Temple Environmental Law and Technology Journal
*97 PROTECTION OF PRIVACY IN THE SEARCH AND SEIZURE OF E-MAIL: IS THE UNITED
STATES DOOMED TO AN ORWELLIAN FUTURE? [FNa1]
Darla W. Jackson [FNd1]
Copyright © 1999 Temple Environmental Law and Technology Journal; Darla W.
Big Brother is watching. . . . A party member lives from birth to death under the eye of the Thought Police . . . . Wherever he may be . . . he can be inspected without warning and without knowing that he is being inspected.
George Orwell, Nineteen Eighty Four
While we have not reached a world such as George Orwell envisioned in his novel Nineteen Eighty-Four, in which there are no constitutional limitations on governmental intrusions into personal privacy, some believe that without change, we may be doomed to such a future. At the very least, the development of modern communications technology, such as electronic mail, necessitates a reexamination of the balance between an individual's right to privacy and society's need for information. Nowhere is this struggle more apparent than in the inherent conflict between the "right" to privacy and law enforcement efforts to gather evidence in criminal investigations. [FN1]
*98 In 1986, the United States Congress passed the Electronic Communications Privacy Act of 1986 (ECPA). [FN2] Although the law provides some protection of electronic communications from private interception, electronic communications receive less protection from government interception. [FN3]As currently applied, Fourth Amendment principles are also insufficient to protect privacy interests against government interference with electronic communications. [FN4] This is primarily because U.S. courts have utilized risk analysis and ill-fitting analogies to determine if an objective expectation of privacy exists. [FN5] As will be discussed infra, courts must determine that an *99 objective expectation of privacy exists before Fourth Amendment protections will be applied.
While the use of ill-suited analogies [FN6] is problematic, the difficulties arising from the use of analogies are often further complicated by the fact that the cases relied upon for analogy also involve risk analysis. When a court engages in risk analysis, it determines privacy interests by focusing on the risk of interception of the message. If the communication is vulnerable to inference or interception, either by the government or by another entity, the court may conclude that an objective expectation of privacy is not present. [FN7] As a result, e-mail, which is a less secure form of communication, [FN8] will receive less protection from search and seizure than other more secure forms of communication. One of the criticisms of this his type of analysis is that it fails to balance individual privacy rights with society's law enforcement interest. [FN9]
The European Court of Human Rights (ECHR) has developed an approach which uniquely deals with the balance between individual privacy rights and society's law enforcement interest. Is it necessary to modify the U.S. treatment of privacy rights in technology-based communications to more closely resemble the approach taken by the ECHR in order to avoid an Orwellian future? This paper will attempt to answer that question. It will do so by addressing, in Part I, the problems in applying traditional Fourth Amendment analysis to situations involving the search and seizure of *100 electronic mail, giving special emphasis to one of the leading cases in this area, United States v. Maxwell, [FN10] to illustrate these difficulties. Part II examines how the European Court of Human Rights has dealt with privacy rights issues involving technological advances and compares the ECHR's analysis with the approach taken by the U.S. courts. Part III concludes that treatment of privacy and electronic communications in the United States would be improved by adopting a European-style analysis.
SEARCH AND SEIZEURE OF E-MAIL IN THE UNITED STATES
A. Reasonable Expectation of Privacy
The Fourth Amendment protects against unreasonable searches and seizures, and prescribes criteria for the granting of search warrants. [FN11] Whether the Fourth Amendment's reasonableness and warrant requirements apply to a communication depends upon whether the inspection of the communications constitutes a search. A two-part test, commonly known as the Katz [FN12] test, has been applied to determine whether a given inspection is a search. First, the court determines if the government action has violated an individual's subjective expectation of privacy. It then examines whether society recognizes that expectation as reasonable, as an objective test. Only if the defendant can establish that subjective and objective expectations of privacy exist, is Fourth Amendment protection deemed applicable. [FN13]
United States v. Maxwell, has been cited as support for the proposition that "traditional Fourth Amendment search and seizure laws can be effectively applied to searches of electronic communications." [FN14] However, an analysis of how the trial and appellate courts dealt with the issue of whether society *101 recognizes the expectation of privacy in e-mail as reasonable (the objective expectation of privacy prong of the Katz test) illustrates the difficulties in dealing with this issue.
In Maxwell, the defendant, a colonel in the Air Force, was a subscriber to America Online (AOL). Using AOL services, he established four screen names. The screen names allowed him to communicate via e-mail or bulletin boards. [FN15] In 1991, another AOL subscriber, Roger Dietz, reported to AOL and the Federal Bureau of Investigation (FBI) his belief that some AOL subscribers were transmitting and receiving visual images portraying child pornography. [FN16] As evidence of his assertions, Dietz provided a computer disc containing some of the images transmitted on AOL, as well as a list of the screen names of people involved in the transmissions. [FN17] The list contained the screen name "Redde1," one of Maxwell's screen names. [FN18] Based on this information the FBI sought a warrant to seize the electronic transmissions of the subscribers with listed screen names. [FN19] In spite of a policy not to read or disclose subscribers' e-mail to anyone (except authorized users), unless pursuant to a court order, AOL, in anticipation of a warrant, programmed software to extract information on subscribers who were assigned the screen names appearing on Dietz's list. [FN20] As a result, the desired information had been withdrawn from AOL's computers even before the warrant was executed. [FN21] When the actual warrant was presented, AOL turned over the information it had already withdrawn. Maxwell's "Redde1" screen name was misspelled as "REDDEL" on the warrant (a change of the last character from the number "1" to the Letter "L"). [FN22] However, because AOL had extracted the information based on Dietz's list and not the warrant, AOL identified Maxwell as one of the subscribers involved. [FN23] AOL turned over transmissions under not only the "Redde1" name, but also under three other screen names used by Maxwell, which had not been listed on either the warrant or on Dietz's list but which were identified by AOL as belonging to the same customer using the "Redde1" screen name. [FN24]
Based on the evidence obtained from AOL, Maxwell was charged with and convicted of violating Article 134 of the Uniform Code of Military Justice for communicating indecent language and for violating federal law by knowingly receiving and transporting, for the purposes of distribution, obscene material including child pornography. [FN25] At trial, the military judge, upon a motion to *102 suppress, determined that Maxwell had no objective expectation of privacy and admitted the evidence obtained from AOL. [FN26] The judge's finding was based on several factors including: 1) the fact that the e-mails could not be recalled or erased once they were dispatched; 2) the sender was powerless to keep them from being forwarded; and 3) "the forwarding of messages to multiple individuals made the situation analogous to bulk mail." [FN27]
Emphasizing that both Maxwell and the intended recipients had individually assigned passwords, the Air Force Court of Criminal Appeals (AFCCA) reversed the finding that no objective expectation of privacy existed. [FN28] AFCCA went on to explain, "[I]n the modern age of communications, society must recognize such expectations of privacy as reasonable. We believe such recognition is implicit in the Electronic Communications Privacy Act." (emphasis added). [FN29]
On appeal of the AFCCA decision, the Court of Appeals for the Armed Forces (CAAF), also found that an expectation of privacy did exist in the electronic mail stored on AOL. [FN30] However, CAAF made no mention of the ECPA in making its finding. Rather, CAAF stated that e-mail transmissions were not unlike other forms of modern communication, such as the first-class mail and telephone conversations, and attempted to draw parallels from these other forms of communication. CAAF stated:
For example, if a sender of first-class mail seals an envelope and addresses it to another person, the sender can reasonably expect the contents to remain private and free from the eyes of the police absent a search warrant founded upon probable cause. [citation omitted] However, once the letter is received and opened, the destiny of the letter then lies in the control of the recipient of the letter, not the sender, absent some legal privilege.[citations omitted] Similarly, the maker of a telephone call has a reasonable expectation of privacy that police officials will not intercept and listen to the conversation; however, the conversation itself is held with the risk that one of the participants may reveal what is said to others [citations omitted]. . . . Thus, while a user of an e-mail network may enjoy a reasonable expectation that his or her e-mail will not be revealed to police, there is the *103 risk that an employee or other person with direct access to the network service will access the e-mail, despite any company promises to the contrary. . . . However, this is not the same as the police commanding an individual to intercept the message. [FN31]
CAAF also concluded, "[e]xpectations of privacy in e-mail transmissions depend in large part on the type of e-mail involved and the intended recipient." [FN32] Therefore, messages sent to chat rooms "lose any semblance of privacy." [FN33] Additionally, when messages are forwarded to additional individuals, the "subsequent expectation of privacy incrementally diminishes." [FN34]
In dealing with judgments regarding the reasonableness of expectations of privacy in electronic communications, courts may not have sufficient technical knowledge to aid in informed decisions. [FN35] As discussed infra, the courts may as a result, ill advisedly compare electronic communications, such as e-mail, with other forms of communication. An alternative approach is for the courts to look to legislative enactment to establish an expectation of privacy. The courts involved in deciding and reviewing Maxwell used both of these methods. [FN36] However, as that case illustrates, each of these methods presents difficulties. [FN37]
In Maxwell, AFCCA relied on the existence of the ECPA as an implicit indication that a reasonable expectation of privacy existed in such communications. [FN38] However, one review suggests, "[t]his view is clearly mistaken . . . as the statute at issue [the ECPA] declines to enact an exclusionary rule for electronic communication seized in violation of its terms . . . and refers to remedies provided as the only remedies available for nonconstitutional violations." [FN39] [emphasis added]. Interpretation of complex and technical statutes regarding electronic communications is often difficult because statutes dealing with new technologies, such as the ECPA, are often "patchwork legislation" resulting from additions to existing laws. [FN40] In fact, *104 these statutes are "famous (if not infamous)" for a "lack of clarity." [FN41] Given this lack of clarity, it is not surprising that AFCCA relied on the EPCA despite the indication, in some provisions, that Congress did not intend to provide extensive protection from government interception and seizure of electronic communications. [FN42]
An alternative to relying on statutory provisions to determine whether a reasonable expectation of privacy exists is for the court to use analogy. In Maxwell, both the trial judge and CAAF did so. [FN43] However, one of the problems with this type of analysis, when applied to e-mail, is that none of the analogies provide a "convincing analytical framework." [FN44] For example, traditional first class postal mail is sealed. As a result, the sender can relay it through the mail system without fear that someone will read it. It would thus be reasonable to rely on the privacy of such communications. However, a large amount of the e-mail transmitted may be accessed on intermediate computers between the sender and the recipient. It could therefore be analogized to a postcard communication that does not enjoy a reasonable expectation of privacy. [FN45] However, other technological differences create problems with using the postcard analogy. As illustrated in Maxwell, issues concerning the type of route a particular e-mail travels (e.g., Is the route of the message not accessible by intermediate computers?) and the agreements service providers have with customers (e.g., Have system administrators with access agreed not to read or disclose the e-mails?) further complicate the *105 analogy approach. [FN46]
Another, and perhaps the most important, concern with the analogy approach is that the cases which the courts rely on for the purpose of drawing the analogy have involved risk analysis. [FN47] As previously noted, risk analysis concentrates on the susceptibility of a communication to reception to determine the privacy protection to be provided rather than on a balancing of individual and societal interest, as is done in the context of judging the constitutionality of encroachments on other guaranteed rights. [FN48] Thus, risk analysis replaces a proper balancing of the individual's rights with society's need for information. Risk analysis has been fairly criticized in the area of electronic communication because of the resultant lesser protection provided for electronic communications simply by reason of the fact that they are more vulnerable to interception. [FN49] Leib explained:
Electronic communication's vulnerability to interception is not a sound reason for giving it less protection from government interception, especially since Congress placed electronic communication in the same position as wire and oral communication with respect to private interception. In fact, the OTA Report prepared for Congress in 1985 stated that simply "because a communication may be more readily overheard does not necessarily mean that investigative authorities should be able to intercept it with less authorization." If anything, the ease with which electronic communication may be intercepted justifies strong protections against government intrusions. . . . In fact, the Supreme Court has also acknowledged the comparatively greater danger posed by government activity, writing: "[a]n agent acting--albeit unconstitutionally--in the name of the United States possesses a far greater capacity for harm than an individual trespasser exercising no authority other than his own." [I]f and when users realize that e-mail is more easily intercepted by the government--and that this power is being used--those private citizens who fear *106 governmental intrusions will likely reject electronic communication. [FN50]
Diminished use of e-mail technology based on privacy concerns would be unfortunate given the social utilization and numerous benefits which electronic communications can provide. [FN51]
Even if a reasonable expectation of privacy is found to exist, e-mail users' privacy may, under some circumstances, still be impinged upon regardless of whether law enforcement officials have obtained a warrant as required by the Fourth Amendment. This is because traditional Fourth Amendment analysis allows numerous exceptions to the warrant requirement. As Justice Scalia opined in California v. Acevedo, "the 'warrant requirement' has become so riddled with exceptions that it is basically unrecognizable." [FN54] This becomes more problematic when the exceptions are applied to e-mail without proper consideration of the underlying rationale for the exception. Thus, use of traditional Fourth Amendment analysis, including the application of exceptions to warrant requirements, faces increasing criticism because the rationales supporting the exceptions may "rarely come into play." [FN55]
One example of the lack of applicability to e-mail situations can be seen in the operation of the search and seizure incident to arrest exception. This exception allows the search of an arrested person and the area within his immediate control. [FN56] The purpose of allowing such searches and the seizure of evidence resulting from such searches is to protect law enforcement officers *107 through the seizure of weapons. [FN57] While the computer itself could perhaps serve as a weapon (if it was used to strike the officer), surely the messages stored on it could not be classified as such. The exception is also meant to prevent the destruction of evidence. [FN58] If a person were arrested while carrying a portable computer, removal of the computer from the control of the individual would prevent the destruction of any evidence that might be on the computer. Thus, a warrantless search of the computer and seizure of messages contained in the memory of the computer would not accomplish any of the purposes the exception was designed to meet. [FN59]
Neither is the exigent circumstance exception normally applicable to investigating cyberspace communications. [FN60] Like the search incident to arrest exception, the most often cited purpose of the exigent circumstance exception is to prevent the destruction of evidence. [FN61] Because most service providers back up systems, preventing deletion of the messages is not a major concern in situations involving e-mail. [FN62]
There have been relatively few cases involving searches of e-mail which have reached the appellate court level in the United States. As a result, it is difficult to draw conclusions regarding whether United States' courts will closely consider the public interests underlying the exceptions to the warrant requirement before applying them. Nevertheless, the dangerous potential for misapplication of these exceptions to e-mail searches is evident. [FN63]
In addition to the possible exemption of searches and seizures of electronic communications from warrant requirements, United States courts may also *108 adversely affect individual privacy interests by failing to exclude improperly obtained evidence at trial. In Maxwell I, AFCCA held that probable cause was sufficiently established to identify Maxwell as the user of the "Redde1" screen name and to seize the e-mails made under that screen name, concluding that the misspelling of the screen name did not invalidate the warrant. However, the court did not find that probable cause was established with respect to communications under any of the other screen names used by Maxwell. Rather, AFCCA found that the evidence seized from Maxwell's other e- mail boxes was admissible under the good faith exception to the exclusionary rule. [FN64] This is an example of a court's failure to exclude improperly obtained evidence. On appeal of the AFCCA decision, CAAF declined to uphold admission of the Maxwell's transmission based on the 'good faith' exception. CAAF noted that AOL had relied upon the list of names provided by Dietz in determining which records were going to be released rather than upon the warrant. [FN65] While CAAF's decision is based on more traditional good faith exception analysis, the AFCAA ruling nonetheless illustrates the extra care that is needed when law enforcement officials are identifying and seizing e-mail messages. [FN66] As the next section of this paper will discuss in more depth, errors are often due in part to the fact that currently many law enforcement personnel are not sufficiently versed in the uses of computer technology to be able to adequately limit the scope of the searches they are conducting.
Extreme care is specifically needed in reviewing the particularity of the description of messages that may be seized to guarantee that general searches, prohibited by the Fourth Amendment, do not result. In order to assure that law enforcement does not engage in general searches, one suggestion is for officers applying for a search warrant involving e-mail accounts to provide a description of the key word search they will use when executing the warrant. The key word search would be used to sift through the suspect's e- mail. This would ensure that "the common abuse of telephone wiretaps i.e., listening to every conversation that passes through the phone line [could] be avoided." [FN67] Another suggestion is that when circumstances allow, based on available information, law enforcement authorities be required to limit searches "to *109 messages sent or received to or from particular individuals during a particular time." [FN68] Combining these restrictions on the search and seizure of e-mail would have the "effect of protecting privacy of messages not relevant to the investigation while encouraging police to educate themselves regarding searches of electronic information." [FN69] Advocates of this approach argue:
[t]here should be no good faith reliance on a warrant based on ignorance. Until law enforcement personnel are better versed in the uses of computer technology and can limit adequately the scope of searches, disallowing the good faith exception will encourage police to educate themselves and exercise the appropriate restraint when searching computer information. [FN70]
C. Summary of Search and Seizure of E-mail in the United States
In summary, traditional Fourth Amendment analysis fails to adequately protect privacy interests in electronic mail because courts attempting to apply such analysis fail to realize that analogy to other forms of communication is inapropos and because the use of risk analysis in determining if there is an objective expectation of privacy results in a lesser protection due to the greater susceptibility of e-mail to interception. While at least one court has suggested that the existence of the Electronic Communications Privacy Act is indicative of an objective expectation of privacy, such a position has not been widely followed. Furthermore, reliance on the ECPA may not be justifiable given the legislative history and the level of protection set forth in the ECPA. [FN71] Additionally, traditional Fourth Amendment analysis as well as the ECPA allow encroachment on individual privacy without warrant requirements under an unlimited number of exceptions, the rationale for which is often not applicable to electronic mail situations. Perhaps, we can learn from the European system of analysis. [FN72]
*110 PRIVACY IN THE EUROPEAN COURT OF HUMAN RIGHTS [FN73]
The Council of Europe is an international organization composed of forty member nations. The Council's essential goals are the maintenance of political and economic stability in Europe. Preservation of individual rights is an essential element to ensuring such stability. As a result, the Statute of the Council of Europe provides that each member state must ensure "the enjoyment by all persons within its jurisdiction of human rights and fundamental freedoms." [FN74]
To effectuate this provision, member states have ratified two human rights treaties, The European Convention for the Protection of Human Rights and Fundamental Freedoms (EHR) [FN75] and the European Social Charter [FN76]. The EHR will be the focus of this discussion. The primary means of prosecuting a claim for a violation under the EHR is the European Court of Human Rights (ECHR). The ECHR's treatment of the EHR provisions dealing with privacy is instructive.
Article 8 of the European Convention on Human Rights provides:1. Everyone has the right to respect for his private and family life, his home and his correspondence.2. There shall be no interference by public authority with the exercise of this right except as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. [FN77]
Although somewhat dated, the most often cited cases dealing with Article 8 of the EHR in the context of communication technologies are Klass v. F.R.G., [FN78] Malone v. U.K. [FN79] and Kruslin v. Fr. [FN80] In these cases, the ECHR *111 analyzed whether wiretapping under national practices or under domestic legislation violated Article 8.
In deciding the cases, the ECHR analyzed privacy not through risk analysis, but as a balancing of the interests between the needs of society and the need for privacy of the individual, much like U.S. courts have done in analyzing Constitutional provisions other than the Fourth Amendment. The ECHR first examined whether there was an interference with the right of privacy. If interference is found, the ECHR will find that it contravenes Article 8 unless the interference is: 1) "in accordance with the law"; 2) pursues one or more of the legitimate aims referred to of Article 8; and 3) is "necessary in a democratic society' in order to achieve them." [FN81] The following discusses these elements of the ECHR's analysis and examines how the elements are applicable to U.S. practice.
In determining if there is interference, the ECHR has relied on the very existence of a law governing surveillance measures to imply interference. The ECHR has stated:
Clearly any of the permitted surveillance measures, once applied to a given individual, would result in an interference by a public authority with the exercise of that individual's right to respect for his private and family life and his correspondence. Furthermore, in the mere existence of the legislation itself, there is involved, for all those whom the legislation could be applied, a menace of surveillance; this menace necessarily strikes at freedom of communication between users of the postal and telecommunications services and the applicants' right to respect for private and family life and for correspondence. [FN82]
Reliance on legislative enactment to find interference is somewhat similar to the AFCCA's reliance on the ECPA to establish an objective expectation of privacy in Maxwell. However, as discussed supra, AFCCA's reliance on the ECPA may be unjustified. The U.S. approach to determining if an expectation of privacy exists could be altered by amending the ECPA in such a way as to justify reliance on the legislation as an expression of Congress's *112 intent to create such an objective expectation of privacy. U.S. courts could also adopt an approach similar to that taken by the ECHR, which establishes a rebuttable presumption that an intrusion is a search without analyzing whether there is a subjective or objective expectation of privacy. [FN83]
B. In Accordance with Law
As described above, a finding of interference by the ECHR will necessitate further examination of whether sufficient safeguards of privacy exist and were followed. Similarly, a finding of a reasonable expectation of privacy by the U.S. courts necessitates examination of whether a warrant has been properly attained or whether an exception to the warrant requirement exists under U.S. law (either statutory or common law). Though the steps of analysis appear somewhat similar, the actual analysis of the separate court systems results in different measure of protection for privacy.
Once the ECHR finds that there is interference, the Court analyzes whether the interference is "in accordance with the law." The Court, in Kruslin, establishes a two-part test to determine if the intrusion is in accordance with the law. "Firstly, the impugned measure should have some basis in domestic law." [FN84] Second, the Court states that "in accordance with the law" also refers to the "quality of the law . . . requiring that it should be accessible to the person concerned, who must moreover be able to foresee its consequences for him, and compatible with the rule of law." [FN85] It is the compatibility and foreseeability prongs of the test which will be the primary concern of this discussion. [FN86]
1. Compatible with the Rule of Law
In Malone, the ECHR stated:
[I]t would be contrary to the rule of law for the legal discretion granted to the executive to be expressed in terms of an unfettered power. Consequently, the law . . . must indicate the scope of any such discretion . . . with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference. [FN87] *113 The Court in Kruslin provided examples of safeguards that would be needed for a law to be deemed to adequately protect against arbitrary interference. These safeguards included: 1) definition of the "categories of people liable to have their telephones tapped by judicial order and the nature of the offenses which may give rise to such an order," and 2) establishment of a time period during which the "interference" could continue. [FN88]
U.S. law, specifically the Omnibus Crime Control and Safe Streets Act of 1968 [FN89] (OCCSSA), the precursor to the ECPA legislation, contains many of the safeguards set forth in Kruslin. However, various measures meant to protect against governmental interference with privacy have not been fully extended to electronic communications in the OCCSSA as amended by the ECPA . For example, OCCSSA allows for the surveillance of wire and oral communications only if the communications are expected to produce evidence of certain enumerated crimes such as treason, bribery, and jury tampering. [FN90] However, intercept orders for electronic communications may be authorized to obtain evidence of any federal felony. [FN91] Thus, like the French law in Kruslin, the ECPA inadequately defines the "nature of the offences which may give rise" to an order to intercept. [FN92] As a result, the ECHR, if asked to judge the adequacy of the U.S. law dealing with electronic communications, would likely determine that the "interferences," while authorized by national law, would not meet the requirement of being "consistent with the rule of law."
*114 2. Foreseeable as to the Consequences
In attempting to clarify what foreseeability requires, the ECHR, in Malone, stated that the foreseeability does not require that an individual be able to "foresee when the authorities are likely to intercept his communications so that he can adapt his conduct." [FN93] Rather, the law must be "sufficiently clear in its terms to give citizens an adequate indication as to the circumstances in which and the conditions on which public authorities are empowered to resort to this secret and potentially dangerous interference with the right to respect for private life and correspondence." [FN94]
In Kruslin, the ECHR also commented that while some safeguards against arbitrary interference did exist in French statutory law, others had been laid down "piecemeal in judgments given over the years," [FN95] or inferred by the government from "general enactments or principles or else from analogical interpretations of legislative provisions - or court decisions - concerning investigative measures different from telephone tapping." [FN96] The court concluded that such "'extrapolation' does not provide sufficient legal certainty in the present context." [FN97] Thus, the Court concluded that French law did not meet the foreseeability [FN98] and "in accordance with the law" requirements. [FN99]
The foreseeability requirement under U.S. law might also be questioned. For instance, many of the exceptions to the Fourth Amendment warrant requirement have been established through court decisions involving factual circumstances very different from those involved with the interception or seizure of electronic mail communications. Individuals are therefore unable to predict how the exceptions would be applied to electronic messages. Thus, like the interception in Kruslin, U.S. practice, which would include the application of court created exceptions to the warrant requirements, would most likely fail scrutiny under the European foreseeability requirement.
It may be argued that reliance on analogy and risk analysis by U.S. courts may also cause a lack of foreseeability. As previously discussed in Part I, use of analogy and risk analysis to determine the existence of an objective expectation of privacy makes it difficult to anticipate future U.S. courts' holdings. [FN100] The resulting uncertainty regarding whether an expectation of privacy exists in a given situation would likely lead the ECHR to conclude that as currently applied, U.S. law does not provide sufficient foreseeability.
*115 C. Necessary to a Democratic Society
Finally, the ECHR determines whether it is "necessary in a democratic society" to achieve the legitimate aims set forth in Article 8. [FN101] This is sometimes referred to as the necessity standard. In Klass, the ECHR stressed the importance of a "strict necessity" standard stating, "[p]owers of secret surveillance of citizens, characterizing as they do the police state, are tolerable under the Convention only in so far as strictly necessary for safeguarding democratic institutions." [FN102] The European Court has also interpreted the necessity standard as requiring intrusions to be accomplished by the "least intrusive alternative." [FN103] For example, in Klass, the ECHR upheld the surveillance measures (telephonic interception) because the interference had been reduced to an "unavoidable minimum." [FN104]
In contrast, U.S. courts do not apply a strict necessity [FN105] the Court upheld the seizure of a pager and the subsequent retrieval of information from the pager on the basis that both the seizure of the pager and the seizure of the information were done incident to arrest. [FN106] The seizure and the subsequent search without a warrant were not necessary to promote a national interest. The national interest would have been protected in precisely the same way had the officers obtained a warrant prior to retrieving the information from the pager. [FN107] As previously pointed out, the rationale for the search incident to an arrest exception often does not apply in electronic communication cases.
Because there is no comparative test, less intrusive alternatives are also not required. In Maxwell, all of the messages of the defendant were provided to the government. [FN108] Maxwell argued that the warrant authorizing the search was a general warrant because it: 1) included names of individuals "merely receiving obscenity and unknowingly receiving child pornography" as opposed to only those transmitting and knowingly receiving child pornography, and 2) "lacked an identifiable 'e-mail chain' to conclusively link" the graphic files *116 presented to the magistrate with the list of screen names provided." [FN109] CAAF rejected the argument on two grounds. First, citing the case of Scott v. United States, [FN110] in which an interception was found reasonable even though 60 percent of the calls were irrelevant to the investigation, the court reasoned that an advance search would have been necessary to further limit the search and that inclusion of the names was "entirely reasonable." [FN111] Second, CAAF stated, "the standard for establishing probable cause is just that - 'probable.' [FN112] We will not raise the level of persuasion to 'beyond a reasonable doubt." ' [FN113] The tenor of that portion of the opinion suggests that had Maxwell objected on the grounds that a key word search was not used to provide a less intrusive search, the court would have rejected this argument on the grounds that the search was reasonable. [FN114]
Article 8 of the EHR, as applied by the ECHR, provides a greater measure of protection for privacy than the U.S. law for a number of reasons. First, the ECHR's inquiry presumes that there is an interference with privacy unless certain criteria are met, rather than assuming thatthere is no interference unless the defendant can establish both a subjective and objective reasonable *117 expectation of privacy as U.S. courts do. [FN115] Secondly, the European approach requires that the individual be able to foresee the consequences of national measures which may interfere with his privacy. As discussed above, foreseeabilty and sufficient safeguards against arbitrary interference are absent in U.S. law. Finally, U.S. law has not applied a strict necessity standard. As a result, the least intrusive means of meeting law enforcement aims are not required. In contrast, Europe has guarded against any interference with privacy which is not accomplished in the least intrusive manner.
It is unlikely that the method of evaluating searches and seizures developed in Katz and firmly entrenched in the American legal system will be rejected in the near future. [FN116] As a result, the approach suggested herein recommends working within the existing U.S. procedures with select changes. [FN117]
The primary change suggested is adoption by U.S. courts of the approach followed by AFCCA in United States v. Maxwell. AFCCA relied on the ECPA to find that an objective expectation of privacy existed. As previously discussed, the AFCCA approach resembles that taken by the ECHR in determining if there has been an interference with the right to privacy under Article 8 of the EHR. Such an analysis encourages a balancing of the individual privacy rights with society's interest and is preferable to the current risk analysis approach, which bases the expectation of privacy on the susceptibility of the electronic mail to interception. [FN118] However, reliance on *118 the ECPA, it may be argued, can only be justified if the act is amended to provide additional protection from government interference. [FN119] Revision of the statutory exclusionary rule to include protection for electronic communications has been suggested as an example of such an amendment. [FN120] Such a measure would not only provide additional legislative protection, but would also expand Fourth Amendment protection of e-mail by further supporting a finding that e-mail users have a reasonable (objective) expectation of privacy.
A second recommendation is for courts to more closely examine situations before applying exceptions to the Fourth Amendment warrant requirement or the court-created exclusionary rule. As stated previously, the rationale supporting the exceptions to the warrant requirement do not often apply in e- mail situations and do not encourage vigilance by law enforcement. The ECHR has applied the strict necessity test to demand that a search, of the type being examined, not only be necessary to a democratic society [FN121] but also that the search be carried out by the least intrusive method available. [FN122] Following such an analysis would ensure that an exception would be applied only in situations where the rationale supporting the exception was applicable to the situation. Amendment of the ECPA's statutory exclusionary rule to disallow the application of certain traditional exceptions, such as good faith, would also accomplish this goal. [FN123] However, recent legislation has been less, rather than more, protective of personal privacy. [FN124] Thus, while legislation is preferable, it seems unlikely to be forthcoming. Therefore, it is imperative that the U.S. courts, similar to the stance of the ECHR in Europe, take the lead in *119 protecting privacy interest. [FN125]
These changes will address many of the difficult issues illustrated in the Maxwell case. Although such an approach does not provide unlimited protection from government searches, allowing the inclusion of additional e- mail protections in the ECPA to be probative of a reasonable expectation of privacy will strengthen privacy rights. It will also allow the government to accomplish its goal of combating crime, while protecting individual privacy, by allowing its agents to search electronic communications only after they have obtained a warrant. [FN126] Increasing the privacy afforded to electronic communications will allow society to benefit to the greatest extent from development of new technologies. Additionally, it will encourage transnational flow of information by adjusting the U.S. approach to privacy and search and seizure so that it more resembles the approach taken by the international community and states with which the United States acts abroad. [FN127]
It is ironic that George Orwell selected Europe as the setting for the totalitarian state in which the individual has no privacy, because it is a *120 European example that the U.S. may rely on to better protect privacy interests of those utilizing e-mail. For only when protection is given to forms of communication such as e-mail can we escape the eyes of "big brother" as so clearly imagined by Orwell.
[FNa1]. The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of the Department of the Air Force, the Department of Defense or any other Agency of the US Government.
[FNd1]. Major Darla Jackson is a member of the Faculty of the Department of Law at the United States Air Force Academy. She received her J.D. from the University of Oklahoma in 1989. She is a 1999 International Law LL.M. Candidate, University of Georgia College of Law. The author would like to thank her colleagues in the USAFA Department of Law, particularly Lieutenant Colonel Michael Schmitt, Major Richard Desmond, Major Donna Verchio, Professor David Fitzkee, Captain T.J. McGrath, and Captain Paula McCarron for their invaluable comments and suggestions during the revision of this article.
[FN1]. Brian J. Serr, in his article, Great Expectations of Privacy: A New Model for Fourth Amendment Protections, 73 Minn. L. Rev. 583, 584 (1989), also draws on the Orwellian predictions to show a need for examining the balance between individual privacy and government surveillance. He not only states that there is a need for re-examination, but goes further to say that the Supreme Court has recently allowed the balance to tip "unnecessarily further and further away from individual freedom, significantly diminishing the realm of personal privacy." Id.
[FN2]. Pub. L. No. 99-508, 100 Stat. 1848 (1986) (codified in various sections of 18 U.S.C.)
[FN3]. Michael S. Leib, E-mail and the Wiretap Laws: Why Congress Should Add Electronic Communication To Title III's Statutory Exclusionary Rule and Expressly Reject A "Good Faith" Exception, 34 Harv. J. on Legis. 393, 406 (1997). Leib states that the drafters agreed not to add electronic communication to the statutory exclusionary rule in order to "procure Department of Justice support and assure passage of the ECPA." Id. at 396. Additionally, stored electronic communications may get even less protection. For communications stored more than 180 days, the government may obtain the communication through a warrant, administrative subpoena, grand jury subpoena or court order. The latter three procedures do not require the government to establish probable cause. Id. at 405-06, citing 18 U.S.C. 2703.
[FN5]. As will be discussed infra in this paper, in United States v. Katz, 389 U.S. 347 (1967), a two prong test to determine whether a person is entitled to Fourth Amendment was included in a concurring opinion. The two- part test has been widely applied. It requires that the individual have a subjective expectation of privacy and that society recognizes this expectation as reasonable. This second prong is also known as the objective test. It is this second prong which is the primary concern of this paper. The primary focus will not be the application of the subjective prong of the test. As might be expected, many have questioned why the subjective prong is required stating that the government could diminish a person's subjective expectation of privacy merely through actions such as announcing that all citizens were to be instantaneously be placed under "comprehensive electronic surveillance." Anthony G. Amsterdam, Perspectives on the Fourth Amendment, 58 Minn. L. Rev. 349, 384 (1974). Jonathan T. Laba, in his comment, If You Can't Stand the Heat, Get Out of the Drug Business: Thermal Imagers, Emerging Technologies, and the Fourth Amendment, 84 Calif. L. Rev. 1437, 1445 (1996), indicates that the Supreme Court has accepted this criticism. Laba cites the following quote from Smith v. Maryland, 442 U.S. 735, 740 n.5 (1974), to support his conclusion.
Situations can be imagined, of course, in which Katz' two-pronged inquiry would provide an inadequate index of Fourth Amendment protection. For example, if the Government were suddenly to announce on nationwide television that all homes henceforth would be subject to warrantless entry, individuals thereafter might not in fact entertain any actual expectation of privacy regarding their homes, papers, and effects.... In such circumstances, where an individual's subjective expectations had been 'conditioned' by influences alien to well-recognized Fourth Amendment freedoms, those subjective expectations obviously could play no meaningful role in ascertaining what the scope of Fourth Amendment protection was. In determining whether a 'legitimate expectation of privacy' existed in such cases, a normative inquiry would be proper.
However, Laba states that in some situations, "to the frustration of commentators, the Court has never explained what form such a 'normative inquiry' might take." Laba, supra, at 1445 n.29.
[FN6]. As will be discussed in greater depth infra, e-mail is often analogized to be similar to first class mail or postcards. Because of the distinct characteristics of e-mail communication, these analogizes are ill conceived. But see Francis A. Gilligan and Edward J. Imwinkelried, Cyberspace: The Newest Challenge for Traditional Legal Doctrine, 24 Rutgers Computer & Tech. L.J. 305, 342 (1998).
[FN8]. ACLU v. Reno, 929 F. Supp. 824, 834 (E.D. Pa. 1996); Lucy Schlauch Leonard, Comment, The High-Tech Legal Practice: Attorney-Client Communications and the Internet, 69 U. Colo. L. Rev. 851, 856-60 (1998); James X. Dempsey, Communcations Privacy In The Digital Age: Revitalizing the Federal Wiretap Laws to Enhance Privacy, 8 Alb. L.J. Sci. & Tech. 65, 80 (1997). But see Scott A. Sundstrom, Note, You've Got Mail! (And The Government Knows It): Applying The Fourth Amendment To Workplace E-Mail Monitoring, 73 N.Y.U. L. Rev. 2064, 2082 (1998) (noting that the use of the "packet" transmission method may make e-mail messages less readily intercepted than other more familiar means of communication).
The analysis must, in my view, transcend the search for subjective expectations or legal attribution of assumptions of risk. Our expectations, and the risks we assume, are in large part reflections of laws that translate into rules the customs and values of the past and present.
Since it is the task of the law to form and project, as well as mirror and reflect, we should not, as judges, merely recite the expectations and risks without examining the desirability of saddling them upon society. The critical question, therefore, is whether under our system of government, as reflected in the Constitution, we should impose on our citizens the risks of the electronic listener or observer without at least the protection of a warrant requirement.
This question must, in my view, be answered by assessing the nature of a particular practice and the likely extent of its impact on the individual's sense of security balanced against the utility of the conduct as a technique of law enforcement. (Citations omitted)(emphasis added)
[FN10]. United States v. Maxwell, 42 M.J. 568 (U.S.A.F. Crim. App. 1995) [hereinafter Maxwell I], rev'd in part 45 M.J. 406 (C.A.A.F. 1996) [[hereinafter Maxwell II]. Both Maxwell I and Maxwell II have been given attention in a number of the leading articles on e-mail privacy rights (many of which are cited in this article) and have also been commented on in articles regarding the development of child pornography laws (e.g., Chad R. Fears, Note, Shifting the Paradigm In Child Pornography Criminalization: United States v. Maxwell, 1998 BYU L. Rev. 835 (1998)). Although it is a military case, other courts have adopted its rationale. See United States v. Chabonneau, 979 F. Supp. 1177 (S.D. Ohio 1997).
[FN12]. United States v. Katz, 389 U.S. 347 (1967). It is interesting to note that in Katz, the Court stated, "[w]hat a person knowingly exposes to the public, even in his own home or office is not subject of Fourth Amendment protection. (citation omitted)... [W]hat he seeks to preserve as private, even in an area accessible to the public may be constitutionally protected. (citation omitted)" Id. at 351. However, the risk analysis that will be discussed in this article seems to contradict this idea.
[FN13]. Id. at 361 (Harlan, J., concurring). See also Florida v. Riley, 488 U.S. 445, 455 (1989) (O'Connor, J., concurring) (citing Jones v. United States, 362 U.S. 257, 261 (1960) for proposition that burden is on defendant to establish reasonable expectation of privacy).
[FN14]. Megan Connor Bertron, Note, Home Is Where Your Modem Is: An Appropriate Application of Search and Seizure Law to Electronic Mail, 34 Am. Crim. L. Rev. 163, 181 (1996). However, Bertron also acknowledges that Maxwell demonstrates "some of the weaknesses of Fourth Amendment law." Id. Bertron appears to be speaking of the difficulty of applying the good faith exception in electronic communications situations. It is on this point that the Court of Appeals of the Armed Forces reversed, in part, the holding of the Air Force Court of Criminal Appeals in Maxwell I.
[FN25]. Id. at 573. Article 134 of the Uniform Code of Military Justice is the General Article and is used to prosecute "all disorders and neglects to the prejudice of good order and discipline in the armed forces, all conduct of a nature to bring discredit upon the armed forces... and offenses not specifically covered by other articles which involve noncapital crimes or offenses which violate Federal law." Manual For Courts-Martial, United States, Punitive Articles, (1998 ed.).
[FN28]. Id. For an opposing view regarding the privacy expectation created by use of a password, see Note, Keeping Secrets In Cyberspace: Establishing Fourth Amendment Protection For Internet Communication, 110 Harv. L. Rev. 1591, 1603 (1997). "If the password can be bypassed, the communication can be observed without providing the password, or the illegal nature of the communication is obvious from the outward aspect of the communication then the password will not establish a reasonable expectation of privacy." Id. at 1603- 04. Similarly, encryption has often been advanced as a means to create a reasonable expectation of privacy. However, encrypted messages, unlike a communication hidden by a password, can still be viewed, albeit in encoded form. For this reason, it has been argued that encrypting electronic communications is insufficient to establish a reasonable expectation of privacy. The encryption may "obscure the meaning of a message but the encrypted message remains in plain view; thus an officer's observation of that encrypted message is not a search and does not implicate the Fourth Amendment." Id. at 1604. Further, a message, once observed, may be decoded without Fourth Amendment implications by analogizing the decoding to interpreting communications overheard in other languages. Id.
[FN35]. See Bertron, supra note 14, at 191, for the proposition that to make such a determination both investigating officers and judges must be sufficiently familiar with the technology to have a basis for deciding whether probable cause exists and whether a warrant meets particularity requirements. Bertron suggests that computer information cases be directed to particular magistrates or judges who possess the requisite technical knowledge to properly evaluate the applications for warrants.
[FN39]. Keeping Secrets In Cyberspace: Establishing Fourth Amendment Protection For Internet Communication, supra note 28, at 1599 n.81, citing 18 U.S.C. 2518(10)(c). However, see Leib, supra note 3 at 409, for the view that Congress intended to provide some protection for electronic communication, but at a lower level than oral and wire communications. This would provide some support for AFCCA's position that the ECPA evidences society's willingness to accept the expectation of privacy in electronic communications as reasonable.
[FN40]. Barry Fraser, Regulating the Net: Case Studies in California and Georgia Show How Not To Do It, 9 Loy. Consumer L. Rep. 230, 241 (1997). The ECPA is a result of amending the existing Omnibus Crimes and Control and Safe Streets Act of 1968, Pub. L. No. 90-351, 82 Stat. 197 (1968)(codified as amended at 18 U.S.C. 2510-2540 (1994)).
[FN41]. Fraser, Id. at 241, citing Steve Jackson Games v. United States Secret Service, 36 F.3d 457, 462 (5th Cir. 1994). The ECPA is also ambiguous because its provisions were the result of a political compromise. "[O]nly bills with Justice Department support had any chance of passage during the Reagan Administration, and the Department made it quite clear that it believed electronic communication should be given a lower level of protection." Leib, supra note 3, at 410, citing Robert W. Kastenmeier, et al., Communications Privacy: A Legislative Perspective, 1989 Wis. L. Rev. 715, 718 (1989).Leib states that the Department of Justice justified its position by "stating that the 'level of intrusion with aural communications is greater than the level of intrusion with electronic mail or computer transmissions.' However, he [referring to Knapp, the Justice Department's representative] also admitted that the Department wished to make interception 'less burdensome on law enforcement authorities." ' Leib, supra note 3, at 410; see also The Electronic Communications Privacy Act: Hearing on H.R. 3378 Before the Subcomm. on Courts, Civil Liberties and Administration of Justice of the House Comm. on the Judiciary, 99th Cong. 230 (1986).
[FN42]. See supra note 41 regarding the legislative history of the ECPA. See supra note 39 and infra note 90 and accompanying text for a discussion of the differences in the protections provided oral and wire communications and the protections provided for electronic communications.
[FN43]. In United States v. Charbonneau, 979 F. Supp. 1177 (S.D. Ohio 1997), the court also drew an analogy. Other commentators discussing privacy also compare e-mail to traditional mail communications. See Keeping Secrets In Cyberspace: Establishing Fourth Amendment Protection For Internet Communication, supra note 28, at 1597 (citing Chris J. Katopis, "Searching" Cyberspace: The Fourth Amendment and Electronic Mail, 14 Temp. Envtl. L.& Tech. J. 175,176 (1995) and Raphael Winick, Searches and Seizures of Computers and Computer Data, 8 Harv. J.L. & Tech. 75, 81-82 (1994) as examples).
[FN44]. Keeping Secrets In Cyberspace: Establishing Fourth Amendment Protection For Internet Communication, supra note 28, at 1599.
[FN45]. Id. at 1597 (citing ACLU v. Reno, 929 F. Supp. 824, 834 (E.D. Pa. 1996) & Elsa F. Kramer, Comment, The Ethics of E-Mail: Litigation Takes on One of the Challenges of Cyberspace, Res Gestae, Jan. 1996, at 24).
[FN46]. Keeping Secrets In Cyberspace: Establishing Fourth Amendment Protection For Internet Communication, supra note 25, at 1597. To its credit, in Maxwell II, CAAF did address the issue of whether there was an agreement with the service provider not to read the e-mails. CAAF found that it was AOL's policy not to read or release the messages without court order. CAAF found that the totality of the circumstances justified a reasonable expectation of privacy; however, CAAF cautioned that "implicit promises or contractual guarantees of privacy by commercial entities do not guarantee a constitutional expectation of privacy." Maxwell II, 45 M.J. at 417.
[FN47]. See Michelle Skatoff-Gee, Changing Technologies and the Expectation of Privacy: A Modern Dilemma, 28 Loy. U. Chi. L.J. 189, 214 (1996) (citing S. Rep. No. 541, 99-541 at ____ (1986), for proposition that legislative branch has also engaged in risk analysis in determining whether technology should be provided protection).
[FN48]. The Supreme Court has applied a number of tests in determining whether intrusions amount to searches covered by the Fourth Amendment. Currently, the dominant approach applied by the Court is the expectationof privacy test rather than a balancing of interest test. Gilligan and Imwinkelreid, supra note 6, at 325-27. Thus, if a restriction on free speech is found to be content based, a compelling government interest, which will outweigh the individual's interest, must be established by the government in order for the infringement to be constitutionally permissible. See Boos v. Barry, 485 U.S. 312 (1988). Additionally, analysis of an infringement on an individual's free speech requires that the law authorizing such an infringement be narrowly tailored to meet the government's compelling interest. Id. As will be discussed infra in this paper, the ECHR has applied a "strict necessity" test in its analysis of searches and seizures. Analysis under the "strict necessity" test is similar to that conducted in determining if a law is sufficiently tailored to meet the government's compelling interest. However, the U.S. Supreme Court has repeatedly rejected the application of such analysis under a "least intrusive means" when judging the constitutionality of searches. Cady v. Dombrowski, 413 U.S. 433, 447 (1973); United States v. Sokolow, 490 U.S. 1, 11 (1989); United States v. Montoya de Hernandez, 473 U.S. 531, 542 (1985); Vernonia School Dist. v. Acton, 515 U.S. 646, 663 (1995).
[FN49]. Leib, supra note 3, at 412.
[FN50]. Id. at 412-14.
[FN51]. Id. at 412-13. Leib states,
The benefits of e-mail can be seen everyday in the workplace. E-mail minimizes "telephone tag," reduces the problems posed by communication between different time zones, allows employees to find co-workers who have expertise on particular issues, and enables companies to put together teams of the best people without regard to location. (Citation omitted) For private use, it permits people to communicate more easily--at less cost--with others around the globe.
[FN52]. In United States v. Reyes, 922 F. Supp 818, 837 (S.D.N.Y. 1996), the court, citing Steve Jackson Games Inc. v. United States Secret Service, 36 F.3d 457, 462 (5th Cir. 1994) and 18 U.S.C. 2703, stated that a search warrant, rather than a court order, is generally needed to access the contents of stored electronic communications under Title II of the ECPA. The court further stated, "the same exceptions to the warrant requirement apply to this section as apply to any other warrantless search." The court does not address the fact that the statute does not address the applicability of exceptions. This article will not discuss the exceptions as applicable to the statutory rule but only as they apply to traditional analysis of the Fourth amendment and court created exclusionary rule.
[FN53]. This discussion will center on a discussion of good faith in regards to the court created exclusionary rule. For a discussion of the effect that the exclusion of electronic communications from the statutory exclusionary rule for wire and oral communications [18 U.S.C. 2515, 2518(10)(a) (1970)] has had on the courts' application of the good faith exception to the statutory exclusionary rule, see Leib, supra note 3, at 419-36.
[FN55]. Bertron, supra note 10, at 181.
[FN59]. Bertron, supra note 10, at 190 (citing United States v. Reyes, 922 F. Supp. 818, 837 (S.D.N.Y. 1996), as example of case demonstrating "the problems with attempting to apply Fourth Amendment exceptions without first thinking through their implications for new technology").
[FN60]. Keeping Secrets In Cyberspace: Establishing Fourth Amendment Protection For Internet Communication, supra note 25, at 1599. However, the commentary does state that in some cases, the risk that the communication may be deleted could amount to such circumstances.
[FN63]. In fact, in several cases in which electronic communications other than e-mail have been searched or seized, the courts have routinely applied exceptions without closely considering the facts of the case or the policy implications. For example, in United States v. Hunter, No. 96-4259, 1998 U.S. App. LEXIS 27765 (9th Cir., Oct. 29, 1998), the Court upheld the district courts denial of a motion to suppress evidence of telephone numbers the arresting officer discovered on the defendant's pager. Without any mention of the capabilities of the specific pager, the Court stated that because the "finite nature of a pager's memory, incoming pages may destroy currently stored telephone numbers in a pager's memory. The contents of some pagers also can be destroyed by turning off the power." (emphasis added) Id. at *8. The court further supported its finding by citing a Seventh Circuit case for the proposition that "exigent circumstances surrounding the potentially fleeting nature of the evidence contained in a pager justifies a warrantless 'search' of the contents." (emphasis added) Id. at *10. Also, in United States v. Daccarett, 6 F.3d 37 (2d Cir. 1993), the Court found that exigent circumstances justified the warrantless seizure of electric funds transfers because "the property at issue was fungible and capable of rapid motion due to modern technology." Id. at 49. The court made no mention of any inquiry as to whether the transfers could be traced or whether information concerning the transfers was contained in stored records.
[FN65]. United States v. Maxwell, 45 M.J. 406, 421 (C.A.A.F., 1996) [[Maxwell II].
[FN66]. Not only did the misspelling illustrate a lack of care or perhaps knowledge, but the lack of specificity as to the other terms included in the warrant also provide such indications. The warrant authorized the search of "the below listed customers/subscribers" identified by a user list. Maxwell II, 45 M.J. at 433. In his concurring opinion, Judge Sullivan states that "[a] ll participants in the investigation understood that the targets of the investigation were users, not screen names or mail boxes." Thus, he concludes, "[t]he warrant authorized a search for the e-mail of the 'customer/subscriber' using the screen name Redde1, but the warrant was not limited to e-mail using that screen name." Id. at 434. However, if all the participants understood not only who the targets were but also how the technology worked, why was the warrant not made more specific?
[FN67]. Bertron, supra note 10, at 189. See 34 Am. J. Crim. L. 163 for the proposition that law enforcement have used this technique in a previous instance. But see Sergent, supra note 4, at 1219 n.208 for the view that use of keywords is not a means of providing for less intrusive searches.
[FN68]. Bertron, supra note 10, at 189-90.
[FN69]. Id. at 188 (citing Steve Jackson Games Inc. v. United States Secret Service, 36 F.3d 457 (5th Cir. 1994), as an example of situation in which lack of familiarity with computer technology caused "abusive computer search"). In Steve Jackson Games, the appellant operated an electronic bulletin board system which also provided its customers the ability to send and receive "private e-mail." In an attempt to find evidence of illegal transportation of computer access information and transportation of stolen property, the Secret Service obtained a search warrant for
[C]omputer hardware... and computer software... and... documents relating to the use of the computer system..., and financial documents and licensing documentation relative to the computer programs and equipment at...[SJG]... which constitute evidence... of federal crimes.... This warrant is for the seizure of the above described computer and computer data and for the authorization to read information stored and contained on the above described computer and computer data.
Steven Jackson Games, 36 F.3d at 459. When the Secret Service executed the warrant they read and deleted private e-mail messages stored on the bulletin board system.
[FN70]. Bertron, supra note 14, at 191. See also Davis v. Gracey, 111 F.3d 1472, 1475-76 (10th Cir. 1997) (discussing lack of knowledge on part of officers dealing with technology).
[FN71]. See supra note 41 regarding the legislative history of the ECPA. See supra note 39 and infra note 90 and accompanying text for a discussion of the differences in the protections provided oral and wire communications and the protections provided for electronic communications.
[FN72]. As will be discussed in Part II of this paper, the protection of privacy in technological communications has been accomplished in Europe through the European Court of Human Rights. In the U.S., statutory provisions may best accomplish the goal of protection. However, without amendment of existing legislative provisions, this task is likely to fall to the courts.
[FN73]. Perhaps because electronic mail is a relatively recent phenomenon in conjunction with the fact that complainants to the European Court of Human Rights [hereinafter ECHR] must first exhaust domestic remedies, the ECHR has not discussed the rights of privacy in connection with electronic mail. As a result, this portion of the paper will focus on ECHR analysis regarding privacy rights in connection with other media. However, it should be noted that privacy in e-mail has not been a neglected topic in Europe. In 1989, the Committee of Experts on Data Protection under the auspices of the Council of Europe published a report on the privacy concerns raised by new technologies. In that report, the committee noted that "respect for the confidentiality of [e-mail] messages must be guaranteed by the law in the same way as for the traditional postal system." New Technologies: A Challenge to Privacy Protection?/A Study Prepared by the Committee of Experts on Data Protection under the Authority of the European Committee on Legal Cooperation, Strasbourg: Council of Europe, 1989, at 29. (While U.S. courts use analogy to determine whether an expectation of privacy exists in e-mail communications, the Committee of Experts has advocated a similar level of protection as the postal system, not use of an analogy approach.)
[FN74]. Statute of the Council of Europe, May 5, 1949, art. 3, 87 U.N.T.S. 106, Europ. T.S. No. 1, (entered into force Aug. 3, 1949).
[FN75]. European Convention for the Protection of Human Rights and Fundamental Freedoms, Nov. 4, 1950, 213 U.N.T.S. 221.
[FN76]. European Social Charter, Oct. 18, 1961, 529 U.N.T.S. 90.
[FN77]. European Convention for the Protection of Human Rights and Fundamental Freedoms, supra note 75, art. 8, 213 U.N.T.S. at 230.
[FN78]. Klass v. F.R.G., 1978 Y.B. Eur. Conv. on H.R. 622 (Eur. Ct. H.R.), 2 E.H.R.R. 214. In Klass, the ECHR considered the appropriateness of the German system of intercepting telephone communications. Under the German system, interceptions in the interest of national security had to be authorized by a parliamentary panel. Additionally, the authorizations could be obtained only for relatively short periods of time. The ECHR held that such a system did not violate Article 8 of the European Convention on Human Rights.
[FN79]. Malone v. U.K., 1984 Y.B. Eur. Conv. on H.R. 289 (Eur. Ct. H.R.), 7 E.H.R.R. 14. In Malone, the ECHR held that the British system of interception did violate Article 8 of the Convention on Human Rights. The Court noted that there was not judicial control of telephone-tapping and that guarantees concerning the strictness of administrative controls were not sufficient. The Court also held that providing the police with metering information about telephone numbers dialed was also an interference with which violated Article 8.
[FN80]. Kruslin v. Fr., 176-A Eur. Ct. H.R. (ser. A) (1990), 12 Eur. H.R. Rep. 547. In Kruslin, the ECHR examined the French system for authorizing telephone tapping. Although the French system authorized telephone tapping after a police officer obtained a warrant issued by an investigating judge, the Court found that the French system was not adequately defined because it failed to set forth such information as the categories of persons liable to have their phones tapped or the nature of the offenses which warranted such measures.
[FN81]. Id. P 26. As the Court's focal points have been primarily on prongs one and three, these prongs will also be the concentration of this discussion.
[FN82]. Klass v. F.R.G., 2 Eur. H.R. Rep. 214 P 41 (1978) (Eur. Ct. H.R.).
[FN83]. See Part III regarding the likelihood of the U.S. adopting such an approach. See supra note 5 for a discussion of the view that a subjective expectation should not be a requirement for applying Fourth Amendment protection. See infra note 110, concerning whether the judicial or legislative branch is best suited for dealing with the privacy issue. See also supra note 39 and infra note 114 concerning trends in legislative approaches to privacy issues.
[FN84]. Kruslin v. Fr., 176-A Eur. Ct. H.R. (ser. A) P 27 (1990).
[FN86]. The ECHR, in discussing the quality of the law, has provided minimal guidance on the circumstances under which it would find that the law was not accessible to the person. In Malone v. U.K., 7 Eur. H.R. Rep. 40, P 66 (Eur. Ct. H.R.), the Court held that, "the law must be adequately accessible: the citizen must be able to have an indication that is adequate in the circumstances of the legal rules applicable to a given case." However, given the comments of the Court regarding the distinction between civil and common law systems, infra note 94, presumably the Court would not deem the law to be inaccessible simply because it was contained in a court decision rather then a legislative enactment. In contrast, the Court has discussed in more depth the existence of a legal basis in domestic law. See Kruslin, 176-A Eur. Ct. H.R. (ser. A) P 28-29.
[FN87]. Malone, 7 Eur. H.R. Rep. At 41, P 68.
[FN88]. Kruslin v. Fr., 176-A Eur. Ct. H.R. (ser. A) P 35 (1990).
[FN91]. 18 U.S.C. § 2516(3) [emphasis added]. See also, Leib, supra note 3, at 399-406. Title III of the Omnibus Crimes and Control and Safe Streets Act of 1968 (OCCSSA), Pub. L. No. 90-351, 82 Stat. 197 (1968) (codified as amended at 18 U.S.C. 2510-2540 (1994)), provides protections for wire and oral communications. Speaking of the protections provided by the OCCSSA, Leib notes,
Title III sets out detailed requirements with which the government must comply in order to obtain a court order for electronic surveillance; it also outlines the procedures the government must follow before and after making an interception. For instance, an application to a federal judge requesting permission to set up surveillance can only be filed for certain types of felony offenses enumerated in Title III's section 2516 and must be approved by a senior official in the Department of Justice. Furthermore, the application must include 'a full and complete statement of the facts and circumstances relied upon by the applicant, to justify his belief that an order should be issued....' If a judge decides to grant permission for interception, the order must disclose the identity of the person whose communications are to be intercepted, the nature andlocation of the communications facilities as to which interception is authorized, and a description of the types of communications sought and the particular offense to which the communication relates. The order must also state the period of time during which interception is allowed.
Leib, supra note 3, at 400-02 (citations omitted). However, federal officials may "request an intercept order for of electronic communications 'when such [[an] interception may provide or has provided evidence of any Federal felony." Id. at 406. Additionally, "whereas Title III requires an application for wire or oral interception to be authorized by certain Justice Department officials... application for electronic communications need only be approved by '[a]ny attorney for the Government." ' Id. at 406-07.
[FN92]. Kruslin v. Fr. 176-A Eur. Ct. H.r. (ser. A) P 35 (1990).
[FN93]. Malone, 7 Eur. H.R. Rep. at 40, P 67.
[FN95]. Kruslin, supra note 79, P 34.
[FN96]. Kruslin, supra note 79, P 34. It should be noted that the ECHR was criticizing the French civil law legal system's reliance on case law. Such criticism might not be appropriate in a common law legal system, such as the U.S. system, in which case law is given far greater value as precedent. However, in discussing if the measure had a basis in French Law, the ECHR stated that "it would be wrong to exaggerate the distinction between common- countries and Continental countries." Id. P 29.
[FN97]. Id. at P 34.
[FN98]. Id. at P 30.
[FN99]. Id. at P 32.
[FN100]. Sergent, supra note 4, at 1182.
[FN102]. Klass v. F.R.G., 1978 Y.B. Eur. Conv. on H.R. 626 (Eur. Ct. of H.R.).
[FN103]. Strossen, supra note 100, at 853.
[FN104]. Id. at 850 (citing Klass v. F.R.G., 1978 Y.B. Eur. Conv. on H.R. 626 (Eur. Ct. of H.R.) as 28 Eur. Ct. H.R. (ser. A) at 22 (1978)). However, it should be noted that the ECHR cases have dealt with wiretaps. In wiretap cases the least alternative means may include listening to every conversation whereas in e-mail cases, key word searches can avoid the need to intercept messages not relevant to the investigation. As a result, I cannot predict how the ECHR would respond to an objection that the least intrusive alternative was not employed because a key word search was not used.
[FN107]. In fact, in Reyes, 922 F. Supp. at 821, the officers also seized a computer. However, before searching the files on the computer, they obtained a warrant. Id. While the court recognized that in some instances a separate warrant to search might berequired, the opinion further states that because the seizure of the information from the pager followed the arrest by less than 20 minutes, the seizure was not remote in time or place from the arrest; thus, the Constitution did not require suppression of the information obtained from the pager. Id. at 833.
[FN114]. There are some courts, however, which seem to some degree to be following a least intrusive means test. In United States v. Koyomejian, 970 F.2d 536 (9th Cir. 1992), the Ninth Circuit found that the ECPA did not apply to silent video surveillance. However, drawing, to some extent, on language included in the ECPA, the court found that the least intrusive means was required. Id. at 542. See 18 U.S.C. 2518(3)(c) (requiring that before judge approves interception of wire, oral, or electronic communications, he must determine that "normal investigative procedures have been tried and have failed or reasonably appear to be unlikely to succeed if tried or to be too dangerous"). However, while concurring in the judgment, Circuit Judge Kozinski, citing numerous Supreme Court cases, stated, "there is no 'least intrusive means' requirement in the Fourth Amendment. Id. at 546. Instead this test is based on present "English procedure in the issuance of warrants to wiretap." Id.
The Koyomejian case emphasizes an additional problem with the ECPA. The ECPA provides a least intrusive means test and requires that interceptions "shall be conducted in such a way as to minimize the interception of communications not otherwise subject to interception." (emphasis added) 18 U.S.C. 2518(5). However, these provisions apply only to the interception of communications. As defined in the ECPA, interception does not include the retrieval of stored but unread electronic communications. Steve Jackson Games v. United States, 36 F.3d 457, 461 (5th Cir. 1994) (citing numerous authorities including 18 U.S.C. 2510(4) & 18 U.S.C. 2510(17)). As a result of this narrow definition of interception, a vast amount of electronic communications are not protected from overly intrusive searches by these provisions. Additionally, even if the protection is found to apply, the government is required only to prove a prima facie case that the agents intercepting the communication exercised good faith in trying to minimize the extent of intrusion. Once the government has done so, the "defendant bears the ultimate burden of persuasion on the issue of minimization... the 'burden is shifted to the [defendant] to suggest what alternative procedures would have better minimized interception." '[citations omitted] United States v. Lamantia, No. 93 CR 523, 1996 U.S. Dist LEXIS 14344, at *29 (N.D. Ill. Sept. 17, 1996). Such a requirement is problematic because it places the burden on a defendant who is likely to have insufficient knowledge of the possible alternatives.
[FN115]. See Florida v. Riley, 488 U.S. 445, 455 (1989) (O'Connor, J., concurring) (citing Jones v. United States, 362 U.S. 257, 261 (1960) for proposition that burden is on defendant to establish reasonable expectation of privacy).
[FN116]. Sergent, supra note 4, at 1228, suggests an opposing view, providing, "[t]he subjectivity of the Court's current approach provides a poor basis for predicting future decisions, and makes it likely that future approaches to the Fourth Amendment will replace the one in vogue today."
[FN117]. Laurence Tribe, a prominent constitutional scholar, has advocated an alternate approach. Tribe suggests that a Constitutional Amendment may be necessary to protect the privacy of those utilizing new technologies. Henry Weinstein, Amendment On Computer Privacy Urged: Law Professor Tells Conference that the Constitution Should be Changed to Protect Individual Rights Threatened by Technology, Los Angeles Times, March 27, 1991, available in 1991 WL 2304805 and Laurence H. Tribe, the Constitution In Cyberspace: Law and Liberty Beyond the Electronic Frontier, Keynote Address at the First Conference on Computers, Freedom & Privacy (March 1991) (transcript available in Laurence H. Tribe, The Constitution in Cyberspace http://www.sjgames.com//SS/tribe.html (visited on May 20, 1998.) See also Rory J. O'Connor, Amendment Covering Computers not Necessary, Tulsa World, April 14, 1991, available in 1991 WL 4946802. O'Connor suggests that the "chances of amending the Constitution are slight" and that Tribe's proposal was made to "spur serious discussion of civil rights in the information age." Id. at 4-5.
[FN118]. It has been suggested that the legislative branch is the appropriate governmental branch to handle the balancing of interest due to it responsiveness to the democratic process and due to the complexity of the issue. For example, the opinion of the Vice-Chancellor, 2 All ER 620 at 647,649 contained in Malone v. U.K., 1984 Y.B. Eur. Conv. on H.R. 626 (Eur. Ct. H.R.), 2 E.H.R.R. 14, P 34, is that "any regulation of so complex a matter as telephone tapping is essentially a matter for Parliament, not the courts." But see Lawrence Lessig, Reading the Constitution in Cyberspace, 45 Emory L.J. 869, 874 (1996) (stating that certain cyberspace situations call for courts to engage in judicial activism to "seek to preserve original values of liberty").
[FN119]. An alternative course would be to draft new legislation to provide the additional protection. As, previously discussed, the addition of new provisions to existing legislation often causes confusion. See supra text accompanying notes 40 & 41.
[FN120]. See Leib, supra note 3, at 409, regarding the reason for omission of electronic communications from the statutory exclusionary rule.
[FN121]. Strosseu, supra note 100.
[FN123]. See also Leib, supra note 3, at 434. Leib further suggests that Congress considered including a good faith exception to the ECPA's statutory exclusionary rule but chose not to. "Congress's silence is the clearest sign of its intent." Id. at 433. However, Lieb advocates that express statements of Congressional intent would be preferable to judicial interpretation of congressional intent given the differing approaches taken by the courts. Id at 434.
The author realizes that the action advocated would allow searches of homes under the good faith exceptions while protecting e-mail from good faith searches. While such a result may seem absurd to some, given the well- established thought that "a man's home is his castle," it can be justified given the current state of technical knowledge of most law enforcement personnel. As discussed previously, it is more probable that law enforcement personnel, given their limited understanding of e-mail technology, will conduct an over intrusive search of electronic mail.
[FN124]. Recent developments however suggest that legislation is being used to decrease rather than increase privacy rights. For example, the passage of the Intelligence Authorization Act for Fiscal 1999 requires law enforcement only to show that the suspect's "actions could have the effect of thwarting" a wiretap in order to obtain authorization for a roving wiretap. In order to obtain such authorization in the past, law enforcement officials were required to make a showing the that the suspect was intentionally trying to thwart a regular wiretap by changing phones. Intelligence Authorization Act for Fiscal 1999, Pub. L. No. 105-272, § 604(a)(1), 112 Stat. 2396 (1998). See also Robyn Blumner, On Our Way To A U.S. Gestapo, St. Louis Post-Dispatch, Nov. 12, 1998, at B7 (commenting on the change).
[FN125]. While many, including Serr, supra note 1, at 584, see the balance tipping away from U.S. courts protecting privacy interest, one recent U.S. Supreme Court case is encouraging. In Patrick Knowles v. Iowa, No. 97-7597, 1998 U.S. LEXIS 8068, the Court held that a search incident to citation (for speeding), which was authorized by state law, nonetheless violated the Fourth Amendment. In doing so, the Court examined the rationale behind the search incident to arrest exception to a warrantless search. Id. at *8.
[FN126]. Skatoff-Gee, supra note 47, at 219, 220, advocates accepting the AFCCA view that inclusion of protections in the ECPA should be probative of a reasonable expectation of privacy. However, the article does not advocate that the absence of protection for a technology in the ECPA should create a presumption that users of the technology lack a reasonable expectation of privacy. While a specific exclusion could be probative of the matter, allowing mere absence not to be determinative would encourage continuous development of communication technologies. Id.
[FN127]. Eric Bentley, Jr., Toward an International Fourth Amendment: Rethinking Searches and Seizures Abroad After Verdugo-Urquidez, 27 Vand. J. Transnat'l L. 329 (1994) and Dempsey, supra note 8, at 116 advocate consideration of the international sensitivity to privacy rights in communication. While the changes suggested may make the U.S. method of accessing privacy interest more consistent with international standards of privacy, it should be noted that the U.S. exclusion of evidence is a unique remedy for violation of privacy. Article 8 of the European Convention on Human Rights does not require exclusion of the evidence obtained in violation of the Article. Despite the lack of such a requirement in Article 8, questions have been raised as to whether the admission of such evidence violates Article 6 of the European Convention on Human Rights which guarantees the right to a fairtrial. In Schenk v. Switzerland, Series A, No. 140 (1988) 13 E.H.R.R. 242, the ECHR held that the admission of such evidence does not render the trial unfair if the accused has an opportunity to challenge the evidence at trial. However, in R. v. Khan (Sultan), House Of Lords,  App. Cas. 558, [ 3 All E.R. 289,  3 W.L.R 162,  Crim. L.R. 735, 2 July 1996 the English House of Lords held that a potential breach of Article 6, should be considered by the trial judge when he is exercising the discretion to exclude evidence. For a discussion of this case see  EHRLR Issue 4, at 346. As a result, it may be that, in the future, practice under English law will come to more resemble U.S. practice regarding exclusion of evidence which violates privacy concerns. It should be noted that Europe is concerned with this issue. This concern is evidenced by the submission of the following questions, "Does the Council consider that existing legislation in the Union provides adequate means of preventing the United States or any other country, including the Member States, from using modern technologies unlawfully to violate the privacy of European citizens and the confidentiality of information?" Publication Date: October 21, 1998, 1998 OJ C 323, Document Date: February 27, 1998, Written Question No. 499/98 by Elly Plooij-Van Gorsel to the Council. Tapping of European telephone, fax, and E-mail traffic by the USA.
END OF DOCUMENT