10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws 277 relating to cyber surveillance. It limits the government’s ability to obtain email, monitor networks, and obtain Internet traffic logs. The ECPA protects many types of Internet communications on the basis that people using the Internet have a reasonable expectation of privacy (see Section 10.2.3 above). The three sections of the ECPA are outlined in Table 10.7. Table 10.7 The three sections of the ECPA. The Stored Communications Act (SCA) is especially important because it protects consumer’s privacy when dealing with third parties, and in the modern era, most computer users constantly rely on third parties. Cloud computing relies on third parties, including email, social media, and data backup services. Stored communications include all files stored on a third party’s servers such as documents, emails, pictures, videos, and other personal records. The SCA contains three general categories. The first category complements the CFAA. Criminal charges against hackers can include this section of the SCA when electronic communications like email are involved. Criminal penalties include fines and up to ten years in prison, and civil lawsuits are also permissible. The second category is the voluntary disclosure of stored communications by service providers. It is illegal for service providers to knowingly divulge the contents of electronic communication. Exceptions are made for exposing criminal activities and for helping to handle certain types of emergencies. The third category affects law enforcement’s attempts to compel service providers to disclose stored communications. This does not supersede an individual’s Fourth Amendment rights. It does, however, include a controversial clause making data older than 180 days less protected than newer data. The 180 day clause is not as meaningful by today’s standards as it was in 1986. Back then data storage was expensive and older data was regularly purged. Today, data storage is inexpensive and the norm is to keep data around for a long time. Many people feel that there is no good reason to differentiate data based on its age, and if there is, 180 days is too short of a time period. The Wiretap Act is similar to the SCA except that it protects electronic data in transit. That is, it protects live communication. A wiretap is a device that can be attached to the
RkJQdWJsaXNoZXIy MTM4ODY=