Previous law: Under previous law, investigators could not obtain
a wiretap order to intercept wire communications (those involving the
human voice) for violations of the Computer Fraud and Abuse Act (18 U.S.C.
§ 1030). For example, in several investigations, hackers have stolen
teleconferencing services from a telephone company and used this mode
of communication to plan and execute hacking attacks.

Amendment: Section 202 amends 18 U.S.C. § 2516(1) –
the subsection that lists those crimes for which investigators may obtain
a wiretap order for wire communications – by adding felony violations
of 18 U.S.C. § 1030 to the list of predicate offenses.1 This provision
will sunset December 31, 2005.

Previous law: Under previous law, the Electronic Communications Privacy Act ("ECPA"), 18 U.S.C. § 2703 et seq., governed
law enforcement access to stored electronic communications (such as e-mail),
but not stored wire communications (such as voice-mail). Instead, the
wiretap statute governed such access because the definition of "wire
communication" (18 U.S.C. § 2510(1)) included stored communications,
arguably requiring law enforcement to use a wiretap order (rather than
a search warrant) to obtain unopened voice communications. Thus, law enforcement
authorities used a wiretap order to obtain voice communications stored
with a third party provider but could use a search warrant if that same
information were stored on an answering machine inside a criminal’s
home.

Regulating stored wire communications through section 2510(1) created
large and unnecessary burdens for criminal investigations. Stored voice
communications possess few of the sensitivities associated with the real-time
interception of telephones, making the extremely burdensome process of
obtaining a wiretap order unreasonable.

Moreover, in large part, the statutory framework envisions a world in
which technology-mediated voice communications (such as telephone calls)
are conceptually distinct from non-voice communications (such as faxes,
pager messages, and e-mail). To the limited extent that Congress acknowledged
that data and voice might co-exist in a single transaction, it did not
anticipate the convergence of these two kinds of communications typical
of today’s telecommunications networks. With the advent of MIME –
Multipurpose Internet Mail Extensions – and similar features, an
e-mail may include one or more "attachments" consisting of any
type of data, including voice recordings. As a result, a law enforcement
officer seeking to obtain a suspect’s unopened e-mail from an ISP
by means of a search warrant (as required under 18 U.S.C. § 2703(a))
had no way of knowing whether the inbox messages include voice attachments
(i.e., wire communications) which could not be compelled using a search
warrant.

Amendment: Section 209 of the Act alters the way in which the
wiretap statute and ECPA apply to stored voice communications.2 The amendments
delete "electronic storage" of wire communications from the
definition of "wire communication" in section 2510 and insert
language in section 2703 to ensure that stored wire communications are
covered under the same rules as stored electronic communications. Thus,
law enforcement can now obtain such communications using the procedures
set out in section 2703 (such as a search warrant), rather than those
in the wiretap statute (such as a wiretap order).

This provision will sunset December 31, 2005.

Previous law: Subsection2703(c) allows the government to use
a subpoena to compel a limited class of information, such as the customer’s
name, address, length of service, and means of payment. Prior to the amendments
in Section 210 of the Act, however, the list of records that investigators
could obtain with a subpoena did not include certain records (such as
credit card number or other form of payment for the communication service)
relevant to determining a customer’s true identity. In many cases,
users register with Internet service providers using false names. In order
to hold these individuals responsible for criminal acts committed online,
the method of payment is an essential means of determining true identity.

Moreover, many of the definitions in section 2703(c) were technology-specific,
relating primarily to telephone communications. For example, the list
included "local and long distance telephone toll billing records,"
but did not include parallel terms for communications on computer networks,
such as "records of session times and durations." Similarly,
the previous list allowed the government to use a subpoena to obtain the
customer’s "telephone number or other subscriber number or identity,"
but did not define what that phrase meant in the context of Internet communications.

Amendment: Amendments to section 2703(c) update and expand the
narrow list of records that law enforcement authorities may obtain with
a subpoena. The new subsection 2703(c)(2) includes "records of session
times and durations," as well as "any temporarily assigned network
address." In the Internet context, such records include the Internet
Protocol (IP) address assigned by the provider to the customer or subscriber
for a particular session, as well as the remote IP address from which
a customer connects to the provider. Obtaining such records will make
the process of identifying computer criminals and tracing their Internet
communications faster and easier.

Moreover, the amendments clarify that investigators may use a subpoena
to obtain the "means and source of payment" that a customer
uses to pay for his or her account with a communications provider, "including
any credit card or bank account number." 18 U.S.C. §2703(c)(2)(F).
While generally helpful, this information will prove particularly valuable
in identifying the users of Internet services where a company does not
verify its users’ biographical information. (This section is not
subject to the sunset provision in section 224 of the Act).

Previous law: The law contains two different sets of rules regarding
privacy protection of communications and their disclosure to law enforcement:
one governing cable service (the "Cable Act") (47 U.S.C. §
551), and the other applying to the use of telephone service and Internet
access (the wiretap statute, 18 U.S.C. § 2510 et seq.; ECPA, 18 U.S.C.
§ 2701 et seq.; and the pen register and trap and trace statute (the
"pen/trap" statute), 18 U.S.C. § 3121 et seq.).

Prior to the amendments in Section 211 of the Act, the Cable Act set
out an extremely restrictive system of rules governing law enforcement
access to most records possessed by a cable company. For example, the
Cable Act did not allow the use of subpoenas or even search warrants to
obtain such records. Instead, the cable company had to provide prior notice
to the customer (even if he or she were the target of the investigation),
and the government had to allow the customer to appear in court with an
attorney and then justify to the court the investigative need to obtain
the records. The court could then order disclosure of the records only
if it found by "clear and convincing evidence" – a standard
greater than probable cause or even a preponderance of the evidence –
that the subscriber was "reasonably suspected" of engaging in
criminal activity. This procedure was completely unworkable for virtually
any criminal investigation.

The legal regime created by the Cable Act caused grave difficulties
in criminal investigations because today, unlike in 1984 when Congress
passed the Cable Act, many cable companies offer not only traditional
cable programming services but also Internet access and telephone service.
In recent years,...

Page 1 2 3 4 5 Next

Add comment

Email to a Friend