This page has been speech-enabled for Macintosh owners using the Talker Netscape Plug-in. Hit Escape to discontinue speech.
President Clinton has a poor record on privacy rights in an electronic environment based on his stance on regulation of encryption and promotion of wiretap-friendly communications systems. I am sure, however, that he has had a few sobering experiences in light of the current allegations being made against him in the White House sex scandal, and the possibly illegal recording of Monica Lewinsky's conversations with her "friend" that were recorded using a (Linda) Tripp-wire for the benefit of the Independant Counsel Kenneth Starr. I am also sure that Newt Gingrich is likely to think a bit more carefully about what he says over a cellular telephone, (now) knowing that the phone beams his conversations off into the ether to be heard, legally or otherwise, by anyone with the appropriate radio receiver. Of course, the last several presidents have all been fighting to restrict access to White House e-mail, all beginning with the Iran-Contra affair. There are many people who would be legitimately curious to know a piece of e-mail could be found approving of an arms-for-hostages trade, and even more curious to know if the message was carbon-copied to the president.
Within the last few months, several lawsuits have been filed concerning attempts to find out whether a sailor in the U.S. Navy really is gay and to find out what local government employees are looking at when they surf the Internet. As the glacier of the judicial process carves some new legal precedent into the landscape of existing privacy law, these incidents should give everyone a reason to examine their own local privacy topography.
The most recent electronic privacy case, and the one addressed in this article, is McVeigh v. Cohen, No. 98-116 (D.D.C., Jan. 26, 1998) available on the Internet at http://www.Loundy.com/CASES/McVeigh_v_Cohen.html. This case involves the Navy's attempt to sink the career of Timothy McVeigh (no, not that one), a Navy Officer serving as the senior-most enlisted man on the nuclear submarine U.S.S. Chicago. It seems that McVeigh is a user of America Online in his off-duty above-water time. It also seems that he had an interest in the toy drive being organized for the children of the U.S.S. Chicago's crew members. Apparently, Mr. McVeigh was bright enough not to put his real name in his "member profile," which was available to other AOL users, but he did list his marital status in that profile as "gay," noted that he is in the Navy and stationed in Hawaii, and listed as interests "collecting pics of other young studs" and "boy watching." Worse still was the fact that he then corresponded from the AOL account with the aforementioned profile, with the wife of a fellow officer from the U.S.S. Chicago. The wife was organizing the toy drive, and McVeigh, of course, signed his e-mail message with the name "Tim."
The woman who received McVeigh's note gave the note and a copy of the AOL profile to her husband, who gave them to his Commander, who thought they may have originated with Mr. McVeigh. The Commander then passed the information on to a Lieutenant in the Judge Advocate General's Corp, who then gave it to a paralegal (with instructions to try to match McVeigh to the profile), who then called AOL, who then said that, oh yes, the previously anonymous user whose privacy we are supposed to guard is, in fact, the suspected sailor.
At this point, the Navy began an administrative discharge proceeding against McVeigh.
Of course, the America Online representative did not mention anything about the AOL user's privacy when turning over confidential information concerning his identity. Also apparently not considered was the Electronic Communications Privacy Act (18 U.S.C. 2701 et seq.), which establishes certain privacy rights. Upon being confronted with this issue, AOL later pleaded "OOPS." McVeigh is reportedly contemplating a lawsuit.
Of course the Navy paralegal also did not inform AOL that he was a military officer conducting an investigation-- for which the Electronic Communications Privacy Act provides a specific warrant requirement for the discovery of such information from a service provider. Upon being confronted with this issue, the Navy blamed AOL. A lawsuit, of course, resulted.
In his opinion granting a preliminary injunction preventing the Navy's discharge of Mr. McVeigh, U.S. District Judge Stanley Spoorkin stated that the Navy violated 10 U.S.C. Section 654 (the "Don't Ask, Don't Tell, Don't Pursue" policy implemented to address the issue of homosexuals in the military) and the associated investigative guidelines. The judge held that, but for AOL's provision of its user's identity, there would have been no way to connect the e-mail to Mr. McVeigh. Furthermore, the Navy either knowingly broke the law to obtain the message sender's identity, or it solicited a violation of the law from AOL. Judge Spoorkin found that under the Navy's own investigative guidelines, at no point did it have enough information to even commence an investigation, much less engage in the "search and destroy mission" that resulted from the suspicion that the message sender was McVeigh.
This case offers a number of lessons. First of all, to quote Judge Spoorkin, "[i]n these days of 'big brother,' where through technology and otherwise the privacy interests of individuals from all walks of life are being ignored or marginalized, it is imperative that statutes explicitly protecting these rights be strictly observed." One of the fastest laws of any kind passed in this country was the "Bork Bill" passed to protect the privacy of movie rental records. The law was passed after Judge Bork's confirmation hearings for the Supreme Court during which a reporter obtained the list of movies the federal appeals court judge had rented.
In other words, some judges (and the legislators who voted for the Bork Bill) have been presented with a resonant privacy experience and realize that the minimal privacy rights U.S. citizens still enjoy are important. If you are bound by a law that says "Don't Ask"-- don't ask!
Second, service providers should also be aware of any obligations they may have regarding protection of their users' privacy rights, whether such rights are established by law or contract. If McVeigh does sue AOL over its actions, "Oops" is not a recognized defense under the Electronic Communications Privacy Act. Furthermore, privacy is an important issue to many consumers, as some companies are finding out the hard way. Companies that treat their customers' privacy loosely are attracting unwanted publicity in increasing numbers, and on-line privacy concerns are currently an important agenda item for many Internet users. Many privacy-conscious service providers simply do not keep certain records. You cannot divulge records that no longer exist.
Finally, if you are a user of electronic communications, do not be dumb. Cellular and cordless telephones are transmitters. They send a signal via airwaves to a receiver. The receiver may be a cordless telephone base-station in your office-- or the office of a neighbor, competitor, opponent, regulator, reporter. If you have a profile that says you are a gay sailor based in Hawaii, it is not advisable to send e-mail signed with your first-name to someone in the family of a fellow officer about a toy-drive for the submarine on which you are stationed-- unless, of course, you want to risk a 17-year military career and the associated pension and other benefits.
Quite simply, "don't tell," and if enough is at stake, don't hint either.
Technology has the ability to preserve the integrity, anonymity and privacy of electronic communications. Technology will not, however, avoid the consequences of human error. The law may help, but to some extent you must be your own privacy advocate.