This recent post over at Consumerist caught my eye: A person loses his cell phone. Before he lost it, he set it up to blind-copy him on all emails sent from the cell phone. Let’s assume for the sake of argument that he did this (as the post recommends) as a “pretty brilliant low-tech security solution for tracking down a lost/stolen phone or laptop.” Pretty soon, someone finds the cellphone and begins using it, evidently with no attempt to locate the owner. The readers of Consumerist are collectively able to track the finder down within 55 minutes and get him to promise to return the phone, which he actually did.
Naturally, I had the same reaction to this story that anyone else would: Is that a violation of the Wiretap Act?
It’s pretty well established that you can’t bug a phone, even one that you own and pay for the service on, just to spy on someone. There are countless cases where jealous spouses have gotten hung up on this rule. And the secret bcc here would seem to qualify as bugging (or, more properly, “acquisition of the contents of a communication”), unless an exception applies.
But I think an exception does apply, although it takes a little work to get there. The Act prohibits “interception,” defined as “acquisition of the contents of [a] communication” through the use of a “device.” The term “device” does not include telephone or telegraph equipment “furnished by [a] subscriber or user [of a wire or electronic communication service] for connection to the facilities of such service and used in the ordinary course of its [the subscriber or user’s] business.” 18 U.S.C. § 2510(5)(a)(1). The phone here was “furnished by a subscriber or user” of a communication service, either the original owner or the “finder,” but the phone is not the relevant device, I don’t think — it’s the bcc rule on the phone that is the device doing the intercepting. (If the phone is the relevant device, this would be a huge loophole in the statute, as any bug or secret program installed in such a phone would be within the exception even if the user/subscriber of the phone service didn’t know about it.) If I’m right and the bcc rule, or perhaps the entire email functionality on the phone, is the relevant device, then that device is telephone or telegraph equipment “furnished by the subscriber . . . for connection to the facilities” of a communication service, and that bcc rule is being used “in the ordinary course of [the subscriber’s] business” — namely, finding lost property.
If that doesn’t work, well, there’s always the fact that the acquisition has to be intentional to violate the Wiretap Act. If the original owner of the phone set up the bcc rule for any other purpose — say, just so they would have a copy of all of their emails — then its use in tracking down the possessor of the phone in this case was accidental, not intentional. Hence, no Wiretap Act violation.
Side note: an acquaintance of mine once told me of his experience trying to access the outgoing call log on his own phone, using the account he was paying for, from Verizon, after he had been mugged and his cell phone stolen. Somewhat maddeningly, Verizon Wireless would not give him that information, even though it was arguably customer records pertaining to him.
I think the intentionality requirement is the clearest out here; that’s what I suggest in a similar hypo I have in my computer crime casebook.
I completely agree Orin (and I look forward to reading your casebook), and I suspect that most people in this situation would be able to cite their lack of intent, because the bcc rule would have been set up for other purposes. But I was particularly intrigued by the Consumerist post’s suggestion that people set up these bcc rules for the specific purpose of spying on thieves/finders of lost property. In that case, it’s the “business extension” exception or nothing.
That reminds me, for those just tuning in, perhaps I should have explained the exception in question a little more clearly. It’s colloquially known as the “business extension” exception because the purpose was to allow companies to monitor employee phone calls on another extension, as long as the monitoring was “in the ordinary course of its business.” So, there would be two issues with my suggestion that it would apply in the Consumerist anti-theft technique hypo: 1) is a bcc rule analogous to an extension phone? and 2) does a residential cell phone subscriber even have an “ordinary course of business”? I think the answer to both questions is yes, but reasonable minds could differ.
In theory though could a private detective use it and call it a “business extension”? Is it legal if used in the “course-of-business” by a private investigator? What if a few private investigators use this to “get even” with someone they disagreed with and then use this “business extension” as a means to monitor someone to turn up “dirt” on them? I am pretty sure it isn’t legal, but the lines are pretty blurry here. A few PI’s, have been notorious in the past for leading criminals to their victims and apparently no remorse was shown on their part for the role they played. I am a little unclear on the federal statutes governing private investigators on cell phone bugging.