A
recent report from the
U.S. Department of Justice has highlighted deficiencies in the
F.B.I.'s use of
national security letters. The wide ranging report, required under the
USA Patriot Act, included a detailed breakdown of how the letters have been used, and in particular, contained information about how a number of recipients provided data to the F.B.I. that was protected by the
Electronic Communications Privacy Act. In particular, the report noted that
at least 19 recipients of the letters had disclosed almost all information they had about a target, or had disclosed information that exceeded the time limits provided in the ECPA.
Under the ECPA recipients of national security letters may not be sued by their customers for disclosing the information set out in the letter. However, This safe harbor appears only to apply to the information set out in the letters. As a result, it seems conceivable that if a host discloses more information than is requested in a letter, and that damages a customer, the host may not be immune from liability under the ECPA. Provisions of federal law provide for civil suits against entities who disclose confidential customer information outside the scope of a warrant or subpoena. Indeed, AT&T is the subject of a class action suit filed in based on the NSA's interception of voice traffic.
The fact that this issue is getting so much attention illustrates the need to spend time reviewing subpoenas and warrants. Now, more than ever, hosting companies should make sure that they do more than simply rip a customer's site to a DVD, and ship off the credit card information and IP logs to law enforcement.
There are no comments for this entry.
[Add Comment]