10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws 279 10.3.1.2 Electronic Communications Privacy Act The Electronic Communications Privacy Act (ECPA), also passed in 1986, complements the Fourth Amendment’s right to privacy. It is the most comprehensive United States law relating to cyber surveillance. It limits the government’s ability to obtain email, monitor networks, and obtain Internet traffic logs. The ECPA protects many types of Internet communications on the basis that people using the Internet have a reasonable expectation of privacy (see Section 10.2.3 above). The three sections of the ECPA are outlined in Table 10.7. Table 10.7 The three sections of the ECPA. The Stored Communications Act (SCA) is especially important because it protects consumer’s privacy when dealing with third parties, and in the modern era, most computer users constantly rely on third parties. Cloud computing relies on third parties, including email, social media, and data backup services. Stored communications include all files stored on a third party’s servers such as documents, emails, pictures, videos, and other personal records. The SCA contains three general categories. The first category complements the CFAA. Criminal charges against hackers can include this section of the SCA when electronic communications like email are involved. Criminal penalties include fines and up to ten years in prison, and civil lawsuits are also permissible. The second category is the voluntary disclosure of stored communications by service providers. It is illegal for service providers to knowingly divulge the contents of electronic communication. Exceptions are made for exposing criminal activities and for helping to handle certain types of emergencies. The third category affects law enforcement’s attempts to compel service providers to disclose stored communications. This does not supersede an individual’s Fourth Amendment rights. It does, however, include a controversial clause making data older than 180 days less protected than newer data. The 180 day clause is not as meaningful by today’s standards as it was in 1986. Back then data storage was expensive and older data was regularly purged. Today, data storage is inexpensive and the norm is to keep data around
RkJQdWJsaXNoZXIy MTM4ODY=