Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!gatech!hao!ames!oliveb!epimass!jbuck From: jbuck@epimass.EPI.COM (Joe Buck) Newsgroups: news.admin Subject: Privacy and Email - The Law Takes Notice Message-ID: <1189@epimass.EPI.COM> Date: Mon, 25-May-87 18:12:30 EDT Article-I.D.: epimass.1189 Posted: Mon May 25 18:12:30 1987 Date-Received: Tue, 26-May-87 03:57:06 EDT Organization: Entropic Processing, Inc., Cupertino, CA Lines: 56 Keywords: forwarded from comp.risks Date: 22 MAY 1987 12:52:33 EST From: To: risks@csl.sri.com Subject: Privacy and Email - The Law Takes Notice (Forwarded (ultimately) from a UDEL NEWS bboard.) Jerry This is a copy of a letter published in MIT Tech Talk. Anyone who did not read that memo should look read it. Be sure to note that operators of electronic communication systems now have legal responsibilities for the privacy of data. MEMORANDUM To: The MIT Community From: James D.Bruce, Vice President for Information Systems Re: The Electronic Communications Privacy Act The Electronic Communications Privacy Act of 1986 was enacted by the United States Congress in October of last year to protect the privacy of users of wire and electronic communications. Legal counsel has advised MIT that its computer network and the files stored on its computers are covered by the law's provisions. Specifically, individuals who access electronic files without appropriate authorization could find themselves subject to criminal penalties under this new law. At this time, we can only make broad generalizations about the impact of the Act on MIT's computing environment. Its actual scope will develop as federal actions are brought against individuals who are charged with inappropriate access to electronic mail and other electronic files. It is clear, however, that under the Act, an individual who, without authorization, accesses an electronic mail queue is liable and may be subject to a fine of $5,000 and up to six months in prison, if charged and convicted. Penalties are higher if the objective is malicious destruction or damage of information, or private gain. The law also bars unauthorized disclosure of information within an electronic mail system by the provider of the service. This bars MIT (and other providers) from disclosing information from an individual's electronic data files without authorization from the individual. MIT students and staff should be aware that it is against Institute policy and federal law to access the private files of others without authorization. MIT employees should also note that they are personally liable under the Act if they exceed their authorization to access electronic files. -- - Joe Buck jbuck@epimass.EPI.COM (in the brave new world of domains!) {seismo,ucbvax,sun,decwrl,}!epimass.epi.com!jbuck