Computer crime defense is serious in Florida. Assume you are a company employee or corporate officer in a Florida based business and are tasked with the job of reviewing the work email account of a terminated employee. Everyone believes the fired employee might have made off with trade secrets and passed them on to competitors in order to get himself a new job. A look at the corporate email account is no problem because the computers from which the emails are generated, the servers on which they are stored and sent, and the network that services the communications all belong to the company. An employee, whether current or former, cannot be seen to have privacy rights in company owned and processed information. Any privacy rights are held by the corporation itself. But assume further that in a number of emails found on the employee’s company account it appears he has sent himself emails from a personal account. Within those emails there is a link to access the personal email account. The personal email account may contain valuable evidence of former employee’s wrongdoing. Do you commit a crime for which you and your employer may be liable if you access the personal account?
Computer Crime Defense
Florida Statutes §934.01 et seq. is known as the Security of Communication Act. “The purpose of the Security of Communications Act is to protect every person’s right to privacy and to prevent the pernicious effect on all citizens who would otherwise feel insecure from private conversations and communications.” See, O’Brien v. O’Brien, App. 5 Dist., 899 So. 2d 1133 (2005).
- Section 934.03 prohibits the interception and disclosure of wire, oral or electronic communications. The statute provides as follows:
(1) Except as otherwise specifically provided in this chapter, any person who:
(a) Intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept any wire, oral, or electronic communication;
(b) Intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication when:
1. Such device is affixed to, or otherwise transmits a signal through, a wire, cable, or other like connection used in wire communication; or
2. Such device transmits communications by radio or interferes with the transmission of such communication;
(c) Intentionally discloses, or endeavors to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection;
(d) Intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; shall be punished as provided in subsection (4).
(4) Penalties- A violation of subsection (1) constitutes a felony of the third degree and carries a maximum term of imprisonment of 5 years and a maximum fine of $5,000.00.
Furthermore, the Act defines certain terms for guidance including:
(1) “Wire communication” means any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception including the use of such connection in a switching station furnished or operated by any person engaged in providing or operating such facilities for the transmission of intrastate, interstate, or foreign communications or communications affecting intrastate, interstate, or foreign commerce.
(3) “Intercept” means the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.
“Electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic, or photooptical system that affects intrastate, interstate, or foreign commerce.
In O’Brien v. O’Brien, 899 So. 2d 1133 (2005), an action for divorce, the District Court of Appeal of Florida, Fifth District, held that a wife had illegally intercepted her husband’s electronic communications with another woman via email within the meaning of the Security of Communications Act. The question was whether in order to be intercepted, electronic communications must be acquired contemporaneously with transmission or merely retrieved from storage. Finding no state precedents on the matter, the Florida court looked for guidance to the Federal Wiretap Act, 18 United States Code after which Fl. St. 943.01 et seq. is modeled.
Most federal courts have held that “electronic communications, in order to be intercepted, must be acquired contemporaneously with transmission and that electronic communications are not intercepted within the meaning of the Federal Wiretap Act if they are retrieved from storage.” See United States v. Steiger, 318 F.3d 1039 (11th Cir.), cert. denied, 538 U.S. 1051, 123 S. Ct 2120 (2003). The spyware program used by the wife intercepted and copied her husband’s messages as they were being sent, therefore constituting “intercepted” communications. Thus, it is unlikely that access to stored emails would be viewed as interception.
However, §934.21 entitled “Unlawful Access to Stored Communications” defines criminal liability as follows:
(1) Except as provided in subsection (3), whoever:
(a) Intentionally accesses without authorization a facility through which an electronic communication service is provided, or
(b) Intentionally exceeds an authorization to access such facility, and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (2).
(2) The punishment for an offense under subsection (1) is as follows:
(a) If the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain, the person is:
1. In the case of a first offense under this subsection, guilty of a misdemeanor of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 934.41.
2. In the case of any subsequent offense under this subsection, guilty of a felony of the third degree, punishable as provided in s. 775.082, s. 775.083, s. 775.084, or s. 934.41.
(b) In any other case, the person is guilty of a misdemeanor of the second degree, punishable as provided in s. 775.082 or s. 775.083.
(3) Subsection (1) does not apply with respect to conduct authorized:
(a) By the person or entity providing a wire or electronic communications service;
(b) By a user of a wire or electronic communications service with respect to a communication of or intended for that user; or
(c) In s. 934.09, s. 934.23, or s. 934.24. (Law enforcement exceptions, text added by author)
Thus, it appears that without authorization, access in the scenario described could constitute a misdemeanor. However, could the company and its officers and employees be considered a “user” of the personal email communications service of the former employee because he voluntarily included access to his personal account on his office computer by way of the emails he sent to himself? This might be too much of a stretch to risk, particularly if litigation looms on the horizon. Clearly the better course would be to seek the emails by way of discovery in the course of any lawsuit that might arise. Self-help under these circumstances could back fire in a disastrous way. Clearly, it is best to seek the advice of outside counsel well acquainted with computer crime, computer crime defense, and laws prohibiting or authorizing access to electronic data.