About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Conspiracy
Law
Media
Politics
Privacy
Religion
Technology
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

Privacy Rights of BBS Users

PRIVACY RIGHTS OF BBS USERS

February 21, 1994 (Updated)

* * * * * * * * The Privacy Rights Clearinghouse is a nonprofit consumer education service funded by the California Public Utilities Commission through its Telecommunications Education Trust. It is administered by the University of San Diego School of Law's Center for Public Interest Law. * * * * * * * *

Today, anyone with a computer and a modem has potential access to a multitude of online communications sources. These online services range from the ubiquitous Internet to the thousands of privately operated bulletin board services (BBS). They may be commercial, pay-as-you-go services like Compuserve and Prodigy, or non-profit services with no user fees and few online rules.

While these services can bring information, interactivity, and communication to every home or office, they also raise a host of questions concerning the privacy of the information gathered and the messages transmitted and stored by the systems. How private are the messages posted on computer BBSs and commercial online services? May a BBS system operator (sysop) monitor or disclose E-mail communications between users? May the sysop disclose information concerning a user's online activity, such as the fact that a user has posted controversial messages or is active in a forum devoted to a potentially embarrassing topic? May he or she sell lists of users' names and addresses to direct marketing businesses? Must law enforcement personnel be granted ready access to those communications?

Some of these questions lead to further debate matching First Amendment rights to free speech against the right of sysops to prohibit or censor defamatory or derogatory "hate speech."

Because online communications services are relatively new technologies, there are no definitive answers to most of these questions. In fact, there is very little applicable case law addressing BBS privacy, and surprisingly little dialogue on this issue in legal literature. This discussion will attempt to outline the existing restrictions upon the access and disclosure of personal information and communications contained within BBS and commercial online services. One caveat: this discussion is not intended as legal advice or even an analysis of the legal duties of electronic communications services providers or the legal rights of users. Any questions concerning those duties or rights should be discussed with an attorney.

THE ELECTRONIC COMMUNICATIONS PRIVACY ACT

One of the few existing laws governing online communications privacy is the federal Electronic Communications Privacy Act of 1986 (ECPA). This Act (18 U.S.C. 2510 et seq.) specifically protects "any wire, oral, or electronic communications" from intentional interception, disclosure or use. A federal district court recently found that a BBS is a "remote computing device" and therefore subject to the limitations on disclosure provided for in the ECPA. In that case (_Steve Jackson Games_, 816 F.Supp. 432 (1993)) the court found that the ECPA was violated when Secret Service agents seized all of the electronically stored information, including both public and private communications, contained in a BBS, in an attempt to find one document believed to be held illegally within the system.

The ECPA provides for varying degrees of privacy protection, depending upon the nature of the communication. Three types of information related to online services are addressed by the Act: public messages, records pertaining to a subscriber or customer of the service, and private communications.

Public Messages

There is no limitation on intercepting or accessing messages available to the general public. Section 2511(2)(g)(i) of the Act states "it shall not be unlawful ... for any person to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communications is readily accessible to the general public." This is a common sense provision that would seem to cover public forums and publicly accessible information on BBSs and commercial online services.

Records of Subscriber Activity

A second type of information addressed by the ECPA is the record of user or subscriber activity. The Act expressly states that "a provider of electronic communication service or remote computing service _may disclose_ a record or other information pertaining to a subscriber of such service ... to any person other than a governmental entity" (s. 2703©). The provider must disclose these records to a government entity if a properly obtained warrant, court order or subpoena is used, or if the consent of the subscriber who posted the message is obtained.

This section seems to allow disclosure of any records of a subscriber to the system, including personally identifiable information (but not including the contents of private communications; see infra). This means that any record of a customer or subscriber's use of the BBS or commercial service may be disclosed by the service provider. Lists of BBS users' names and addresses are currently available to direct marketers. It further appears that there is nothing in the ECPA to prevent a sysop from disclosing sensitive information concerning a user's activity within forums with potentially embarrassing topics, short of divulging the actual contents of messages being transmitted.

"Private" E-Mail

The third type of communication addressed by the ECPA is the contents of communications which are not readily accessible to the general public. This would appear to include E-mail messages and other non-public communications. The ECPA provides substantial protection against access or disclosure of the contents of these communications, particularly with respect to law enforcement access. Generally, the Act requires a sysop to disclose the contents of an electronic communication only if a properly issued warrant has been obtained (s. 2703). If the communication has been in storage on the BBS for more than 180 days, disclosure may be compelled through a court order or subpoena, if the sysop has been given notice. The sysop has 14 days after such notice to contest the disclosure (s. 2704(b)). Furthermore, the court in _Jackson Games_ held that the ECPA only compels disclosure of specific, questionable communications, and that the seizure of all communications on a BBS in the course of a search for one illegal document was improper.

Notwithstanding the protection provided against government search and seizure of non-public electronic communications, the Act allows broad exceptions for monitoring and disclosure of those communications by the sysop or service provider. It is not unlawful for a provider of an electronic communication service to "intercept, disclose, or use that communication ... while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service..." (s. 2511(2)(a)). This section does prohibit a service provider from "random monitoring" except for "mechanical or service quality control checks."

Section 2702 of the ECPA also prohibits the service provider from disclosing the contents of any communication carried, maintained, or stored by an electronic communication service. However, exceptions to this provision include disclosures made with the lawful consent of one party to the communication, disclosures which are authorized under section 2511(2)(a), and disclosures to a law enforcement agency, if the message was inadvertently obtained by the service provider and appears to pertain to the commission of a crime.

Furthermore, a BBS operator may have the right to monitor private messages through the "business use" exception to the ECPA. Section 2510(5)(a)(i) excludes telecommunications equipment "furnished to the subscriber or user ... in the ordinary course of its business, and being used by the subscriber or user in the ordinary course of its business..." This exception is used by businesses to justify unconsented monitoring of calls from the business by employers. However, the exception does not apply to personal calls made from the business. There is nothing in the ECPA to suggest that this provision should not apply to BBS and commercial online services. Until a court is asked to determine the scope of this act as applied to disclosures made by sysops and service providers, these questions will remain open.

OTHER PRIVACY PROTECTIONS

Two other possible limitations may apply to disclosure of personal communications and information which exists on BBS and commercial online services. The first arises under contract law. If a service provider or sysop expressly guarantees that specific information or communications will not be disclosed, and subsequently discloses such information, the service provider might be liable for damages arising from the disclosure. While a determination of this issue would require the application of principles of contract law, and therefore falls outside the scope of this discussion, the presence of such a privacy guarantee might raise a user's expectation of privacy, and might be evidence of the existence of a contractual duty not to disclose (likewise, the express statement that a service is not private might limit a user's privacy protections).

The second alternative source of privacy protection may arise under state law. A few states, such as California, have an express right to personal privacy as a state constitutional guarantee. In California, this right has been held to protect against both government and business intrusions on personal privacy (See _Wilkinson v. Times Mirror Corp._, 215 Cal. App. 3d 1034). There are currently several cases in California state courts which seek to limit an employer's broad discretion to monitor and disclose employee's private E-mail messages. Whether these cases will serve to limit employer monitoring, and whether the decisions may be extended to provide protection for users of BBS and commercial online services has yet to be determined.

In conclusion, unless there is an explicit guarantee of privacy, it is probably necessary to assume that all communication on a BBS or other online service is subject to monitoring by the operator. It is also necessary to assume that, unless the operator provides specific guarantees to the contrary, records of user activity on the system are also subject to disclosure. Each BBS will probably have its own guidelines regarding the monitoring and disclosure of personal information and communications.

Therefore, to ensure that private information remains private, it may be advisable to do some research before providing it to an online communication service. We suggest that, when logging on to a BBS for the first time, users should contact the sysop and inquire into the privacy policy of the BBS. Also, it is a good idea to post a public message on a regularly used BBS, inquiring whether any other users have had good or bad experiences with the new BBS.

* * * * * * * *

Privacy Rights Clearinghouse
University of San Diego
Center for Public Interest Law
5998 Alcala Park
San Diego, CA 92110-2492
619-260-4806
Fax 619-260-4753
Hotline:
(Calif. only) 800-773-7748
or 619-298-3396 (all other locations)

 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.

 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
Why Marxism IS Economically Exploitive...
Situation in Turkey
Putin not playing nicely
So, I hear they have Mcdonalds in China...
china? russia? usa?
I have created..
Universal Health Care Why Are you Against it?
Armchair POTUS
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

TSHIRT HELL T-SHIRTS