[CyberLaw (tm) 2/93] E-MAIL & PRIVACY I. CONCERNS ABOUT E-MAIL According to the Electronic Mail Association, electronic mail (e-mail) usage has experienced explosive growth over the past decade. In the U.S. alone, the number of public and private mailboxes grew from less than 1/2 million in 1980 to 19 million in 1991. E-mail can be a valuable tool for businesses to improve responsiveness, enhance productivity and reduce paper flow and handling, among other things. Individual users also benefit from a reduction in time zone and telephone tag problems, and easy access to up-to-date information. E-mail is susceptible, however, to significant abuse. In California, the use of e-mail systems by private companies have given rise to a number of civil suits. One employer was sued for allegedly engaging in the systematic interception of employee e-mail. Employees of a number of companies have been charged with using e-mail to transfer trade secrets to competitors. Following a profusion of stories widely reported in the media (e.g., the Rodney King case in Los Angeles, where e-mail between police officers was introduced as evidence of their intent), much fear, uncertainty and doubt has been expressed regarding the rights and obligations of e-mail providers and users, with privacy rights being a matter of considerable interest. Concerned companies and individual users may, however, be able to resolve many of their concerns by reviewing 3 principal sources of legal rights and obligations concerning e-mail: federal law, the law of the states, and employer policies and practices. II. FEDERAL LAW The Electronic Communications Privacy Act of 1986 ("ECPA") is the primary source of law concerning e-mail. A comprehensive guide to the ECPA has been written by John Podesta and Michael Sher for the Electronic Mail Association, titled "Protecting Electronic Messaging: A Guide to the Electronic Communications Act of 1986." As stated by Podesta and Sher, "The [ECPA] has two essential purposes: 1) to protect all electronic communications systems, including purely internal electronic mail systems and public systems, from outside intruders; and 2) to protect the privacy of certain messages sent over public service electronic mail systems just as the privacy of telephone calls over public telephone systems is protected." (Protecting Electronic Messaging, p.viii.) Under the ECPA, it is a federal felony to intentionally intercept wire, oral and electronic communications while in transmission, among other things. (18 U.S.C.A. Section 2511(1).) Intentionally gaining unauthorized access to an electronic communication service, or intentionally exceeding one's authority to access such service, "and thereby obtain[ing], alter[ing], or prevent[ing] authorized access to a wire or electronic communication while it is in electronic storage in such a system" is similarly prohibited. (18 U.S.C.A. Section 2701(a).) The ECPA, however, neither prohibits the interception or accessing of an electronic communication made through "an electronic bulletin board or communications system that is configured so that it is readily accessible to the public," nor prevents "access to public electronic communication facilities or services." (Protecting Electronic Messaging, pp.4, 26.) ECPA restrictions on the disclosure of the content of e-mail in transit or while in electronic storage do not appear to apply to operators of "purely private, internal messaging systems." (Protecting Electronic Messaging, p.6.) The law also makes several notable exceptions for providers of electronic mail messaging to the general public. For example, such providers are allowed to divulge the content of communications inadvertently obtained "which appear to pertain to the commission of a crime, if the divulgence is made to a law enforcement agency" (18 U.S.C.A. Sections 2511(3)(b)(iv), 2702(B)). They are further allowed, in the normal course of business, to intercept, disclose or use communications necessarily incident to the protection of their rights and property. (18 U.S.C.A. Section 2511(2)(a)(i).) With regard to this latter exception, Podesta and Sher explain that: "Congress recognized that electronic communication providers may have to monitor a stream of transmissions in order to properly route, terminate or manage individual messages. This type of monitoring is not prohibited because it does not infringe on the privacy of either the sender or recipient." (Protecting Electronic Messaging, p.4.) Service providers are not allowed, however, to utilize "service observing or random monitoring, except for mechanical or service quality control checks." (18 U.S.C.A. Section 2511(2)(a)(i).) Significantly, the ECPA also sets out a procedures that, if followed, will insulate e-mail providers that cooperate with law enforcement officials. Penalties for violation of the ECPA are severe. The illegal interception or disclosure of e-mail, or use of illegally intercepted e-mail, is punishable as a felony by up to a 5 year prison sentence and a fine. (18 U.S.C.A. Sections 2511(4).) Individuals may be subject to fines up to $250,000, and businesses may be subject to fines up to $500,000. (Protecting Electronic Messaging, p.6.) Civil actions for money damages and other relief are also authorized. III. STATE LAWS Other rights and obligations relating to e-mail may be found under state law. For example, California penalizes a range of computer-related activities, including "knowingly and without permission access[ing] or caus[ing] to be accessed any computer, computer system, or computer network." (Cal. Penal Code Section 502(c)(7).) In this regard, the California Legislature has declared that: "[P]rotection of the integrity of all types and forms of lawfully created computers, computer systems, and computer data is vital to the protection of the privacy of individuals as well as to the well-being of financial institutions, business concerns, governmental agencies, and others within this state that lawfully utilize those computers, computer systems and computer data." (Cal. Penal Code Section 502(a).) Similarly, under New York law it is a misdemeanor to "knowingly [use] or [cause] to be used a computer or computer service without authorization and the computer utilized is equipped or programmed with any device or coding system, the function of which is to prevent the unauthorized use of said computer or computer system." NY Penal Law Section 156.05. Aside from computer-specific laws of the type noted above, there are other state laws of more general application that affect e-mail. For instance, the California Constitution includes an express right of privacy, which may be violated by certain actions involving computers and e-mail. Similarly, an unreasonable search by a California employer may also lead to civil liability for violation of rights under the California Constitution. A host of other laws found in California and other states may also affect the use of e-mail, including laws concerning defamation and invasion of privacy. IV. THE WORKPLACE At the grass-roots level, rights and obligations concerning e-mail may arise by agreement (such as a collective bargaining agreement) or from the policies and practices of an employer that provides an e-mail system for the use of its employees. There has been much discussion on the subject of employee rights concerning e-mail sent over an employer's system. In this regard, it has been widely suggested that companies formulate and implement policies defining parameters concerning access to company e-mail systems, use of such systems, and the monitoring and disclosure of e-mail found on such systems. Companies interested in developing e-mail guidelines may want to contact the Electronic Mail Association, based in Arlington, VA (703/875-8620). The Association publishes a useful guide titled "Access to and Use and Disclosure of Electronic Mail on Company Computer Systems: A Tool Kit for Formulating Your Company's Policy." The Tool Kit, available to non-members for $45, briefly describes the legal rights and duties regarding the provision of e-mail systems, and presents a number of issues and concerns that should be addressed in the course of developing a company policy. The Tool Kit describes alternate policies and provides possible text for use in policy statements. Policy topics discussed in the Tool Kit include disclosure of company policy in advance, permissible uses of the electronic mail system, monitoring for security violations, grounds required for targeted access, and limitations on disclosure and use of information obtained by means of access or monitoring. CyberLaw (tm) is published solely as an educational service. The author may be contacted at jrsnr@well.sf.ca.us; cyberlaw@aol.com; questions and comments may be posted on America Online (go to keyword "CYBERLAW"). Copyright (c) 1993 Jonathan Rosenoer; All Rights Reserved. CyberLaw is a trademark of Jonathan Rosenoer. CyberLex (tm) [2/93] Notable legal developments reported in February 1993 include the following: ¥ The F.B.I. is reportedly seeking to revive its proposed legislation on Digital Telephony, which has been widely criticized as an attempt to dumb down advances in telecommunication systems so that law enforcement will have an easier time intercepting and reading messages sent over those systems. (San Jose Mercury News, February 25, 1993, 1F.) ¥ The Chairman of the House Subcommittee on Telecommunications and Finance, Sen. Edward J. Markey, has warned computer industry officials that they need to participate more actively in the development of Federal standards regarding the establishment of a national "data superhighway," or risk falling victim to other interests and suffer restricted access to the proposed network. (New York Times, February 23, 1993, C2; San Jose Mercury News, February 23, 1993, 6D.) ¥ The U.S. Patent & Trademark Office has issued a preliminary determination denying Microsoft Corp. a trademark for the word "Windows," which the government considers to be a generic term in the computer industry in use long before Microsoft introduced its product in 1983. (Wall Street Journal, February 25, 1993, B7; New York Times, February 25, 1993, C1.) ¥ The Federal Trade Commission, having received a report by the Commission's Bureau of Competition recommending that the Commission seek an injunction against Microsoft Corp., rejected that recommendation by a 2-2 vote and deferred taking action against Microsoft. Microsoft has been accused by its rivals of unfair competition relating to its licensing practices and other tactics. One principal complaint concerns the fact Microsoft offers a 60% discount on its MS-DOS operating system to computer manufacturers who agree to pay a fee based on every computer. Another complaint is that Microsoft creates built-in incompatibility in its software, allowing its Windows program only to be compatible with MS-DOS. (New York Times, February 6, 1993, p.15; San Jose Mercury News, February 6, 1993, 3E, and February 21, 1993, 1F; Wall Street Journal, February 8, 1993, A3.) ¥ Actors who play the characters Norm and Cliff in the television series "Cheers" have filed suit against Host International Inc., alleging that their rights of publicity have been infringed by Host's use in airport lounges of robots that depict those characters. (San Jose Mercury News, February 11, 1993, 3B.) ¥ A municipal court judge in Santa Clara County, California, has ruled that a cable company cannot collect fines from customers it suspects of pirating premium programs unless the individual customers are first found guilty in a criminal proceeding. (San Jose Mercury News, February 24, 1993, 1B.) ¥ Southwestern Bell Corp., which provides phone service in Southwestern states, has agreed to buy 2 cable television systems in the Washington D.C. area. This will be the first acquisition of a cable system by a telephone company. Southwestern Bell already owns a cellular telephone franchise in the Washington area. (New York Times, February 10, 1993, A1.) ¥ I.B.M. has filed suit in Tokyo against Kyocera Corp., alleging that between 1985 and 1990 Kyocera infringed copyrights in I.B.M.'s personal computer basic input/output system, or BIOS. I.B.M. is seeking damages in the sum of $150 million. (New York Times, February 2, 1993, C4; Wall Street Journal, February 2, 1993, B7; San Jose Mercury News, February 2, 1993, 7E.) ¥ A settlement has been reached by Intel Corp. and Chips & Technologies Inc. concerning patent lawsuits they filed against each other last year. (San Jose Mercury News, February 5, 1993, 1C.) ¥ The U.S. Second Circuit Court of Appeals has reversed itself, upon a motion for reconsideration by Computer Associates International Inc., and has ruled that the Copyright Act does not preempt a cause of action based on state common law trade secret rights if that cause of action contains elements of proof additional to or qualitatively different from those required to prove copyright infringement. In the Computer Associates action, an alleged breach of a duty of confidentiality under state law foreclosed preemption. (__Computer Associates International Inc. v. Altai Inc.__, Nos. 91-7893, 91-7935 (2d Cir. December 18, 1992.) CyberLex (tm) is published solely as an educational service. Copyright (c) 1993 Jonathan Rosenoer; All Rights Reserved. CyberLex is a trademark of Jonathan Rosenoer.