Subscribe with Bloglines The Privacy Lawyer: 07/01/2004 - 08/01/2004

Saturday, July 31, 2004

Kroll agents accused of spying, illegally, on business men in Brazil / WorldHow far can you go in corporate investigations and surveillance? Walking th fine line between agrressive business intelligence and illegal activities.

Kids agree to stop sending pop-ups News from The Associated PressFTC settles case against two college students who developed pop-up technologies.

Many of us hope that this will be only the beginning of the FTC's actions in the area of spyware, adware and pop-ups.


Judge in Kobe Bryant Case Apologizes for Mistakes- how can we build in security protections against mistakes?

FindLaw Legal News - Judge in Kobe Bryant Case Apologizes for MistakesSo many privacy breaches are the result of mistakes. It's easy to push a button, or attach the wrong document to an e-mail. (In sending an invitation to one Senator for our new marvel comic online safety initiative, I mistakenly attached one addressed to a different senator. :-()

But when courts are involved, the costs can be even higher.

what kind of security protections do we need to implement to make sure that the wrong document isn't broadcast? Shouldn't we at least have two people check it over? or the approved documents kept in a different location?
Perhaps encrypt everything and unlock those that can be released with a special key?

we need to address these issues, sooner rather than later.

Right of goverment employers ot search workplace of employee | News | Illegal seizure claim refused in porn caseThe issue about whether a governmental employer is restricited by the 4th amendment search and seiizure rules and must obtain a warrant before searching their own workplace was resolved in favor of the employer. Different rules apply to employers than to investigative agencies.

This is a good decision that distinguishes the different roles of a public entity, as employer (to its employees) and as governmental agency (to all others).

It should help guide many employment-related surveillance issues when a public employer is involved.


Controversy Swirls Around Use of Cameras to Monitor Nursing Home Care

Controversy Swirls Around Use of Cameras to Monitor Nursing Home CareWhile videotaping is covered by wiretapping laws in most jurisdictions, many states are carving out expcetions for residents and families of residents of nursing homes. Designed to stop abuse and neglect by letting families know what happens when they aren't around, these are called "granny cams."

This is an interesting area to watch over the next few years.


Protect Your Privacy: Identity Theft Insurance

Protect Your Privacy: Identity Theft InsuranceInteresting. I'll look into this further for my column at Information Week.

Daily Yomiuri On-Line - new regulations may require websites to remove personal information at government's request in Japan

Daily Yomiuri On-Line

Becoming good information consumers...knowing what to believe online. (From The Parent's Guide to Protecting Your Children in Cyberspace, McGraw-Hill

(While this is very helpful to parents and teachers for children, it is just as helpful in assisting adults in knowing who and what to believe online.)

Resource Credibility: Teaching Our Children Critical Thinking and Media Literacy Skills

It costs thousands of dollars to publish a book. Cable and television programming costs even more. Magazines carefully check facts and universities use peer-review methods to make sure that what is published is accurate and credible. But anyone can publish a website, in a few hours, and say anything they want—often without a credible basis for it. (I often claim online to be tall, thin, blonde, and gorgeous. But no one ever said wishful thinking wasn’t allowed online.)

My dress size aside, how can anyone know when they have a real and credible site or just someone’s puffery? It’s not easy. Online there is no stamp of approval for quality control. A site published by an anti-Semitic group that claims the Holocaust never occurred may look as real and sound as reliable as a scholarly university dissertation. And when our children come across it, it might become the research source for their term paper on World War II.

Schools are facing this issue frequently these days. So teaching children how to evaluate the credibility of a site is an important part of using the Internet in connection with schoolwork. Essentially, it’s teaching them to be good information consumers. And, while it is exciting to find the one resource that says something none other say, perhaps there is a reason for that. Perhaps the one website that tells you something very different from the others isn't new and exciting, it may just be wrong, misleading and designed that way.

Whenever we find a website, we should think about the purpose of the site. Is it designed to sell something? If it’s designed by anyone who sells anything, you have to assume that it’s designed to at least indirectly promote its products or services. Any site that is designed to sell something should be approached as critically as any offline promotion or advertisement.

Once we understand the site’s point of view, we can evaluate what they are saying more effectively. Our children already know, at a young age, the candy bars or hamburgers that are smaller than they appear on television, or the toys that are constructed poorly, or the computer game systems that need optional equipment at additional cost in order to do what is promised. One of the first legal rules our children learn is caveat emptor—buyer beware. Teaching them to use critical judgment when reviewing a website is easy. The information gathered from a website should be accurate and current. And if there is a bias, the website’s bias should be obvious, and the authority of its writers should be set forth.

Here are a few things children should be checking when they visit a site to conduct research:

  • Who’s the author or website creator, and what’s their authority? Is it written by Nobel Peace Prize Award winners, or by Joe Crackpot? While many won’t tell you that they are unqualified to make the statements they make at the site, they leave clues. Our children should look first to the credentials offered at the site for the site authors. If the person states that he is a professor at Outer Siberia University, you should check for links to the university. Has the person listed awards? If so, are there links to the entities that gave the awards so you can check? Is this person a published author? If so, does, Barnes & Noble, or Borders have his book listed online? Search for other sites that reference this person. Not every one is an award-winning professor and published author, but most good sources are cited elsewhere online.

    What’s the bias of the site? Whose points of view aren’t covered? Bias isn’t necessarily bad, as long as it is clear to the site viewer. Remember that everyone has their bias, but some are more significant than others. Is this a site that performs “unbiased” reviews of advertisers? If so, have they disclosed that fact to the readers? Are they a nonprofit entity with a particular mission or purpose? Where was the site created? Is it from an international group that might have a country or culture bias? Is it a U.S. site which might have a U.S. bias? Often, you can detect bias by reading closely. The good sites will identify their mission. Think about who is creating the content, whose points of view are included, and whose are excluded. Students should try to achieve balance by including different biases and points of view when they do their research.

    How current is this information? Does the page have a “last updated” date notation? Many of the sites I researched for this book, including many on finding credible resources, were last updated in 1996. When I reviewed their content, I took that into consideration. Certain things don’t change, such as how to judge credentials, but other things, like branded and approved site lists and what schools are doing, have changed radically. The site I looked to for current information was updated a few months earlier, and gave that date on the front page. If the site doesn’t contain a “last updated” date, look to see if there’s a “recent additions” or “what’s new” section of the site, and see how often it is changed. You want to make sure the content is updated often, since it tells you two things: that the site gets regular attention, and that it contains recent information. A good site is updated regularly, preferably at least once monthly, and, with news and hot topical sites, more often than that. If you can’t tell when a site was last updated, send an e-mail to the webmaster at “webmaster@[the name of the site].” Ask how often the site is updated and the date it was last updated.

    Is the information stable and consistent? Is the information consistent within the site? Does everything match the theme of the site and this information? Are they proposing censorship on one page and free speech on another? (I’m not talking about CNN’s site, where they seek to present alternate and opposing views.) Is this the only site that espouses this viewpoint, or is there other support for this position? Have you compared it with related resources? Often, a site that appears too good to be true is too good to be true. Most good sites, with well-supported positions, will have support from other sites.

    What have they linked to? Do the links work? Do they link to credible sites, and do credible sites link to them? Are the links correctly described? Are they current? Who else links to them? Again, is the link information updated and accurate, or do the links not work anymore?

The school and public librarians are the real experts in judging credibility of resources. That’s what they do when they select resource and reference books. Talk to them about how they are teaching your children to exercise informed information judgment. They are helping build your children’s information literacy skills.

Don't Believe Everything Your Read Online...Using The Filter Between Your Ears

The “Filter” Between Your Ears

I often use this phrase to explain how important it is to teach children how to make good decisions about who and what to believe in cyberspace. I saw this as a filter to misinformation and hype our children are exposed to online. Recently, though, I realized that it is just as (and perhaps more) applicable to adults online. Too many people act out online in ways they would never dream of doing offline. Never having to look someone in the eye makes it easier to act-out with hostile, rude and outrageous behavior. In this case, it is also an outgoing filter.

Truth, in too many cases, has no value to many people online. They sell counterfeit goods on eBay, or steal your identity, or stalk or harass you, posting lies and misrepresenting the truth. They lead their lives by press releases or posts on their websites. And it often works very effectively to meet their hidden (and sometimes not so hidden) agendas.

Unfortunately, in cyberspace what appears in writing, if broadly circulated, becomes reality. If a statement appears on a well-designed website, it takes on a life of its own, and people believe it blindly. So, perhaps we also need to help adults use the same incoming “filter between their ears” to determine credibility of online communications and information that we as children to use. And perhaps this filter is even more important to adults who don’t have Net Nanny installed by their parents to help weed-out the crap. It’s up to us to weed out this stuff, and that requires that we think, and listen and be realistic. Something as simple as “not believing everything they read online” seems to escape many people. And they fall prey to cybercriminals, cyberabuse and manipulation.

We need something to help people think about what they do and say online, about their online behavior and netiquette. Something that causes them to pause before spilling more hate and hype onto our cyber-roadways. Like the monstrous oil spills that kill fragile wildlife in the Alaskan sounds, hate, misinformation and hype kills fragile and positive life in cyberspace. And is at least as hard to clean-up and defend against.

What is it about the Internet and cyber-communications that makes it so easy to misbehave? Is it the false sense of anonymity? (Few communications online are really anonymous. In most cases, either through sophisticated technology or legal process you can find the person behind the post.) Is it the ease of lashing out with whatever you are thinking at that moment? Is the id in online communication that much stronger than our cyber-superego? I frequently liken our online behavior to what we would do if truly invisible. Would we steal from others? Walk into a bank and help ourselves to crisp $100 bills? Or hideout in a dressing room at a fashion show with gorgeous models changing under our invisible nose? Would we spy on our enemies? On our friends? Take the last piece of chocolate cake? Make a crude gesture to our least favorite politician?

Does truth matter anymore? Does a statement made on a website become fact because it is posted prominently. Don’t people realize that they are accountable for what they do in life, whether it is online or offline? Nick Jesandun, the Internet writer for AP did an article last year proposing that people should be licensed somehow before they were permitted Internet access. While I disagreed with that premise, perhaps we should rethink that. But maybe instead of licensing them for all Internet use we should require anti-rudeness training before people are allowed online. Perhaps we should install a filter between their brains and their fingers, to make them think before they type.

Perhaps we should certify that someone is mature enough to use powerful technology. One of the best things about the Internet is that it gives everyone a huge soapbox where they can share their ideas, opinions and perspectives. Even if they are ridiculous. Even if they are far-fetched. Even if they have no basis whatsoever in reality. That means all the kooks, crackpots and malicious people online can use this powerful engine to spread hate, misinformation, hidden agendas and hype.

First Amendment advocates often use the example that it protects Nazis marching in Skokie (a town with a large number of holocaust survivors) as much as it protects the rest of us from governmental censorship. I guess that same example applies here as well. Having a free Internet means that hate mongers, slimebags and crackpots can share their opinions as freely as leading experts, kind and caring people and honest and respectful netizens can. But in the same way the citizens of Skokie turned their backs to the cruel messages and swastikas of the marching bands of Nazis, thoughtful Internet users should turn their backs to those who use the medium to spread hate, misinformation and hype.

Take the first step to reclaiming credibility in cyberspace…”Don’t believe everything you see online, use your head and think before you click “send.” We’d all be much better off.

Thursday, July 29, 2004

Katie Tarbox and (the book, not the site)

To learn about the project called, check out Parry's personal blog: Parry's Blog: Katie Tarbox and (the book, not the site)

Katie Tarbox is an extraordinary young woman with a huge heart who will help change the world.

I am honored, as the executive director of WiredSafety, to announce that we will be working with Katie to help create a place where children who have been victimized by Internet sexual predators can go for help and support. Her special vision is needed with so many of these young people who don't know where to turn.

The program will be called Katie's Place, and be part of the WiredSafety family of sites and programs. (WiredSafety is a 501c-3 corporation).

Want to help?
drop by and we'll show you how.

Tuesday, July 27, 2004

Security Pipeline | Trends | Other People's Wi-Fi

Security Pipeline | Trends | Other People's Wi-FiAn interesting article...if you need Internet access and the only way to get it is by using a neighbor's unprotected access, it that okay? Hmmm...good question!
Parry - the new joint project of Katie Tarbox, Parry and WiredSafety
A place where children and teens who have been sexually exploited by Internet predators can find help and understanding. If you want to help, drop by and volunteer.

Monday, July 26, 2004

InformationWeek > Cyberdating and Safety> Looking For Love In All The Cyber Places > July 26, 2004

InformationWeek > Cyberdating > Looking For Love In All The Cyber Places > July 26, 2004Parry's column this week on cyberdating and safety.

Parry's Cyberdating article: InformationWeek> Dating Online: The Basics > July 26, 2004

InformationWeek > Cyberdating > Dating Online: The Basics > July 26, 2004 How to's for cyberdating novices.

None of Your Bees Wax!

How much of our concept of privacy was formed by the time we left grammar school? I remember that when I was younger, I would share anything with anyone who asked. And even with those who didn't ask :-) What we paid for something, arguments my parents had, how much money my parents earned, when someone was sick, getting divorced, anything. There was no concept of secrets. Telling was the best part of a secret.

Then when hormones started flowing, I started to learn that somethings should remain a secret. And as the hormones started flowing in others, I learned that today's best friend can be your dire enemy tomorrow. That was when I started to add "none of your bess wax" to my vocabulary. I used it with everyone. (I even tried it once with my mother...ONCE is the operative word here :-))

But when we look at privacy issues now, the younger kids don't see that line. They seem ot think that as long as they have nothing to hide, that they shouldn't have to worry about who knows what.

Has the concept of "none of your bess wax" disappeared these days? Isn't it enough that the information is yours? Does something have to be very secret to be protected as "private?"

Isn't there a value to private sphere anymore?

just musing...


Friday, July 23, 2004

Creating your feed: Feedster :: RSS Search Engine

Feedster :: RSS Search EngineI just tried this for the first time, it's easy and works with blogger. The support people are also very friendly and patient. :-) You can now subscribe to my feed.

Blogs - RSS Feeds...what are they?

Blogs - RSS Feeds...what are they? Blogging hasn't been an easy experience for me. While I am thrilled that I can comment quickly on breaking stories and important issues, there's too much techy info for my liking. I have had to learn the hard way. So, to make it easier for the rest of you out there, who like me don't carry a pocket protector ;-) I have done a quick piece on RSS feeds and why we need to understand them.

For all of you out there with pocket protectors...let me know if I got it wrong. :-)


Wednesday, July 21, 2004

Identity Theft > President Signs Identify-Theft Law > July 16, 2004

InformationWeek > Identity Theft > President Signs Identify-Theft Law > July 16, 2004

Phishing: identity theft: Customer Data > Breach Of Trust > May 3, 2004

InformationWeek > Customer Data > Breach Of Trust > May 3, 2004

Tuesday, July 20, 2004


I was interviewed today by someone writing a guide about privacy annoyances. During the interview I was asked about drug-testing in the workplace and whether an employer could require an employee to undergo drug testing. I explained that in many cases an employer will require drug-testing prior to employing someone. I heard an audible gasp at the other end of the phone.
I stopped for a moment to explain the "other" side. (When privacy is concerned most people are polarized, employers vs. employees, data collectors vs. consumers, citizens vs. government, civil rights vs. security...the list goes on and on.) in this case he was obviously appalled that any employer could compel drug-testing.
I asked him to consider whether an employer who deals with children, heavy machinery, medical or high technology would, among other employers, be particularly concerned about drug use by employees? What about school bus drivers, I asked?
He conceded that there are special instances where drug-testing may be warranted. But does it have to be a special instance? Shouldn't an employer be entitled to know that their employees are drug-free? Can't a potential employee simply decide not to work for someone who requires a drug-free workforce. Aren't all customers entitled to interface with drug-free salespersons?
When it comes to security and Internet safety, I am generally considered pretty conservative. When it comes to privacy, I am usually considered pretty liberal. When security vs. privacy issues arise, I weigh them case by case.
Privacy is often seen as a shield and a sword. You're on one side of the issue or another. Never in-between. Yet, as this writer pointed out after a half-hour interview, it's mostly a case-by-case basis. What makes sense under the circumstances? What's the balance? Are we really worried about the United States becoming a nazi-like government? How much are we willing to give up for convenience or efficiency? Bob Evans of Information Week wrote about the over-reaction to the airlines sharing passenger name records...who cares if the airlines share information about your meal preferences, he posed. But in Europe this is considered especially problematic, since a meal preference may divulge your religious orientation or health conditions.
While I agree with Bob here, and think that privacy issues are often overblown in the press and by certain advocacy groups to get mentioned in the press, there is always the other side. And the issue of whether or not the passengers were given the choice of sharing this information with third parties, government or otherwise. Airlines and others may be surprised at how many passengers or customers would allow their personal information to be shared, responsibly, with government agencies to help improve security. Heck, it's worth the try...
Choice is the real issue. We should be able to give up some privacy in exchange for convenience.
Several years ago when EZPass was first introduced, I was holding out. I worried that "big brother" would know where I was and when. They could record how long it took me to get from one exit to another and maybe inform the state troopers to give me a speeding ticket after the fact. Then, I gave in to my daughter's pleading to get EZ-Pass and now I can't imagine ever having to dig through my purse for change or waiting in long lines at the George Washington Bridge tolls in the morning. I exchanged some personal information for convenience.
When special security programs are launched allowing frequent travlers to undergo special security clearance in exchange for quicker security checks at airports, I will once again exchange my privacy for convenience.
Yet I refuse to use my supermarket frequent shopper card when I shop. Instead I explain to the checkout person that I have forgotten my card and s/he helpfully scans theirs. It's no one's business what I buy or how I pay for what I buy. I don't get any special benefit out of giving this information away.
it's always balancing...what's it worth? what are the risks of my information being misused? how much do I trust those asking for it? what I am getting in exchange for the risks? and does the convenience factor outweight the risks?
I am still on the sidelines with RFID. But I'll be covering that for an upcoming column at Information Week, so I won't rant about it here.
You can read the piece I wrote for Information Week "from the months of Babes" explaining what kids have told me about how they view privacy and security. Interestingly enough they trust Microsoft best. When we dug a bit further into this, we realized that it was the operating system and the daily interface that they trusted. (Apple was the only other fully-trusted brand suggested by one of the teens, and by the only Mac user in the bunch. :-))
Yet, AOL wasn't in the top three, even among AOL users.
what can we learn from this? It's all a matter of perspective. :-)

Friday, July 16, 2004

Bill aims to keep adult spam from kids - 07/04/04

Bill aims to keep adult spam from kids - 07/04/04
I need to check into this...if the list is made public (otherwise how would marketers and spammers know where not to send e-mails?) children will be victimized right away.

Sometimes well-meaning laws create more problems than they solve.

Looking for more information on this.


Thursday, July 15, 2004

Cyberporn case in Canada: InformationWeek Weblog

InformationWeek | InformationWeek WeblogI referenced this blog previously, but a comment was posted that helps understand the results of the arbitration ordering the reinstatement of the terminated employees.

"These workers are members of a union, which has a collective agreement - and with a unionized environment, there is arbitrarial case law. The issue wasn't whether these people should have been disciplined - that fact was conceded - but whether dismissal for a first offence (and no prior warnings or disciplinary action) was appropriate.

Unionized environments are different than at-will employees. There is a collective agreement to follow, mandatory union representation, and a grievance procedure. This judgement comes from an arbitrator empowered by the Labour Relations Act and the Collective Agreement, and was most likely chosen either from a list agreed to by the two parties. There was no lawsuit.

Dismissal is viewed as a last resort, and can only rarely be used for a first offence - offences that completely break down the trust between an employee and the employer, such as fraud, serious physical assault, theft, etc. Otherwise, you must engage in progressive discipline - beginning with a disciplinary letter and eventually reaching dismissal if the actions continue.

Since viewing or storing porn doesn't completely break down the trust, and it was a first offence, dismissal was not warranted. There is extensive labour case law (mainly arbitrator decisions) that back this up (not necessarily relating to porn, but other offences"

Wednesday, July 14, 2004

a terrific site with lots of great links! Marcus P. Zillman, M.S., A.M.H.A. Author/Speaker/Consultant

Marcus P. Zillman, M.S., A.M.H.A. Author/Speaker/ConsultantA blog everyone should check out, with tons of information from a knowedlgeable refreshing! :-)

The Canadian workplace porn scandal: John Foley's great comments at the InformationWeek Weblog

InformationWeek WeblogAnd my thoughts on this too.
Bottomline, employees of a Canadian government ministry were found to have downloaded some pretty vile porn and violent content. When this was discovered, the most aggregious violators were terminated. In an arbitration, the ministry was ordered to reinstate them and the arbitrators and many experts claimed that the ministry had made a big ado about nothing.

It is significant, legally, that the ministry had no Internet use agreement in place at the time. one was put in place during the arbitraion. Had one been in place when the porn and violent content was downloaded, there might have been a different result.

way to go John!!!

Spiderman and Parry Aftab: St. Petersburg Times

Archives: St. Petersburg TimesAnnouncement of the programs.

Spiderman, Parry Aftab and Internet Safety announcement

Tonight at an event held at Capitol Hill, together with Senator Stevens and other key members of the U.S. Senate and House of Representatives, as well as Commissioners Thompson and Harbour of the FTC, Parry and Marvel announced an exciting collaboration.

Marvel has agreed to allow and Parry to use their super hero characters, including Spiderman, to help deliver their online safety, privacy and responsible surfing messages, worldwide. The program will include special comics with themes such as cyberbulling, privacy, predators and piracy. They will also include live character appearances using the super hero characters.

to learn more, visit

Parry's PC Magazine article August 3, 2004: Online Safety at School

Online Safety at SchoolParry praises library-media specialists...the unsung heroesof education.

Monday, July 12, 2004

Ex-Spouse charged with cyberspying on ex-husband and his girlfriend

a woman in Florida was charged with violating the ECPA (Federal wiretap statute) for installing a remote cyber-monitoring product on her ex-husband's laptop and his girlfriend's laptop computer to create problems between them.

Many Internet users involved in a divorce proceeding, custody dispute or worried that their significant others are involved in an affair are turning to self-help. Monitoring software designed to monitor employees' surfing and online communications or to monitor children's online activities is being misused to spy on others.

Any interception of an online communication or phone conversation violates the wiretapping laws. While there may be a slight difference between the kids of communications and whether the interception is an actual wiretap or an illegal accessing of stored communications (different sections of the law and different penalties) both are illegal. Certain types of communications are excempted from the federal wiretapping and most state wiretapping laws. These typically involve employers and law enforcement (providing a court-order or other applicable legal process is fulfilled).

Some courts have said that a special unwritten exemption also exists for spouses. But most courts have rejected that position.

Want to know if you can legally access e-mail communications of someone else, check with a lawyer knowledgeable about privacy laws. As tempting as it may be to know what they are saying and to whom they are saying it, be very careful!

Thursday, July 08, 2004

FTC's Hooked on Phonics case...announced July 7, 2004

Hooked On Phonics and the FTC Enforcement Action
Parry's analysis of the FTC enforcement action and what this case means. Note that as in all cases, the facts are key. But we all need ot learn from Hooked on Phonics' mistakes...if you make a promise- keep it. If change your privacy policy, it only works going forward, not retroactively. And all privacy policies should have effective and last changed dates and an archive of changes.
The size of the fine, IMHO, means that the FTC didn't think that HOP acted in bad faith.

This is the first of the "material changes" cases for the FTC on website privacy policies. I expect more as we seek more guidance about what a site cna and can't do.

The best advice I can give you is to tag all data with the privacy limitations and any conditions of use under which that information was collected.

I think the FTC is one of the best governmental agencies in the world. They've done a great job here.


Parry's Government Enterprise article about cyberstalking in the workplace

Government Enterprise > Opinions > Visible, Vulnerable Target

The Privacy Lawyer: Cyberloafing Drains Productivity

Security Pipeline | Trends | The Privacy Lawyer: Cyberloafing Drains Productivity

Parry Aftab and Nancy L. Savitt

Parry Aftab and Nancy L. SavittParry's support of the COPPA amendment to extend the e-mail notification and consent rule. Note that Parry's address has changed, as has her telephone numbers. Also the group for which she acts as executive director has changed it's name to

Parry is a proud member of Truste's board of directors


Parry Aftab says the real world provides five good reasons why you should keep a tight rein on employees

Parry Aftab says the real world provides five good reasons why you should keep a tight rein on employeesParry discusses the risks of workplace Internet communications to employers

InformationWeek > Parry Atfab > How COPPA Came About > January 19, 2004

InformationWeek > Parry Atfab > How COPPA Came About > January 19, 2004

InformationWeek > Parry Aftab > COPPA Checklist > January 19, 2004

InformationWeek > Parry Aftab > COPPA Checklist > January 19, 2004

InformationWeek > Parry Aftab > The Privacy Lawyer: Kids' Online Privacy > January 19, 2004

InformationWeek > Parry Aftab > The Privacy Lawyer: Kids' Online Privacy > January 19, 2004

About Parry Aftab, cyberlawyer and privacy and security expert

About Parry Aftab, cyberlawyer and privacy and security expertfrom Parry's own main site.

Parry Aftab's Privacy and Cyberlaw Site

Parry Aftab's Privacy and Cyberlaw SiteParry's main site. Look to it for articles on privacy and cyberlaw.

MSNBC - Hooked on Phonics fined by FTC

MSNBC - Hooked on Phonics fined by FTCBob Sullivan's report on Hooked on Phonics FTC action settlement, quoting Parry.

Wednesday, July 07, 2004

The Practical Nomad blog: Privacy and Travel Archives

The Practical Nomad blog: Privacy and Travel Archives
Edward has a clear focus on what he thinks is right and wrong about the lack of privacy in travel. He is pretty well informed, and has lots ot say.

Hooked On Phonics and the FTC Enforcement Action

Hooked On Phonics and the FTC Enforcement Action
Parry's analysis of the FTC enforcement action and what this case means. Note that as in all cases, the facts are key. But we all need ot learn from Hooked on Phonics' mistakes...if you make a promise- keep it. If change your privacy policy, it only works going forward, not retroactively. And all privacy policies should have effective and last changed dates and an archive of changes.
The size of the fine, IMHO, means that the FTC didn't think that HOP acted in bad faith.

This is the first of the "material changes" cases for the FTC on website privacy policies. I expect more as we seek more guidance about what a site cna and can't do.

The best advice I can give you is to tag all data with the privacy limitations and any conditions of use under which that information was collected.

I think the FTC is one of the best governmental agencies in the world. They've done a great job here.


Gateway Learning Settles FTC Privacy Charges

Gateway Learning Settles FTC Privacy Charges
The new enforcement action against :"Hooked on Phonics" company for sharing information in violation of its privacy policy and for trying to change its privacy policy retroactively to permit such sharing. No consent was given for the change.

InformationWeek > Privacy Versus Security > Business Technology: Privacy Isn't The Only Thing That's Important > June 28, 2004

InformationWeek > Privacy Versus Security > Business Technology: Privacy Isn't The Only Thing That's Important > June 28, 2004
A great opinion piece by Bob Evans about keeping our privacy priorities straight.

Tuesday, July 06, 2004

InformationWeek > Blogs > SmartAdvice: Are Blogs The Next Internet Marketing Phenomenon? > July 5, 2004

InformationWeek > Blogs > SmartAdvice: Are Blogs The Next Internet Marketing Phenomenon? > July 5, 2004
A great primer on blogging for business.

Friday, July 02, 2004

The Councilman Case ...what it says and what it doesn't say

Whenever e-mail and privacy are concerned many people and advocacy groups panic. They read things into the decisions and see the end result of a "slippery slope" often when it is no more than what it is, a decision on this one case.

I have received many e-mails and communications regarding this recent decision by the First Circuit Court of Appeals in the United States. This is the highest appellate court for the region, other than the U.S. Supreme Court. Other decisions rendered by other Circuit Courts of Appeal have no bearing on this court, other than by being clear articulations of the law and worthy of being followed.

This case involved a rare book dealer that also provided e-mail accounts for its customers. The e-mails were handled directly on servers owned and operated by the rare book dealer. When the dealer was acquired by another company, that company decided to try and gather information about Amazon purchases and inquiries made by these customers. A program was written to allow the dealer to collect e-mails sent ot their customers by Amazon and to gather information regarding their transactions. The customers were not aware of this collection or privacy breach.

The e-mails were actually acquired after they had arrived and were accessible to the customers, although in most cases before they were accessed by the customers.

An indictment was obtained by the US. Attorney (the federal prosecutor in this case) for violation of the federal wiretap statute, the ECPA (Electronic Commnications Privacy Act).

Essentially, the court held that becasue the e-mails were stored on the dealer's server and the transmission to the server from the e-mail sender was complete, that the ECPA section in question was not violated. That involved the interception of communications in transit. The e-mails had already arrived, ruled the court, and were therefore not in transit. While the case may have involved a violation of another section of the ECPA, regarding "stored communications" the court did not reach any legally binding conclusion reagrding whether any isp can access and read e-mails of its e-mail customers.

The company argued that it had not violated the stored communications prohibition, but the court said that since the indictment didn't involve a charge that it had, they didn't have to deal with the issue.


It doesn't say that e-mail providers can access and use e-mail communications of their customers.

don't panic.

to read the entire case, look at the prior blog post...the entire case is pasted within it.

The earlier case dealt with related issues. If anyone has questions about that case, let me know.

but for now lax. And read your isp's privacy policy. it is a legally enforceable document. That, not fears about this case, should govern your concerns.


Privacy and ISP right to access e-mails: the First Circuit Councilman decision

United States Court of Appeals,
First Circuit.
UNITED STATES of America, Appellant,
Bradford C. COUNCILMAN, Defendant, Appellee.
No. 03-1383.
Heard Dec. 3, 2003.
Decided June 29, 2004.

Appeal from the United States District Court for the District of Massachusetts, Michael A. Ponsor, U.S. District Judge.
Gary S. Katzmann, Assistant United States Attorney, with whom Michael J. Sullivan, United States Attorney, and Richard P. Salgado, Senior Counsel, Computer Crime and Intellectual Property Section, were on brief, for appellant.
Andrew Good, with whom Good & Cormier, was on brief, for appellee.

Before TORRUELLA, Circuit Judge, CYR, Senior Circuit Judge, and LIPEZ, Circuit Judge.

TORRUELLA, Circuit Judge.
*1 The United States appeals from the district court's dismissal of Count One of the Indictment against defendant Bradford C. Councilman ("defendant"). Count One charged defendant with conspiring to engage in conduct prohibited by various provisions of the Wiretap Act, 18 U.S.C. §§ 2510-2522, in violation of 18 U.S.C. § 371. We affirm.

I. Facts
Defendant was Vice-president of Interloc, Inc. ("Interloc"). Interloc's primary business was as an online rare and out-of-print book listing service. As part of its services, Interloc provided certain book dealer customers with an electronic mail ("e-mail") address and acted as the service provider. The dealer was provided with an e-mail account ending in "". [FN1]
In May 1998, Alibris, a California corporation, acquired Interloc. Defendant was Vice-president, shareholder and employee of Interloc and Alibris. Among defendant's responsibilities was the management of the Internet Service Provider ("ISP") and the book dealer subscription list managed by Interloc.
The parties stipulated to the following facts relevant to the transfer of electronic messages by the Interloc systems. An e-mail message, which is composed using an e-mail program, is transferred from one computer to another on its way to its final destination, the addressee. Building on the principle of store and forward, the message is handed to a Message Transfer Agent ("MTA") which stores the message locally. The message is routed through the network from one MTA to another until it reaches the recipient's mail server, which accepts it and stores it in a location accessible to the recipient. Once the e-mail is accessible to the recipient, final delivery has been completed. The final delivery process places the message into storage in a message store area. Often, a separate Mail Delivery Agent ("MDA") will be required to retrieve the e-mail from the MTA in order to make final delivery.
Interloc's computer facility used a program known as procmail (short for process mail) as its MDA. Procmail operates by scanning and sorting e-mail together with an MTA computer program known as "sendmail."
According to the Indictment, on or about January 1998, defendant directed Interloc employees to write computer code to intercept and copy all incoming communications from to subscriber dealers. The Interloc systems administrator wrote a revision to the mail processing code called procmail.rc ("the procmail"), designed to intercept, copy, and store, all incoming messages from before they were delivered to the members' e-mail, and therefore, before the e-mail was read by the intended recipient. Defendant was charged with using the procmail to intercept thousands of messages. Defendant and other Interloc employees routinely read the e-mails sent to its members seeking to gain a commercial advantage.
The procmail was designed to work only within the confines of Interloc's computer. At all times that MTA sendmail and MDA procmail performed operations affecting the e-mail system, the messages existed in the random access memory (RAM) or in hard disks, or both, within Interloc's computer systems. Each of the e-mails at issue constituted an "electronic communication" within the meaning of 18 U.S.C. § 2510(12).
*2 Count One of the Indictment charged defendant with a violation of 18 U.S.C. § 371 for conspiracy to violate 18 U.S.C. § 2511. Defendant allegedly conspired to intercept the electronic communications, to intentionally disclose the contents of the intercepted communications, in violation of 18 U.S.C. § 2511(1)(a), and to use the contents of the unlawfully obtained electronic communication, in violation of 18 U.S.C. § 2511(1)(c). Finally, the government alleged that defendant had conspired to cause a person to divulge the content of the communications while in transmission to persons other than the addressees of the communications, in violation of 18 U.S.C. § 2511(3)(a). [FN2] The object of the conspiracy, according to the government, was to exploit the content of e-mail from, the Internet retailer, to dealers in order to develop a list of books, learn about competitors and attain a commercial advantage for Alibris and Interloc. [FN3]
Defendant moved to dismiss the Indictment for failure to state an offense under the Wiretap Act, as the e-mail interceptions at issue were in "electronic storage," as defined in 18 U.S.C. § 2510(17), and could not be intercepted as a matter of law. The district court did not initially grant the motion to dismiss but, upon further briefing by the parties, granted the motion and dismissed Count One. The district court found that the e-mails were in electronic storage and that, therefore, the Wiretap Act could not be violated because the requisite "interception" was lacking. United States v. Councilman, 245 F.Supp.2d 319 (D.Mass.2003).

II. Analysis
A. The Wiretap Act
We review questions of statutory interpretation de novo. See United States v. Jones, 10 F.3d 901, 904 (1st Cir.1993). The issue in this case is whether there was an "intercept" of a communication within the meaning of the Wiretap Act. In cases of statutory construction we begin with the language of the statute. See Hughes Aircraft Co. v. Jacobson, 525 U.S. 432, 438, 119 S.Ct. 755, 142 L.Ed.2d 881 (1999). We determine the meaning of a word from the context in which it is used. See Holloway v. United States, 526 U.S. 1, 6-7, 119 S.Ct. 966, 143 L.Ed.2d 1 (1999).
The Electronic Communications Privacy Act ("ECPA") amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968, commonly known as the federal wiretap law. See Electronic Communications Privacy Act, Pub.L. No. 99-508, 100 Stat. 1848 (1999). The ECPA was divided into Title I, commonly known as the Wiretap Act, 18 U.S.C. §§ 2510-2522, and Title II, commonly known as the Stored Communications Act, 18 U.S.C. §§ 2701-2711. [FN4] The amendments provided for the protection of electronic communications along with oral and wire communications. See S.Rep. No. 99-541, at 11 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3565.
We begin our analysis by highlighting the difference between the definitions of "wire communications" and "electronic communications" in the Wiretap Act, mindful that the communications at issue in this appeal are electronic in nature. Under 18 U.S.C. § 2510(1), a
*3 "wire communication" means any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable or other like connection between the point of origin and the point of reception furnished or operated by any person engaged in providing or operating such facilities ... and such term includes any electronic storage of such communication....
18 U.S.C. § 2510(1). By comparison, " 'electronic communication' means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system ." Id. at § 2510(12). No mention is made of electronic storage of electronic communications. See generally In re Hart, 328 F.3d 45, 49 (1st Cir.2003)("[W]hen Congress includes a particular language in one section of a statute but omits it in another section of the same Act, it is generally presumed that Congress acts intentionally and purposely in the disparate inclusion or exclusion.").
"Intercept" is defined as "the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." 18 U.S.C. § 2510(4).
The statute that defendant is charged with conspiring to violate, 18 U.S.C. § 2511, provides criminal penalties to be imposed on "any person who--(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." 18 U.S.C. § 2511(1)(a).
Relying on the language of the statute and the decisions of our sister circuits, the district court held that Congress did not intend for the Wiretap Act's interception provisions to apply to communication in electronic storage. Councilman, 245 F.Supp.2d at 321. The district court rejected "[t]he Government's position ... that the Wiretap Act applies to interceptions that take place when the message ... is 'in transit' or 'in process of delivery.' " Id. Relying on the definition of electronic storage, the district court held that no interception can occur while the e-mails are in electronic storage and therefore, without the requisite interception, the Wiretap Act could not be violated.
The scope of electronic communications that can theoretically be intercepted is obviously reduced when the definition does not include electronic storage of such communications, as is the case with wire communications. In addition, electronic storage includes a vast range of possible situations including "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof...." 18 U.S.C. § 2510(17)(A). The government argues that this section does not necessarily place the e-mails in question in this case outside the interception requirement of 18 U.S.C. § 2511(a).
*4 The particular problem confronted in this case is what has been called the "contemporaneous" problem in the intercept requirement of the Wiretap Act. See In re Pharmatrak, 329 F.3d 9, 21-22 (1st Cir.2003)(because the statute was written before the widespread use of the Internet and other media prior opinions may not be helpful in addressing current problems). The government argues that given the particular nature of electronic communications and the mechanisms used to retrieve them, 18 U.S.C. § 2511(a) is a proper foundation for Count One of the Indictment. In addition, the government argues, cases from other circuits are distinguishable on their facts because none used the procmail at issue in this case. [FN5] We have commented on the issue presented in this case, see Pharmatrak, 329 F.3d at 21-22, but have not resolved it. [FN6]
The first case to address the issue of unlawful intercept in the context of electronic communications is Steve Jackson Games, Inc. v. United States Secret Service, 36 F.3d 457 (5th Cir.1994). There, the plaintiff company sued the Secret Service because the agency had seized a computer used to operate a bulletin board system, but which also contained private, unretrieved electronic mail. Id. at 459. The plaintiff provided its customers with the ability to send and retrieve e-mail, which was stored on the company's hard disk drive temporarily, until the recipient retrieved the e-mail. Id. at 458. After seizing the computer, the Secret Service allegedly opened the private e-mails, read them and deleted them. The company sued, alleging, inter alia, a violation of the Wiretap Act. Id. at 459-60.
The Fifth Circuit held that the seizure of sent but unretrieved e-mail did not constitute an intercept for purposes of 18 U.S.C. § 2511(1)(a). See Steve Jackson Games, 36 F.3d at 461-62. In reaching that conclusion, it relied on the difference in the definitions of electronic and wire communication and the definition of electronic storage. "Congress' use of the word 'transfer' in the definition of 'electronic communication,' and its omission in that definition of the phrase 'any electronic storage of such communication' (part of the definition of 'wire communication') reflects that Congress did not intend for 'intercept' to apply to 'electronic communications' when those communications are in 'electronic storage.' " Id. (footnote omitted); see also Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 114 (3d Cir.2003) (adopting the reasoning in Steve Jackson Games as to the meaning of intercept under the relevant version of the Wiretap Act).
In contrast, Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir.2002), cert. denied, 537 U.S. 1193, 123 S.Ct. 1292, 154 L.Ed.2d 1028 (2003), concerned a plaintiff, an employee of Hawaiian Airlines, who operated a secure website which posted criticism of his employer. A vice-president of the airline obtained permission from authorized users to view the website. Plaintiff sued, alleging, inter alia, that defendant had violated the Wiretap Act by violating the terms of use of the website and entering a secure website under false pretenses.
*5 The Ninth Circuit, after granting panel rehearing, reversed its earlier position that the electronic communications were covered under the Wiretap Act. It did so because, in its view, the conduct of the defendant did not constitute an intercept as that term is defined. Konop, 302 F.3d at 876. Relying on Steve Jackson Games, it held that "for a website such as Konop's to be 'intercepted' in violation of the Wiretap Act, it must be acquired during transmission, not while in electronic storage." Id. at 878. In doing so, it rejected the position the government takes in this case, that, given the nature of e-mail, the Wiretap Act must apply to en route storage. Id. at 879 n. 6. "While this argument is not without appeal, the language and structure of the [Act] demonstrate that Congress considered and rejected this argument." Id. The court relied, as did the district court in this case, on the expansive definition of the term "electronic storage" in 18 U.S.C. § 2510(17)(A). The dismissal of the Wiretap Act claim was affirmed.
The government is correct that the electronic communications at issue here were acquired in a different manner than in Steve Jackson Games and Konop. Defendant's procmail operated to obtain the e-mails before they were received by its intended recipients. While the e-mail in Steve Jackson Games was retrieved from storage in a computer and the website in Konop was accessed under false pretenses, the e-mails in this case were accessed by the procmail as they were being transmitted and in real time. However, the presence of the words "any temporary, intermediate storage" in 18 U.S.C. § 2510(17) controls. On the facts of this case, it is clear that the electronic communications in this case were in a form of electronic storage. It may well be that the protections of the Wiretap Act have been eviscerated as technology advances. See United States v. Steiger, 318 F.3d 1039, 1047-51 (11th Cir.2003) (holding intercept did not occur because there was no contemporaneous acquisition but commenting that under the narrow reading of the statute few seizures will constitute interceptions under Wiretap Act). As the stipulation reached by the parties states, "[a]t all times that sendmail and procmail performed operations affecting the email messages at issue, the messages existed in the random access memory (RAM) or in hard disks, or both, within Interloc's computer system." When defendant obtained the e-mails, they were in temporary storage in Interloc's computer systems. There was also a stipulation that "[n]either sendmail nor procmail performed functions that affected the emails in issue while the emails were in transmission through wires or cables between computers." This fact places the messages outside the scope of 18 U.S.C. § 2511(a), and into temporary electronic storage under 18 U.S.C. § 2510(17)(A). Accord Steiger, 318 F.3d at 1049; Konop, 302 F.3d at 878; Steve Jackson Games, 36 F.3d at 462; see also United States v. Moriarty, 962 F.Supp. 217 (D.Mass.1997) (holding that for Wiretap Act provisions to be violated as to electronic communications contemporaneous acquisition is necessary); United States v. Reyes, 922 F.Supp. 818, 836 (S.D.N.Y.1996) (same).
*6 The government argues, and the dissent is persuaded by this argument, that the legislative history of the statute demonstrates that if an electronic communication is obtained while it is simultaneously in transmission and in storage, then an intercept occurs. Notwithstanding the fact that we find the language of the statute unambiguous, exploring this contention merely confirms our position as to the meaning of the statute. The government points to dicta in Pharmatrak as supporting the conclusion that electronic communications are protected when they are in storage, because by their nature, they exist in storage and transit at the same time.
[T]he storage-transit dichotomy adopted by earlier courts may be less than apt to address current problems. As one court recently observed, "[t]echnology has, to some extent, overtaken language. Traveling the internet, electronic communications are often--perhaps constantly--both 'in transit' and 'in storage' simultaneously, a linguistic but not a technological paradox."
329 F.3d at 21-22 (quoting Councilman, 245 F.Supp.2d at 321). However, the legislative history of the Act clearly states that the definition of intercept was not altered by the amendments. See S.Rep. No. 99-541, at 12, reprinted in 1986 U.S.C.C.A.N. at 3566 (stating that "[t]he definition of 'intercept' under current law is retained with respect to wire and oral communications except that the term 'or other' is inserted after 'aural' "). Even assuming arguendo that we should look outside the text, the government's arguments based on the legislative history are unavailing.
The Wiretap Act's purpose was, and continues to be, to protect the privacy of communications. We believe that the language of the statute makes clear that Congress meant to give lesser protection to electronic communications than wire and oral communications. Moreover, at this juncture, much of the protection may have been eviscerated by the realities of modern technology. We observe, as most courts have, that the language may be out of step with the technological realities of computer crimes. However, it is not the province of this court to graft meaning onto the statute where Congress has spoken plainly. [FN7] We therefore affirm the district court's dismissal of Count One of the Indictment on the premise that no intercept occurred in this case, and therefore, the Wiretap Act could not be violated.
B. The Stored Communications Act
Defendant also argues that his conduct was lawful under Title II of the ECPA, or the Stored Communications Act, 18 U.S.C. § 2701 et seq., and therefore outside the criminal provisions of the Wiretap Act. Specifically he relies on the provider exceptions, 18 U.S.C. § 2701(c)(1). Given our reading of the Wiretap Act, we need not comment on this argument. We note, however, that the intersection of the Wiretap Act and the Stored Communications Act "is a complex, often convoluted, area of the law." United States v. Smith, 155 F.3d 1051, 1055 (9th Cir.1998). Defendant's argument takes us beyond the charges in the Indictment. Therefore, we need not stray beyond the text of the Wiretap Act into the Stored Communications Act because the government sought to indict defendant only for conspiracy to violate Title I, 18 U.S.C. § 2511(a).

III. Conclusion
*7 For the reasons stated above, the district court's order dismissing Count One is affirmed.

LIPEZ, Circuit Judge (Dissenting).
Unlike my colleagues, I believe that the district court erred in dismissing the indictment against Defendant-Appellee Bradford Councilman for violating Title I of the Electronic Communications Privacy Act (ECPA), Pub.L. No. 99- 508, 100 Stat. 1848 (1986). To explain my disagreement, I will present some background information on the technology at issue and Congress's passage of the ECPA. That background is critical to an understanding of the issue before us. I will then set forth Councilman's arguments as I understand them and explain why I find them unpersuasive. I will then address the government's persuasive arguments. In discussing this material, I will also respond to the reasoning of the district court and my colleagues.

I. The Technology
The Internet consists of a network of inter-connected computers in which data are broken down into small, individual packets and forwarded from one computer to another until they reach their destinations. See Orin S. Kerr, Internet Surveillance Law After the USA Patriot Act: The Big Brother that Isn't, 97 Nw.U. L.Rev. 607, 613-14 (2003). Each service on the Internet--e.g. e-mail, web hosting, and instant messaging--has its own protocol for using those packets of data to transmit information from one place to another. I will focus solely on the e-mail protocol. After a user composes a message in an e-mail program, a mail transfer agent ("MTA") formats that message and sends it to another program that "packetizes it" and sends those packets out to the Internet. Computers on the network then pass the packets from one to another; each computer along the route stores the packets in memory, retrieves the address of their destination, and then determines where to send it next based on the packet's destination. At various points the packets are reassembled to form the original e-mail message, copied, and then repacketized for the next leg of the journey. See J. Klensin, RFC 2821--Simple Mail Transfer Protocol, available at (last accessed May 19, 2004) (containing the standard for the Simple Mail Transport Protocol). These intermediate computers occasionally retain backup copies of the e-mails that they forward and then delete those backups a short time later. The method of transmission is commonly called "store and forward" delivery.
Once all the packets reach the recipient's mail server, they are reassembled to form the e-mail message. A mail user agent ("MUA"), which in Councilman's case was a program called "Procmail," then determines which user should receive the e-mail and places the message in that user's mailbox. The MUA is controlled by programs called "recipe files." These recipe files can be used in a variety of ways and can, for example, instruct the MUA to deposit mail addressed to one address into another user's mailbox (i.e., to send mail addressed to "help" to the tech support department), to reject mail from certain addresses, or to make copies of certain messages. Once the messages are deposited in a mailbox, the end user simply needs to use an e-mail program to retrieve and read that message. Councilman wrote a recipe file for his MUA that caused all of the messages from to be copied while the MUA was in the process of placing that message into the recipient's mailbox, and to place these copies into his own personal box.

II. The Legislative Context
*8 Congress passed the 1968 Wiretap Act to "protect[ ] the privacy of wire and oral communications, and [to] delineat[e] on a uniform basis the circumstances and conditions under which the interception of wire and oral communications may be authorized." Gelbard v. United States, 408 U.S. 41, 48, 92 S.Ct. 2357, 33 L.Ed.2d 179 (1972) (quoting S.Rep. No. 90-1097, at 66 (1968), reprinted in 1968 U.S.C.C.A.N. 2153, 2153). By the mid-1980s, however, technology had outpaced the privacy protections in the Act, creating uncertainty and gaps in its coverage. As one member of the House Judiciary Committee lamented: [I]n the almost 20 years since Congress last addressed the issue of privacy of communications in a comprehensive fashion, the technologies of communication and interception have changed dramatically. Today we have large-scale electronic mail operations ... and a dazzling array of digitized information networks which were little more than concepts two decades ago. These new modes of communication have outstripped the legal protection provided under statutory definitions bound by old technologies.
Electronic Communications Privacy Act: Hearings on H.R. 3378 Before the Subcomm. on Courts, Civil Liberties, and the Adminstration of Justice of the House Comm. on the Judiciary, 99th Cong. 1 (1985-1986) (statement of Chairman Kastenmeier); See also id. at 3 ("[T]he American people and American businesses are no longer assured that the law protects their right to communicate privately.") (Statement of Sen. Leahy). Congress passed the ECPA to remedy these perceived weaknesses and to update and expand the privacy protections in the 1968 Act. See Sen. Rep. No. 99-541, at 1 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3555 ("The bill amends the 1968 law to update and clarify Federal privacy protections and standards in light of dramatic changes in new computer and telecommunications technologies.").
Title I of the new act amended the 1968 Wiretap Act and added new protections for electronic and digital technologies. Section 101(c)(1)(A) added "electronic communications" to the existing prohibitions against intercepting wire--which are essentially telephone calls--and oral communications. As the House report made clear, Congress intended to give the term "electronic communication" a broad definition: "As a rule, a communication is an electronic communication if it is neither carried by sound waves nor can fairly be characterized as one containing the human voice (carried in part by wire)." H.R.Rep. No. 99-647, at 35. Section 101(a)(3) added "or other" to the definition of "intercept," which had previously only referred to the "aural acquisition of the contents of any ... communication." [FN8] Also relevant to this case, albeit not at issue here, Section 101(c)(7) removed a phrase in the Wiretap Act that limited the scope of the Act to communications transmitted on common carriers. This amendment expanded the reach of the Act's protections to private telephone and computer networks, including internal office networks, and cellular phones. The amended Wiretap Act now reads, in pertinent part: "[A]ny person who intentionally intercepts, endeavors to intercept, or procures any person to intercept or endeavor to intercept, any wire, oral or electronic communication ... shall be punished...." 18 U.S.C. § 2511(1).
*9 Congress also recognized that, with the rise of remote computing operations and large databanks of stored electronic communications, the threats to individual privacy extended well beyond the bounds of the Wiretap Act's prohibition against the "interception" of communications. These stored communications--including stored e-mail messages, stored financial transactions, stored medical records, and stored pager messages--were not protected by the Wiretap Act, presumably because the Act had been interpreted to only prohibit "the contemporaneous acquisition of [a] communication." See United States v. Turk, 526 F.2d 654, 658 (5th Cir.1976). Therefore, Congress concluded that "the information [in these communications] may be open to possible wrongful use and public disclosure by law enforcement authorities as well as unauthorized private parties." Sen. Rep. 99-541, at 3 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3557; see also United States Congress, Office of Technology Assessment, Electronic Surveillance and Civil Liberties 48-50 (1985) (theorizing that communications service providers and banks could disclose private information about their customers without federal liability and law enforcement agents could seize these private communications with only a modicum of procedural protections).
Congress added Title II to the ECPA to halt these potential intrusions on individual privacy. This title, which is commonly referred to as the Stored Communications Act, established new punishments for any person who "1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or 2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage...." 18 U.S.C. § 2701(a).
The privacy protections established by the Stored Communications Act were intended to apply to two categories of communications: "those associated with transmission and incident thereto" and those of "a back-up variety." H.R.Rep. No. 99-647, at 68. The first category refers to temporary storage such as when a message sits in an e-mail user's mailbox after transmission but prior to the user retrieving the message from the mail server. Importantly, however, this category does not include messages that are still in transmission, which remain covered by the Wiretap Act. Id. at 65 (stating that the Wiretap Act "prohibits ... a provider from divulging the contents of a communication while it is in transmission."). The second category includes communications that are retained on a server for administrative and billing purposes. Communications service providers could use stored messages in this category to restore a user's data in the event of a system crash or to recover accidentally-deleted messages.
Defendant-Appellee Bradford Councilman was indicted on July 11, 2001 for violating Title I of the ECPA, the Wiretap Act, but was not charged with violating Title II, the Stored Communications Act. Determining the legality of this indictment requires us to explore the dividing line between these two titles. Councilman claims that the e-mails at issue were stored communications when they were being processed for delivery in his company's computers, and, therefore, they were not the type of "evanescent" transmissions, i.e., telephone calls traveling through a wire, that the Wiretap Act addresses. [FN9] Under his approach, an e-mail would only be subject to the Wiretap Act when it is traveling through cables and not when it is being processed by electronic switches and computers during transit and delivery. According to Councilman:
*10 The reason that the stored v. evanescent distinction is a key determinant of the extent of privacy protection afforded by the ECPA to both wire and electronic communications is simply that, because of their lasting nature, stored communications are inherently more vulnerable to intrusion than evanescent communications, which must be intruded upon simultaneously with the communication, or not at all.
The government focuses on the temporal nature of Councilman's actions and argues that he violated the Wiretap Act because he copied the e-mails "contemporaneously with their transmission." In other words, he copied them in real time while they were in the process of being delivered. Under its view, an intercept is subject to the Wiretap Act between the time that the author presses the "send" button and the time that the message arrives in the recipient's e-mail box. Accordingly, the Wiretap Act would apply to messages that are intercepted contemporaneously with their transmission and the Stored Communications Act would apply to messages that are accessed non-contemporaneously with transmission.
As I discuss in greater detail in Section V, infra, the line that we draw in this case will have far-reaching effects on personal privacy and security. Congress concluded that stored communications, while requiring protection, require fewer privacy protections than those in transit. Therefore, the Wiretap Act includes significant procedural protections which go beyond the requirements of the Fourth Amendment itself and which are not applicable to the Stored Communications Act. First, officers may only obtain wiretap orders for investigations involving federal felonies. See 18 U.S.C. § 2516(3). Second, in addition to demonstrating that they have probable cause, the officers must provide specific information regarding, inter alia, the types of communications that would likely be intercepted, the individuals whose conversations would be intercepted, the steps that the agents took to avoid having to rely on a wiretap, and the steps that they would take to avoid intercepting more information than is necessary. 18 U.S.C. §§ 2518(1)-(4). Third, unless the court grants a special extension, the wiretap may only last for the shorter of thirty days or as long as is necessary to obtain the necessary evidence. Id. § 2518(5). Fourth, the court may require the Government to produce regular reports on the progress of its wiretaps and to keep the tapes and transcripts of those wiretaps under seal. Id. §§ 2518(6) & 8(a). Fifth, the court must notify the target of the wiretap application--within a reasonable time-- that their communications may have been intercepted. Id. § 2518(8)(d). Finally, if the officers violate any portion of these rules, the evidence obtained through the wiretap is automatically suppressed, even if the Government's actions did not violate the Fourth Amendment. Id. § 2515.
The Stored Communications Act does not contain any of the Wiretap Act's special protections. A federal law enforcement agent could obtain access to such communications simply by obtaining a warrant. 18 U.S.C. § 2703(a). [FN10] The target of the investigation does not need to be informed that the government accessed his or her communications, id. at § 2703(b)(1)(A), and a defendant does not have the right, outside of the Fourth Amendment, to seek to suppress communications that were obtained in violation of the Stored Communications Act.
*11 It is also easier for private actors to access private messages under the Stored Communications Act. Section 2702(a) exempts, inter alia, "conduct authorized by the person or entity providing a wire or electronic communications service" from the prohibition against unauthorized access. Thus, a private actor like Councilman may open a user's files and may read the e-mails that are stored in that user's mailbox. But see 18 U.S.C. § 2702 (stating that service providers may not, with certain objections, disclose stored communications that they access). The Wiretap Act does not include any such broad exemption. [FN11]

III. Councilman's Arguments
A. The Plain Text
Councilman's primary argument, which was dispositive with the district court and now with my colleagues, is that the plain text of the ECPA exempts electronic communications that are in storage from the purview of the Wiretap Act. In brief, he argues that Congress included the term "electronic storage" in the ECPA's definition of "wire communication" but failed to do so in the definition of "electronic communication." [FN12] That omission, according to Councilman, indicates that Congress intended to exclude communications that are in storage from the definition of "electronic communication" and, hence, from the scope of the Wiretap Act. Moreover, Congress defined the term "electronic storage" expansively to include "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof." 18 U.S.C. § 2510(17). See United States v. Councilman, 245 F.Supp.2d. 319, 320 (D.Mass.2003) (describing this definition as "extraordinarily--indeed, almost breathtakingly broad"). Since the parties stipulated that the e-mails in this case were "in the random access memory (RAM) or in the hard disks, or both, within [Councilman's company's] computer system" at the time of the interception, those e-mails fall under the statutory definition of "in storage."
As so often happens under close scrutiny, the plain text is not so plain. There is no explicit statement from Congress that it intended to exclude communications that are in storage from the definition of "electronic communication," and, hence, from, the scope of the Wiretap Act. Councilman, without acknowledging it, looks beyond the face of the statute and makes a non-textual, inferential leap. He infers that Congress intended to exclude all communications that are in storage from the definition of "electronic communication," regardless of whether they are in the process of being delivered, simply because it did not include the term "electronic storage" in that definition. This inferential leap is not a plain text reading of the statute. [FN13]
As I discuss in greater detail in Section IV, this inferential leap ignores the rationale behind Congress's inclusion of electronic storage in the definition of "wire communication." Recognizing that telephone calls would no longer be protected by the Wiretap Act after they were stored in voicemail, Congress wanted to expand the scope of the Wiretap Act to embrace these stored communications. Although this decision might indicate that Congress did not intend to use the Wiretap Act to protect e-mails after they have been delivered, it says nothing about Congressional intent regarding e-mails that are still in transmission. Furthermore, my colleagues use that maxim to impute meaning to the statute that the legislative history does not support. Congress included electronic storage in its definition of wire communications because it wanted voicemails to be protected under the Wiretap Act after those messages were delivered. We should not misconstrue this easily understood inclusion of post-delivery voicemail storage as indicating an unstated intention to exclude emails in transmission from the scope of the Wiretap Act. See Clay v. United States, 537 U.S. 522, 523, 123 S.Ct. 1072, 155 L.Ed.2d 88 (2003) (rejecting the notion that Congress's failure to use a particular term in a definition must have been deliberate when "one can readily comprehend why Congress might have found it appropriate to spell out the meaning of "final" in [one section] but not in [another]").
*12 Moreover, Councilman ignores an important rule of statutory interpretation: "Where Congress explicitly enumerates certain exceptions to a general prohibition, additional exceptions are not to be implied, in the absence of evidence of a contrary legislative intent." Andrus v. Glover Constr. Co., 446 U.S. 608, 616-17, 100 S.Ct. 1905, 64 L.Ed.2d 548 (1980). From the prohibition that, "No person shall intentionally intercept an electronic communication," Congress specifically excluded four categories of communications: 1) wire and oral communications; 2) communications made through tone-only paging devices; 3) communications from tracking devices; 4) electronic funds transfer information stored by a financial institution. 18 U.S.C. § 2510(12). Councilman's approach would engraft an additional exclusion onto this list: "any communication in electronic storage." A commonsensical reading of the statute and a respect for our precedents preclude the implication of such an exclusion without additional support in the legislative record. See also American Tobacco Co. v. Patterson, 456 U.S. 63, 71, 102 S.Ct. 1534, 71 L.Ed.2d 748 (1982) ("Statutes should be interpreted to avoid untenable distinctions and unreasonable results whenever possible.").
In short, the plain text of the ECPA does not clearly address the issue of whether a communication is still considered an electronic communication when it is in electronic storage during transmission. Given this ambiguity, I turn to Councilman's arguments regarding Congressional intent and legislative history.
B. Congressional Intent and Legislative History
Without yielding on his plain meaning arguments, Councilman claims that Congress intended to accord greater protection to wire communications than to electronic communications. Noting that § 2510(1) expanded the Wiretap Act's coverage to stored voicemails, he sees that provision as indicative of a Congressional intent to provide a lower degree of protection to e-mails that are stored while they are being delivered. Without citing any relevant evidence in the Congressional Record, Councilman theorizes that Congress decided to provide greater protections to wire communications because participants in telephone calls may have a greater expectation of privacy than participants in e-mail exchanges. As he puts it: "In Congress' view, a lesser, non-constitutional degree of expectation of privacy can or should attach to forms of communication that are not evanescent, but rather are inherently subject to being stored by non-parties to the communication."
The legislative history does not support this assertion. To the contrary, the legislative history demonstrates that Congress was deeply concerned about the emerging threats to privacy and the failure of existing legal protections to cope with those threats. See In re Pharmatrak, 329 F.3d 9, 18 (1st Cir.2003) ("The paramount objective of the Wiretap Act is to protect effectively the privacy of communications."). Councilman's approach, which would apply the Stored Communications Act to e-mails during delivery, is undermined--not supported--by legislative history demonstrating that the purpose of the ECPA was to provide greater protections to electronic communications under the Wiretap Act.
*13 Congress requested a report from the Office of Technology Assessment (OTA) shortly before undertaking its consideration of the Wiretap Act in 1983. The report, Electronic Surveillance and Civil Liberties, used stark language to describe the existing privacy protections:
In the last 20 years, there has been a virtual revolution in the technology relevant to electronic surveillance. Advances in electronics, semiconductors, computers, imaging, databases and related technologies have greatly increased the technical options for surveillance activities ... The existing statutory framework and jurisdictional interpretations thereof do not adequately cover new electronic surveillance applications.
The report then identified threats associated with five different types of surveillance--telephone, e-mail, electronic physical, electronic visual, and database--and suggested statutory reforms to protect individual privacy from those threats. This report was important in shaping the ECPA. Congress repeatedly cited it during its deliberations.
The stated purpose of the ECPA was to "protect against the unauthorized interception of electronic communications" and to "update and clarify Federal privacy protections and standards in light of dramatic changes in new computer and telecommunications technologies." S.Rep. No. 99-541, at 1 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3555. Congress repeatedly stressed the need for new protections for both telephone and electronic communications. See, e.g., id. at 5, reprinted in 1986 U.S.C.A.A.N. 3555, 3559 ("[T]here are no comparable Federal statutory standards to protect the privacy and security of communications transmitted by ... new forms of telecommunications and computer technology."); Id. at 4 (observing that existing protections for e-mail were " 'weak, ambiguous, or non-existent' and that 'electronic mail remains legally as well as technically vulnerable to unauthorized surveillance.' ") (quoting Office of Technology Assessment, Electronic Surveillance and Civil Liberties 45 (1985)); Id. at 3 ("Electronic hardware making it possible for overzealous law enforcement agencies, industrial spies and private parties to intercept the personal or proprietary communications of others are readily available in the American market today."); H.R.Rep. No. 99-647, at 34 (1986) (characterizing electronic mail as "one of the most popular new computer services" and stating that through the protections in the ECPA "electronic mail will be provided with protection against interception").
Indeed, while the legislative history includes a few statements regarding the balance between law enforcement and individual liberty, the perceived need to protect privacy was the overarching motivation for the bill. According to the Senate Report:
[T]he law must advance with the technology to ensure the continued vitality of the fourth amendment. Privacy cannot be left to depend solely on physical protection, or it will gradually erode as technology advances. Congress must act to protect the privacy of our citizens. If we do not, we will promote the gradual erosion of this precious right.
*14 S.Rep. No. 99-541, at 5 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3559 (1986). Congress did not express any desire to accord less protection to electronic communications. In fact, one of the authors of the ECPA said that the legislation constituted
a recognition that what is being protected is the sanctity and privacy of the communication. We should not attempt to discriminate for or against certain methods of communication, unless there is a compelling case that all parties to the communication want the message accessible to the public.
132 Cong. Rec. H4039 (Statement of Rep. Kastenmeier).
Oddly, Councilman relies on legislative history that actually undercuts his position when he quotes from the Senate Report:
Nevertheless, because [copies of e-mails retained on mail servers are] subject to control by a third party computer operator, the information may be subject to no constitutional privacy protection. Thus, the information may be open to possible wrongful use and disclosure by law enforcement authorities as well as unauthorized private parties. The provider of these services can do little under the current law to resist unauthorized access to communications.
S.Rep. No. 99-541, at 3 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3557 (1986). Rather than reflecting Congress's comfort with less privacy protection for electronic communications, the Senate report cited the lack of constitutional protection as a justification for creating greater, not lesser, statutory protections for e-mails. There is no support in the legislative record for the proposition that Congress intended to apply the Stored Communications Act to e-mails that are stored during transmission.
C. Other Precedents
Councilman's effort to support his plain text argument with references to precedents outside of this circuit is also unavailing. First, he cites Steve Jackson Games, Inc. v. United States Secret Service, 36 F.3d 457 (5th Cir.1994) in which the Fifth Circuit considered a complaint against federal officers for seizing a computer bulletin board system (BBS) that contained unread e-mails. The court rejected the plaintiffs' claim that this seizure constituted a violation of the Wiretap Act, holding that the plain language of the statute-- specifically, the omission of the term "electronic storage" from the definition of "electronic communication"--"reflects that Congress did not intend for 'intercept' to apply to 'electronic communications' when those communications are in 'electronic storage.' " Since the messages were being stored on the seized server, the Wiretap Act did not apply. Id. at 462.
Councilman fails to account for the context of this case. The Steve Jackson court was faced with the question of whether a non-contemporaneous communication could be "intercepted" under the Wiretap Act; it answered that question in the negative. That holding is fully in line with the Government's position in this case. In fact, the court went out of its way to note that "intercept" was defined as contemporaneous in the context of an aural communication under the old Wiretap Act, and that Congress retained this definition when it passed the ECPA. Steve Jackson Games, 36 F.3d at 461. See also Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 113 (3d Cir.2003) (citing Steve Jackson Games and concluding that "[e]very circuit court to have considered the matter has held that an 'intercept' under the ECPA must occur contemporaneously with transmission."). The type of temporary storage during delivery that is at issue in this case is irrelevant to the post-transmission storage that was at issue in Steve Jackson Games.
*15 Councilman and the district court also cite Konop v. Hawaiian Airlines, Inc., 302 F.3d 868, 878 n. 6 (9th Cir.2002), a case in which the court rejected an attempt by a civil plaintiff to broaden the scope of the Wiretap Act to encompass communications stored on a website. In a footnote, the Konop court noted that "[t]he dissent, amici, and several law review articles argue that the term 'intercept' must apply to electronic communications in storage because storage is a necessary incident to the transmission of electronic communications," and "if the term 'intercept' does not apply to the en route storage of electronic communications, the Wiretap Act's prohibition against 'intercepting' electronic communications would have virtually no effect." Although the court found these argument appealing, it held that "the language and structure of the ECPA demonstrate that Congress considered and rejected this argument," and that the Act's broad definition of the term "electronic storage" belied the plaintiff's interpretation of the Wiretap Act. Id.
Again, context is important. The Konop court faced the question of whether a company could be held liable for accessing the employees' private secure website without authorization. Since the data in a website are static and the Act requires interception contemporaneous with a communication, id. at 878- 79, it held that data stored in a website cannot be considered to be illegally intercepted under the Wiretap act by unauthorized access to that website. It did not hold that electronic communications lose the protection of the Wiretap Act as soon as they reach a computer. [FN14] Like the Steve Jackson court, the Konop court reiterated the view that an intercept under the Wiretap Act is defined as an acquisition contemporaneous with transmission. Id. at 878.
Finally, Councilman briefly cites to dicta in United States v. Steiger, 318 F.3d 1039 (11th Cir.2003), which stated: " 'There is only a narrow window during which an E-mail interception may occur--the seconds or mili-seconds before which a newly composed message is saved to any temporary location following a send command.' " Id. at 1050 (quoting Jarrod J. White, E-Mail Employer Monitoring of Employee E-Mail, 48 Ala. L.Rev. 1079, 1083 (1997)). Councilman failed to note that the article quoted by the Eleventh Circuit was discussing the impact of the Steve Jackson decision on employers' obligations regarding e-mail. Like the Steve Jackson court, the article did not discuss storage during transmission, and it appears that the "temporary location" referred to in the quoted sentence was an employee's e-mailbox. Even if the language quoted by the Steiger court was part of its holding, it would not support Councilman's interpretation of the ECPA.
D. Our Precedent
Apparently recognizing that his narrow definition of the Wiretap Act contradicts our Pharmatrak decision, Councilman attempts to distinguish that case from this one by pointing out that the defendant in that case did not operate an electronic communication service, and by claiming that the communication in that case was not "in storage." The first distinction is irrelevant. While such operators have limited immunity under the Stored Communications Act, see 18 U.S.C. § 2701(c)(1), the Wiretap Act does not shield operators from liability for the type of conduct at issue in this case.
*16 The second distinction contradicts the rest of Councilman's argument. The defendant company in Pharmatrak installed software on Internet users' computers to track the websites that they visited and to log the information that they sent to those websites. The program recorded this information in real time and sent that data to one of Pharmatrak's computers for processing. The captured information would qualify as being "in storage" under Councilman's definition: it was either stored in RAM or on a user's computer hard drive when the program accessed it. We dismissed this distinction, however, focusing our analysis on the temporal nature of the interception, and holding that the defendant violated the Wiretap Act because "[t]he acquisition by Pharmatrak was contemporaneous with its transmission by the internet users." Id . at 22. [FN15]
Although we discussed the ongoing debate about how strictly courts should construe the contemporaneity requirement, we concluded that we did not have to resolve that issue because "[e]ven those courts that narrowly read 'interception' would find that Pharmatrak's acquisition was an interception." Id. We quoted the Steiger court:
[U]nder the narrow reading of the Wiretap Act we adopt ..., very few seizures of electronic communications from computers will constitute 'interceptions.' ... 'Therefore, unless some type of automatic routing software is used (for example, a duplicate of all of an employee's messages are automatically sent to the employee's boss), interception of E-Mail within the prohibition of [the Wiretap Act] is virtually impossible.'
Id. (quoting United States v. Steiger, 318 F.3d at 1050 (alterations in original). We then noted that Pharmatrak's program would qualify under the Steiger definition because it effectively was an automatic routing program. Id. Much like the data logging program there, the Procmail recipe file here acted as an automatic routing program. It analyzed all of the e-mails sent to Councilman's mail server in real time and copied the relevant ones while they were being delivered.
E. Vagueness
Finally, Councilman claims that even if his conduct violated the Wiretap Act, the district court correctly dismissed his indictment on vagueness grounds because the government's interpretation of the act "criminalize[s] a broad variety of conduct that is widely and reasonably understood to be lawful."
The vagueness doctrine reflects the fundamental notion that "due process requires that criminal statutes put individuals on sufficient notice as to whether their contemplated conduct is prohibited." Sabetti v. DiPaolo, 16 F.3d 16, 17 (1st Cir.1994) (quoting United States v. Colón-Ortiz, 866 F.2d 6, 8 (1st Cir .1989)). This standard is violated only when "a person of ordinary intelligence examining [only] the language of the statute would be in some way surprised that it prohibited the conduct in question." Id. (internal quotations omitted). Mere textual ambiguity is not sufficient: "If run-of-the-mill statutory ambiguities were enough to violate the Constitution, no court could ever clarify statutes through judicial interpretation." Id. at 18.
*17 The Wiretap Act explicitly states that "any person who intentionally intercepts ... [any] electronic communication ... shall be punished...." As the Government aptly observes in its brief:
There is nothing about defendant's conduct that the average person would generally consider innocent. There is nothing on the face of the Wiretap Act that would lull a person of average intelligence into believing that an electronic communications provider may intercept electronic mail and disclose its contents for commercial purposes.
Although Councilman claims that his scheme to copy and review incoming e- mails was no different than the monitoring and junk e-mail filtering that employers, schools, and other institutions routinely implement, he fails to note that these entities do so with notice and the consent of their users, and, therefore, that their conduct is not illegal. See 18 U.S.C. § 2511(2)(d) ( "It shall not be unlawful under this chapter for a person ... to intercept a wire, oral, or electronic communication ... where one of the parties to the communication has given prior consent to such interception...."). There is nothing vague about the Wiretap Act, and Councilman should not have been surprised that his conduct constituted an illegal interception.

IV. The Government's View
According to the Government's view of the ECPA, "an 'intercept' occurs [and the Wiretap Act applies] when one acquires an electronic communication contemporaneous with its transmission." It is irrelevant that the transmission may have been in electronic storage at the time of the acquisition. In my view, this interpretation of the Act is consistent with Congressional intent, precedent, and the realities of electronic communication systems.
The district court seemed to agree with one predicate of the Government's argument when it acknowledged that "technology has, to some extent, overtaken language" and that "[t]raveling the Internet, electronic communications are often--perhaps constantly both 'in transit' and 'in storage' simultaneously." Councilman, 245 F.Supp.2d at 321. This apt observation should have prompted a different legal conclusion.
All digital transmissions must be stored in RAM or on hard drives while they are being processed by computers during transmission. Every computer that forwards the packets that comprise an e-mail message must store those packets in memory while it reads their addresses, and every digital switch that makes up the telecommunications network through which the packets travel between computers must also store the packets while they are being routed across the network. Since this type of storage is a fundamental part of the transmission process, attempting to separate all storage from transmission makes no sense.
Furthermore, in addition to storing the individual packets during routing, intermediate computers must temporarily store entire e-mail messages during transmission at various points along the route from sender to recipient. The technical specification for this type of e-mail transmission was adopted by the group that was coordinating standards for the Internet in 1982, see Jonathan B. Postel, RFC 821--Simple Mail Transfer Protocol, available at http:// (last accessed May 19, 2004), and this standard for e-mail transmission was in use well before Congress adopted the ECPA in 1986. Therefore, when Congress acted, the fallacy of excluding from the scope of the Wiretap Act a message in storage at the time of interception was well- documented. The government's contemporaneous v. non-contemporaneous dichotomy accommodates this aspect of electronic technology; unlike Councilman's approach, it also makes sense in the real world.
*18 The government's approach is also fully compatible with the portions of the ECPA that Councilman highlights in his argument. In a strange twist of logic, Councilman argues that Congress's broad definition of the term "electronic storage" supports his view that the e-mails at issue in this case were protected by the Stored Communications Act and not by the Wiretap Act. Yet the legislative history demonstrates that Congress adopted this broad definition to enlarge privacy protections for personal data, not to exclude e-mails stored during transmission from the strong protections of the Wiretap Act.
Responding to concerns raised in the OTA report, Congress wanted to ensure that the messages and by-product files that are left behind after transmission and messages stored in a user's mailbox are protected from unauthorized access. The OTA identified four states during which a stored e-mail message could be accessed: 1) in the sender's terminal; 2) in the recipient's terminal; 3) in the recipient's paper files after the message was printed; and 4) in the service provider's electronic files when retained for administrative purposes. Electronic Surveillance, at 45. E-mails in the sender's and recipient's terminals could be accessed by "breaking into" those computers and retrieving the files. Id. at 48-49. As discussed in Section II, supra, the victim of such an attack had few legal remedies for such an invasion prior to the ECPA. The e-mails retained on the service provider's computers after transmission, which the report noted are primarily retained for "billing purposes and as a convenience in case the customer loses the message," could be accessed and possibly disclosed by the provider. Id. at 50. Prior to the ECPA, it was not clear whether the user had the right to challenge such a disclosure. Id. Similar concerns applied to temporary financial records and personal data retained after transmission. Id. Given that background and evidence in the legislative history that Congress incorporated much of the OTA's report in the legislation, it appears that Congress had in mind these types of pre and post transmission "temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," see 18 U.S.C. § 2510(17), when it established the definition of "electronic storage." There is no indication that it meant to exclude the type of storage used during transmission from the scope of the Wiretap Act.
It is also telling that virtually none of the discussions of electronic storage in House and Senate conference reports occur within the context of message transmission or the Wiretap Act. If, as the District Court and Councilman suggest, Congress intended to narrow the scope of the Wiretap Act by adopting a broad definition of "electronic storage," it would likely have discussed storage during transmission while it discussed the new provisions in the Wiretap Act.
*19 In one of the few instances in which Congress discussed message storage within the context of the Wiretap Act, it explicitly distinguished messages in transit from messages in storage. In the section of the report discussing the responsibilities of service providers to keep communications confidential, the House Committee stated:
Section 2702(a) [the Stored Communications Act] generally prohibits the provider of a wire or electronic communication service to the public from knowingly divulging the contents of any communication while in electronic storage.... Similarly section 2511(3) of title 18 [the Wiretap Act], as amended, prohibits such a provider from divulging the contents of a communication while it is in transmission.
H.R.Rep. No. 99-647, at 65.
Likewise, there is nothing in the legislative record to indicate that Congress intended to reduce the protection for electronic communications by including the term "electronic storage" in its definition of "wire communication." Instead, as noted earlier, it appears that Congress included that provision in the ECPA simply to expand the protections for voicemails. The government's contemporaneous v. non-contemporaneous approach recognizes that Congress had to specifically include stored voicemails in the definition of "wire communication" to have the Wiretap Act apply to those communications. Without the explicit addition of voicemails to the scope of the Wiretap Act, these communications would have been regulated by the Stored Communications Act. Indeed, that is exactly what happened when Congress removed the explicit reference to "electronic storage" from the definition of "wire communication" in the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, P.L. 107-56 § 209, 115 Stat. 283 (2001). See Konop, 302 F.3d at 878 ("By eliminating storage from the definition of wire communication, Congress essentially reinstated the pre-ECPA definition of 'intercept'--acquisition contemporaneous with transmission--with respect to wire communications."); Robert A. Pikowsky, An Overview of the Law of Electronic Surveillance Post September 11, 2001, 94 Law Libr. J. 601, 608 (2002) ("[T]he USA PATRIOT Act amended the statutory scheme and unambiguously brought voicemail under the Stored Communications Act.").
This result creates an analogy between electronic and wire communications: voicemails are to telephone calls in the wire communication context as messages stored in mailboxes are to e-mails in transit in the electronic communications context. See Pharmatrak, 329 F.3d at 18 ("ECPA amended the Federal Wiretap Act by extending to data and electronic transmissions the same protection already afforded to oral and wire communications."); Konop, 302 F.3d at 878 (Congress "accepted and implicitly approved the judicial definition of 'intercept' as acquisition contemporaneous with transmission."). The Government's approach to the ECPA is faithful to this analogy. Acquisitions of conversation stored in voicemailboxes, like messages stored in e-mailboxes, do not occur contemporaneously with communications; therefore, neither of these should be treated as intercepts under the Wiretap Act. Telephone wiretaps and acquisitions of e-mails through the use of MUA recipe files, on the other hand, do occur contemporaneously with communications and should be considered intercepts under the Wiretap Act.

V. Existing Practices and Privacy Protections
*20 The Government observes in its brief that its criminal investigators would stand to gain by the court's adoption of Councilman's interpretation: "If defendant's argument prevails, law enforcement would not violate the Wiretap Act by capturing the email without a wiretap order. Instead, law enforcement could rely on lesser legal process, with lesser judicial oversight, than is required under the Wiretap Act." As discussed in Section II, supra, the Stored Communications Act does not require the government to follow the procedures for obtaining a wiretap order. Officers can seize stored records for any crime for which they can get a search warrant; their search can extend to the limits of the Fourth Amendment; they do not need to report the progress of their search to courts; and defendants do not have an extra-constitutional right to suppress evidence from illegal searches.
The Justice Department's current policy guidance memorandum assumes that the type of communications at issue here fall under the purview of the Wiretap Act. See United States Department of Justice, Computer Crime and Intellectual Property Section, "Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" § IV(d) (2002) ("Since its enactment in 1968 and amendment in 1986, [the Wiretap Act] has provided the statutory framework that governs real-time electronic surveillance of the contents of communications.") (emphasis added); Id. ("There is now a clear and uniform statutory distinction between stored electronic and wire communications, which are subject to [the Stored Communications Act], and contemporaneous interceptions of electronic and wire communications, which are subject to [the Wiretap Act]."). Therefore, it has been the Government's position that it had to obtain judicial authorization under the Wiretap Act to seize e-mails contemporaneously with their delivery. That practice would likely change under Councilman's interpretation of the Act. For example, the government states in its brief that "to implement wiretap orders on email accounts, the Federal Bureau of Investigation usually relies on the communication service providers to conduct the acquisitions." The providers use MUA recipe files similar to the one in this case to intercept, copy, and deliver the targeted e-mails to the government as they are being delivered. Under Councilman's narrow interpretation of the Act, the Government would no longer need to obtain a court-authorized wiretap order to conduct such surveillance. This would effectuate a dramatic change in Justice Department policy and mark a significant reduction in the public's right to privacy.
Such a change would not, however, be limited to the interception of e-mails. Under Councilman's approach, the government would be free to intercept all wire and electronic communications that are in temporary electronic storage without having to comply with the Wiretap Act's procedural protections. That means that the Government could install taps at telephone company switching stations to monitor phone conversations that are temporarily "stored" in electronic routers during transmission. See United States Telecom. Ass'n v. FCC, 227 F.3d 450, 464 (D.C.Cir.2000) ("[In a digital telephone network,] a call is broken into a number of discrete digital data packets, each traveling independently through the network along different routes. Data packets are then reassembled in the proper sequence at the call's destination"); United States Congress, Office of Technology Assessment, Electronic Surveillance in a Digital Age 33 (1995) (stating that eighty percent of the telephone switches in the United States in 1991 were digital); see also 18 U.S.C. § 1002 (requiring telephone companies to ensure that the government retains the ability to intercept calls as the company installs new technologies). It could install "packet sniffer," software, computer programs that record the contents of all of the packets traveling through a network, on the servers of Internet Service Providers (ISPs) without having to comply with the Wiretap Act. See Kerr, supra, at 651 ("[A] system administrator (or a twelve-year old computer hacker) can easily monitor all information flowing through a particular point in a network by writing a simple program.").
*21 In short, Councilman's approach to the Wiretap Act would undo decades of practice and precedent regarding the scope of the Wiretap Act and would essentially render the Act irrelevant to the protection of wire and electronic privacy. Since I find it inconceivable that Congress could have intended such a result merely by omitting the term "electronic storage" from its definition of "electronic communication," I respectfully dissent.

FN1. Interloc also did business under the name Valinet. Valinet
functioned as an electronic service provider to the general public, not just bookdealers, for a monthly fee using the domain name None of the e-mails at issue in this case were addressed by its sender to any addressee using the domain

FN2. Count Two of the Indictment, which charged defendant with conspiracy to violate 18 U.S.C. §§ 1030(a)(2)(C) and (c)(2)(B), was dismissed at the request of the government after the district court granted defendant's motion to dismiss Count One.

FN3. The stipulation signed by the parties also included a lengthy definition of the term e-mail. In this appeal, we are more concerned with the mechanism used to send and receive e-mail and therefore highlight those sections of the stipulation.

FN4. The Wiretap Act and Stored Communications Act were amended again by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act), Pub.L. No. 107-56, 115 Stat. 272 (Oct. 26, 2001). All references in this opinion are to the statute before it was amended.

FN5. The government refers to the procmail as an e-mail syphon.

FN6. Pharmatrak did not resolve the issue because the interception there was at the point where communications were being sent through a wire to the website. The messages were not placed in any type of storage before their interception, therefore skirting the "contemporaneous" problem.

FN7. In fact, defendant is correct to make an argument, on due process grounds, that he is entitled to the benefit of any ambiguity in the statute. While we find there is no ambiguity in Congress's language, in a criminal case we have the constitutional obligation to define language narrowly. See, e.g., United States v. Colón-Ortiz, 866 F.2d 6, 8 (1st Cir.1989).

FN8. Prior to the 1986 amendments, the Wiretap Act's definition of "wire communication" read:

"[W]ire communication" means any communication made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin
and the point of reception furnished or operated by any person engaged as a common carrier in providing or operating such facilities for the transmission of interstate or foreign communications.

The post-ECPA version of that definition read:

"[W]ire communication" means any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception (including the use of such connection in a switching station) furnished or operated by any person engaged in providing or operating such facilities for the transmission of interstate or foreign communications or communications affecting interstate or foreign commerce and such term includes any electronic storage of such communication.

Congress deleted the phrase "and such term includes any electronic storage of such communication" in 2001.

FN9. Webster's defines "evanescent" as "vanishing; fading away; fleeting." Random House Webster's Unabridged Dictionary 670 (2d ed.1997).

FN10. According to the Stored Communications Act:

A Governmental entity may require the disclosure by a provider of
electronic communication service of the contents of an electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal rules of Criminal Procedure ... or equivalent State warrant.

18 U.S.C. § 2703(a). See also id. § 2703(b)(1) ("A governmental entity may require a provider of remote computing service to disclose the contents of any [stored e-mail] without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure ... or equivalent State warrant....").

FN11. As noted, Title I of the Electronic Communications Privacy Act amended the 1968 Wiretap Act. From this point forward, when I refer to the "Wiretap Act," I mean the 1968 Wiretap Act as amended by Title I of the ECPA. I will refer to Title II of the ECPA simply as the Stored Communications Act.

FN12. "Electronic communication" is defined as:

any transfer of signs, signals, writing, images, sounds, data, or
intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include--

(A) any wire or oral communication;

(B) any communication made through a tone-only paging device;

(C) any communication from a tracking device (as defined in section 3117 of this title); or

(D) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds.

18 U.S.C. § 2510(12).

FN13. My colleagues quote the maxim: "[W]hen Congress includes particular language in one section of a statute but omits it in another section of the same Act, it is generally presumed that Congress acts intentionally and purposely in the disparate inclusion or exclusion," see, e.g., In re Hart, 328 F.3d 45, 49 (1st Cir.2003). This maxim is a canon of construction, see, e.g., Trenkler v. United States, 268 F.3d 16, 23 (1st Cir.2001) (characterizing the maxim as a canon of construction). This reliance on the canon to support the inferential leap belies the
availability of a plain text argument. Cf. Springer v. Government of Philippine Islands, 277 U.S. 189, 206, 48 S.Ct. 480, 72 L.Ed. 845 (1928) ( "The general rule that the expression of one thing is the exclusion of others is subject to exceptions. Like other canons of statutory construction, it is only an aid in the ascertainment of the meaning of the law, and must yield whenever a contrary intention on the part of the lawmaker is apparent.").

FN14. Councilman also argues that the government should be judicially estopped from asserting that he violated the Wiretap Act since it argued in favor of the holdings in Steve Jackson Games and Konop. This argument is misguided. In fact, the government has consistently argued that a communication needs to be intercepted contemporaneously with transmission to violate the Wiretap Act. See InterGen N.V. v. Grina, 344 F.3d 134, 144 (1st Cir.2003) ("[T]he doctrine of judicial estoppel prevents a litigant from pressing a claim that is inconsistent with a position taken by that litigant either in a prior legal proceeding or in an earlier phase of the same legal proceeding.") (emphasis added).

FN15. My colleagues attempt to distinguish the interception in
Pharmatrak from the interception here by claiming that the communications in Pharmatrak "were not placed in any type of storage before their interception." In fact, the Pharmatrak defendant's Java/Javascript programs recorded the URLs that the users visited, which means that they copied the users' web commands before those commands were sent over the Internet. The web commands were in the same type of temporary, intermediate, and incidental storage that the e-mails at issue in this case were in when they were intercepted; therefore, our conclusion that there was an interception in Pharmatrak should control our analysis here.

C.A.1 (Mass.),2004.
U.S. v. Councilman
2004 WL 1453032 (1st Cir.(Mass.))