The Electronic Communications Privacy Act and the Stored Wire and Electronic Communications Act, commonly lumped together as the Electronic Communications Privacy Act, or ECPA, are federal laws that prohibit certain types of electronic eavesdropping.
Congress enacted these laws in 1986 to update the Federal Wiretap Act of 1968. The original ban on wiretapping protected a person’s privacy while using telephone lines.
The 1968 legislation did not envision the use of such modes of communication as electronic messages, Internet chat rooms, text messaging, cellular telephones, Internet bulletin boards, or voiceover IP. Since the ECPA was enacted, it has also been updated to reflect new technology.
The ECPA created penalties for any person who intentionally:
1) intercepts, uses or discloses any wire or oral communication by using any electronic, mechanical, or other device, or
2) without authority accesses a wire or electronic communication while in storage.
A distinction is made between the interception of electronic communications and mere access to communications that are in storage. Congress intended to provide stiffer penalties for interception than for accessing communications in storage.
There’s a distinction between interception and storage, and it matters.
Interception: The statute defines interception as the “aural or other acquisition of the contents of any wire, electronic or oral communication through the use of any electronic, mechanical, or other device.”
Storage: Electronic storage is “any temporary, immediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”
The law applies to traditional telephone wiretaps, cordless telephone interceptions, electronic messages, voicemail systems, pagers, chat logs, web-streaming video, voice over IP, and recording or videotaping private face-to-face conversations. This list is not exhaustive but provides a hint of the wide-ranging application of this law to many types of communication.
Consent is another principle to consider when deciding whether the ECPA applies. The ECPA only prohibits “unauthorized” use, disclosure, or interception.
If your spouse has routinely given you his or her email account passwords and allowed you to use them, he or she has authorized you to find what you will. The courts will decide this issue of consent on a case-by-case basis, and it is not necessary for consent to be explicit.
Implied consent can be found when the surrounding circumstances are taken into account. In light of the complexity of this area of the law, it is advisable for you to consult an attorney before taking any action that might be considered in violation of the ECPA.
Under the North Carolina statute, it is permissible to record a phone conversation if one of the parties to the communication is aware of, and has consented to, the recording. This means that you may record your own telephone calls.
On the other hand, it is illegal to record telephone calls between your spouse and a third party if neither party knows that the conversation is being recorded.
It is important to be aware that some states require that both parties to a telephone call be aware of, and consent to, the recording. If you are recording a telephone call and one of the callers is out-of-state, you could be violating the law of that state.
The question here is whether your spouse gave up his or her expectation of privacy in this email account when he or she gave you the password.
The ECPA envisions this type of privacy intrusion by prohibiting not only the unauthorized access to stored communications, but by also prohibiting the access of stored communications by one exceeding her authority.
In practice, this means that if the password was given to you for a certain purpose, you could not use it for other purposes. To do so could expose you to financial and criminal consequences.
This question depends on several factors. First, how did you obtain the information? If it was unintentional, you may use it any way you please.
The ECPA only prohibits the intentional interception or unauthorized access to electronic communications. Therefore, if a message is sent to you in error, you may use the contents in any manner that you see fit.
However, a password is required to access most email programs. If you have improperly obtained your spouse’s password, it would be illegal to access the messages.
Should you acquire electronic communications that are stored, rather than intercepting communications as they unfold, you may use the information you obtain.
Most importantly, the information may be used as evidence in your divorce. In addition, you may disclose it to others.
However, you should be aware that by doing so, you may be exposing yourself to a lawsuit or criminal charges. Whether your individual situation could expose you to the penalties of the ECPA is a fact-specific inquiry. Therefore, it is advisable to obtain the advice of an attorney before taking any action.
There are both civil and criminal penalties for a violation of the ECPA. It can be very financially damaging if you are found in violation of this law.
For example, a court can award damages to the victim of such eavesdropping. The damages are calculated in a way that each day of continuation of the violation gives rise to a higher amount of damages.
In addition, the court can force you to pay the attorneys’ fees of the other party, which could be higher than the amount of damages.
A court may also impose additional, punitive damages if the violation is especially malicious.
Finally, a court may impose a term of imprisonment not to exceed five years for a violation of the ECPA.
In addition to the federal law, there are also state laws affecting your ability to engage in electronic eavesdropping. North Carolina General Statute Section 15A-287 criminalizes the willful interception, use or disclosure of the contents of any wire, oral, or electronic communication “without the consent of at least one party to the communication.” This has been categorized as a Class H felony.
As if the foregoing penalties are not enough deterrent, you could also be sued under North Carolina common law for an “invasion of privacy.” Again, this could expose you to similar economic damages.
The law of privacy in electronic communications is notorious for its lack of clarity. This is evidenced by the lack of a uniform interpretation of this law by the various federal courts. However, there are some general guidelines to keep in mind when faced with the question of whether you are committing a violation of the ECPA.
Justifiable expectation of privacy: The first and most basic principle underlying this law is the concept of a “justifiable expectation of privacy.” A justifiable expectation of privacy must accompany the communication in order for a violation of the ECPA to occur. In most cases, it is not hard to imagine which communications involve an expectation of privacy exists.
For example, a reasonable person is justified in expecting his or her telephone calls to be private. However, a reasonable person would not consider a message placed on a bulletin board in the county courthouse to be private. This principle can be extended to each type of electronic communication.
Most people would consider an email message to be private. The software for accessing such messages requires a password, which is a good indication of the expectation of privacy. However, a joint email account where spouses share the service and are both aware of the password would probably not be deemed to be private.
Another gray area in applying this law concerns chat rooms. Many chat rooms are restricted to those who register for the service. However, the fact that access is limited to those who register does not necessarily mean that the discussions are justifiably expected to be private. On the other hand, some chat rooms are private and only available to those with a password.
The 6th Circuit Court of Appeals (which is not the Circuit Court of Appeals governing North Carolina) has found that a parent may consent for a child’s conversation to be recorded. The Court required that the parent consenting for the child present a good faith, objectively reasonable basis for believing such action was necessary for the welfare of the child.
However, there is no similar rule in effect for the 4th Circuit Court of Appeals, which includes North Carolina. The taping of such a conversation would be a violation of the ECPA. It is clearly an illegal interception of a communication using a device, which would put it squarely within the prohibitions of the ECPA.
Taping a child’s telephone conversation with the other parent would also violate North Carolina state criminal law (G.S. 15A-287). However, it is not illegal to use another phone in your home, in the ordinary course of business, to listen in on the conversation. This is referred to as the “extension line” exception to the ECPA. It is based on the principle that it is not illegal to monitor a conversation that one could otherwise hear legally.
There is a conflict of opinion in the federal courts on whether you can record such a conversation. To do so is at your own risk of being found in violation of the ECPA.
This is where the distinction between interception and accessing a stored electronic communication becomes critical.
If you placed a wiretap on a telephone, or if you hired a computer professional to break into your spouse’s computer to monitor his chat room discussions, this is obviously an interception. Some courts have defined interception to mean acquiring communications as they are transmitted.
If you have intercepted a message, you may not use it for any purpose. You may not share its contents with anyone else, even by paraphrasing. You may not use it as evidence in your divorce.
Each instance of disclosing the information to another person can theoretically be considered a separate cause of action for damages or criminal culpability. One federal court has found that even those who listen to the illegally recorded conversations can be found liable for violating the statute.
The Internet is inherently susceptible to surveillance by private individuals who are willing to put forth the expense and effort to do so. However, it is possible to place hurdles in the way of individuals without the technical knowledge to hack into your computer.
Such steps include the installation of firewall software, password protection and encryption software.
Firewalls help prevent unwanted access and unsolicited scans coming form the Internet.
Password protection is available on all email programs.
Encryption software is an effective method of sending and storing electronic messages in a format that is illegible to someone without “decrypting” software.
Should you discover that you have been the victim of an ECPA violation, you have legal recourse. You may file a lawsuit for injunctive relief (i.e. to stop the intrusion), actual damages, punitive damages and attorneys’ fees. You are required to file such a lawsuit within two years after the date upon which you had a reasonable opportunity to discover the violation of the ECPA.
The other legal actions available to you are criminal charges and a civil lawsuit for invasion of privacy under North Carolina law.