 2d Sess. 3, 6-9 (1974) Legislative history of the Privacy Act of 1974.

6 429 U.S. 589, 607 (1977) (Brennan, J., concurring)

7 489 U.S. 749, 766 (1989)

easy access to transactional information which raises an increased privacy interest in these records.

V.

Extend the spirit of ECPA to cyberspace: Need to update
ECPA protections for transactional information in the
changing digital world

The guiding principle of ECPA was that new privacy protection should be extended to electronic communications, so that users of new communications technology would have confidence that their communications were free from unwarranted private or government intrusion. With the qualitative shift in communications activity that has occurred over the last decade, it is time to extend greater protection to the transactional information that records people activities online.

The main focus of ECPA was to offer clear privacy protection for the contents of electronic communication despite the fact that the communication is handed over to a third party, namely the electronic communication service provider.8 However, little consideration was given at the time to the proper treatment of transactional records. The records are mentioned in the statute, but not given any definition. The committee report from the Senate does offer brief discussion of the nature of these records, but focuses primarily on customer lists and telephone toll records. The House report recognizes that electronic communications services create records that do not conform to legal categories for older technologies:

The newer technologies such as electronic mail and remote computing services maintain a type of records which do not neatly fit within the legal categories which exist for older technologies.10

8 "A letter sent by first class mail is afforded a high level of protection against unauthorized opening by a combination of constitutional provisions, case law.... But there are no comparable Federal statutory standards to protect the privacy and security of communications transmitted by new noncommon carrier communications services or new forms of computer technology. This is so even though American citizens and businesses are using these forms of technology in lieu of, or side-by-side with, first class mail and common carrier telephone services." ECPA Senate report, p5.

9 "Subsection (c) provides for access to records or other information pertaining to a subscriber to or customer of an electronic communications or remote computing service, not including the contents of electronic communications. This section permits the provider of the service to divulge, in the normal course of business, such information as customer lists and payments to anyone except a Government agency. It should be noted that the information involved is information about the customer's use of the service not the contents of the customer's communication." ECPA Senate Report, p. 38

10 House Report, p. 26

However, nowhere in eithe committee report is the issue of access to email transactional records discussed for the purposes of establishing the appropriate standard for government access.

B.

Extension of protection is consistent with the spirit of
ECPA and the expressed intent of the drafters

In the spirit of ECPA, we should recognize that it is again time to extend privacy protection to the personally identifiable transactional information that is, in may cases, indistinguishable from content. 11 The drafters did not intend that electronic communication service providers should not disclose "profiles" of users that were related to the contents of the communication. 12 Furthermore, discussions of transactional records was limited at the time to telephone toll records and other customer account billing and demographic information.13

disclosure of such records implicate fundamental privacy and free

association rights,

current law is unclear as to the definition of such records, and,

increased protection for transactional records is consistent with the spirit of the 1968 Act and the 1986 Act.

Therefore Congress should amend the stored communications section of ECPA (Sec 2703) to provide a higher level of protection for sensitive transactional records. The amendments would leave intact law enforcement's current authority regarding telephone toll records and basic billing information such as subscriber billing address and service arrangements. These changes to curren! law are necessary to provide assurances to users of new communication technology that their private activities in the online world are free from unwarranted interference.

For more information, please contact the Electronic Frontier Foundation:

Jerry Berman, Executive Director <jberman@eff.org>

Daniel J. Weitzner, Deputy Policy Director <djw@eff.org>

11 Curiously, the original language in Title III, before it was amended by ECPA, provided that the "contents" of a communication included the "identity of the parties to such communication or the existence, substance, purport, or meaning of the communication." Thus, in 1968, telephone toll records were accessible under a lower standard precisely because they did not reveal the identity of communicating parties or the existence of the communication. Any transactional information which reveals the identity of the parties, or the content of the communication, should therefore be accessible to law enforcement only with a court order.

12 ECPA House Report, p.64

13 "The type of records involved are billing records and telephone toll records (including record of long distance numbers and message unit information." ECPA House Report, p. 69.

Appendix A

Telephone Toll Records and Electronic Mail Logs

The most significant difference between a telephone toll record and an electronic mail log is that electronic mail addresses are unique to individual users. Unlike a telephone number, which corresponds only to a specific location (such as a home or business address), most electronic mail addresses are linked by a secret and unique password 14 to an individual regardless of physical location. Thus, while a record indicating that a certain telephone number was dialed from another telephone number indicates that a transaction occured, an electronic mail record indicates that a specific and unique individual has communicated with another individual or group of individuals.

Telephone Toll Records

The table below represents actual telephone toll records of a member of EFF's staff, obtained with his consent from Bell Atlantic15.

These records indicate the date, number dialed, its location, time, and duration of calls made from 202 222-2222, which is billed to Jonah Seiger. These records do not indicate that Jonah Seiger himself actually placed the calls, the identity of the recipients, or the nature of the communication (i.e, voice, modem, fax, etc).

14 All commercial on line services (AOL, Compuserve, Prodigy, etc), as well as most Internet providers require users to enter a password each time they log onto the service. Passwords are unique to each individual (similar to a PIN number used for cash machines at Banks), and in most cases the practice of using another persons password without permission is considered a breach of contract or user agreement.

15 The dialed numbers have been changed. The information described above has been certified by Bell Atlantic to be identical to information obtainable by law enforcement officers with proper subpoena authorization. Records indicate long distance toll calls. According to Bell Atlantic, only long distance dialed number records are collected. Law enforcement must use pen register or trap and trace devices to capture local dialed number records.

Electronic Mail Logs

The table below represents actual electronic mail logs from the Electronic Frontier Foundation's electronic mail server. These logs indicate a message sent by an individual user (in this case, djw@eff.org) to members of an online discussion titled <eff-crypto> (EFF's online forum on issues relating to cryptography and digital privacy in general). Although this example contains addresses unique to EFF, virtually all electronic mail software logs transactions in an identical way. In the course of accounting and processing electronic mail messages, the mail server assigns each message a unique message ID number. By tracking a message ID number, one can easily know who sent a message, and to whom that message was sent. (For ease of reading, line numbers have been added, and message ID numbers are indicated here in bold face type).

01 7/29 08:15:48 IIA12559: from=<djw@eff.org>, msgid=<199407291215.IIA12559@eff.org> 02 7/29 08:15:49 IAA12559: to="/usr/local/etc/cryptoarchiver stat=Sent

03 7/29 08:15:50 IIA12559: to="/usr/local/etc/dmail2list eff-crypto eff-crypto-exploder*, 04 7/29 08:15:51 IIA12565: from=owner-eff-crypto, magid=<199407291215.IIA12559@eff.org> 05 7/29 08:15:51 IIA12565: to-gnu@toad.com (John Gilmore), delay 00:00:01, stat=queued 06 7/29 08:15:51 IIA12565: to=mkapor@kei.com (Mitchell Kapor), delay 00:00:01, stat-queued 07 7/29 08:15:51 IIA12565: to:jberman@eff.org (Jerry Berman), delay=00:00:01, stat queuec 08 7/29 08:15:52 IIA12565: to jseiger@eff.org (Jonah Seiger), delay 00:00:01, stat=queued 09 7/29 08:15:51 IIA12565: to=djw@eff.org (Danny Weitzner), delay 00:00:01, stat queued

The table above follows a message sent by <djw @eff.org> to the recipients of the <eff-crypto> mailing list. Line 01 indicates that message IIA12559 was sent by <djw@eff.org>. Line 03 indicates that that message was sent to the address <eff-crypto>. line 04 indicates that message IIA12559 was sent from <effcrypto> as message IIA12565. Lines 05 through 09 indicate that message IIA12565 was sent to specific individual recipients of the <eff-crypto> list. Comparison of Telephone Toll Records and Electronic Mail Logs

From these two examples, it is clear that electronic mail logs reveal a great deal more about both the destination and substance of a communication than does a telephone toll record. While the telephone toll record does show that a specific number was dialed at a certain time, it reveals nothing else about the nature of the communication, or the identity of the sender or the recipient. There is nothing inherent in a toll record to indicate that a specific individual communicated with another. In the example above, we only know that 202 222 2222 dialed 313 555-4545 on a certain date and time.

In contrast, because each electronic mail address is linked directly to an individual with a password unique to that address, a record of a communication in this medium indicates the occurrence of a communication between two specific individuals. Moreover, in the example above, the log reveals that an individual communicated with a group of individuals who belong to a subject specific group (in this case <eff-crypto>). Through a simple analysis of message identification numbers, one can very easily track the communication of one person, and know with certainty with whom that person is communicating.