Slashdot Mirror
Save a Chatlog... Go to Prison?
Alien54 writes "You are engaged in a chat session with some friends and colleagues, when one of them makes a witty remark or imparts a pithy bit of information. You hit CTRL-A and select the conversation, then copy it to a document that you save. Under a little-noticed decision in a New Hampshire Superior Court in late February, these actions may just land you in jail. New Hampshire is "two-party consent state" -- one of those jurisdictions that requires all parties to a conversation to consent before the conversation can be intercepted or recorded. The decision is the first of its kind to apply that standard to online chats, and the ruling is clearly supported by the text of the law. But it marks a blow to an investigative technique that has been routinely used by law enforcement, employers, ISPs and others, who often use video tape or othermeans to track criminals in chat rooms. This also has troublesome implications [for employers] monitoring of email and other forms of electronic communications."
Well, I guess I better turn off Trillian Pro's logging by default....or at least have a macro sent to them when I start the conversation...
GeekWares - Buy and Download Today!
Have employees sign a paper saying they consent to email monitoring and the legal issues will disappear. Also, before entering a chat room, the user could have to check a box agreeing that conversations could be recorded. Maybe it's more complicated than that, I'm not sure if you need to acquire consent on a per-conversation basis or not.
iChat for Mac OS X has a feature that allows you to log all IM conversations automatically. I wonder if this kind of online communication is included in the NH decision.
Most IM software has a feature that turns on logging. I would think it would be assumed that someone in chat is keeping a log. It seems common sense not to say anything incriminating over chat. At least to me...
US Democracy:The best person for the job (among These pre-selected choices...)
Does anyone really think that this will make it impossible for police to record chats? They can tap a phone line without the consent of either party, so why wouldn't they be able to do the same here?
Dewey, what part of this looks like authorities should be involved?
This sounds an awful lot like a Your Rights Online topic.
This is the NFL, which stands for "Not For Long" if you keep making those bulls*** calls.
So, online games with logging to file features (Everquest, SWG, DAoC, etc) would fall under this ruling too? /tell features in the games should be considered as private as a chat session, this must suck.
I know people that have logged to text files and then to data base everything they have said and had said to them for 5+ years in some of these games. Considering that
Also considering that techsupport often asks for logs when reporting bugs/unusual behavior or cheating, would that make them accomplices after the fact?
This is probably already commonly covered with most employer Internet Usage Polices that employees are typically required to sign. I know that, with the larget companies for whom I've worked, I had to sign this policy that notified me that they could read my e-mail, monitor my Internet Usage and pusnish me for disobeying the policy. I'd bet this is enough notice to cover a case like that described in the blurb.
What the poster probably ment was monitoring employee use of company facilities. Personal or not you shouldn't expect or have any privacy while using company computers.
Anything that's public is takeable. If the police want someone's fingerprints, they may not be able to get them without a warrant, but they can snag the softdrink the person just tossed in the trash. The chat room is like a piece of paper someone has written a letter on then tossed out: now public domain. Once the person leaves a chat room (especially in something like IRC), the list is still there logged to your computer until you close the screen.
Interestingly enough, what about programs that log the chats automatically? I would have an easy time (I think) defending that trillian was logging without my knowledge as opposed to me physically copying a conversation without the other party's consent.
They are missing one crucial point here I think. A chat log is (usually) just a plain text file of the contents of a chat session. A file like this could easily be created by hand by anyone, at any time. Even when it's something more sophisticated than a text file, it can still be faked pretty easily.
So wouldn't a log like this be completely inadmissable in any court anyway? Wiretaps have been used for years on the premise that audio analysis can be used to unerringly establish the identity of the speaker. Chatlogs are simply a whole other kettle of fish.
I hear there's rumors on the Slashdots
Yeah, but I would think a video would make for better evidence, giving indications of the speed of the conversation, and guaranteeing that the contents of the conversation hadn't been edited, which could be done with any sort of flat-file logging.
Most IRC clients will buffer quite a few (thousands) of lines in RAM. Is this sort of recording different? What if it gets swapped to disk? What about systems with long average uptimes--if I just leave my IRC window open for a month (or leave it up through hibernate/resume cycles), have I recorded it? What if I have that conversation on a laptop, and try to get it admitted as evidence without ever powering it down? ("Hurry up, Your Honor, klaptop says I've got 30 minutes of battery life left!") What if I hibernate it and resume it in the courtroom? Then it's technically been written to a permanent storage medium, but only as an extension of a volatile one.
The law needs clear definitions to work well... I don't think it's a blow to privacy rights for participants to assume that anyone party to a text conversation can record it.
Spoken conversations are by definition transient--the sound is gone as soon as it happens. The law makes sense for those. But for text conversations, with backscroll and long buffers, it quickly becomes silly.
But the point here is that you may not be able to use this as evidence in court. While you may testify yourself to such events happening, it would be illegal for you to provide this evidence in many cases. The interesting tidbit from the article was that this happened to a guy using AOL's IM, and the evidence couldn't be used because a chat-logging app was installed over IM. But when it happened to another guy using ICQ, which had a default setting to log conversations, he had the conversation used against him in court, since it was reasonable to assume he knew it was being recorded. So now with your apps, it might come down to: does the average person know/expect that his actions are being recorded? Kind a weird loophole I think.
I think you should say giving the appearance that it has not been edited. Video taping the conversation means very little as you dont have any proof of when it is. You just play back an edited chat in front of the camera and it would look the same. You want a good log give me packet dumps from there end complete with any encryption there are firewalls that do that as a standard feature. Thats a lot harder to fake than some video tape of a computer and some cop. Granted I dont trust cops implicitly by definition there career is bosted by having a high arrest and conviction rate they have plenty of oppertunity and motive to alter evidence when they know they can get away with it. And before I get flames no not every cop is bad most probably arent but in something as serious as criminal charges I think they are not held to a high enough stnadard.
No sir I dont like it.
Technically, if you are at work and being paid, you shouldn't be doing anything personal. They're paying for you to be there, and they can demand / expect you to do what you are being paid for, not personal stuff. In fact, if you spend too much time doing personal things, they have the right to discipline, or even dismiss you.
Most companies I've worked for have a clause about "reasonable" personal business during work hours. It is okay to get a few calls from family or friends, but if you spend too much time, they have the right to tell you to curtail personal business. It is personally reasonable for an employer to expect you to be engaged in whatever activity they are paying you for while you are "on the clock"
Similarly, they are free to open your desk when you are not around. After all, the desk is theirs, not yours. (There was a court case about this several years ago, and the employee lost.)
Employers have the right to control what you do with the computers and phones they provide for you to do the work they are paying you for. You have no right to expect that you can use their equipment, bandwidth, office supplies, etc. for personal use.
Having said this, most employers realize that happy employees make better employees, which is why they allow "reasonable" personal use during working hours. At the same time, however, they need to monitor personal use to make sure this privilige is not being abused.
I don't see how this decision is going to stick. I really don't think it will. Has the EFF gotten involved in this yet?
I live in NYS and have my IM client set up to log ALL conversations. I consider it no different than saving an email.
People need to learn that ANYTHING they put on the internet might become public and/or stay there forever.
Of course it sounds like NH is screwed up anyways. Being able to record a conversation without someone else's knowedge is a standard CYA procedure. If it was easy, I would set it up so that all my phone conversations are automatically recorded as well.
It would be really useful, especially when a certain cellphone provider keeps sending you bills for an account AFTER you cancelled their service. How the hell is one supposed to bust jerks like that without recording the conversation?
Laws like this only encourage criminal conduct.
Life is too short to proofread.
Exactly what constitutes recording? Saving on magnetic media? Printing on paper? Storage in RAM? Storage in SRAM? Storage in human memory?
The answer is important, since chat software "saves" conversations in RAM, at least as long as the chat window is open. I can preserve a record of a chat session for as long as I want by simply not closing the window. Given that fact, I would expect that all chat sessions are recorded, and therefore use of chat software implies consent by all parties to record the session.
I suppose that if you're really concerned about this, you could strengthen that case by transmitting a statement immediately after starting a chat session along the lines of "This chat session may be recorded. If you do not consent to the recording of this session, disconnect from this session now."
IIRC apples ichat does this by default. looks like its time to call grandma and alert her to the breaking of the law by using that functionality.
<ranting>
seriously now, what are govt officials thinking? more recently about the gmail privacy issue (which is only made an issue by folks who dont understand it) and now this sillyness? and why is this post under the science section? yro maybe?
argh!
</ranting>
from the article: " Why should e-mail be any different? Why should VOIP? Why should IM? IRC? SMS? Either communications are private, or they are not. To the Internet, packets is packets. Maybe its time for the law to make up its mind."
IMO these mediums -should- be different bc they have different acuisition(sp?) methods.
lets take email and snailmail for example
to open another person mail is a crime. it involves using your hands or some tool to break the paper/cardboard that the item arrived in and view its contents.
to open another persons email is an invasion of privacy which may involve simply turning the computer on. (auto email checking that puts a cute icon on teh screen, grandma clicks it and voila)
IMO we need laws that accomodate and understand the technology, not make some half arsed RL relation to it.
besides, if you think that your plaintext sent IM messages are ensured to be private to only you and your intended recipient then you really need to learn about el interneto. if ppl want that then use encryption!
I believe that online chatting is analogous to the beep on the phone. I think the argument should be that online chatting is implied consent to record. The -vast- majority of chat programs save the chat logs, sometimes automatically (ie gaim). I think if the court is going to rule that ctrl+a pasting is recording, then the network card and associated drivers are also recording, though deleting as it passes. When does having something in memory become storage? Is there a nanosecond clause to that law? (If you have the data in memory for more than one ns, then you are copying/recording?) If so, then what about video buffers? It stays in the video buffer as 'text', or in the memory behind the textbox values until the window is closed. Anyway, like I said, i think the chat box should be the beep.
...is a failure to communicate.
This really only applies to police making logs of chats and then whether or not those logs hold up in court.
You aren't going to be prosecuted for keeping logs of all your online chat sessions. That is not what is in question here. Only time it matters is if your chat log could somehow be admissible as evidence in a criminal or civil court case.
I also doubt you'd get in trouble for posting bits and pieces of a chat log on the web somewhere either. Anyway, I wouldn't go posting "private" conversations online without all parties' consent. It's rude to do otherwise.
Also note, the article isn't about IRC here, but ICQ and AOL which are one on one chat clients for the most part. The law is talking about "private" conversations.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
Where does the "chat" happen?
is it in the jurisdiction of the server, or the chat client, if in the client side, which client? the operator of the IRC channel for instance.
If its the operator, which one?
as is said, the devil is in the details.
"expectation of privacy"
In a public forum, there is no expectation of privacy. People may record what you say. Get over it.
How's my programming? Call 1-800-DEV-NULL
All communications from/to anyone in a company are to be logged. Email, IM, chat etc are logged for auditors and lawyers perusal. Otherwise that is where the important memos will be posted.
By viewing contents on [your website here], you consent to monitoring and logging.
Looks like a universal EULA similar to the above is needed just to not find oneself in violation of the law for logging anything.
What those who want activist courts fear is rule by the people.
And another thing:
When you're on the telephone you have no presumption that your conversation is being recorded.
Unless maybe you're talking into an answering machine or voicemail box, or have otherwise been informed that you are being recorded.
When you're sending data on the computer, you know, because you've been told again and again that THE INTERNET IS NOT SECURE, that anything you transmit may be intercepted, recorded, retransmitted, stored, parsed, decrypted, or otherwise coopted. Your rights in this regard can be presumed to be limited to those you would have if you know someone has a legal copy of a document. Anything else the law has done to expand those rights is based on a fundamental failure to understand the fact that THE INTERNET IS NOT SECURE.
I.e., it's not the copying and storing that's a problem. It's the uncopyrighted duplication to repeat to others that's a problem. Original copies are, as always, free to be transferred to others (and if they are, by law, not, then the law is, as always, a ass). But here's a hint for all the lawyers out there: the act of transferring a copy from hard disk to floppy disk is copying, and copying more than once, in the various hardware in the machine; destroying the copy on the hard disk doesn't change that; so you might have an out.
How do you get around the fact that the IM chat is immediately recorded (by definition) when it appears in your IM application?
What about implied consent? Since you know by using the IM application that your conversation is automatically being recorded in the other party(or parties) IM application, doesn't that necessarily mean that you have consented to its recording?
I think so, and I think this decision is just one that will be dismissed or criticised when this issue is briefed before the majority of courts in other jurisdictions. It is a NH state decision - it has no force anywhere else.....
--Kobayashi--
No, because implicit in the agreement that everyone makes with Slashdot when posting is permission for Slashdot to reproduce and store the post upon their servers.
That means that even if it is a conversation, permission has already been given to Slashdot, at least, to copy and record it.
So, for example, I can't sue Slashdot for reproducing my words here, because my post is indication of my consent to have them reproduced.
But if you save a copy, I could potentially accuse you of copyright infringment, because I have only granted Slashdot a right to reproduce.
But fair use would cover that, probably, and I license this post under the Creative Commons Attribution-ShareAlike License
But do note that copyright is a separate issue from the chat logging issue.
(Dang, I sound like a stinkin' lawyer!) IANAL.
Fellowship 9/11
FUD. This law requires that both parties consent to monitoring. That's what an employee agreement is- a documented form of consent.
So how is this different from a physical letter, in which the consent of the sender is presumed?
So what you're doing isn't copying their conversaiont - you're making another copy of a pre-existing copy which they consented to.
I believe this is the logic used in reference to voice mail/answering machines, where it was by nature recorded and it had to be supposed that a third party could hear it.
What confuses me is that this is listed under a "wiretap" law; my understanding (common understanding?) is that a wiretap is a "man in the middle" attack where a third party "eavesdrops" on a conversation. In this case, they are applying it to one party recording their conversation with a second party. While they may want to prohibit this (two party consent) it really is separate from wiretapping.
Someone asked if I had patched against MSBlast; I said yes, I installed Linux.
AIM, YIM, and the like should still be disallowed.
I've worked in an environment where we were pretty scattered and reliant on IM too. But we had a private IRC server set up on-site, and behind our firewall. AIM, YIM, and so on, route their messages through the 'net at large, and through servers owned by AOL, Yahoo, and so on. That's a very BAD thing if there's even a CHANCE that you'll pass along code snippets or discuss confidential company information.
cya,
john
Imagine all the people...
This kind of thing would never be an issue with postal mail, because a tangible copy is made. By convention this is assumed to be true of email. Instant messaging blurs the lines. Thanks to the wonders of internet technology, we have modes of communication inherently unlike anything contemplated by legislative bodies at the time of the writing of these laws.
What do appeals courts generally do to convictions based on laws that weren't written with the circumstances of the alleged crime in mind? They generally throw them out. Lets hope this holds, and also badger our legislators to allow recording of communications by those known by the speaker to be receiving them. Two-party consent lets the powerful screw over the little people and not be held accountable for it. It's arguably a first amendment violation, though apparently nobody has argued that lately, or at least not convincingly.
WARNING: there is a trojan on your
I'm no constitutional scholar, but shouldn't the issue of whether participants have a right of privacy in this case be dependent on whether they have a reasonable expectation of privacy? It seems at least arguable that they don't.
Shop as usual. And avoid panic buying.
Well the judge is wrong. The protocol itself makes no attempt to allow or block recording, but another application by the same company (ICQ) can talk to the same network and includes a history function. That's a pretty damn fine hair to split if you are going to throw someone in jail. I can see not allowing police officials to introduce such a log without a court issued warrant but I can not see making it a crime to record a medium which is by nature not secure.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I'm sure certain individuals in government would love to prevent all permanent records of their statements.
Like Scalia barring reporters from recording his speeches?
Freedom: "I won't!"