THE LAW OF TORTS
James J. Spinelli
The Activity Bulletin Board Service - ABBS - (914) 779-4273
This paper is NOT intended as a substitute for a lawyer NOR as a
do-it-yourself kit. It provides basic information to help you under-
stand certain legal principles. In any serious situation or when you
are in doubt, there is no substitute for competent professional legal
advice. Trying to act as your own lawyer can be costly and, in some in-
stances, dangerous. The author assumes no responsibility, accountabil-
ity or liability whatsoever in the use or misuse of any information
presented herein. The information herein is of a general nature.
Most of us are generally aware of what crimes are (murder, arson,
theft, for example) but are vague about what the law refers to as
torts. There's a good reason: leading legal writers agree that no one
has satisfactorily defined a tort. This is partly because torts are so
common, so widespread and so varied. You are far more likely to be the
victim of a tort than a crime, and you are also far more likely to com-
mit a tort than a crime.
The purposes of this paper are sevenfold:
1. To explain torts;
2. To show how they differ from crimes;
3. To stress the importance, in the law of torts, of
negligence, intent and liability;
4. To indicate what relief is available to you when a
tort has been committed against you or your property;
5. To show you how to seek that relief by starting a
6. To explain how such a suit is tried;
7. To relate all of the above purposes to a specific
classification of circumstances, i.e., how they relate
to the role and responsibilities of a systems operator
(Sysop) of an electronic bulletin board service (BBS).
TORTS VERSUS CRIMES - A tort is a civil wrong against an individual. A
crime, on the other hand, is an offense against the public at large, or
the state. For example, an automobile driver who carelessly bumps into
your car in a parking lot and crumples the fender has committed a tort
against your property. Because the law recognizes your legal right to
freedom from injury to your property caused by other people's careless-
ness, you are entitled to sue the driver and be awarded damages for his
breach of your tight. But, he has committed no crime.
Once again, a tort is an act that violates your private or personal
rights. Unless the act that is a tort is also a crime, the state will
do nothing about it. If you believe someone has violated your personal
rights -- but has not acted against the interests of the public as a
whole -- it is entirely up to you to seek relief by suing the person in
the civil courts. If the person who you believe has legally aggrieved
you is found liable -- that is, the judge or jury finds that the person
did in fact injure you or your property -- the person may be required
1. give you relief by paying you "damages" for the injury or
property loss you suffered,
2. discontinue the wrongful acts, or
3. restore to you what was taken from you.
In some cases the person may be imprisoned.
If the tort is also a crime, two separate legal actions confront the
wrongdoer: your's and the state's.
A tort is usually committed when someone injures you physically, dam-
ages or misuses your property, attacks your reputation arbitrarily or
takes away your liberty and freedom of action without just cause. To
recover damages for a tort you must prove either that the act was com-
mitted with deliberate intent (as when someone spreads false accusa-
tions about you) or that it was the result of negligence.
In most cases you must prove that the act inflicted actual damage or
injuries. A malicious act that does you no harm is not sufficient cause
for legal action.
A person who is proved to have committed a tort will be held respon-
sible for all the damages proved to have resulted from the act, includ-
ing damages to "third parties."
WHO IS RESPONSIBLE FOR COMMITTING A TORT - Generally speaking, any per-
son, young or old, mentally competent or not, is responsible for
his/her torts, i.e., for the consequences of the actions to others in-
jured by those actions. Here is an interesting distinction between
torts and crimes. Children below a certain age not usually liable for
crimes they commit, on the ground that children of their age really do
not understand the significance of their actions. For basically the
same reason, persons who have been adjudged mentally incompetent are
not liable for their crimes. BUT, these SAME persons may be liable for
their torts, whether they are deliberate or the result of carelessness.
Intent is an essential element in such torts as libel and trespass. Al-
most all employers are liable for the torts of their employees if the
employee committed the harmful act during the course of employment.
(This also applies to "agent" and "principal" relationships.) The point
to keep in mind is that the law usually holds an employer liable for
what happens when his employee is carrying out instructions and/or
working on behalf on the employer. But, not all employers -- especially
not governmental ones. The doctrine of sovereign immunity -- that the
state cannot be sued except by its own consent -- severely limits your
right to sue governments and governmental bodies for the torts of their
employees. However, the US government and the government of many states
have in recent years passed laws that do permit such suits to be
brought against them. In some instances separate courts, usually called
courts of claims, have been established to handle these actions.
Some people may not be held liable in tort actions. Among them are hus-
bands and wives, who are not considered responsible for each other's
torts, and parents, who are not usually liable for the torts of their
children. The situation changes, however, if the parent knows that the
child has developed what lawyers call a vicious propensity to commit
acts that injure other people or their property. In addition, some
states have passed laws that do make the parents responsible for will-
ful damage caused by their minor children.
Of course, if it can be established that the husband or wife or parent
or other adult actually thought up the tortious action, planned it and
coerced or persuaded the spouse or child into committing it, than that
adult or spouse WILL be held responsible for the act and liable for the
damage it caused.
Except for so-called acts of God, any interference with your personal
or property rights, whether intentional or through negligence, is a
When it comes to personal rights, torts typically deal with one or more
of the following intentional violations: (negligence comes later)
1. Interference with your freedom of movement
2. Misuse of the legal process
3. Interference with your person
4. Interference with your peace of mind
5. Interference with your privacy
6. Interference with your reputation
For our purposes, we shall examine only items 4, 5 and 6 -- interfer-
ence with your peace of mind, your privacy and your reputation.
INTERFERENCE WITH YOUR PEACE OF MIND - The growth in the sciences of
medicine and psychology has brought about an expansion of the idea of
freedom from fear or apprehension. You may have an action against some-
one who intentionally inflicts mental suffering on you. You have a
right to freedom from the consequences of mentally abusing malicious
acts, and the courts protect that right by awarding damages -- nominal,
or small, if the harm is slight; punitive, or large, if the damage is
great or the act particularly outrageous. Consider the mental anguish
if you are worried that someone will come into your home and cause dam-
age, or that someone will "attack" your computer system while you are
not around to protect it. The more expensive the equipment (your prop-
erty), the more punitive the damages. At times, the intent alone, par-
ticularly if shown to be an act of vengeance or malice, can be suffi-
cient to award punitive damages that are considerably greater than the
cost or value of property, depending on the mental anguish suffered. If
such an act disrupts a business, the mental anguish can be quite se-
vere, and the tort may be punishable by stiff fines and/or a jail term.
In some cases, such torts can be classified as a crime, which then ne-
cessitates the state to step in, since some states view the mental an-
guish to be associated with acts of violence that concern the public at
large. This applies since other businesses may be subjected to similar
INTERFERENCE WITH YOUR PRIVACY - This is another right protected by the
courts -- your right to be let alone. Such interference can take many
forms, some obvious, others not so obvious. One of the not-so-obvious,
or less direct violations to privacy, is the objectionable publicity to
private information about you.
INTERFERENCE WITH YOUR REPUTATION - As important as any freedom to
which you are entitled is freedom from unwarranted, untruthful attacks
on your character. This kind of attack, if made in the presence of
other people, constitutes defamation, for which you are entitled to
nominal or punitive damages, as the case may be. If you are defamed
orally, you have been slandered. If the defamation is in writing and
shown to or seen by someone else, you have been libeled. Slander is the
less serious of the two torts because it is fleeting. The spoken words
of defamation exist only as they are uttered and then disappear for-
ever. Libel is permanent, and the damages awarded are therefore usually
larger. Generally speaking, defamatory statements made over radio and
television, and via computer are now considered libelous rather than
You can recover damages for slander or libel without proving actual fi-
nancial loss if you are accused of something considered serious. The
reason is that, since the good reputation of a professional person is
essential to his/her ability to make a living, the law assumes that
such accusations will diminish that ability and will therefore damage
the individual. This kind of attack slander or libel is called slander
or libel per se. Spreading lies about others, especially when the lies
affect their ability to make a living or may hurt them in their family
or public relationships, constitutes slander if spoken to others and
libel if written or transmitted to others.
With property rights, torts are generally concerned with the following
intentional violations: (negligence comes later)
2. Keeping others off your property
3. Misuse of your personal property
4. Interference with your contractual and business
5. Fraud, deceit and misrepresentation
For our purposes, we shall examine items 3, 4 and 5 above, i.e., misuse
of your personal property, interference with contractual/business rela-
tionships, and fraud, etc.
MISUSE OF YOUR PERSONAL PROPERTY - You have the right to the unre-
stricted and uninterrupted enjoyment of your personal property. The law
provides remedies for the intentional interruption of your right or in-
terference with it. Interference with your personal property is called
the tort of conversion. It can be conduct intended to affect your per-
sonal property or conduct that, even though not intentionally wrong, is
inconsistent with your right of ownership.
Examples of conversion are:
1. Someone intentionally alters the property
2. Someone uses your property in a manner inconsistent
with your wishes or requirements
In both of these cases, your control of your property has been inter-
fered with, and you are entitled to sue for the tort of conversion.
INTERFERENCE WITH YOUR CONTRACTUAL AND BUSINESS RELATIONSHIPS - You
have a right to freedom from interference by others with the contrac-
tual relationships you have entered into. This applies even when, after
the contractual or business relationship, admission of errors are ac-
knowledged by the offending party. (Remember, contracts occur into com-
mon forms: oral and written. NOTE: The law of contracts is beyond the
scope of this paper, and will only be referred to as sufficient to re-
late to torts as defined herein.) Damages can be punitive if you can
convince the court that the defendant specifically set out to interfere
with the relationship or set out to ruin your reputation within the
confines of your relationship. Proof need only be beyond a reasonable
doubt and not necessarily overwhelmingly convincing. Potential disrup-
tion also is considered, since business relationships can be both
short- and long-term.
FRAUD, DECEIT AND MISREPRESENTATION - You have a right to freedom from
being improperly induced or persuaded to do something, or not to do
something, by someone's trickery. What is involved in this tort is:
1. A conscious or knowing false statement made to you,
2. by someone who knew the statement was false,
3. with the intention that you would rely on it,
4. followed by your actual reliance on it, and
5. your "suffering" as a result.
The main thing here is for the person suing to establish that he/she
was consciously tricked and that if the correct information had been
given, the suing person would not have acted as he/she did.
We now move onto the Law of Torts as it applies to the accidental in-
terference with your personal or property rights. This is typically
classified under the general heading of NEGLIGENCE.
Earlier, we were concerned with the intentional interferences with your
various rights as a member of society. In each of the torts presented
the harm was intended or the result of an intended act. But, there is a
large area of the law of torts that is basically different -- the area
of civil wrongs or torts that are the result of negligence, or mere
In our increasingly complex society, wrongs resulting from carelessness
are becoming more numerous than intentional torts. In any case, there
is a major difference between the two kinds of wrong: to recover from
someone's negligent conduct toward you, you must prove actual damages
-- you must establish that the person really did injure your person or
your property. By contrast with intentional torts, such as trespass,
you are entitled to some damages just by proving the tort was commit-
Unintentional interference can result either from negligence or from
WHAT IS NEGLIGENCE - Legal actionable negligence exists when:
1. You have a legal duty or obligation to conform to a
certain standard of conduct to protect others against
2. You fail to conform to that standard;
3. Your conduct is so closely related to the resulting
injury that it can be said to have caused it --
to have been its proximate cause, and
4. Actual damages results from your conduct.
If these four elements are present in a situation in which you are in-
volved, you may be sued and you will find it hard to defend yourself.
These elements of negligence are reasonably clear. But, you should rec-
ognize that the existence of "a legal duty or obligation" to others may
depend on the circumstances of the case in which you are being sued.
You have a legal duty to others only if the court or a statute says you
do. You have no obligation if the court finds none.
When a tort suit is tried, the standard of care expected of the defen-
dant is defined by the judge (or the jury). The judge (or the jury, if
there is one) determines the facts of the case and applies them in
light of his/her (or their) definition.
In groping around for guidelines as to whether you do or do not have a
duty to act a certain way, and in deciding whether your conduct meets
the required standard, the courts compare your conduct with the pre-
sumed conduct of a reasonable or prudent man. If this imaginary reason-
able or prudent man would have acted a certain way, the person who does
is liable. You are supposed to do what the prudent man would do, and
you are not supposed to do what the prudent man would not do.
As A.P. Herbert, the English legal humorist, put it:
He is an ideal, a standard, the embodiment of all
those qualities which we demand of the good citizen...
He is one who invariably looks where he is going,
and is careful to examine the immediate foreground
before he executes a leap or a bound...who never swears,
gambles or loses his temper; who uses nothing except
in moderation....In all that mass of authorities which
bears upon this branch of the law there is no single
mention of a reasonable woman.
A key element in a successful negligence suit is the connection between
what was done and the injury that supposedly resulted from the act. The
person suing must prove that the defendant caused injury to his/her
person or property. Some courts in trying to decide whether an act was
the proximate cause of subsequent damage have applied what is called
the "foreseeability test." They hold that the negligence is not the
proximate cause unless the consequence was one that, in the light of
all circumstances, our reasonably prudent man could have foreseen as a
probably result of his actions or his failure to act.
(NOTE: There is modification to the prudent man rule when professionals
or experts in given fields are involved. Here, the court views the
facts in light of the nature of the knowledge of the expert. For ex-
ample, a computer programmer is not viewed the same way as a casual
computer user. Actions attributable to an expert are viewed in terms of
how the typical expert in that field would have acted or would not have
acted. If a casual computer user unintentionally damaged your computer
system, it would not be given the same consideration as if an "expert"
did the same thing. Remember, we are dealing with reasonableness, and
expertise or skills above the "ordinary person" can weigh heavily in
determining the final outcome of a tort-based lawsuit.
Other circumstances can apply, particularly if a business transaction
occurs and/or a contract is in force.)
YOUR DUTY TO OTHERS WHO COME ONTO YOUR PROPERTY - If you own property
(any kind of property, not just real estate, e.g., computer bulletin
board systems), you have definite responsibilities to persons coming
onto that property legally or otherwise. Even to a trespasser, someone
entering your property illegally, you have an obligation to give warn-
ing of any genuinely dangerous (or injurious/harmful) condition known
only to you. If you hobby is a computer bulletin board, you'd be wise
to post a warning sign (or disclaimer) so that casual trespassers real-
ize that there may be a danger in wandering around your property.
(NOTE: You must be able to prove that the warning was in fact in such a
place, state or condition that it could not have been bypassed or mis-
interpreted. A warning (or disclaimer) that people cannot easily view
or is not reasonably obvious is no warning at all. For example, a
typical news item that can be bypassed on a bulletin board log-on is
not considered a reasonable posting of a warning because it can be by-
passed -- is not necessarily obvious to all.)
You owe a stricter responsibility to trespassing children (minors) be-
cause they are children and unlikely to realize or care about the fine
points of the law of trespass. To protect young trespassers and to com-
pensate them for injuries they may suffer in behaving like children,
the courts have thrown over them a mantle called the attractive nui-
sance doctrine. This doctrine requires the property owner who maintains
on his property anything attractive to young children, and dangerous to
them because of their immaturity and unawareness of possible risks, to
exercise reasonable care in protecting them against the dangers of the
(Think about this should you be carrying pornographic material on your
bulletin board, or other such attractions that children can be harmed
from. Computer games may become a potential source of difficulty given
the current lawsuit against the manufacturers and distributors of Dun-
geons & Dragons -- the "game" being blamed as a teenager's cause for
committing a crime. As "ludicrous" as it may sound, the case is going
There is a group of people called licensees who may come onto your
property with your implied permission. They are different from tres-
passers who have no permission, and you have a somewhat stronger obli-
gation to protect them. You have a duty to warn them of dangerous or
hazardous or harmful conditions they may not anticipate or easily see.
(The law regarding your obligation to casual guests in your computer
system is specialized and evolving.)
Invitees are the people coming onto your property to whom you owe the
maximum duty of protection, not only against risks you actually do know
about, but also against dangers that you should know about if you exer-
cised reasonable care. Invitees are persons who enter your property
upon your business and upon your express or implied invitation.
As in most tort cases, the court and the jury will carefully consider
the facts in each situation before coming to a decision about whether
or not the defendant was negligent. One rule commonly applied is that
the standard of care required of the property owner is greater to the
degree that the presence of people on his property is helpful or prof-
itable to the property owner. In other words, a bulletin board sysop,
who gains a benefit from your visiting his/her system, has a greater
duty to you than does a friend who invites you to his/her home as a so-
cial guest. (Note: the benefit need NOT be monetary.). The application
of general rules is up to the court. The liability to trespassers,
invitees and licensees is the owner's or that of the person in legal
possession. (For example, if you lend your computer system to someone,
and harm is done, the liability belongs to the person in legal posses-
sion, which may or may not be your's., depending on the nature of the
possession and of the restrictions thereof.)
Torts frequently occur under circumstances in which, although it is im-
possible to prove negligence on anyone's part, what happens is so ex-
traordinary that negligence is presumed. As the courts say, the thing
speaks for itself: res ipsa loquitur.
The doctrine of res ipsa loquitur may also be invoked where damage is
caused by the breakdown of a device that is under the complete owner-
ship and control of the defendant.
THE IMPORTANCE OF LIABILITY - Underlying all of this is your right to
recover for injuries you suffer from interference with your right to be
free from a variety of wrongs, some well established and others just
becoming established. If you feel that you have been wronged, you
should carefully consider still another factor that will influence your
decision whether or not to sue.
This is the question, which only your lawyer should decide, of whether
there is any liability on the part of the person who has wronged you.
He will be liable, and your legal action against him will succeed, only
if he/she has actually violated a legal duty which is owed to you as an
individual. Forgetting momentarily the question of your responsibility
for what happened, you can recover only where what was done or failed
to be done violated the course of conduct that the reasonably prudent
man would have done.
If the conduct of the person you want to sue has not, judged by the
presumed conduct of the reasonably prudent man, violated a duty to you,
the chances are you have no action. Liability is essential: you can win
your suit only if the person you are suing acted or failed to act in
such a way as to make the person liable. Liability results from conduct
that violates or interfers with one of your rights that the law recog-
nizes. If there is no such conduct there is no liability, no matteer
how aggrieved you may feel.
However, remember that the "prudent man" standard can also vary. Pro-
fessionals, i.e., doctors, lawyers, computer specialists, and the like,
are not your "ordinary" layperson. As such, the standards that govern
their conduct are viewed as a prudent practioner within the area of
speciality. These standards are gauged at a higher level than the ordi-
RIGHTING THE WRONG - Let's say that your lawyer has decided that, on
the basis of the facts you have given, the person who has wronged you
had a duty not to do so and that a court can therefore find the person
liable for violation of that duty. The question of which remedy you
should seek becomes all-important. Underlying the answer to this ques-
tion is the subject of damages. Also, keep in mind that many inten-
tional torts are or can be crimes.
Someone, for example, breaks into your computer system and destroys all
of the information you had stored there. It would take you weeks, if
not months, if at all, to be able to restore that information. However,
in the process you are severely compromised for work that you were per-
forming for someone for a fee. What is the "cost" of the damage? You
need to decide whether what you've lost is worth the expense of suing.
Also, is the person you are suing "judgment-proof?" That is, is the
person being sued broke or without assets? Sure you can sue, but if you
can't recover anything, you've gained nothing. You've lost the expense
of the legal action. You may, therefore, decide to sue on principle.
Provided you have the funds to take legal action, and do not care very
much about recovering money damages, you may continue your efforts. In
this example, some states would view the action as a crime. If so,
"punishment" may no longer be simply "monetary" in nature.
You are not limited to asking for money damages when you have been de-
prived of your property. You may try to get back the property itself,
or a reasonable facsimile. Let's say that someone causes damage to your
equipment. You may sue to get back equipment of equal value.
There are certain other torts for which money damages are not the re-
lief you want. If you are bothered by the neighbor who persists in
walking across your property despite all your requests that he stop,
money damages don't help you much. What you want in such a case is a
court order that he stop. Such an order is called an "injunction."
Now, let's apply all of this to the BBS environment.
ABBS wishes to thank Frank Levine, Attorney at Law and Co-Sysop
at ABBS, for the following. We are uncertain as to its origin,
but know that it has come from another bulletin board system.
This and our paper on the Law of Torts, represent our efforts
to provide information to fellow Sysops/BBS operators in hopes
to enlighten and contribute toward the growth and success of
the services we all provide and the communities we all serve.
James J. Spinelli
ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
Some of its provisions are important to BBS sysops and users.
The following is an excerpt from the House Report (Report
CHAPTER 121--STORED WIRE AND ELECTRONIC COMMUNICATIONS
AND TRANSACTION RECORDS ACCESS
Section 2701. Unlawful access to stored communicatons
(a) Offense.--Except as provided in subsection 9c) of
this section whoever--
(1) intentionally accesses without authorization a
facility through which an electronic
communiction service is provided; or
(2) intentionally exceeds an authorization to ac-
cess that faciliy and thereby obtains, alters,
or prevents authoroized access to a
wire or electronic communication while it is
in electronic storage in such system shall be
punished as provided in subsection (b) of this
(b) Punishment.-- The punishment for an offense under
sub section (a) of this section is--
(1) if the offense is committed for purposes of
commercial advantage, malicious destruction or
damages, or private commercial gain--
(A) a fine of not more than $250,000 or
imprisonment for not more than one
year, or both, in the case of a first
offense under this subparagraph; and
(B) a fine under this title or imprison-
ment for not more than two years or
both for an subsequent offense under
this subparagraph; and
(2) a fine of not more than $5,000 or imprisonment
for not more than six months, or both in any
Section 2702. Disclosure of Contents
(a) Prohibitions.--Except as provided in subsection
(1) a person or entitle providing an electronic
communication service to the public shall not
knowingly divulge to any person or entity the
contents of a communicaton while in
electronic storge by that service; and
(2) a person or entity providing remote computing
service to the public shall not knowingly di-
vulge to any person or entity the contents of
any communication which is carried or main-
tained on that service--
(A) on behalf of, and received by means
of electronic tranmission from (or
created by means of computer
processing of communications received
by means of electronic trasnmission
from), a subscriber or customer of
such service; and
(B) solely for the purpose of providing
storage or computer processing ser-
vices to such subscriber or customer,
if the provider is not authorized to
access the contents of any such
communications for purposes of pro-
viding any services other than
storage or computer processing.
(b) Exceptions.--A person or entity may divulge the con-
tents of a communication ---
(1) to an addressee or intended recipient of such
communication or an agent of such addressee or
(2) as otherwise authorized in section 2516,
2511(2)(a) or 2703 of this title;
(3) with the lawful consent of the originator or an
addresee or intended recipient of such
communication, or the subscriber in the case of
remote computing service;
(4) to a person employed or authorized or whose fa-
cilities are suited to forward such communication
to its destination;
(5) as may be necessarily incident to the rendition
of the service or to the protection of the
rights or property of the provider of that ser-
(6)to a law enforcement agency, if such contents--
(A) were inadvertently obtained by ser-
vice provider; and
(B) appear to pertain to the commission
of a crime.
Proposed section 2701 provides a new criminal offense. The
offense consists of either: (1) intentionally accessing,
without authorization, a facility through which an electronic
communication service is provided or (2) intentionally exceeding
the authorization of such facility.
In addition, the offense requires that the offender must, as
a result of such conduct, obtain, alter, or prevent
unauthorized access to a wire or electronic communication
while it is in electronic storage in such a system. The
term electronic storage is defined in section 2510(17) of
Title 18. Electronic storage means any temporary,
intermediate storage of a wire or electronic communication
incidental to the electronic transmission thereof and the
storage of such communication by an electronic communications
service for the purpose of back-up protection of such
Section 2701(a) makes it an offense intentionally to access
without authorization, or to exceed an authorization to ac-
cess, an electronic communciation service and thereby obtain,
or prevent authorized access to a wire or electronic
communication while it is in electronic storage in such sys-
tem. This provision addresses the growing problem of unautho-
rized persons deliberately gaining access to, and sometimes
tampering with, electronic or wire communication that are not
intended to be available to the public.
The Committee recognizes however that some electronic com-
munication services offer specific features, sometimes known
as computer "electronic bulletin boards," through which
interested person may communicate openly with the public to
exchange computer programs in the public domain and other
types of information that may be distributed without legal
It is not the intent to hinder the development or use of
"electronic bulletin boards" or other comparable services.
The Committee believes that where communciations are
readily accessible to the general public, the sender has,
for purposes of Section 2701(a), extended an "authorization"
to the public to access those communications. A person may
reasonably conclude that a communication is readily acces-
sible to the general public if the telephone number of the
system and other means of acceses are widely known, and if a
person does not, in the course of gaining access, encounter
any warnings, encryptions, password requests or other indicia
of intended privacy. To access a communication on such a
system should not be a violation of the law.
Some communcation systems offer a mixture of services, some,
such as bulletin boards, which may be readily accessible to
the general public, while others--such as electronic
mail--may be intended to be confidential. Such a system
typically has two or more distinct levels of security. A
user may be able to access electronic bulletin boards and
the like merely with a password he assigns to himself,
while access to such features as electronic mail ordinarily
entails a higher level of security (i.e., the mail must be
addressed to the user to be accessible specifically).
Section 2701 would apply differently to the different
services. These wire or electronic communications which the
service provider attempts to keep confidential would be
protected, while the statute would impose no liability for
access to feature configured to be readily acessible to the
Section 2702 specifes that a person or entity providing wire
or electronic communication service to the public may
divulge the contents of a communication while in electronic
storage by that service with the lawful consent of the
originator or any addressee or intended addressee or
intended recipient of such communicaiton. The commmittee
emphasizes that "lawful consent" in this context, need not
take the form of a formal written document of consent. A
grant of consent electronically would protect the service
provider from liability for disclosure under section 2702.
Under various circumstances, consent might be inferred to
have arisen from a course of dealing between the service
provider and the customer or subscriber--e.g. where a
history of transactions between the parties offers a basis
for a resonable understanding that a consent to disclosure
attaches to a particular class of communications. Consent
may also flow from a user having had a reasonable basis for
knowing that disclosure or use may be made with respect to a
communications, and having taken action that evidences
acquiescence to such disclosure or use--e.g., continued use
of such an electronic communication system. Another type of
implied consent might be inferred from the very nature of
the electronic transaction. For example, a subscriber who
places a communication on a computer "electronic bulletin
board," with a reasonble basis for knowing that such
communications are freely made available to the public,
should be considered to have given consent to the disclosure
or use of the communication. If conditions governing
disclosure or use are spelled out in the rules of an
electronic communication service, and those rules are
available to users or in contracts for the provison of such
services, it would be appropriate to imply consent on the
part of a user to disclosures or uses consistent with those
Section 2702(a) specifies that a person or entity providing
a wire or electronic communciation service or remote
computer services to the public shall not knowingly divulge
the contents of any communication while in electronic
storage by that service to any person or entity other than
the addressee or intended recipient of such communication or
an agent of such addressee or intended recipient of the
communications. Under some circumstances, however, a
customer or subscriber to a wire or electronic communication
service may place a communication on the service without
specifying an addressee.
The Committee intends, in that situation, that the communica-
tion at a minimum be deemed addressed to the service provider
for purposes of Section 2702(b). Because an addressee may
consent to the disclosure of a communication to any other
person, a service provider or system operator, as implied
addressee, may disclose the contents of an unaddressed
A person may be an "intended recipient" of a
communciaiton, for purpose of section 2702, even if he is
not individually identified by name or otherwise. A
communicaiton may be addressed to the members of a group,
for example. In the case of an electronic bulletin board,
for instance, a communication might be directed to all
members of a previously formed "special interest group" or,
alternatively, to all members of the public who are
interested in a particular topic of disucssion. In such an
instance, the service provider would not be liable for
disclosure to any person who might reasonably be considered
to fall in the class of intended recipients.
The entire document has to be read and studied to draw final
conclusions on a number of important issues. However, the
following observations can be made:
1. SYSOPS are to be considered providers of an electronic
communications service. In other words, whenever a BBS
goes up, it becomes an electronic communication service
subject to the requirements of the law.
2. Users of the BBS are protected and may have grounds to take
action against or ask that criminal charges be brought if
their communictions are improperly disclosed.
3. SYSOPs do have added protection against hackers, and
federal law enforcement is available.
4. Any "general" messages addressed to all members of the
board, provided the board is open to the general public, may
be disclosed and are not protected.
a. It is unclear whether a sysop may legally read pri-
vate mail on his board addrssed to another user, un-
less sysop discloses in a warning message that
he/she may read such messages.
b. Conferences that are not generally open to the pub-
lic may create an expectation of privacy and there
will be limited rights to disclose information.
c. Major changes in security procedures may require
user consent, or their messages may have to be re-
6. It would be prudent to have a major disclaimer in the in-
troduction of each BBS session, stating that there is no ex-
pectation of privacy and that anything left on the board
may be read or disclosed by the sysop.
Next, we present the "LEGAL" view.
We wish to thank our friend, Ruel Hernandez, for the information in
this section of our report.
Four years ago, Congress introduced legislation which sought to
provide federal statutory guidelines for the privacy protection of
electronic communications, including electronic mail (e-mail) found on
commercial computer-based services and on other remote computer systems such
as electronic bulletin board systems (BBS). The old federal wiretap law
only gave protection to normal audio telephone communications. Before the
legislation culminated into the Electronic Communications Privacy Act of
1986 (ECPA), which went into effect on January 20, 1987, there was no
contemplation of computer-based electronic communications being transmitted
across telephone lines and then being stored on disk for later retrieval by
or forwarding to its intended recipient. Federal law did not provide
guidelines for protecting the transmitted electronic messages once they were
stored on these computer-based communications services and systems.
(1) Whether electronic mail and other intended private material stored
on an electronic computer communications service or system have Fourth
Amendment privacy protection?
(2) Should private electronic mail and other such material be accorded
federal statutory protection guidelines such as those enjoyed by the U.S.
Law enforcement seeks criminal evidence stored as e-mail either on a
commercial computer service, such as CompuServe, GEnie or The Source, or on
a hobbyist-supported BBS. (Note, this situation is equally applicable to
personal, private data stored on a remote system for later retrieval, such
as with CompuServe's "personal file" online storage capabilities.)
For example, a computer user calls up a computer communication system.
Using the electronic mail function, he leaves a private message that can
only be read by an intended recipient. The message is to inform the
recipient of a conspiracy plan to violate a federal or state criminal
statute. Law enforcement gets a tip about the criminal activity and learn
that incriminating evidence may be found on the computer system.
In 1982, such a situation occurred. (Meeks, Life_at_300_Baud:_Crime_on
the_BBS_Network, Profiles, Aug. 1986, 12-13.) A Detroit federal grand jury,
investigating a million-dollar cocaine ring, issued a subpoena ordering a
commercial service, The Source, to hand over private subscriber data files.
The files were routinely backed up to guard against system crashes. The
grand jury was looking for evidence to show that the cocaine ring was using
The Source as a communications base to send messages to members of the ring.
With such evidence, the grand jury could implicate and indict those
suspected of being part of the cocaine ring. The Source refused to obey the
subpoena on the basis of privacy. The prosecution argued The Source could
not vicariously assert a subscriber's privacy rights. Constitutional rights
are personal and could only be asserted by the person whose rights are
invaded. Additionally, since the files containing messages were duplicated
by the service, any user expectation of privacy would be extinguished. A
court battle ensued. However, before a ruling could be made, the kingpin of
the cocaine ring entered a surprise preemptive guilty plea to federal drug
trafficking charges. The case against The Source was discontinued.
Publicly posted messages and other public material may be easily
retrieved by law enforcement. It is the private material, such as e-mail,
which posed the problem.
Law enforcement's task was then to gather enough evidence to
substantiate a criminal case. Specifically, they would want the e-mail, or
other private files, transmitted by suspected criminals. In oppostion, the
provider or systems operator of a computer communications service or system,
in his assumed role as keeper of transmitted private electronic messages,
would not want to turn over the private data.
INADEQUACY OF OLD LAW
Meeks noted that as of August, 1986, "no ... protection exist[ed] for
electronic communications. Any law enforcement agency can, for example,
confiscate a local BBS and examine all the message traffic," including all
private files and e-mail. (Id.)
There is little case law available on computer communications and
Fourth Amendment constitutional problems. (See_generally M.D. Scott,
Computer Law, 9-9 (1984 & Special Update, Aug. 1, 1984).) If not for the
preemptive guilty plea, the above described Detroit case may have provided
some guidance on computer-based communications and privacy issues.
Of the available cases, there are those which primarily dealt with
financial information found in bank and consumer credit organization
computers. In U.S._v._Davey, 426 F.2d 842, 845 (2 Cir. 1970), the
government had the right to require the production of relevant information
wherever it may be lodged and regardless of the form in which it is kept and
the manner in which it may be retrieved, so long as it pays the reasonable
costs of retrieval. In a California case, Burrows_v._Superior_Court, 13
Cal. 3d 238, 243, 118 Cal. Rptr. 166, 169 (1974), a depositor was found to
have a reasonable expectation that a bank would maintain the confidentiality
of both his papers in check form originating from the depositor and the
depositor's bank statements and records of those checks. However, in
U.S._v. Miller, 425 U.S. 435, 96 S.Ct. 1619 (1976), customer account
records on a bank's computer were held to not be private papers of the bank
customer, and, hence, there was no Fourth Amendment problem when they are
subpoenaed directly from the bank.
Although these cases have more of a business character in contrast to
personal e-mail found on computer systems such as CompuServe or a hobbyist-
supported BBS, they would hold that there would be very little to legally
stop unauthorized access to computer data and information.
Under the old law, a prosecutor, as in the Detroit case, may try to
analogize duplicated and backed up e-mail to business situations where data
on business computer databases are also backed up. Both types of computer
data are stored on a system and then later retrieved. The provider or
systems operator of a computer electronic communications system would
counterargue that the nature of computers always require the duplication and
backup of any computer data, whether the data files be e-mail or centrally-
based financial or credit data. Data stored on magnetic media are prone to
possible destruction. Duplication does not necessarily make e-mail the same
as financial or credit data stored in business computers. Centrally-based
business information is more concerned with the data processing. That
information is generally stored and retrieved by the same operator. E-mail
is more concerned with personal communications between individuals where the
sender transmits a private message to be retrieved only by an intended
recipient. The sender and the recipient have subjective expectations of
privacy that when viewed objectively are reasonable. Therefore, there would
be a constitutionally protected expectation of privacy under Katz_v._U.S.,
389 U.S. 347, 88 S.Ct. 507 (1967).
However, the prosecution would note under California_v._Ciraolo, --
U.S. --, 106 S.Ct. 1809 (1984), users would have to protect their electronic
mail from any privacy intrusion. The provider or operator of the service or
system has ultimate control over it. He has complete access to all areas of
the system. He could easily examine the material. The prosecution would
note the user could not reasonably protect his private data from provider or
operator invasion. This "knot-hole," where an observer can make an
observation from a lawful position, would exclude any reasonable expectation
of privacy. If there is no privacy, there can be no search and therefore no
Fourth Amendment constitutional violation. Law enforcement can retrieve the
The Justice Department noted the ambiguity of the knothole in a
response to Senator Leahy's question whether the then existing wiretap law
was adequate to cover computer communications. (S. Rep. No. 541, 99th
Cong., 2d Sess. 4 reprinted_in 1986 U.S. Code Cong. & Ad. News 3558.) It
was "not always clear or obvious" whether a reasonable expectation of
privacy existed. (Id.)
FEDERAL WIRETAP STATUTES
The old federal wiretap statutes protected oral telephone
communications from police interceptions. This protection was made during
1968 in response to electronic eavesdropping conducted by government.
(Cohodas, Congress_Races_to_stay_Ahead_of_Technology, Congressional
Quarterly Weekly Report, May 31, 1986, 1235.) Although e-mail appears to
come under the old 18 U.S.C. sec. 2510(1) definition of "wire
communication," it was limited to audio transmissions by wire or cable. The
old 18 U.S.C. sec. 2510(4) required that an interception of a wire
communication be an oral acquisition of the communication. By being
"oral," the communication must be "heard." There would be a problem as to
whether an electronic communication could be "heard." Data transmissions
over telephone lines generally sound like unintelligible noisy static or
high pitched tones. There would certainly be no protection after a
communication has completed its transmission and been stored on a computer.
The communication's conversion into computer stored data, thus no longer in
transmission until later retrieved or forwarded as transmission to another
computer system, would clearly take the communication out of the old
statutory protected coverage.
"Eighteen years ago ... Congress could not appreciate - or in some
cases even contemplate - [today's] telecommunications and computer
technology...." (132 Cong. Rec. S7992 (daily ed. June 19, 1986) (statement
of Sen. Leahy).)
COMPARISON WITH U.S. MAIL PROTECTION
A letter sent by first class mail is given a high level of protection
against unauthorized intrusion by a combination of federal and U.S. Postal
Service statutes and regulations. For instance, the unauthorized taking out
of and examining of the contents of mail held in a "depository for mail
matter" before it is delivered to the mail's intended recipient is
punishable by fine, imprisonment, or both. (18 U.S.C. sec. 1702.) In
comparison, under the old law, electronic communications had no protection.
Federal protection for U.S. Mail provided a suggested direction as to how
electronic communications should be protected when it was no longer in
SOLUTION - THE NEW LAW
There are two methods towards a solution: (1) court decisions; or (2)
new legislated privacy protection.
Courts may have chosen to read computer communications protection into
the old federal wiretap statute or into existing state law. However, they
were reluctant to do so. Courts "are in no hurry to [revise or make new law
in this area] and some judges are openly asking Congress for help....
[F]ederal Appeals Court Judge Richard Posner in Chicago said Congress needed
to revise current law, adding that 'judges are not authorized to amend
statutes even to bring them up-to-date.'" (Cohodas, 1233.)
On October 21, 1986, President Reagan signed the new Electronic
Communications Privacy Act of 1986 amending the federal wiretap law. ECPA
went into effect during the beginning of 1987. (P.L. 99-508,
Title I, sec. 111, 100 Stat. 1859; P.L. 99-508, Title II, sec. 202, 100
Stat. 1868.) ECPA created parallel privacy protection against both
interception of electronic communications while in transmission and
unauthorized access to electronic communications stored on a system.
The new ECPA first provides privacy protection for any
'electronic communication' ... [by] any transfer of signs,
signals, writing, images, sounds, data or intelligence of any
nature transmitted in whole or in part by a wire, radio,
electromagnetic, photoelectronic or photooptical system that
affects interstate or foreign commerce...."
(18 U.S.C. secs. 2510(12), 2511.) The Senate Report noted examples of
electronic communications to include non-voice communications such as
"electronic mail, digitized transmissions, and video teleconferences." (S.
Rep. No. 541, 99th Cong., 2d Sess. 14 reprinted_in 1986 U.S. Code Cong. &
Ad. News 3568.) Electronic communication is defined in terms of how it is
transmitted. So long as the means by which a communication is transmitted
affects interstate or foreign commerce, the communication is covered ECPA.
(18 U.S.C. sec. 2510(12).) Generally, that would include all telephonic
means including private networks and intra-company communications. (S.
Rep. No. 541, 99th Cong., 2d Sess. 12 reprinted_in 1986 U.S. Code Cong. &
Ad. News 3566.)
Second, ECPA protects the electronic communication when it has been
stored after transmission, such as e-mail left on an electronic computer
communication system for later pickup by its intended recipient. (18 U.S.C.
sec. 2510(17).) The legislation makes it a federal criminal offense to
break into any electronic system holding private communications or to exceed
authorized access to alter or obtain the stored communications. (18 U.S.C.
The legislation would protect electronic computer communication systems
from law enforcement invasion of user e-mail without a court order. (18
U.S.C. secs. 2517, 2518, 2703.) Although the burden of preventing
disclosure of the e-mail is placed on the subscriber or user of the system,
the government must give him fourteen days notice to allow him to file a
motion to quash a subpoena or to vacate a court order seeking disclosure of
his computer material. (18 U.S.C. sec. 2704(b).) However, the government
may give delayed notice where there are exigent circumstances as listed by
the Act (18 U.S.C. sec. 2705.) Recognizing the easy user destruction of
computer data, ECPA allows the government to include in its subpoena or
court order the requirement that the provider or operator retain a backup
copy of electronic communications when there is risk of user destruction.
(18 U.S.C. sec. 2704(a).)
The legislation gives a civil cause of action to the provider or
operator, subscriber, customer or user of the system aggrieved by an
invasion of an electronic communication in the system in violation of the
ECPA. (18 U.S.C. secs. 2520, 2707.) If the provider or operator has to
disclose information stored on his system due to a court order, warrant,
subpoena, or certification under ECPA, no cause of action can be brought
against him by the person aggrieved by such disclosure. (18 U.S.C. sec.
2703(e); see_also 18 U.S.C. secs. 2701(c), 2702(b), 2511(2)(a)(i),
2511(3)(b)(iii) where the systems operator or provider is not held
criminally liable, may observe a private communication while performing
employment duties or according to authorization, etc., may intercept private
communication while making quality control checks or during the course of
forwarding communications to another system.)
Clearly, the national commercial services in the United States,
including CompuServe, MCI Mail or a company using a contracted e-mail
service, such as GE QUIK-COM (See S. Rep. No. 99-541, 99th Cong., 2d Sess.
8 reprinted_in 1986 U.S. Code Cong. & Ad. News 3562) are covered by ECPA.
However, there may be some confusion as to whether ECPA would protect
electronic communications found on a mere user-supported BBS. For
instance, language in ECPA does not expressly state the term "bulletin
board." Nonetheless, ECPA would indeed cover electronic bulletin boards.
What are electronic bulletin boards? Generally, they are personal
computers provided for and maintained by computer users out of their own
personal resources. These systems traditionally allow free access to
computer/modem-equipped members of local communities and provide for both
public and private electronic mail exchange. Some sophisticated systems,
such as the ProLine system written for Apple II computers, provide callers
with personal user areas where they may keep private files much like the
CompuServe personal file areas.
Augmenting the single stand-alone BBS, there are networks of bulletin
boards linked together, often with the assistance of university mainframes,
with other bulletin boards or mainframe computers by sophisticated "mail
routing" systems (such as ARPAnet and FIDOnet). These networks use
sophisticated message addressing instructions and computer automation where
networked computers make calls to other networked computers to exchange
"net-news" or private mail between users of the different bulletin boards.
Given the proper address routing instructions, a user may communicate with
another user on a cross-town BBS or on a BBS in another part of the country.
Although there is some delay with messages being routed through a network,
these networks help to reduce or eliminate the computer user's need to
make direct toll or long distance calls to faraway systems. (Note, there
are also network exchange systems and "gateways" between commercial
Businesses have been turning to the use of BBS's and BBS mailing
networks for increased productivity, paperwork reduction, improved client
contact and the elimination of "telephone tag." (See Keaveney,
Custom-Built_Bulletin_Boards, Personal Computing, Aug. 1987, 91.)
A number of these corporate BBS's are open to the public with
restricted access to business and client system areas. Examples of
such systems include (a) two Washington D.C. area boards run by Gannet
Company Inc. ("[f]or all Gannet/USA Today employees and other computer
users"), Issue Dynamics Inc. (catering to the consulting company's clients),
and (b) A Westchester County (NY) area board run by VITRON Management
Consulting, Inc. (catering to the general business community).
ECPA language would show protection for bulletin boards. 18 U.S.C.
sec. 2510(15) provides that "'electronic communication service' means any
service which provides to users thereof the ability to send or receive wire
or electronic communications". A "remote computing service" was defined in
the Act as an electronic communications system that provides computer storage
or processing services to the public. (18 U.S.C. sec. 2710(2).)
Intra-company communications systems, corporate BBSes, would also be
protected. (S. Rep. No. 541, 99th Cong., 2d Sess. 12 reprinted_in 1986 U.S.
Code Cong. & Ad. News 3566.) Language in ECPA refers to "the person or entity
providing the wire or electronic communication service," such as in 18 U.S.
secs. 2701(c)(1) and 2702(a)(1). Such language would indicate the inclusion
of individuals and businesses who operate bulletin board systems.
The Senate report, in addition to defining "electronic mail," gave a
separate definition of "electronic bulletin boards":
Electronic "bulletin boards" are communications networks created
by computer users for the transfer of information among computers.
These may take the form of proprietary systems or they may be commercial,
or noncommercial systems operating among computer users sharing special
interests. These systems may [or may not] involve fees covering
operating costs and may require special "passwords" which restrict
entry to the system. These bulletin boards may be public or
semi-public in nature, depending on the degree of privacy sought by
users, operators or organizers of such systems.
(S. Rep. No. 541, 99th Cong., 2d Sess. 8-9 reprinted_in 1986 U.S. Code
Cong. & Ad. News 3562-3563.)
ECPA, as enacted, takes note of the different levels of security found
on user-supported BBS's, i.e. the difference between configured system
areas containing private electronic mail and other areas configured to
contain public material. (18 U.S.C. sec. 2511(2)(g)(i).) The electronic
communications which a user seeks to keep private, through methods provided
by the system, would be protected by ECPA. In contrast, there would be no
liability for access to features configured by the system to be readily
accessible by the general public. An indicia of privacy on the system, with
no notice to show otherwise, would trigger ECPA coverage. An indicia of
privacy may include passwords and prompts asking if a message is to be kept
House Representative Kastenmeier noted that there was an unusual
coalition of groups, businesses and organizations interested in ECPA.
(Kastenmeier, Communications_Privacy, Communications Lawyer, Winter 1987,
1, 24.) Among those interested included the BBS community. Reporters in
the BBS community noted how Senator Leahy and others were receptive to their
concerns. They report Leahy to have been "soliciting [users and BBS
operators'] comments and encourag[ing] sensitivity to the needs of BBS's in
the legislation.... [Senators and congressional members] are ... willing to
listen to our side of things." (BBSLAW02.MSG, dated 07/24/85, information
from Chip Berlet, Secretary, National Lawyers Guild Civil Liberties
Committee, transmitted by Paul Bernstein, SYSOP, LAW MUG, Chicago, Illinois
regarding Federal Legislation Affecting Computer Bulletin Boards, deposited
on The Legacy Network in Los Angeles, California.)
There are at least two possible ways to escape ECPA coverage. The
first is to provide adequate notice that all material on a service or system
may be publicly accessible even though methods of providing privacy remain.
The bulletin board system maintained by DePaul University College of Law
Chicago, Illinois, provides an example of an electronic notice (displayed
upon user access):
PURSUANT TO THE ELECTRONIC AND COMMUNICATIONS PRIVACY ACT OF 1986, 18
USC 2510 et. seq., NOTICE IS HEREBY GIVEN THAT THERE ARE NO FACILITIES
PROVIDED BY THIS SYSTEM FOR SENDING OR RECEIVING PRIVATE OR
CONFIDENTIAL ELECTRONIC COMMUNICATIONS. ALL MESSAGES SHALL BE DEEMED
TO BE READILY ACCESSIBLE TO THE GENERAL PUBLIC.
Do NOT use this system for any communication for which the sender
intends only the sender and the intended recipient or recipients to
Note, although the DePaul notice states otherwise, user-operated message
privacy toggles remain on the board. The second possible method to escape
ECPA coverage would be to merely not provide any means of privacy.
One way of foiling the intent of a government subpoena or court order
requirement to keep duplicate copies of private electronic communications
would be the use of passworded private e-mail. For instance, the private
e-mail capabilities of GEnie Mail and GE QUIK-COM include user-toggled
passwording which utilizes an encryption technique that no one, not even the
provider, knows how to decipher. Bill Louden, General Manager of GEnie
(General Electric Network for Information Exchange), noted how GEnie Mail
and GE QUIK-COM passworded e-mail cannot be read by anyone who did not know
the password. "[N]ot even our 'god' number could ever read the [passworded]
mail." (Message from Bill Louden, GEnie, Legacy RoundTable (LAW), category
1, topic 7, message 6 (May 15, 1987).) The writer of the encryption
software has since left General Electric and no one has had success in
breaking the code. (Message from Bill Louden, GEnie, Legacy RoundTable
(LAW), category 1, topic 7, message 10 (May 17, 1987).)
With ECPA, e-mail and other private electronic communications stored on
computer communication systems have privacy protection. Unfortunately,
before ECPA, federal statutory guidelines for such protection were not
articulated. Case law also did not provide any helpful guidance. The
peculiarities of computers and computer storage were not addressed by the
old wiretap laws. Electronic communications privacy could not stand up
against constitutional privacy law as defined by the United States Supreme
Court. The then existing law was "hopelessly out of date." (S. Rep. No.
541, 99th Cong., 2d Sess. 2 reprinted_in 1986 U.S. Code Cong. & Ad. News
3556 (statement of Sen. Leahy).) Fortunately, a legislative solution to
bring privacy law up to date with the advancing computer communication and
information technology was provided for in ECPA.
One should note that ECPA was designed as a statutory solution to fill a
loop-hole in federal constitutional law where computer-communication
messages (e.g., email) are not protected. Under traditional Fourth
Amendment Search and Seizure law, email and similar computer-communication
material are not considered to have any constitutional privacy protection
against government intrusion. ECPA provides statutory privacy protection
where there is no constitutional protection.
Generally, a BBS may fall under the coverage of ECPA if there is some
indicia of privacy found on the BBS. There are various degrees of privacy
found on a BBS ranging from the opening login password to the sending of a
private message via UUCP. Under ECPA, a sysop or online service employee
may not be found civilly liable for intercepting (i.e., reading/viewing)
private information or private messages between users who call in to a BBS
so long as he is performing "quality control checks" or other similar
duties. This may include passive maintenance activity and intermail or
echomail forwarding. ECPA thus provides some protection for a sysop from
civil liability if his system is found to fall under ECPA coverage.
To escape coverage from ECPA, a BBS sysop may place a disclaimer at the
"front door" or throughout his system (such as an automatic notice whenever
if the caller wishes to send private email) giving the caller adequate
notice that the system has no privacy privileges. (Note: what I mean by
privileges, in the legal sense, is much broader than mere privacy toggle
commands found on a BBS.) Giving such notice would work to negate any
indicia of privacy that may be found on the system. For instance, the sysop
may say that he has access to all private email, he will read all private
email, and he will disclose all improper or criminal information left on his
system to the appropriate authorities even if there are privacy toggle
commands found on the system -- and suggest the caller try another system if
he/she wishes to send secure private messages. The sysop may then stand a
better chance of not being found liable under ECPA.
The DePaul University College of Law BBS Disclaimer:
This type of disclaimer, dealing with communications, should not be found to
be applicable to private login passwords -- in other words, passwords should
maintain their privileged private status. (Note, some attorney may try to
argue that passwords are messages and therefore are excluded from ECPA by
the disclaimer and may be disclosed.)
Note, ECPA is primarily first a statutory solution to providing
statutory protection against government intrusion into private computer
communications in order to be more in tune with traditional Fourth Amendment
Search and Seizure law. Generally, in order for police or other government
authorities to intrude into private computer communications, a court order,
subpeona, or warrant must be obtained. A sysop may be ordered to provide
copies of particular information -- the warrant should particularly describe
what is sought, such as the author of the message, subject matter, etc. The
author of the private information may also be given 14 days notice of the
search unless there are exigent circumstances, e.g., the author has the
ability to destroy the information. Note, although there may be the
possibility that a sysop may be held in contempt of court for not providing
copies, this does not necessarily mean the sysop has the affirmative duty to
make and keep copies of all information kept on his system if it is not
reasonable for him to do so, e.g., the system program does not keep backups,
old messages are automatically destroyed after a certain period of time such
as on an HBBS system, etc. -- he may only have to provide copies when
ordered to do so and if reasonable (my interpretation).
Although a sysop may not be found liable under the federal ECPA statute,
there may be alternative liability found under state law. Generally, at the
state level, there is either state statutory or common law protection
against INVASION OF PRIVACY. In particular, this would include (1) public
disclosure of private facts and (2) intrusion upon seclusion. A possible
situation would include not only public disclosure of private email, but
also public discussion or private system passwords. A good attorney may be
able to make good arguments to find liability under either one of the two
tort law causes of action -- particularly when a sysop holds himself or
herself out as a provider of private or semi-private information exchange.
Note, under either the federal ECPA or state invasion of privacy laws, a
sysop or caller to a system may be able to sue users who break into the
closed or private areas of the system. Of course, evidence would have to be
obtained to prove causation and liability and evidence is a completely
different issue problem....
Finally, there are several issues that are currently being reviewed for
possible statute inclusion. Such issues involve, but are not limited to:
1. The dissemination and distribution of elements contributing to
the delinquency or corruption of minors:
- advocacy of games of chance (gambling)
2. The maintenance of the integrity of electronically stored data
and information within communication systems, including electronic
These issues are the subject of a subsequent paper. In addition, they are
topics that represent areas of discussion within the potential PCBRelay
We at VITRON (and ABBS) would greatly appreciate your feedback and input
regarding this paper. If you have any questions, comments, observations or
suggestions, please leave us a message. Your nessage will receive as prompt
a reply as is feasible (usually within 24 to 48 hours).