THE LAW OF TORTS James J. Spinelli The Activity Bulletin Board Service - ABBS - (914) 779-4273 ===================================================================== This paper is NOT intended as a substitute for a lawyer NOR as a do-it-yourself kit. It provides basic information to help you under- stand certain legal principles. In any serious situation or when you are in doubt, there is no substitute for competent professional legal advice. Trying to act as your own lawyer can be costly and, in some in- stances, dangerous. The author assumes no responsibility, accountabil- ity or liability whatsoever in the use or misuse of any information presented herein. The information herein is of a general nature. ===================================================================== Most of us are generally aware of what crimes are (murder, arson, theft, for example) but are vague about what the law refers to as torts. There's a good reason: leading legal writers agree that no one has satisfactorily defined a tort. This is partly because torts are so common, so widespread and so varied. You are far more likely to be the victim of a tort than a crime, and you are also far more likely to com- mit a tort than a crime. The purposes of this paper are sevenfold: 1. To explain torts; 2. To show how they differ from crimes; 3. To stress the importance, in the law of torts, of negligence, intent and liability; 4. To indicate what relief is available to you when a tort has been committed against you or your property; 5. To show you how to seek that relief by starting a lawsuit; 6. To explain how such a suit is tried; 7. To relate all of the above purposes to a specific classification of circumstances, i.e., how they relate to the role and responsibilities of a systems operator (Sysop) of an electronic bulletin board service (BBS). TORTS VERSUS CRIMES - A tort is a civil wrong against an individual. A crime, on the other hand, is an offense against the public at large, or the state. For example, an automobile driver who carelessly bumps into your car in a parking lot and crumples the fender has committed a tort against your property. Because the law recognizes your legal right to freedom from injury to your property caused by other people's careless- ness, you are entitled to sue the driver and be awarded damages for his breach of your tight. But, he has committed no crime. Once again, a tort is an act that violates your private or personal rights. Unless the act that is a tort is also a crime, the state will do nothing about it. If you believe someone has violated your personal rights -- but has not acted against the interests of the public as a whole -- it is entirely up to you to seek relief by suing the person in the civil courts. If the person who you believe has legally aggrieved you is found liable -- that is, the judge or jury finds that the person did in fact injure you or your property -- the person may be required to: 1. give you relief by paying you "damages" for the injury or property loss you suffered, 2. discontinue the wrongful acts, or 3. restore to you what was taken from you. In some cases the person may be imprisoned. If the tort is also a crime, two separate legal actions confront the wrongdoer: your's and the state's. A tort is usually committed when someone injures you physically, dam- ages or misuses your property, attacks your reputation arbitrarily or takes away your liberty and freedom of action without just cause. To recover damages for a tort you must prove either that the act was com- mitted with deliberate intent (as when someone spreads false accusa- tions about you) or that it was the result of negligence. In most cases you must prove that the act inflicted actual damage or injuries. A malicious act that does you no harm is not sufficient cause for legal action. A person who is proved to have committed a tort will be held respon- sible for all the damages proved to have resulted from the act, includ- ing damages to "third parties." WHO IS RESPONSIBLE FOR COMMITTING A TORT - Generally speaking, any per- son, young or old, mentally competent or not, is responsible for his/her torts, i.e., for the consequences of the actions to others in- jured by those actions. Here is an interesting distinction between torts and crimes. Children below a certain age not usually liable for crimes they commit, on the ground that children of their age really do not understand the significance of their actions. For basically the same reason, persons who have been adjudged mentally incompetent are not liable for their crimes. BUT, these SAME persons may be liable for their torts, whether they are deliberate or the result of carelessness. Intent is an essential element in such torts as libel and trespass. Al- most all employers are liable for the torts of their employees if the employee committed the harmful act during the course of employment. (This also applies to "agent" and "principal" relationships.) The point to keep in mind is that the law usually holds an employer liable for what happens when his employee is carrying out instructions and/or working on behalf on the employer. But, not all employers -- especially not governmental ones. The doctrine of sovereign immunity -- that the state cannot be sued except by its own consent -- severely limits your right to sue governments and governmental bodies for the torts of their employees. However, the US government and the government of many states have in recent years passed laws that do permit such suits to be brought against them. In some instances separate courts, usually called courts of claims, have been established to handle these actions. Some people may not be held liable in tort actions. Among them are hus- bands and wives, who are not considered responsible for each other's torts, and parents, who are not usually liable for the torts of their children. The situation changes, however, if the parent knows that the child has developed what lawyers call a vicious propensity to commit acts that injure other people or their property. In addition, some states have passed laws that do make the parents responsible for will- ful damage caused by their minor children. Of course, if it can be established that the husband or wife or parent or other adult actually thought up the tortious action, planned it and coerced or persuaded the spouse or child into committing it, than that adult or spouse WILL be held responsible for the act and liable for the damage it caused. Except for so-called acts of God, any interference with your personal or property rights, whether intentional or through negligence, is a tort. When it comes to personal rights, torts typically deal with one or more of the following intentional violations: (negligence comes later) 1. Interference with your freedom of movement 2. Misuse of the legal process 3. Interference with your person 4. Interference with your peace of mind 5. Interference with your privacy 6. Interference with your reputation For our purposes, we shall examine only items 4, 5 and 6 -- interfer- ence with your peace of mind, your privacy and your reputation. INTERFERENCE WITH YOUR PEACE OF MIND - The growth in the sciences of medicine and psychology has brought about an expansion of the idea of freedom from fear or apprehension. You may have an action against some- one who intentionally inflicts mental suffering on you. You have a right to freedom from the consequences of mentally abusing malicious acts, and the courts protect that right by awarding damages -- nominal, or small, if the harm is slight; punitive, or large, if the damage is great or the act particularly outrageous. Consider the mental anguish if you are worried that someone will come into your home and cause dam- age, or that someone will "attack" your computer system while you are not around to protect it. The more expensive the equipment (your prop- erty), the more punitive the damages. At times, the intent alone, par- ticularly if shown to be an act of vengeance or malice, can be suffi- cient to award punitive damages that are considerably greater than the cost or value of property, depending on the mental anguish suffered. If such an act disrupts a business, the mental anguish can be quite se- vere, and the tort may be punishable by stiff fines and/or a jail term. In some cases, such torts can be classified as a crime, which then ne- cessitates the state to step in, since some states view the mental an- guish to be associated with acts of violence that concern the public at large. This applies since other businesses may be subjected to similar malfeasance. INTERFERENCE WITH YOUR PRIVACY - This is another right protected by the courts -- your right to be let alone. Such interference can take many forms, some obvious, others not so obvious. One of the not-so-obvious, or less direct violations to privacy, is the objectionable publicity to private information about you. INTERFERENCE WITH YOUR REPUTATION - As important as any freedom to which you are entitled is freedom from unwarranted, untruthful attacks on your character. This kind of attack, if made in the presence of other people, constitutes defamation, for which you are entitled to nominal or punitive damages, as the case may be. If you are defamed orally, you have been slandered. If the defamation is in writing and shown to or seen by someone else, you have been libeled. Slander is the less serious of the two torts because it is fleeting. The spoken words of defamation exist only as they are uttered and then disappear for- ever. Libel is permanent, and the damages awarded are therefore usually larger. Generally speaking, defamatory statements made over radio and television, and via computer are now considered libelous rather than slanderous. You can recover damages for slander or libel without proving actual fi- nancial loss if you are accused of something considered serious. The reason is that, since the good reputation of a professional person is essential to his/her ability to make a living, the law assumes that such accusations will diminish that ability and will therefore damage the individual. This kind of attack slander or libel is called slander or libel per se. Spreading lies about others, especially when the lies affect their ability to make a living or may hurt them in their family or public relationships, constitutes slander if spoken to others and libel if written or transmitted to others. With property rights, torts are generally concerned with the following intentional violations: (negligence comes later) 1. Nuisances 2. Keeping others off your property 3. Misuse of your personal property 4. Interference with your contractual and business relationships 5. Fraud, deceit and misrepresentation For our purposes, we shall examine items 3, 4 and 5 above, i.e., misuse of your personal property, interference with contractual/business rela- tionships, and fraud, etc. MISUSE OF YOUR PERSONAL PROPERTY - You have the right to the unre- stricted and uninterrupted enjoyment of your personal property. The law provides remedies for the intentional interruption of your right or in- terference with it. Interference with your personal property is called the tort of conversion. It can be conduct intended to affect your per- sonal property or conduct that, even though not intentionally wrong, is inconsistent with your right of ownership. Examples of conversion are: 1. Someone intentionally alters the property 2. Someone uses your property in a manner inconsistent with your wishes or requirements In both of these cases, your control of your property has been inter- fered with, and you are entitled to sue for the tort of conversion. INTERFERENCE WITH YOUR CONTRACTUAL AND BUSINESS RELATIONSHIPS - You have a right to freedom from interference by others with the contrac- tual relationships you have entered into. This applies even when, after the contractual or business relationship, admission of errors are ac- knowledged by the offending party. (Remember, contracts occur into com- mon forms: oral and written. NOTE: The law of contracts is beyond the scope of this paper, and will only be referred to as sufficient to re- late to torts as defined herein.) Damages can be punitive if you can convince the court that the defendant specifically set out to interfere with the relationship or set out to ruin your reputation within the confines of your relationship. Proof need only be beyond a reasonable doubt and not necessarily overwhelmingly convincing. Potential disrup- tion also is considered, since business relationships can be both short- and long-term. FRAUD, DECEIT AND MISREPRESENTATION - You have a right to freedom from being improperly induced or persuaded to do something, or not to do something, by someone's trickery. What is involved in this tort is: 1. A conscious or knowing false statement made to you, 2. by someone who knew the statement was false, 3. with the intention that you would rely on it, 4. followed by your actual reliance on it, and 5. your "suffering" as a result. The main thing here is for the person suing to establish that he/she was consciously tricked and that if the correct information had been given, the suing person would not have acted as he/she did. We now move onto the Law of Torts as it applies to the accidental in- terference with your personal or property rights. This is typically classified under the general heading of NEGLIGENCE. Earlier, we were concerned with the intentional interferences with your various rights as a member of society. In each of the torts presented the harm was intended or the result of an intended act. But, there is a large area of the law of torts that is basically different -- the area of civil wrongs or torts that are the result of negligence, or mere carelessness. In our increasingly complex society, wrongs resulting from carelessness are becoming more numerous than intentional torts. In any case, there is a major difference between the two kinds of wrong: to recover from someone's negligent conduct toward you, you must prove actual damages -- you must establish that the person really did injure your person or your property. By contrast with intentional torts, such as trespass, you are entitled to some damages just by proving the tort was commit- ted. Unintentional interference can result either from negligence or from accident. WHAT IS NEGLIGENCE - Legal actionable negligence exists when: 1. You have a legal duty or obligation to conform to a certain standard of conduct to protect others against unreasonable risk; 2. You fail to conform to that standard; 3. Your conduct is so closely related to the resulting injury that it can be said to have caused it -- to have been its proximate cause, and 4. Actual damages results from your conduct. If these four elements are present in a situation in which you are in- volved, you may be sued and you will find it hard to defend yourself. These elements of negligence are reasonably clear. But, you should rec- ognize that the existence of "a legal duty or obligation" to others may depend on the circumstances of the case in which you are being sued. You have a legal duty to others only if the court or a statute says you do. You have no obligation if the court finds none. When a tort suit is tried, the standard of care expected of the defen- dant is defined by the judge (or the jury). The judge (or the jury, if there is one) determines the facts of the case and applies them in light of his/her (or their) definition. In groping around for guidelines as to whether you do or do not have a duty to act a certain way, and in deciding whether your conduct meets the required standard, the courts compare your conduct with the pre- sumed conduct of a reasonable or prudent man. If this imaginary reason- able or prudent man would have acted a certain way, the person who does is liable. You are supposed to do what the prudent man would do, and you are not supposed to do what the prudent man would not do. As A.P. Herbert, the English legal humorist, put it: He is an ideal, a standard, the embodiment of all those qualities which we demand of the good citizen... He is one who invariably looks where he is going, and is careful to examine the immediate foreground before he executes a leap or a bound...who never swears, gambles or loses his temper; who uses nothing except in moderation....In all that mass of authorities which bears upon this branch of the law there is no single mention of a reasonable woman. A key element in a successful negligence suit is the connection between what was done and the injury that supposedly resulted from the act. The person suing must prove that the defendant caused injury to his/her person or property. Some courts in trying to decide whether an act was the proximate cause of subsequent damage have applied what is called the "foreseeability test." They hold that the negligence is not the proximate cause unless the consequence was one that, in the light of all circumstances, our reasonably prudent man could have foreseen as a probably result of his actions or his failure to act. (NOTE: There is modification to the prudent man rule when professionals or experts in given fields are involved. Here, the court views the facts in light of the nature of the knowledge of the expert. For ex- ample, a computer programmer is not viewed the same way as a casual computer user. Actions attributable to an expert are viewed in terms of how the typical expert in that field would have acted or would not have acted. If a casual computer user unintentionally damaged your computer system, it would not be given the same consideration as if an "expert" did the same thing. Remember, we are dealing with reasonableness, and expertise or skills above the "ordinary person" can weigh heavily in determining the final outcome of a tort-based lawsuit. Other circumstances can apply, particularly if a business transaction occurs and/or a contract is in force.) YOUR DUTY TO OTHERS WHO COME ONTO YOUR PROPERTY - If you own property (any kind of property, not just real estate, e.g., computer bulletin board systems), you have definite responsibilities to persons coming onto that property legally or otherwise. Even to a trespasser, someone entering your property illegally, you have an obligation to give warn- ing of any genuinely dangerous (or injurious/harmful) condition known only to you. If you hobby is a computer bulletin board, you'd be wise to post a warning sign (or disclaimer) so that casual trespassers real- ize that there may be a danger in wandering around your property. (NOTE: You must be able to prove that the warning was in fact in such a place, state or condition that it could not have been bypassed or mis- interpreted. A warning (or disclaimer) that people cannot easily view or is not reasonably obvious is no warning at all. For example, a typical news item that can be bypassed on a bulletin board log-on is not considered a reasonable posting of a warning because it can be by- passed -- is not necessarily obvious to all.) You owe a stricter responsibility to trespassing children (minors) be- cause they are children and unlikely to realize or care about the fine points of the law of trespass. To protect young trespassers and to com- pensate them for injuries they may suffer in behaving like children, the courts have thrown over them a mantle called the attractive nui- sance doctrine. This doctrine requires the property owner who maintains on his property anything attractive to young children, and dangerous to them because of their immaturity and unawareness of possible risks, to exercise reasonable care in protecting them against the dangers of the attraction. (Think about this should you be carrying pornographic material on your bulletin board, or other such attractions that children can be harmed from. Computer games may become a potential source of difficulty given the current lawsuit against the manufacturers and distributors of Dun- geons & Dragons -- the "game" being blamed as a teenager's cause for committing a crime. As "ludicrous" as it may sound, the case is going to court.) There is a group of people called licensees who may come onto your property with your implied permission. They are different from tres- passers who have no permission, and you have a somewhat stronger obli- gation to protect them. You have a duty to warn them of dangerous or hazardous or harmful conditions they may not anticipate or easily see. (The law regarding your obligation to casual guests in your computer system is specialized and evolving.) Invitees are the people coming onto your property to whom you owe the maximum duty of protection, not only against risks you actually do know about, but also against dangers that you should know about if you exer- cised reasonable care. Invitees are persons who enter your property upon your business and upon your express or implied invitation. As in most tort cases, the court and the jury will carefully consider the facts in each situation before coming to a decision about whether or not the defendant was negligent. One rule commonly applied is that the standard of care required of the property owner is greater to the degree that the presence of people on his property is helpful or prof- itable to the property owner. In other words, a bulletin board sysop, who gains a benefit from your visiting his/her system, has a greater duty to you than does a friend who invites you to his/her home as a so- cial guest. (Note: the benefit need NOT be monetary.). The application of general rules is up to the court. The liability to trespassers, invitees and licensees is the owner's or that of the person in legal possession. (For example, if you lend your computer system to someone, and harm is done, the liability belongs to the person in legal posses- sion, which may or may not be your's., depending on the nature of the possession and of the restrictions thereof.) Torts frequently occur under circumstances in which, although it is im- possible to prove negligence on anyone's part, what happens is so ex- traordinary that negligence is presumed. As the courts say, the thing speaks for itself: res ipsa loquitur. The doctrine of res ipsa loquitur may also be invoked where damage is caused by the breakdown of a device that is under the complete owner- ship and control of the defendant. THE IMPORTANCE OF LIABILITY - Underlying all of this is your right to recover for injuries you suffer from interference with your right to be free from a variety of wrongs, some well established and others just becoming established. If you feel that you have been wronged, you should carefully consider still another factor that will influence your decision whether or not to sue. This is the question, which only your lawyer should decide, of whether there is any liability on the part of the person who has wronged you. He will be liable, and your legal action against him will succeed, only if he/she has actually violated a legal duty which is owed to you as an individual. Forgetting momentarily the question of your responsibility for what happened, you can recover only where what was done or failed to be done violated the course of conduct that the reasonably prudent man would have done. If the conduct of the person you want to sue has not, judged by the presumed conduct of the reasonably prudent man, violated a duty to you, the chances are you have no action. Liability is essential: you can win your suit only if the person you are suing acted or failed to act in such a way as to make the person liable. Liability results from conduct that violates or interfers with one of your rights that the law recog- nizes. If there is no such conduct there is no liability, no matteer how aggrieved you may feel. However, remember that the "prudent man" standard can also vary. Pro- fessionals, i.e., doctors, lawyers, computer specialists, and the like, are not your "ordinary" layperson. As such, the standards that govern their conduct are viewed as a prudent practioner within the area of speciality. These standards are gauged at a higher level than the ordi- nary citizen's. RIGHTING THE WRONG - Let's say that your lawyer has decided that, on the basis of the facts you have given, the person who has wronged you had a duty not to do so and that a court can therefore find the person liable for violation of that duty. The question of which remedy you should seek becomes all-important. Underlying the answer to this ques- tion is the subject of damages. Also, keep in mind that many inten- tional torts are or can be crimes. Someone, for example, breaks into your computer system and destroys all of the information you had stored there. It would take you weeks, if not months, if at all, to be able to restore that information. However, in the process you are severely compromised for work that you were per- forming for someone for a fee. What is the "cost" of the damage? You need to decide whether what you've lost is worth the expense of suing. Also, is the person you are suing "judgment-proof?" That is, is the person being sued broke or without assets? Sure you can sue, but if you can't recover anything, you've gained nothing. You've lost the expense of the legal action. You may, therefore, decide to sue on principle. Provided you have the funds to take legal action, and do not care very much about recovering money damages, you may continue your efforts. In this example, some states would view the action as a crime. If so, "punishment" may no longer be simply "monetary" in nature. You are not limited to asking for money damages when you have been de- prived of your property. You may try to get back the property itself, or a reasonable facsimile. Let's say that someone causes damage to your equipment. You may sue to get back equipment of equal value. There are certain other torts for which money damages are not the re- lief you want. If you are bothered by the neighbor who persists in walking across your property despite all your requests that he stop, money damages don't help you much. What you want in such a case is a court order that he stop. Such an order is called an "injunction." Now, let's apply all of this to the BBS environment. ABBS wishes to thank Frank Levine, Attorney at Law and Co-Sysop at ABBS, for the following. We are uncertain as to its origin, but know that it has come from another bulletin board system. This and our paper on the Law of Torts, represent our efforts to provide information to fellow Sysops/BBS operators in hopes to enlighten and contribute toward the growth and success of the services we all provide and the communities we all serve. James J. Spinelli Sysop, ABBS (914) 779-4273 ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986 H.R. 4952 Some of its provisions are important to BBS sysops and users. The following is an excerpt from the House Report (Report 99-647). CHAPTER 121--STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTION RECORDS ACCESS Section 2701. Unlawful access to stored communicatons (a) Offense.--Except as provided in subsection 9c) of this section whoever-- (1) intentionally accesses without authorization a facility through which an electronic communiction service is provided; or (2) intentionally exceeds an authorization to ac- cess that faciliy and thereby obtains, alters, or prevents authoroized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section. (b) Punishment.-- The punishment for an offense under sub section (a) of this section is-- (1) if the offense is committed for purposes of commercial advantage, malicious destruction or damages, or private commercial gain-- (A) a fine of not more than $250,000 or imprisonment for not more than one year, or both, in the case of a first offense under this subparagraph; and (B) a fine under this title or imprison- ment for not more than two years or both for an subsequent offense under this subparagraph; and (2) a fine of not more than $5,000 or imprisonment for not more than six months, or both in any other case. Section 2702. Disclosure of Contents (a) Prohibitions.--Except as provided in subsection (b)-- (1) a person or entitle providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communicaton while in electronic storge by that service; and (2) a person or entity providing remote computing service to the public shall not knowingly di- vulge to any person or entity the contents of any communication which is carried or main- tained on that service-- (A) on behalf of, and received by means of electronic tranmission from (or created by means of computer processing of communications received by means of electronic trasnmission from), a subscriber or customer of such service; and (B) solely for the purpose of providing storage or computer processing ser- vices to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of pro- viding any services other than storage or computer processing. (b) Exceptions.--A person or entity may divulge the con- tents of a communication --- (1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient; (2) as otherwise authorized in section 2516, 2511(2)(a) or 2703 of this title; (3) with the lawful consent of the originator or an addresee or intended recipient of such communication, or the subscriber in the case of remote computing service; (4) to a person employed or authorized or whose fa- cilities are suited to forward such communication to its destination; (5) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that ser- vice; or (6)to a law enforcement agency, if such contents-- (A) were inadvertently obtained by ser- vice provider; and (B) appear to pertain to the commission of a crime. REPORT LANGUAGE Proposed section 2701 provides a new criminal offense. The offense consists of either: (1) intentionally accessing, without authorization, a facility through which an electronic communication service is provided or (2) intentionally exceeding the authorization of such facility. In addition, the offense requires that the offender must, as a result of such conduct, obtain, alter, or prevent unauthorized access to a wire or electronic communication while it is in electronic storage in such a system. The term electronic storage is defined in section 2510(17) of Title 18. Electronic storage means any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof and the storage of such communication by an electronic communications service for the purpose of back-up protection of such communciation. Section 2701(a) makes it an offense intentionally to access without authorization, or to exceed an authorization to ac- cess, an electronic communciation service and thereby obtain, or prevent authorized access to a wire or electronic communication while it is in electronic storage in such sys- tem. This provision addresses the growing problem of unautho- rized persons deliberately gaining access to, and sometimes tampering with, electronic or wire communication that are not intended to be available to the public. The Committee recognizes however that some electronic com- munication services offer specific features, sometimes known as computer "electronic bulletin boards," through which interested person may communicate openly with the public to exchange computer programs in the public domain and other types of information that may be distributed without legal constraint. It is not the intent to hinder the development or use of "electronic bulletin boards" or other comparable services. The Committee believes that where communciations are readily accessible to the general public, the sender has, for purposes of Section 2701(a), extended an "authorization" to the public to access those communications. A person may reasonably conclude that a communication is readily acces- sible to the general public if the telephone number of the system and other means of acceses are widely known, and if a person does not, in the course of gaining access, encounter any warnings, encryptions, password requests or other indicia of intended privacy. To access a communication on such a system should not be a violation of the law. Some communcation systems offer a mixture of services, some, such as bulletin boards, which may be readily accessible to the general public, while others--such as electronic mail--may be intended to be confidential. Such a system typically has two or more distinct levels of security. A user may be able to access electronic bulletin boards and the like merely with a password he assigns to himself, while access to such features as electronic mail ordinarily entails a higher level of security (i.e., the mail must be addressed to the user to be accessible specifically). Section 2701 would apply differently to the different services. These wire or electronic communications which the service provider attempts to keep confidential would be protected, while the statute would impose no liability for access to feature configured to be readily acessible to the general public. Section 2702 specifes that a person or entity providing wire or electronic communication service to the public may divulge the contents of a communication while in electronic storage by that service with the lawful consent of the originator or any addressee or intended addressee or intended recipient of such communicaiton. The commmittee emphasizes that "lawful consent" in this context, need not take the form of a formal written document of consent. A grant of consent electronically would protect the service provider from liability for disclosure under section 2702. Under various circumstances, consent might be inferred to have arisen from a course of dealing between the service provider and the customer or subscriber--e.g. where a history of transactions between the parties offers a basis for a resonable understanding that a consent to disclosure attaches to a particular class of communications. Consent may also flow from a user having had a reasonable basis for knowing that disclosure or use may be made with respect to a communications, and having taken action that evidences acquiescence to such disclosure or use--e.g., continued use of such an electronic communication system. Another type of implied consent might be inferred from the very nature of the electronic transaction. For example, a subscriber who places a communication on a computer "electronic bulletin board," with a reasonble basis for knowing that such communications are freely made available to the public, should be considered to have given consent to the disclosure or use of the communication. If conditions governing disclosure or use are spelled out in the rules of an electronic communication service, and those rules are available to users or in contracts for the provison of such services, it would be appropriate to imply consent on the part of a user to disclosures or uses consistent with those rules. Section 2702(a) specifies that a person or entity providing a wire or electronic communciation service or remote computer services to the public shall not knowingly divulge the contents of any communication while in electronic storage by that service to any person or entity other than the addressee or intended recipient of such communication or an agent of such addressee or intended recipient of the communications. Under some circumstances, however, a customer or subscriber to a wire or electronic communication service may place a communication on the service without specifying an addressee. The Committee intends, in that situation, that the communica- tion at a minimum be deemed addressed to the service provider for purposes of Section 2702(b). Because an addressee may consent to the disclosure of a communication to any other person, a service provider or system operator, as implied addressee, may disclose the contents of an unaddressed communcation. A person may be an "intended recipient" of a communciaiton, for purpose of section 2702, even if he is not individually identified by name or otherwise. A communicaiton may be addressed to the members of a group, for example. In the case of an electronic bulletin board, for instance, a communication might be directed to all members of a previously formed "special interest group" or, alternatively, to all members of the public who are interested in a particular topic of disucssion. In such an instance, the service provider would not be liable for disclosure to any person who might reasonably be considered to fall in the class of intended recipients. COMMENTS The entire document has to be read and studied to draw final conclusions on a number of important issues. However, the following observations can be made: 1. SYSOPS are to be considered providers of an electronic communications service. In other words, whenever a BBS goes up, it becomes an electronic communication service subject to the requirements of the law. 2. Users of the BBS are protected and may have grounds to take action against or ask that criminal charges be brought if their communictions are improperly disclosed. 3. SYSOPs do have added protection against hackers, and federal law enforcement is available. 4. Any "general" messages addressed to all members of the board, provided the board is open to the general public, may be disclosed and are not protected. 5. However: a. It is unclear whether a sysop may legally read pri- vate mail on his board addrssed to another user, un- less sysop discloses in a warning message that he/she may read such messages. b. Conferences that are not generally open to the pub- lic may create an expectation of privacy and there will be limited rights to disclose information. c. Major changes in security procedures may require user consent, or their messages may have to be re- moved. 6. It would be prudent to have a major disclaimer in the in- troduction of each BBS session, stating that there is no ex- pectation of privacy and that anything left on the board may be read or disclosed by the sysop. Next, we present the "LEGAL" view. We wish to thank our friend, Ruel Hernandez, for the information in this section of our report. COMPUTER_ELECTRONIC_MAIL_AND_PRIVACY INTRODUCTION Four years ago, Congress introduced legislation which sought to provide federal statutory guidelines for the privacy protection of electronic communications, including electronic mail (e-mail) found on commercial computer-based services and on other remote computer systems such as electronic bulletin board systems (BBS). The old federal wiretap law only gave protection to normal audio telephone communications. Before the legislation culminated into the Electronic Communications Privacy Act of 1986 (ECPA), which went into effect on January 20, 1987, there was no contemplation of computer-based electronic communications being transmitted across telephone lines and then being stored on disk for later retrieval by or forwarding to its intended recipient. Federal law did not provide guidelines for protecting the transmitted electronic messages once they were stored on these computer-based communications services and systems. QUESTIONS (1) Whether electronic mail and other intended private material stored on an electronic computer communications service or system have Fourth Amendment privacy protection? (2) Should private electronic mail and other such material be accorded federal statutory protection guidelines such as those enjoyed by the U.S. Mail? PROBLEM Law enforcement seeks criminal evidence stored as e-mail either on a commercial computer service, such as CompuServe, GEnie or The Source, or on a hobbyist-supported BBS. (Note, this situation is equally applicable to personal, private data stored on a remote system for later retrieval, such as with CompuServe's "personal file" online storage capabilities.) For example, a computer user calls up a computer communication system. Using the electronic mail function, he leaves a private message that can only be read by an intended recipient. The message is to inform the recipient of a conspiracy plan to violate a federal or state criminal statute. Law enforcement gets a tip about the criminal activity and learn that incriminating evidence may be found on the computer system. In 1982, such a situation occurred. (Meeks, Life_at_300_Baud:_Crime_on the_BBS_Network, Profiles, Aug. 1986, 12-13.) A Detroit federal grand jury, investigating a million-dollar cocaine ring, issued a subpoena ordering a commercial service, The Source, to hand over private subscriber data files. The files were routinely backed up to guard against system crashes. The grand jury was looking for evidence to show that the cocaine ring was using The Source as a communications base to send messages to members of the ring. With such evidence, the grand jury could implicate and indict those suspected of being part of the cocaine ring. The Source refused to obey the subpoena on the basis of privacy. The prosecution argued The Source could not vicariously assert a subscriber's privacy rights. Constitutional rights are personal and could only be asserted by the person whose rights are invaded. Additionally, since the files containing messages were duplicated by the service, any user expectation of privacy would be extinguished. A court battle ensued. However, before a ruling could be made, the kingpin of the cocaine ring entered a surprise preemptive guilty plea to federal drug trafficking charges. The case against The Source was discontinued. Publicly posted messages and other public material may be easily retrieved by law enforcement. It is the private material, such as e-mail, which posed the problem. Law enforcement's task was then to gather enough evidence to substantiate a criminal case. Specifically, they would want the e-mail, or other private files, transmitted by suspected criminals. In oppostion, the provider or systems operator of a computer communications service or system, in his assumed role as keeper of transmitted private electronic messages, would not want to turn over the private data. INADEQUACY OF OLD LAW Meeks noted that as of August, 1986, "no ... protection exist[ed] for electronic communications. Any law enforcement agency can, for example, confiscate a local BBS and examine all the message traffic," including all private files and e-mail. (Id.) CASE LAW There is little case law available on computer communications and Fourth Amendment constitutional problems. (See_generally M.D. Scott, Computer Law, 9-9 (1984 & Special Update, Aug. 1, 1984).) If not for the preemptive guilty plea, the above described Detroit case may have provided some guidance on computer-based communications and privacy issues. Of the available cases, there are those which primarily dealt with financial information found in bank and consumer credit organization computers. In U.S._v._Davey, 426 F.2d 842, 845 (2 Cir. 1970), the government had the right to require the production of relevant information wherever it may be lodged and regardless of the form in which it is kept and the manner in which it may be retrieved, so long as it pays the reasonable costs of retrieval. In a California case, Burrows_v._Superior_Court, 13 Cal. 3d 238, 243, 118 Cal. Rptr. 166, 169 (1974), a depositor was found to have a reasonable expectation that a bank would maintain the confidentiality of both his papers in check form originating from the depositor and the depositor's bank statements and records of those checks. However, in U.S._v. Miller, 425 U.S. 435, 96 S.Ct. 1619 (1976), customer account records on a bank's computer were held to not be private papers of the bank customer, and, hence, there was no Fourth Amendment problem when they are subpoenaed directly from the bank. Although these cases have more of a business character in contrast to personal e-mail found on computer systems such as CompuServe or a hobbyist- supported BBS, they would hold that there would be very little to legally stop unauthorized access to computer data and information. Under the old law, a prosecutor, as in the Detroit case, may try to analogize duplicated and backed up e-mail to business situations where data on business computer databases are also backed up. Both types of computer data are stored on a system and then later retrieved. The provider or systems operator of a computer electronic communications system would counterargue that the nature of computers always require the duplication and backup of any computer data, whether the data files be e-mail or centrally- based financial or credit data. Data stored on magnetic media are prone to possible destruction. Duplication does not necessarily make e-mail the same as financial or credit data stored in business computers. Centrally-based business information is more concerned with the data processing. That information is generally stored and retrieved by the same operator. E-mail is more concerned with personal communications between individuals where the sender transmits a private message to be retrieved only by an intended recipient. The sender and the recipient have subjective expectations of privacy that when viewed objectively are reasonable. Therefore, there would be a constitutionally protected expectation of privacy under Katz_v._U.S., 389 U.S. 347, 88 S.Ct. 507 (1967). However, the prosecution would note under California_v._Ciraolo, -- U.S. --, 106 S.Ct. 1809 (1984), users would have to protect their electronic mail from any privacy intrusion. The provider or operator of the service or system has ultimate control over it. He has complete access to all areas of the system. He could easily examine the material. The prosecution would note the user could not reasonably protect his private data from provider or operator invasion. This "knot-hole," where an observer can make an observation from a lawful position, would exclude any reasonable expectation of privacy. If there is no privacy, there can be no search and therefore no Fourth Amendment constitutional violation. Law enforcement can retrieve the material. The Justice Department noted the ambiguity of the knothole in a response to Senator Leahy's question whether the then existing wiretap law was adequate to cover computer communications. (S. Rep. No. 541, 99th Cong., 2d Sess. 4 reprinted_in 1986 U.S. Code Cong. & Ad. News 3558.) It was "not always clear or obvious" whether a reasonable expectation of privacy existed. (Id.) FEDERAL WIRETAP STATUTES The old federal wiretap statutes protected oral telephone communications from police interceptions. This protection was made during 1968 in response to electronic eavesdropping conducted by government. (Cohodas, Congress_Races_to_stay_Ahead_of_Technology, Congressional Quarterly Weekly Report, May 31, 1986, 1235.) Although e-mail appears to come under the old 18 U.S.C. sec. 2510(1) definition of "wire communication," it was limited to audio transmissions by wire or cable. The old 18 U.S.C. sec. 2510(4) required that an interception of a wire communication be an oral acquisition of the communication. By being "oral," the communication must be "heard." There would be a problem as to whether an electronic communication could be "heard." Data transmissions over telephone lines generally sound like unintelligible noisy static or high pitched tones. There would certainly be no protection after a communication has completed its transmission and been stored on a computer. The communication's conversion into computer stored data, thus no longer in transmission until later retrieved or forwarded as transmission to another computer system, would clearly take the communication out of the old statutory protected coverage. "Eighteen years ago ... Congress could not appreciate - or in some cases even contemplate - [today's] telecommunications and computer technology...." (132 Cong. Rec. S7992 (daily ed. June 19, 1986) (statement of Sen. Leahy).) COMPARISON WITH U.S. MAIL PROTECTION A letter sent by first class mail is given a high level of protection against unauthorized intrusion by a combination of federal and U.S. Postal Service statutes and regulations. For instance, the unauthorized taking out of and examining of the contents of mail held in a "depository for mail matter" before it is delivered to the mail's intended recipient is punishable by fine, imprisonment, or both. (18 U.S.C. sec. 1702.) In comparison, under the old law, electronic communications had no protection. Federal protection for U.S. Mail provided a suggested direction as to how electronic communications should be protected when it was no longer in transmission. SOLUTION - THE NEW LAW There are two methods towards a solution: (1) court decisions; or (2) new legislated privacy protection. COURT DECISIONS Courts may have chosen to read computer communications protection into the old federal wiretap statute or into existing state law. However, they were reluctant to do so. Courts "are in no hurry to [revise or make new law in this area] and some judges are openly asking Congress for help.... [F]ederal Appeals Court Judge Richard Posner in Chicago said Congress needed to revise current law, adding that 'judges are not authorized to amend statutes even to bring them up-to-date.'" (Cohodas, 1233.) NEW STATUTE On October 21, 1986, President Reagan signed the new Electronic Communications Privacy Act of 1986 amending the federal wiretap law. ECPA went into effect during the beginning of 1987. (P.L. 99-508, Title I, sec. 111, 100 Stat. 1859; P.L. 99-508, Title II, sec. 202, 100 Stat. 1868.) ECPA created parallel privacy protection against both interception of electronic communications while in transmission and unauthorized access to electronic communications stored on a system. The new ECPA first provides privacy protection for any 'electronic communication' ... [by] any transfer of signs, signals, writing, images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce...." (18 U.S.C. secs. 2510(12), 2511.) The Senate Report noted examples of electronic communications to include non-voice communications such as "electronic mail, digitized transmissions, and video teleconferences." (S. Rep. No. 541, 99th Cong., 2d Sess. 14 reprinted_in 1986 U.S. Code Cong. & Ad. News 3568.) Electronic communication is defined in terms of how it is transmitted. So long as the means by which a communication is transmitted affects interstate or foreign commerce, the communication is covered ECPA. (18 U.S.C. sec. 2510(12).) Generally, that would include all telephonic means including private networks and intra-company communications. (S. Rep. No. 541, 99th Cong., 2d Sess. 12 reprinted_in 1986 U.S. Code Cong. & Ad. News 3566.) Second, ECPA protects the electronic communication when it has been stored after transmission, such as e-mail left on an electronic computer communication system for later pickup by its intended recipient. (18 U.S.C. sec. 2510(17).) The legislation makes it a federal criminal offense to break into any electronic system holding private communications or to exceed authorized access to alter or obtain the stored communications. (18 U.S.C. sec. 2701(a).) The legislation would protect electronic computer communication systems from law enforcement invasion of user e-mail without a court order. (18 U.S.C. secs. 2517, 2518, 2703.) Although the burden of preventing disclosure of the e-mail is placed on the subscriber or user of the system, the government must give him fourteen days notice to allow him to file a motion to quash a subpoena or to vacate a court order seeking disclosure of his computer material. (18 U.S.C. sec. 2704(b).) However, the government may give delayed notice where there are exigent circumstances as listed by the Act (18 U.S.C. sec. 2705.) Recognizing the easy user destruction of computer data, ECPA allows the government to include in its subpoena or court order the requirement that the provider or operator retain a backup copy of electronic communications when there is risk of user destruction. (18 U.S.C. sec. 2704(a).) The legislation gives a civil cause of action to the provider or operator, subscriber, customer or user of the system aggrieved by an invasion of an electronic communication in the system in violation of the ECPA. (18 U.S.C. secs. 2520, 2707.) If the provider or operator has to disclose information stored on his system due to a court order, warrant, subpoena, or certification under ECPA, no cause of action can be brought against him by the person aggrieved by such disclosure. (18 U.S.C. sec. 2703(e); see_also 18 U.S.C. secs. 2701(c), 2702(b), 2511(2)(a)(i), 2511(3)(b)(iii) where the systems operator or provider is not held criminally liable, may observe a private communication while performing employment duties or according to authorization, etc., may intercept private communication while making quality control checks or during the course of forwarding communications to another system.) SYSTEMS COVERED Clearly, the national commercial services in the United States, including CompuServe, MCI Mail or a company using a contracted e-mail service, such as GE QUIK-COM (See S. Rep. No. 99-541, 99th Cong., 2d Sess. 8 reprinted_in 1986 U.S. Code Cong. & Ad. News 3562) are covered by ECPA. However, there may be some confusion as to whether ECPA would protect electronic communications found on a mere user-supported BBS. For instance, language in ECPA does not expressly state the term "bulletin board." Nonetheless, ECPA would indeed cover electronic bulletin boards. What are electronic bulletin boards? Generally, they are personal computers provided for and maintained by computer users out of their own personal resources. These systems traditionally allow free access to computer/modem-equipped members of local communities and provide for both public and private electronic mail exchange. Some sophisticated systems, such as the ProLine system written for Apple II computers, provide callers with personal user areas where they may keep private files much like the CompuServe personal file areas. Augmenting the single stand-alone BBS, there are networks of bulletin boards linked together, often with the assistance of university mainframes, with other bulletin boards or mainframe computers by sophisticated "mail routing" systems (such as ARPAnet and FIDOnet). These networks use sophisticated message addressing instructions and computer automation where networked computers make calls to other networked computers to exchange "net-news" or private mail between users of the different bulletin boards. Given the proper address routing instructions, a user may communicate with another user on a cross-town BBS or on a BBS in another part of the country. Although there is some delay with messages being routed through a network, these networks help to reduce or eliminate the computer user's need to make direct toll or long distance calls to faraway systems. (Note, there are also network exchange systems and "gateways" between commercial services.) Businesses have been turning to the use of BBS's and BBS mailing networks for increased productivity, paperwork reduction, improved client contact and the elimination of "telephone tag." (See Keaveney, Custom-Built_Bulletin_Boards, Personal Computing, Aug. 1987, 91.) A number of these corporate BBS's are open to the public with restricted access to business and client system areas. Examples of such systems include (a) two Washington D.C. area boards run by Gannet Company Inc. ("[f]or all Gannet/USA Today employees and other computer users"), Issue Dynamics Inc. (catering to the consulting company's clients), and (b) A Westchester County (NY) area board run by VITRON Management Consulting, Inc. (catering to the general business community). ECPA language would show protection for bulletin boards. 18 U.S.C. sec. 2510(15) provides that "'electronic communication service' means any service which provides to users thereof the ability to send or receive wire or electronic communications". A "remote computing service" was defined in the Act as an electronic communications system that provides computer storage or processing services to the public. (18 U.S.C. sec. 2710(2).) Intra-company communications systems, corporate BBSes, would also be protected. (S. Rep. No. 541, 99th Cong., 2d Sess. 12 reprinted_in 1986 U.S. Code Cong. & Ad. News 3566.) Language in ECPA refers to "the person or entity providing the wire or electronic communication service," such as in 18 U.S. secs. 2701(c)(1) and 2702(a)(1). Such language would indicate the inclusion of individuals and businesses who operate bulletin board systems. The Senate report, in addition to defining "electronic mail," gave a separate definition of "electronic bulletin boards": Electronic "bulletin boards" are communications networks created by computer users for the transfer of information among computers. These may take the form of proprietary systems or they may be commercial, or noncommercial systems operating among computer users sharing special interests. These systems may [or may not] involve fees covering operating costs and may require special "passwords" which restrict entry to the system. These bulletin boards may be public or semi-public in nature, depending on the degree of privacy sought by users, operators or organizers of such systems. (S. Rep. No. 541, 99th Cong., 2d Sess. 8-9 reprinted_in 1986 U.S. Code Cong. & Ad. News 3562-3563.) ECPA, as enacted, takes note of the different levels of security found on user-supported BBS's, i.e. the difference between configured system areas containing private electronic mail and other areas configured to contain public material. (18 U.S.C. sec. 2511(2)(g)(i).) The electronic communications which a user seeks to keep private, through methods provided by the system, would be protected by ECPA. In contrast, there would be no liability for access to features configured by the system to be readily accessible by the general public. An indicia of privacy on the system, with no notice to show otherwise, would trigger ECPA coverage. An indicia of privacy may include passwords and prompts asking if a message is to be kept private. House Representative Kastenmeier noted that there was an unusual coalition of groups, businesses and organizations interested in ECPA. (Kastenmeier, Communications_Privacy, Communications Lawyer, Winter 1987, 1, 24.) Among those interested included the BBS community. Reporters in the BBS community noted how Senator Leahy and others were receptive to their concerns. They report Leahy to have been "soliciting [users and BBS operators'] comments and encourag[ing] sensitivity to the needs of BBS's in the legislation.... [Senators and congressional members] are ... willing to listen to our side of things." (BBSLAW02.MSG, dated 07/24/85, information from Chip Berlet, Secretary, National Lawyers Guild Civil Liberties Committee, transmitted by Paul Bernstein, SYSOP, LAW MUG, Chicago, Illinois regarding Federal Legislation Affecting Computer Bulletin Boards, deposited on The Legacy Network in Los Angeles, California.) ESCAPING COVERAGE There are at least two possible ways to escape ECPA coverage. The first is to provide adequate notice that all material on a service or system may be publicly accessible even though methods of providing privacy remain. The bulletin board system maintained by DePaul University College of Law Chicago, Illinois, provides an example of an electronic notice (displayed upon user access): PURSUANT TO THE ELECTRONIC AND COMMUNICATIONS PRIVACY ACT OF 1986, 18 USC 2510 et. seq., NOTICE IS HEREBY GIVEN THAT THERE ARE NO FACILITIES PROVIDED BY THIS SYSTEM FOR SENDING OR RECEIVING PRIVATE OR CONFIDENTIAL ELECTRONIC COMMUNICATIONS. ALL MESSAGES SHALL BE DEEMED TO BE READILY ACCESSIBLE TO THE GENERAL PUBLIC. Do NOT use this system for any communication for which the sender intends only the sender and the intended recipient or recipients to read. Note, although the DePaul notice states otherwise, user-operated message privacy toggles remain on the board. The second possible method to escape ECPA coverage would be to merely not provide any means of privacy. One way of foiling the intent of a government subpoena or court order requirement to keep duplicate copies of private electronic communications would be the use of passworded private e-mail. For instance, the private e-mail capabilities of GEnie Mail and GE QUIK-COM include user-toggled passwording which utilizes an encryption technique that no one, not even the provider, knows how to decipher. Bill Louden, General Manager of GEnie (General Electric Network for Information Exchange), noted how GEnie Mail and GE QUIK-COM passworded e-mail cannot be read by anyone who did not know the password. "[N]ot even our 'god' number could ever read the [passworded] mail." (Message from Bill Louden, GEnie, Legacy RoundTable (LAW), category 1, topic 7, message 6 (May 15, 1987).) The writer of the encryption software has since left General Electric and no one has had success in breaking the code. (Message from Bill Louden, GEnie, Legacy RoundTable (LAW), category 1, topic 7, message 10 (May 17, 1987).) CONCLUSION With ECPA, e-mail and other private electronic communications stored on computer communication systems have privacy protection. Unfortunately, before ECPA, federal statutory guidelines for such protection were not articulated. Case law also did not provide any helpful guidance. The peculiarities of computers and computer storage were not addressed by the old wiretap laws. Electronic communications privacy could not stand up against constitutional privacy law as defined by the United States Supreme Court. The then existing law was "hopelessly out of date." (S. Rep. No. 541, 99th Cong., 2d Sess. 2 reprinted_in 1986 U.S. Code Cong. & Ad. News 3556 (statement of Sen. Leahy).) Fortunately, a legislative solution to bring privacy law up to date with the advancing computer communication and information technology was provided for in ECPA. OBSERVATIONS One should note that ECPA was designed as a statutory solution to fill a loop-hole in federal constitutional law where computer-communication messages (e.g., email) are not protected. Under traditional Fourth Amendment Search and Seizure law, email and similar computer-communication material are not considered to have any constitutional privacy protection against government intrusion. ECPA provides statutory privacy protection where there is no constitutional protection. Generally, a BBS may fall under the coverage of ECPA if there is some indicia of privacy found on the BBS. There are various degrees of privacy found on a BBS ranging from the opening login password to the sending of a private message via UUCP. Under ECPA, a sysop or online service employee may not be found civilly liable for intercepting (i.e., reading/viewing) private information or private messages between users who call in to a BBS so long as he is performing "quality control checks" or other similar duties. This may include passive maintenance activity and intermail or echomail forwarding. ECPA thus provides some protection for a sysop from civil liability if his system is found to fall under ECPA coverage. To escape coverage from ECPA, a BBS sysop may place a disclaimer at the "front door" or throughout his system (such as an automatic notice whenever if the caller wishes to send private email) giving the caller adequate notice that the system has no privacy privileges. (Note: what I mean by privileges, in the legal sense, is much broader than mere privacy toggle commands found on a BBS.) Giving such notice would work to negate any indicia of privacy that may be found on the system. For instance, the sysop may say that he has access to all private email, he will read all private email, and he will disclose all improper or criminal information left on his system to the appropriate authorities even if there are privacy toggle commands found on the system -- and suggest the caller try another system if he/she wishes to send secure private messages. The sysop may then stand a better chance of not being found liable under ECPA. The DePaul University College of Law BBS Disclaimer: ---------------------------------------------------- This type of disclaimer, dealing with communications, should not be found to be applicable to private login passwords -- in other words, passwords should maintain their privileged private status. (Note, some attorney may try to argue that passwords are messages and therefore are excluded from ECPA by the disclaimer and may be disclosed.) Note, ECPA is primarily first a statutory solution to providing statutory protection against government intrusion into private computer communications in order to be more in tune with traditional Fourth Amendment Search and Seizure law. Generally, in order for police or other government authorities to intrude into private computer communications, a court order, subpeona, or warrant must be obtained. A sysop may be ordered to provide copies of particular information -- the warrant should particularly describe what is sought, such as the author of the message, subject matter, etc. The author of the private information may also be given 14 days notice of the search unless there are exigent circumstances, e.g., the author has the ability to destroy the information. Note, although there may be the possibility that a sysop may be held in contempt of court for not providing copies, this does not necessarily mean the sysop has the affirmative duty to make and keep copies of all information kept on his system if it is not reasonable for him to do so, e.g., the system program does not keep backups, old messages are automatically destroyed after a certain period of time such as on an HBBS system, etc. -- he may only have to provide copies when ordered to do so and if reasonable (my interpretation). Although a sysop may not be found liable under the federal ECPA statute, there may be alternative liability found under state law. Generally, at the state level, there is either state statutory or common law protection against INVASION OF PRIVACY. In particular, this would include (1) public disclosure of private facts and (2) intrusion upon seclusion. A possible situation would include not only public disclosure of private email, but also public discussion or private system passwords. A good attorney may be able to make good arguments to find liability under either one of the two tort law causes of action -- particularly when a sysop holds himself or herself out as a provider of private or semi-private information exchange. Note, under either the federal ECPA or state invasion of privacy laws, a sysop or caller to a system may be able to sue users who break into the closed or private areas of the system. Of course, evidence would have to be obtained to prove causation and liability and evidence is a completely different issue problem.... Finally, there are several issues that are currently being reviewed for possible statute inclusion. Such issues involve, but are not limited to: 1. The dissemination and distribution of elements contributing to the delinquency or corruption of minors: - pornography - advocacy of games of chance (gambling) 2. The maintenance of the integrity of electronically stored data and information within communication systems, including electronic bulletin boards. These issues are the subject of a subsequent paper. In addition, they are topics that represent areas of discussion within the potential PCBRelay Legal conference. We at VITRON (and ABBS) would greatly appreciate your feedback and input regarding this paper. If you have any questions, comments, observations or suggestions, please leave us a message. Your nessage will receive as prompt a reply as is feasible (usually within 24 to 48 hours).