Government contracts and privacy expectations

> Concepts such as the business record exception, expectation of privacy in
> records held by third parties, etc seem based in the idea that these were
> independent actions.
>
> If a third-party normally has no business reason for collecting or
> retaining records, but is paid by the government to keep them, does that
> change the legal expectations in those records?
>
> And if the government pays companies to retain the records, are those
> records kept beyond the normal needs of the business still discoverable
> in private legal cases?
>
> http://www.washingtonpost.com/wp-dyn/content/article/2007/07/24/AR2007072402479.html
>
>
> What if the government didn't specify what records or how long to keep
> those records, but paid for an electronic filing system to automate
> the delivery of the orders and responses to those orders?  Similar to the
> US Courts funding its electronic filing systems to automate its paperwork
> processes with law firms.
>
>
> **********************************************************************
> For Listserv Instructions, see http://www.lawlists.net/cyberia
> Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
> Need more help? Send mail to: Cyberia-L-Request@...
> **********************************************************************
>

> On Wed, 25 Jul 2007, Michael S. Fischer wrote:
> > Are you confusing the business record exception, which is an
> > evidentiary rule pertaining to hearsay evidence, with discovery, which
> > is a rule of civil procedure?  Evidence may be discoverable yet
> > ultimately inadmissible.  The FRCP says that any evidence relating to
> > the claim or defense of any party is discoverable if not privileged.
> > To my knowledge there is no law interpreting Rule 26(b)(1) that limits
> > discovery only to those items a business was required to keep.
>
> I'm probably confused.  I was thinking more of the service provider
> exclusion and records collected "necessary to the rendition of
> his service."  If the government is paying service providers to
> collect and keep those records, "just in case" the government
> later wants to search them, are those records really necessary
> to the rendition of the service?  And if not, does the subscriber
> have a reasonable expectation of privacy the service provider isn't
> collecting and keeping records in excess of those necessary?
>
>
> See the discussion in the DOJ manual Prosecuting Computer Crimes:
>
>
> http://www.cybercrime.gov/ccmanual/02ccma.html
>
>  The "necessary to the rendition of his service" clause of subsection
>  2511(2)(a)(i) permits providers to intercept, use, or disclose
>  communications in the ordinary course of business when interception is
>  unavoidable. See United States v. New York Tel. Co., 434 U.S. 159, 168
>  n.13 (1977) (noting that ' 2511(2)(a)(i) "excludes all normal telephone
>  company business practices from the prohibition of [Title III]"). For
>  example, a switchboard operator may briefly overhear conversations when
>  connecting calls. See, e.g., United States v. Savage, 564 F.2d 728,
>  731-32 (5th Cir. 1977); Adams v. Sumner, 39 F.3d 933, 935 (9th Cir.
>  1994). Similarly, repairmen may overhear snippets of conversations when
>  tapping phone lines in the course of repairs. See United States v. Ross,
>  713 F.2d 389, 392 (8th Cir. 1983). Although the "necessary incident to
>  the rendition of his service" language has not been interpreted in the
>  context of electronic communications, these cases concerning wire
>  communications suggest that this phrase would likewise permit a system
>  administrator to intercept communications in the course of repairing or
>  maintaining a computer network.
>
>
> **********************************************************************
> For Listserv Instructions, see http://www.lawlists.net/cyberia
> Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
> Need more help? Send mail to: Cyberia-L-Request@...
> **********************************************************************
>

> Sean, your gut feeling is correct.  You are thinking in 4th Amendment
> and even moreso "ECPA" terms - a specific statute controlling
> government and civil litigant access to various types of electronic
> records.  Michael Fisher's general comments on relevance and
> discover-ability are accurate at the 30k foot level, but do break down
> at the level you are talking about. Many categories of information
> clearly conveyed to a 2nd party, and even when conveyed by a 3rd
> party, retain statutory, and even constitutional, privacy protections
> that limit certain parties, including the govt., from accessing them
> in legal proceedings.
>
>
> Your initial post asks 2 good questions - especially in light of the
> ECPA provisions in 18 usc 2511.  The short answer to the 1st, I think,
> is that if the 2511 intercepts or records aren't kept or done
> i.o.c.o.b., they aren't i.o.c.o.b....  Other than common sense here,
> that opinion is also informed by the idea that acts done upon request
> of govt. agents are attributed not to the actor but the govt. for 4th
> Amendment privacy purposes.
>
> Your 2nd question - are new records "discoverable in private legal
> cases" is already answered to some degree by the federal discovery
> rules and other laws, including ECPA.  ECPA, for example, prohibits
> civil litigant access to email content, but allows for access to
> customer records like account #, address, billing info, etc.  While
> these new records would seem to add to the overall amount of
> potentially accessible info, existing laws already permit or deny
> access.
>
>
>
> On 7/26/07, Sean Donelan <sean@...> wrote:
>> On Wed, 25 Jul 2007, Michael S. Fischer wrote:
>> > Are you confusing the business record exception, which is an
>> > evidentiary rule pertaining to hearsay evidence, with discovery, which
>> > is a rule of civil procedure?  Evidence may be discoverable yet
>> > ultimately inadmissible.  The FRCP says that any evidence relating to
>> > the claim or defense of any party is discoverable if not privileged.
>> > To my knowledge there is no law interpreting Rule 26(b)(1) that limits
>> > discovery only to those items a business was required to keep.
>>
>> I'm probably confused.  I was thinking more of the service provider
>> exclusion and records collected "necessary to the rendition of
>> his service."  If the government is paying service providers to
>> collect and keep those records, "just in case" the government
>> later wants to search them, are those records really necessary
>> to the rendition of the service?  And if not, does the subscriber
>> have a reasonable expectation of privacy the service provider isn't
>> collecting and keeping records in excess of those necessary?
>>
>>
>> See the discussion in the DOJ manual Prosecuting Computer Crimes:
>>
>>
>> http://www.cybercrime.gov/ccmanual/02ccma.html
>>
>>  The "necessary to the rendition of his service" clause of subsection
>>  2511(2)(a)(i) permits providers to intercept, use, or disclose
>>  communications in the ordinary course of business when interception is
>>  unavoidable. See United States v. New York Tel. Co., 434 U.S. 159, 168
>>  n.13 (1977) (noting that ' 2511(2)(a)(i) "excludes all normal telephone
>>  company business practices from the prohibition of [Title III]"). For
>>  example, a switchboard operator may briefly overhear conversations when
>>  connecting calls. See, e.g., United States v. Savage, 564 F.2d 728,
>>  731-32 (5th Cir. 1977); Adams v. Sumner, 39 F.3d 933, 935 (9th Cir.
>>  1994). Similarly, repairmen may overhear snippets of conversations when
>>  tapping phone lines in the course of repairs. See United States v. Ross,
>>  713 F.2d 389, 392 (8th Cir. 1983). Although the "necessary incident to
>>  the rendition of his service" language has not been interpreted in the
>>  context of electronic communications, these cases concerning wire
>>  communications suggest that this phrase would likewise permit a system
>>  administrator to intercept communications in the course of repairing or
>>  maintaining a computer network.
>>
>>
>> **********************************************************************
>> For Listserv Instructions, see http://www.lawlists.net/cyberia
>> Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
>> Need more help? Send mail to: Cyberia-L-Request@...
>> **********************************************************************
>>
>
>
> **********************************************************************
> For Listserv Instructions, see http://www.lawlists.net/cyberia
> Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
> Need more help? Send mail to: Cyberia-L-Request@...
> **********************************************************************
>

> Thanks, a lot of the time its just a matter of finding the correct words.
>
> And my third question...  If the FBI hadn't tried to overreach, could it
> pay for systems to improve the speed and accuracy of service providers
> responding to government orders for business records normally collected
> in the course of business, e.g. could the FBI pay for high speed
> photocopiers at the service provider (or a whole fancy XML lawful
> order electronic processing system) to speed up copying records
> without changing existing court decisions about the privacy of those
> records?
>
> Service providers probably won't turn down money, but what strings can
> be attached?

>Sean, your gut feeling is correct.  You are thinking in 4th Amendment
>and even moreso "ECPA" terms - a specific statute controlling
>government and civil litigant access to various types of electronic
>records.  Michael Fisher's general comments on relevance and
>discover-ability are accurate at the 30k foot level, but do break down
>at the level you are talking about. Many categories of information
>clearly conveyed to a 2nd party, and even when conveyed by a 3rd
>party, retain statutory, and even constitutional, privacy protections
>that limit certain parties, including the govt., from accessing them
>in legal proceedings.
>
>
>Your initial post asks 2 good questions - especially in light of the
>ECPA provisions in 18 usc 2511.  The short answer to the 1st, I think,
>is that if the 2511 intercepts or records aren't kept or done
>i.o.c.o.b., they aren't i.o.c.o.b....  Other than common sense here,
>that opinion is also informed by the idea that acts done upon request
>of govt. agents are attributed not to the actor but the govt. for 4th
>Amendment privacy purposes.
>
>Your 2nd question - are new records "discoverable in private legal
>cases" is already answered to some degree by the federal discovery
>rules and other laws, including ECPA.  ECPA, for example, prohibits
>civil litigant access to email content, but allows for access to
>customer records like account #, address, billing info, etc.  While
>these new records would seem to add to the overall amount of
>potentially accessible info, existing laws already permit or deny
>access.
>
>
>
>On 7/26/07, Sean Donelan <sean@...> wrote:
>>On Wed, 25 Jul 2007, Michael S. Fischer wrote:
>>>  Are you confusing the business record exception, which is an
>>>  evidentiary rule pertaining to hearsay evidence, with discovery, which
>>>  is a rule of civil procedure?  Evidence may be discoverable yet
>>>  ultimately inadmissible.  The FRCP says that any evidence relating to
>>>  the claim or defense of any party is discoverable if not privileged.
>>>  To my knowledge there is no law interpreting Rule 26(b)(1) that limits
>>>  discovery only to those items a business was required to keep.
>>
>>I'm probably confused.  I was thinking more of the service provider
>>exclusion and records collected "necessary to the rendition of
>>his service."  If the government is paying service providers to
>>collect and keep those records, "just in case" the government
>>later wants to search them, are those records really necessary
>>to the rendition of the service?  And if not, does the subscriber
>>have a reasonable expectation of privacy the service provider isn't
>>collecting and keeping records in excess of those necessary?
>>
>>
>>See the discussion in the DOJ manual Prosecuting Computer Crimes:
>>
>>
>>http://www.cybercrime.gov/ccmanual/02ccma.html
>>
>>  The "necessary to the rendition of his service" clause of subsection
>>  2511(2)(a)(i) permits providers to intercept, use, or disclose
>>  communications in the ordinary course of business when interception is
>>  unavoidable. See United States v. New York Tel. Co., 434 U.S. 159, 168
>>  n.13 (1977) (noting that ' 2511(2)(a)(i) "excludes all normal telephone
>>  company business practices from the prohibition of [Title III]"). For
>>  example, a switchboard operator may briefly overhear conversations when
>>  connecting calls. See, e.g., United States v. Savage, 564 F.2d 728,
>>  731-32 (5th Cir. 1977); Adams v. Sumner, 39 F.3d 933, 935 (9th Cir.
>>  1994). Similarly, repairmen may overhear snippets of conversations when
>>  tapping phone lines in the course of repairs. See United States v. Ross,
>>  713 F.2d 389, 392 (8th Cir. 1983). Although the "necessary incident to
>>  the rendition of his service" language has not been interpreted in the
>>  context of electronic communications, these cases concerning wire
>>  communications suggest that this phrase would likewise permit a system
>>  administrator to intercept communications in the course of repairing or
>>  maintaining a computer network.
>>
>>
>>**********************************************************************
>>For Listserv Instructions, see http://www.lawlists.net/cyberia
>>Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
>>Need more help? Send mail to: Cyberia-L-Request@...
>>**********************************************************************
>>
>
>
>**********************************************************************
>For Listserv Instructions, see http://www.lawlists.net/cyberia
>Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
>Need more help? Send mail to: Cyberia-L-Request@...
>**********************************************************************

> At 9:48 AM -0400 26/7/07, Ethan Ackerman wrote:
> >Sean, your gut feeling is correct.  You are thinking in 4th Amendment
> >and even moreso "ECPA" terms - a specific statute controlling
> >government and civil litigant access to various types of electronic
> >records.  Michael Fisher's general comments on relevance and
> >discover-ability are accurate at the 30k foot level, but do break down
> >at the level you are talking about. Many categories of information
> >clearly conveyed to a 2nd party, and even when conveyed by a 3rd
> >party, retain statutory, and even constitutional, privacy protections
> >that limit certain parties, including the govt., from accessing them
> >in legal proceedings.
> >
> >
> >Your initial post asks 2 good questions - especially in light of the
> >ECPA provisions in 18 usc 2511.  The short answer to the 1st, I think,
> >is that if the 2511 intercepts or records aren't kept or done
> >i.o.c.o.b., they aren't i.o.c.o.b....  Other than common sense here,
> >that opinion is also informed by the idea that acts done upon request
> >of govt. agents are attributed not to the actor but the govt. for 4th
> >Amendment privacy purposes.
> >
> >Your 2nd question - are new records "discoverable in private legal
> >cases" is already answered to some degree by the federal discovery
> >rules and other laws, including ECPA.  ECPA, for example, prohibits
> >civil litigant access to email content, but allows for access to
> >customer records like account #, address, billing info, etc.  While
> >these new records would seem to add to the overall amount of
> >potentially accessible info, existing laws already permit or deny
> >access.
> >
> >
> >
> >On 7/26/07, Sean Donelan <sean@...> wrote:
> >>On Wed, 25 Jul 2007, Michael S. Fischer wrote:
> >>>  Are you confusing the business record exception, which is an
> >>>  evidentiary rule pertaining to hearsay evidence, with discovery, which
> >>>  is a rule of civil procedure?  Evidence may be discoverable yet
> >>>  ultimately inadmissible.  The FRCP says that any evidence relating to
> >>>  the claim or defense of any party is discoverable if not privileged.
> >>>  To my knowledge there is no law interpreting Rule 26(b)(1) that limits
> >>>  discovery only to those items a business was required to keep.
> >>
> >>I'm probably confused.  I was thinking more of the service provider
> >>exclusion and records collected "necessary to the rendition of
> >>his service."  If the government is paying service providers to
> >>collect and keep those records, "just in case" the government
> >>later wants to search them, are those records really necessary
> >>to the rendition of the service?  And if not, does the subscriber
> >>have a reasonable expectation of privacy the service provider isn't
> >>collecting and keeping records in excess of those necessary?
> >>
> >>
> >>See the discussion in the DOJ manual Prosecuting Computer Crimes:
> >>
> >>
> >>http://www.cybercrime.gov/ccmanual/02ccma.html
> >>
> >>  The "necessary to the rendition of his service" clause of subsection
> >>  2511(2)(a)(i) permits providers to intercept, use, or disclose
> >>  communications in the ordinary course of business when interception is
> >>  unavoidable. See United States v. New York Tel. Co., 434 U.S. 159, 168
> >>  n.13 (1977) (noting that ' 2511(2)(a)(i) "excludes all normal telephone
> >>  company business practices from the prohibition of [Title III]"). For
> >>  example, a switchboard operator may briefly overhear conversations when
> >>  connecting calls. See, e.g., United States v. Savage, 564 F.2d 728,
> >>  731-32 (5th Cir. 1977); Adams v. Sumner, 39 F.3d 933, 935 (9th Cir.
> >>  1994). Similarly, repairmen may overhear snippets of conversations when
> >>  tapping phone lines in the course of repairs. See United States v. Ross,
> >>  713 F.2d 389, 392 (8th Cir. 1983). Although the "necessary incident to
> >>  the rendition of his service" language has not been interpreted in the
> >>  context of electronic communications, these cases concerning wire
> >>  communications suggest that this phrase would likewise permit a system
> >>  administrator to intercept communications in the course of repairing or
> >>  maintaining a computer network.
> >>
> >>
> >>**********************************************************************
> >>For Listserv Instructions, see http://www.lawlists.net/cyberia
> >>Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
> >>Need more help? Send mail to: Cyberia-L-Request@...
> >>**********************************************************************
> >>
> >
> >
> >**********************************************************************
> >For Listserv Instructions, see http://www.lawlists.net/cyberia
> >Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
> >Need more help? Send mail to: Cyberia-L-Request@...
> >**********************************************************************
>
>