This post is about one of the ways officers can get information about someone from the person’s ISP. Before we get to the law, I need to outline the facts in U.S. v. Beckett, 544 F.Supp.2d 1346 (U.S. District Court for the Southern District of Florida 2008) as described by the court.
On July 12, 2007, Palm Beach Sheriff's Office Detective Collins received a cybertip that a Palm Beach County child victim, identified . . . as `J.H.,’ was being sexually solicited by an adult through the use of a computer over the internet. The information included the victim's name and the screen name of the subject. Boynton Beach Detective Athol also received the information, as well as information about a second child victim, identified as . . . as `C.L.,’ who appeared to have been solicited by the same subject.
The subject contacted the victims . . . on MySpace representing himself to be a 17 year old girl looking to engage in sex. . . . The subject sent a picture of a nude girl to the victims and solicited nude pictures from the victims in response. The subject obtained the victims' addresses and phone numbers. Then the subject revealed that `she’ was in fact a male seeking to engage in oral sex with the victim. The subject threatened the victim with exposure by publishing their nude photos if they did not comply.
Detective Collins testified that it takes at least 3 days to get a subpoena issued to a service provider . . . under these circumstances. Because she believed these or other victims were in imminent danger, on July 12 she and Detective Athol sent `exigent circumstance’ letters to MySpace, AOL, and Comcast to get subscriber information, notably the subject's address, for the internet account used by the subject. . . . After the subject called child victim C.L. on July 13, the detectives sent `exigent circumstance’ letters to AT & T and T-mobile. . . . TIMOTHY WAYNE BECKETT, was the owner of the cell phone from which the July 13, 2007, phone call to child victim C.L. was made.
The terms and conditions of the internet and phone providers had clauses prohibiting child pornography, stalking and harassment, and reserving the right to investigate, take legal action, and cooperate with law enforcement.
On July 17, the detectives obtained a search warrant for the defendant's address, allowing the search for and seizure of computers, data storage devices, and records or data produced in various forms, such property constituting evidence of Computer Crimes, Transmission of Pornography by Electronic Device, Transmission of Material Harmful to Minors by Electronic Device, Threats and Extortion, and Prohibition of Sale or Other Distribution of Harmful Materials to Persons under 18 years of age. . . .
On July 18, Detective Collins executed the search warrant at the . . . . The defendant confessed to the scheme and to having child pornography on his computer. . . .
U.S. v. Beckett, supra. (I apolotize forr not indenting the quote -- I`m abroad and using a computer that's not very cooperative.)
Beckett was indicted by a federal grand jury on what the opinion calls “sex crimes,” which obviously included possessing and distributing child pornography. He moved to suppress “the evidence received from the Government's `exigent circumstance’ letters to MySpace, AOL, Comcast, AT & T and T-mobile, as [having been obtained] in violation of . . . 18 U.S.C. Sections 2702 and 2703.” He argued that under “those statutes law enforcement needs a search warrant, court order or subpoena to obtain customer information”. U.S. v. Beckett, supra.
Why, you may ask, didn’t he move to suppress under the 4th Amendment? As I noted in an earlier post, in the 1979 Smith v. Maryland case the U.S. Supreme court held that we have no 4th Amendment expectation of privacy in information we voluntarily share with telephone companies and other businesses. Under Smith, the information the officers sought from the ISPs and phone companies was not protected by the 4th Amendment.
Concerned about the implications this holding has in an era of digital communication, Congress adopted the Electronic Communications Privacy Act (ECPA) in 1986. ECPA imposed statutory restrictions on law enforcement’s ability to get the kind of third-party information that is not protected by the 4th Amendment (as long as the Smith decision remains good law_. It’s a complicated set of statutes, so I’ll just note that, as Beckett argued, 18 U.S. Code § 2703(c) says that a government entity can “require a provider of electronic communication service . . . to disclose a record or other information pertaining to a . . . customer . . . (not including the contents of communications) only when the government” does one of the following: gets a search warrant; uses a subpoena or court order; or “has the consent of the . . . customer to such disclosure”.
Beckett, then, argued that the detectives violated ECPA when they used the “exigent circumstance” letters to get his subscriber information. It’s a good argument, on its face, but it didn’t work for two reasons.
One is that the detectives relied on another provision of ECPA in utilizing the exigent circumstance letters: 18 U.S. Code § 2702(b)(8) says an ISP service provider can give information “to a governmental entity, if the provider . . . believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency”. The difference between § 2703 and § 2702 is that § 2703 deals with law enforcement’s ability to compel an ISP to provide subscriber information, while § 2702 sets out the conditions under which an ISP can voluntarily share such information.
The opinion doesn’t quote the letters sent in this case, but I’m sure they simply asked the ISPs to provide the information the detectives sought. (If you’d like to see examples of exigent circumstance letters used for a while by the FBI, you can find them here.) If the letters simply asked for the information, then they were not compelling the ISP’s to do anything; the dynamic seems to be that the letters simply trigger the provisions of § 2702(b)(8), letting the ISPs provide the information voluntarily.
The other reason Beckett lost is that his goal was to suppress the evidence the detectives obtained from the ISPs, but suppression is usually a remedy only for constitutional violations. Statutory schemes like ECPA can make suppression of evidence obtained in violation of their requirements a remedy available to the victim of such a violation. But if the statutory scheme does not explicitly do this, suppression of improperly obtained evidence is not available as a remedy.
ECPA does not make suppression a remedy for violations of its requirements. Section 2708 of Title 18 of the U.S. Code says that “[t]he The remedies and sanctions described in [ECPA] are the only judicial remedies and sanctions for . . . violations of [ECPA}.” The only remedy ECPA provides is a civil action for damages under 18 U.S. Code § 2707. Under § 2707(a), an ISP’s customer who is “aggrieved by any violation” of ECPA “in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity. . . which engaged in that violation such relief as may be appropriate.” Section 2707(b) says that the relief available under this statute includes damages, attorney’s fees and litigation costs and injunctive relief, if appropriate.
So the federal district judge denied Beckett’s motion to suppress the evidence. If Beckett thinks he has a cause of action under § 2707, he can try suing the detectives who used the exigent circumstances letters to get his ISP information, but I suspect he won’t be doing that. First, as I noted above, it looks like the letters didn’t violate ECPA; if they didn’t, then he has no cause of action under § 2707. And even if he did, would you be interested in pursuing probably expensive, time-consuming civil litigation while you’re facing the prospect of spending 90 years in jail?
(If you’re wondering about the picture, Beckett was a 20-year-old Pizza Hut manager when he was arrested, as this site explains. As it also explains, he was convicted and sentenced to 15 years in prison.)
On July 12, 2007, Palm Beach Sheriff's Office Detective Collins received a cybertip that a Palm Beach County child victim, identified . . . as `J.H.,’ was being sexually solicited by an adult through the use of a computer over the internet. The information included the victim's name and the screen name of the subject. Boynton Beach Detective Athol also received the information, as well as information about a second child victim, identified as . . . as `C.L.,’ who appeared to have been solicited by the same subject.
The subject contacted the victims . . . on MySpace representing himself to be a 17 year old girl looking to engage in sex. . . . The subject sent a picture of a nude girl to the victims and solicited nude pictures from the victims in response. The subject obtained the victims' addresses and phone numbers. Then the subject revealed that `she’ was in fact a male seeking to engage in oral sex with the victim. The subject threatened the victim with exposure by publishing their nude photos if they did not comply.
Detective Collins testified that it takes at least 3 days to get a subpoena issued to a service provider . . . under these circumstances. Because she believed these or other victims were in imminent danger, on July 12 she and Detective Athol sent `exigent circumstance’ letters to MySpace, AOL, and Comcast to get subscriber information, notably the subject's address, for the internet account used by the subject. . . . After the subject called child victim C.L. on July 13, the detectives sent `exigent circumstance’ letters to AT & T and T-mobile. . . . TIMOTHY WAYNE BECKETT, was the owner of the cell phone from which the July 13, 2007, phone call to child victim C.L. was made.
The terms and conditions of the internet and phone providers had clauses prohibiting child pornography, stalking and harassment, and reserving the right to investigate, take legal action, and cooperate with law enforcement.
On July 17, the detectives obtained a search warrant for the defendant's address, allowing the search for and seizure of computers, data storage devices, and records or data produced in various forms, such property constituting evidence of Computer Crimes, Transmission of Pornography by Electronic Device, Transmission of Material Harmful to Minors by Electronic Device, Threats and Extortion, and Prohibition of Sale or Other Distribution of Harmful Materials to Persons under 18 years of age. . . .
On July 18, Detective Collins executed the search warrant at the . . . . The defendant confessed to the scheme and to having child pornography on his computer. . . .
U.S. v. Beckett, supra. (I apolotize forr not indenting the quote -- I`m abroad and using a computer that's not very cooperative.)
Beckett was indicted by a federal grand jury on what the opinion calls “sex crimes,” which obviously included possessing and distributing child pornography. He moved to suppress “the evidence received from the Government's `exigent circumstance’ letters to MySpace, AOL, Comcast, AT & T and T-mobile, as [having been obtained] in violation of . . . 18 U.S.C. Sections 2702 and 2703.” He argued that under “those statutes law enforcement needs a search warrant, court order or subpoena to obtain customer information”. U.S. v. Beckett, supra.
Why, you may ask, didn’t he move to suppress under the 4th Amendment? As I noted in an earlier post, in the 1979 Smith v. Maryland case the U.S. Supreme court held that we have no 4th Amendment expectation of privacy in information we voluntarily share with telephone companies and other businesses. Under Smith, the information the officers sought from the ISPs and phone companies was not protected by the 4th Amendment.
Concerned about the implications this holding has in an era of digital communication, Congress adopted the Electronic Communications Privacy Act (ECPA) in 1986. ECPA imposed statutory restrictions on law enforcement’s ability to get the kind of third-party information that is not protected by the 4th Amendment (as long as the Smith decision remains good law_. It’s a complicated set of statutes, so I’ll just note that, as Beckett argued, 18 U.S. Code § 2703(c) says that a government entity can “require a provider of electronic communication service . . . to disclose a record or other information pertaining to a . . . customer . . . (not including the contents of communications) only when the government” does one of the following: gets a search warrant; uses a subpoena or court order; or “has the consent of the . . . customer to such disclosure”.
Beckett, then, argued that the detectives violated ECPA when they used the “exigent circumstance” letters to get his subscriber information. It’s a good argument, on its face, but it didn’t work for two reasons.
One is that the detectives relied on another provision of ECPA in utilizing the exigent circumstance letters: 18 U.S. Code § 2702(b)(8) says an ISP service provider can give information “to a governmental entity, if the provider . . . believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency”. The difference between § 2703 and § 2702 is that § 2703 deals with law enforcement’s ability to compel an ISP to provide subscriber information, while § 2702 sets out the conditions under which an ISP can voluntarily share such information.
The opinion doesn’t quote the letters sent in this case, but I’m sure they simply asked the ISPs to provide the information the detectives sought. (If you’d like to see examples of exigent circumstance letters used for a while by the FBI, you can find them here.) If the letters simply asked for the information, then they were not compelling the ISP’s to do anything; the dynamic seems to be that the letters simply trigger the provisions of § 2702(b)(8), letting the ISPs provide the information voluntarily.
The other reason Beckett lost is that his goal was to suppress the evidence the detectives obtained from the ISPs, but suppression is usually a remedy only for constitutional violations. Statutory schemes like ECPA can make suppression of evidence obtained in violation of their requirements a remedy available to the victim of such a violation. But if the statutory scheme does not explicitly do this, suppression of improperly obtained evidence is not available as a remedy.
ECPA does not make suppression a remedy for violations of its requirements. Section 2708 of Title 18 of the U.S. Code says that “[t]he The remedies and sanctions described in [ECPA] are the only judicial remedies and sanctions for . . . violations of [ECPA}.” The only remedy ECPA provides is a civil action for damages under 18 U.S. Code § 2707. Under § 2707(a), an ISP’s customer who is “aggrieved by any violation” of ECPA “in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity. . . which engaged in that violation such relief as may be appropriate.” Section 2707(b) says that the relief available under this statute includes damages, attorney’s fees and litigation costs and injunctive relief, if appropriate.
So the federal district judge denied Beckett’s motion to suppress the evidence. If Beckett thinks he has a cause of action under § 2707, he can try suing the detectives who used the exigent circumstances letters to get his ISP information, but I suspect he won’t be doing that. First, as I noted above, it looks like the letters didn’t violate ECPA; if they didn’t, then he has no cause of action under § 2707. And even if he did, would you be interested in pursuing probably expensive, time-consuming civil litigation while you’re facing the prospect of spending 90 years in jail?
(If you’re wondering about the picture, Beckett was a 20-year-old Pizza Hut manager when he was arrested, as this site explains. As it also explains, he was convicted and sentenced to 15 years in prison.)
No comments:
Post a Comment