Xref: utzoo comp.admin.policy:82 comp.unix.admin:1955
Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!maverick.ksu.ksu.edu!unlinfo.unl.edu!hoss!riddle
From: riddle@hoss.unl.edu (Michael H. Riddle)
Newsgroups: comp.admin.policy,comp.unix.admin
Subject: Re: E-mail Privacy
Message-ID: <1991May23.220650.22607@unlinfo.unl.edu>
Date: 23 May 91 22:06:50 GMT
References: <15110@ccncsu.ColoState.EDU>
Sender: news@unlinfo.unl.edu
Distribution: usa
Organization: University of Nebraska - Lincoln
Lines: 125
Nntp-Posting-Host: hoss.unl.edu
Cc: riddle@hoss.unl.edu


The following is the relevant sections (I think) from the ECPA of 1986, as
codifed in Title 18, United States Code.  Note particularly section
2702(b)(2), which allows access upon permission by the originator as well
as the recipient.
 
HOWEVER:  the sysadmin who asked the question works for a university,
which is sure to have staff counsel.  USE THEM.  Get a REAL opinion from
the lawyer already being paid for legal advice!

I can't empahsize that enough.  We can all easily find the federal law,
but several states have their own laws that need to be considered and the
institution may actually have thought about this and have policies (yes, I
know I'm probably dreaming.)

////excerpt begins/////

  CHAPTER 121.  STORED WIRE AND ELECTRONIC COMMUNICATIONS AND 
                  TRANSACTIONAL RECORDS ACCESS 
 
s 2701.  Unlawful access to stored communications
 
(a) Offense. Except as provided in subsection (c) of this section
whoever
 
    (1) intentionally accesses without authorization a 
facility through which an  electronic communication service is 
provided; or 
 
    (2) intentionally exceeds an authorization to access that 
facility; and thereby obtains, alters, or prevents authorized 
access to a wire or electronic communication while it is in 
electronic storage in such system shall be punished
as provided in subsection (b) of this section.
 
(b) Punishment. The punishment for an offense under subsection (a)
of this section is- 
 
    (1) if the offense is committed for purposes of commercial 
advantage, malicious destruction or damage, or private commercial
gain
 
      (A) a fine of not more than $ 250,000 or imprisonment for
not more than one year, or both, in the case of a first offense 
under this subparagraph; and
 
      (B) a fine under this title or
imprisonment for not more than two years, or both, for any 
subsequent offense under this subparagraph; and
 
    (2) a fine of not more than $ 5,000 or imprisonment for not
more than six months, or both, in any other case. 
 
(c) Exceptions. Subsection (a) of this section does not apply with
respect to conduct authorized- 
 
    (1) by the person or entity providing a wire or electronic 
communications service; 
 
    (2) by a user of that service with respect to a communication
of or intended  for that user; or 
 
    (3) in section 2703, 2704 or 2518 of this title. 
 
  CHAPTER 121.  STORED WIRE AND ELECTRONIC COMMUNICATIONS AND 
                  TRANSACTIONAL RECORDS ACCESS 
 
s 2702.  Disclosure of contents 
 
(a) Prohibitions. Except as provided in subsection (b)- 
 
    (1) a person or entity providing an electronic communication 
service to the public shall not knowingly divulge to any person or
entity the contents of a communication while in electronic storage
by that service; and
 
    (2) a person or entity providing remote computing service to
the public shall not knowingly divulge to any person or entity the
contents of any communication which is carried or maintained on
that service-
 
      (A) on behalf of, and received by means of electronic
transmission from (or created by means of computer processing of
communications received by means of electronic transmission from),
a subscriber or customer of such service; and
 
      (B) solely for the purpose of providing storage or computer
processing services to such subscriber or customer, if the provider
is not authorized to access the contents of any such communications
for purposes of providing any services other than storage or
computer processing. 
 
(b) Exceptions. A person or entity may divulge the contents of a
communication-
 
    (1) to an addressee or intended recipient of such
communication or an agent of such addressee or intended recipient;
 
    (2) as otherwise authorized in section 2517, 2511(2)(a), or
2703 of this title; 
 
    (3) with the lawful consent of the originator or an addressee
or intended recipient of such communication, or the subscriber in
the case of remote computing service; 
 
    (4) to a person employed or authorized or whose facilities are
used to forward such communication to its destination; 
 
    (5) as may be necessarily incident to the rendition of the 
service or to the  protection of the rights or property of the 
provider of that service; or
 
    (6) to a law enforcement agency,
if such contents- 
 
      (A) were inadvertently obtained by the service provider; and
 
      (B) appear to pertain to the commission of a crime. 


--
            <<<< insert standard disclaimer here >>>>
riddle@hoss.unl.edu                  |  Nebraska Inns of Court
ivgate!inns!postmaster@uunet.uu.net  |  +1 402 593 1192
Sysop of 1:285/27@Fidonet            |  3/12/24/9600/8N1/V.32/V.42bis