Puzzle of the Day

The Electronic Communications Privacy Act (ECPA) is a Federal statute intended to provide the same security for electronic mail as users of the U. S. Postal Service enjoy. It forbids, under most circumstances, the reading of electronic mail without the consent of the recipient or the sender. In what follows, assume neither party has given consent.

A company allows its employees to send and receive personal (non-business related) electronic mail using its computers. One day, the system administrators notice that an attacker has broken into the system from another site on the Internet. In order to establish what the intruder is doing, they tap the network and read the traffic between the intruder and the attacked host. In doing this, they discover the intruder is reading users' mail.

  1. Can the attacker be prosecuted for breaking into the computer system?
  2. Can the attacker be prosecuted for reading users' electronic mail?
  3. Suppose the attacker is reading only business mail, not personal mail. Does this change your answer to question 2?
  4. Can the system administrators monitoring the attacker be prosecuted ?
  5. If your answer to question 4 is yes, what might the company do to prevent such legal liability?

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 1/23/97