Slashdot Mirror
Save a Chatlog... Go to Prison?
Alien54 writes "You are engaged in a chat session with some friends and colleagues, when one of them makes a witty remark or imparts a pithy bit of information. You hit CTRL-A and select the conversation, then copy it to a document that you save. Under a little-noticed decision in a New Hampshire Superior Court in late February, these actions may just land you in jail. New Hampshire is "two-party consent state" -- one of those jurisdictions that requires all parties to a conversation to consent before the conversation can be intercepted or recorded. The decision is the first of its kind to apply that standard to online chats, and the ruling is clearly supported by the text of the law. But it marks a blow to an investigative technique that has been routinely used by law enforcement, employers, ISPs and others, who often use video tape or othermeans to track criminals in chat rooms. This also has troublesome implications [for employers] monitoring of email and other forms of electronic communications."
MIST : May I Save This ?
theefer
I wonder if Hotwarg vs. the US from 1967 will have a direct bearing on this - it addressed a very similar issue for phone conversations.
Well, I guess I better turn off Trillian Pro's logging by default....or at least have a macro sent to them when I start the conversation...
GeekWares - Buy and Download Today!
...from my teletype. LOL. Laters.
...a "chat" or "conversation" include a bulletin-board-like site like Slashdot?
Am I violating it by saving this webpage (once it has gained enough commentary)? How about a mirror of it?
Have employees sign a paper saying they consent to email monitoring and the legal issues will disappear. Also, before entering a chat room, the user could have to check a box agreeing that conversations could be recorded. Maybe it's more complicated than that, I'm not sure if you need to acquire consent on a per-conversation basis or not.
you better not be contributing to bash.org.
Ceci n'est pas une signature
Every web application I create logs transactions, IP/datestamp, and chat transcripts (when applicable). If there's an information leak somewhere, or a crime has been committed, we can track it down.
In Texas, as long as one party knows the conversation is being recorded, it's legal.
As long as you're not keylogging someone else's conversation, doing what the article mentions is legal.
But one question: Why is this under the Science category and not under Privacy?
Cruising the internet on my TI-99/4A @ a whopping 300 baud!
so, Posting IM conversations with random morons can get people in trouble? Where's the justice?
iChat for Mac OS X has a feature that allows you to log all IM conversations automatically. I wonder if this kind of online communication is included in the NH decision.
Some chat software automatically saves chatlogs. ICQ and Yahoo allow offline messaging, and act as 3rd-party brokers of the conversation. I can't see this standing up under further judicial scrutiny.
Linux: Free if your time is worthless.
If the decision stands, do we wring our hands over the "loss of a freedom"? Or if the decision is overturned, do we wring our hands over "unprecedented police powers"?
Only certain thing is that Bush will be blamed for it either way...
Most IM software has a feature that turns on logging. I would think it would be assumed that someone in chat is keeping a log. It seems common sense not to say anything incriminating over chat. At least to me...
US Democracy:The best person for the job (among These pre-selected choices...)
Does anyone really think that this will make it impossible for police to record chats? They can tap a phone line without the consent of either party, so why wouldn't they be able to do the same here?
Dewey, what part of this looks like authorities should be involved?
Under the Sarbanes-Oxley act employers are required to monitor and archive all electronic communications. There was an article about this the other day over at El Reg.
So, in New Hampshire, it sounds like employers must either not comply with Sarbanes-Oxley or must be guilty of illegal wiretapping. Or am I missing something?
This sounds an awful lot like a Your Rights Online topic.
This is the NFL, which stands for "Not For Long" if you keep making those bulls*** calls.
So, online games with logging to file features (Everquest, SWG, DAoC, etc) would fall under this ruling too? /tell features in the games should be considered as private as a chat session, this must suck.
I know people that have logged to text files and then to data base everything they have said and had said to them for 5+ years in some of these games. Considering that
Also considering that techsupport often asks for logs when reporting bugs/unusual behavior or cheating, would that make them accomplices after the fact?
This is probably already commonly covered with most employer Internet Usage Polices that employees are typically required to sign. I know that, with the larget companies for whom I've worked, I had to sign this policy that notified me that they could read my e-mail, monitor my Internet Usage and pusnish me for disobeying the policy. I'd bet this is enough notice to cover a case like that described in the blurb.
What the poster probably ment was monitoring employee use of company facilities. Personal or not you shouldn't expect or have any privacy while using company computers.
Anything that's public is takeable. If the police want someone's fingerprints, they may not be able to get them without a warrant, but they can snag the softdrink the person just tossed in the trash. The chat room is like a piece of paper someone has written a letter on then tossed out: now public domain. Once the person leaves a chat room (especially in something like IRC), the list is still there logged to your computer until you close the screen.
Interestingly enough, what about programs that log the chats automatically? I would have an easy time (I think) defending that trillian was logging without my knowledge as opposed to me physically copying a conversation without the other party's consent.
They are missing one crucial point here I think. A chat log is (usually) just a plain text file of the contents of a chat session. A file like this could easily be created by hand by anyone, at any time. Even when it's something more sophisticated than a text file, it can still be faked pretty easily.
So wouldn't a log like this be completely inadmissable in any court anyway? Wiretaps have been used for years on the premise that audio analysis can be used to unerringly establish the identity of the speaker. Chatlogs are simply a whole other kettle of fish.
I hear there's rumors on the Slashdots
New Hampshire residents won't have to {ASSASSINATE BUSH} worry about the Feds going after them for {ANTHRAX} setting off {A BOMB} certain designated keywords in IRC.
Most IRC clients will buffer quite a few (thousands) of lines in RAM. Is this sort of recording different? What if it gets swapped to disk? What about systems with long average uptimes--if I just leave my IRC window open for a month (or leave it up through hibernate/resume cycles), have I recorded it? What if I have that conversation on a laptop, and try to get it admitted as evidence without ever powering it down? ("Hurry up, Your Honor, klaptop says I've got 30 minutes of battery life left!") What if I hibernate it and resume it in the courtroom? Then it's technically been written to a permanent storage medium, but only as an extension of a volatile one.
The law needs clear definitions to work well... I don't think it's a blow to privacy rights for participants to assume that anyone party to a text conversation can record it.
Spoken conversations are by definition transient--the sound is gone as soon as it happens. The law makes sense for those. But for text conversations, with backscroll and long buffers, it quickly becomes silly.
Is email considered a telecommunications medium? If I'm a two-party consent state, and someone sends me an email without included or implied permission to save it, am I required to delete it from my server and my hard drive after I've read it?
Hey, couldn't this be used to fight off an RIAA lawsuit? Could making a record of a Kazaa user's IP address without that user's consent be illegal in a two-party consent state?
You are in error. No-one is screaming. Thank you for your cooperation.
If the program has a "Save function" then the Judge ruled the user has a lower expectation of privacy than if the program doesn't have a "Save function".
The case at hand involved software that didn't have a built-in save function, but the cop used a camcorder and another software package to record the session.
--Rob
This is downright welcome! Some portion of you are going to consider this flamebait, but shouldn't online chat be held to the same restrictions that other conversations are?
If we had the easy ability to do audio searches, would there be phones that recorded a history of the last n hours of conversation you had? Just because you can do something doesn't mean you should...
This whole thing is ridiculous. Some IM systems (MS Messenger comes to mind) automagically save all of your chats, whether you specify it or not. In fact, prolly most users don't even realize that they are being saved. Are all users of that software to be immediately jailed?
How does this apply to someone using a printer instead of a monitor, such that the printer prints out every line of the conversatino as it happens?
Technically, if you are at work and being paid, you shouldn't be doing anything personal. They're paying for you to be there, and they can demand / expect you to do what you are being paid for, not personal stuff. In fact, if you spend too much time doing personal things, they have the right to discipline, or even dismiss you.
Most companies I've worked for have a clause about "reasonable" personal business during work hours. It is okay to get a few calls from family or friends, but if you spend too much time, they have the right to tell you to curtail personal business. It is personally reasonable for an employer to expect you to be engaged in whatever activity they are paying you for while you are "on the clock"
Similarly, they are free to open your desk when you are not around. After all, the desk is theirs, not yours. (There was a court case about this several years ago, and the employee lost.)
Employers have the right to control what you do with the computers and phones they provide for you to do the work they are paying you for. You have no right to expect that you can use their equipment, bandwidth, office supplies, etc. for personal use.
Having said this, most employers realize that happy employees make better employees, which is why they allow "reasonable" personal use during working hours. At the same time, however, they need to monitor personal use to make sure this privilige is not being abused.
This maybe be true in some countries, but there are different views on this subject. Eg. in many European countries it's illegal for the employer to open and read employees (personal) emails. Electronic mail is viewed to fall under the same kind of privacy as conventional mail.
"There is a terrorist behind every bush"
I don't see how this decision is going to stick. I really don't think it will. Has the EFF gotten involved in this yet?
I live in NYS and have my IM client set up to log ALL conversations. I consider it no different than saving an email.
People need to learn that ANYTHING they put on the internet might become public and/or stay there forever.
Of course it sounds like NH is screwed up anyways. Being able to record a conversation without someone else's knowedge is a standard CYA procedure. If it was easy, I would set it up so that all my phone conversations are automatically recorded as well.
It would be really useful, especially when a certain cellphone provider keeps sending you bills for an account AFTER you cancelled their service. How the hell is one supposed to bust jerks like that without recording the conversation?
Laws like this only encourage criminal conduct.
Life is too short to proofread.
The test seems to be whether the recording capability is part of the instant messaging software itself (in which case it may be legal to record) or whether it is an add-on, and therefore an unlawful recording.
So the Slashdot article is somewhat skewed. The chatlog isn't illegal. And I wouldn't be too upset, since the process the officer used involved video screen capture, as well as cutting and pasting, to get into a final document.
As far as chatlogs go, it's generally understood that written correspondence (mail, etc.) is owned by the one who receives it. I'd be surprised to see chatrooms fall outside that rule of thumb.
>MIST: May I Save This?
CROW: No, you may not!
JOEL: Now Crow, don't forget, the user has rights too.
TOM: Nein! Jauhrtausand hand und garnele! Das userkind - they have no rights in this police state!
JOEL: Tom, that has absolutely no releveance whatsoever.
TOM: But it sure is fun to say it!
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Modify your IM client so that when you start a new session with someone a message is automatically sent saying:
"BY ENTERING THIS CHAT, YOU ARE AWARE THAT WHAT YOU SAY CAN BE RECORDED AND SAVED TO DISK. IF YOU DO NOT CONSENT, PLEASE END THIS CHAT."
IANAL, but I think this would be sufficient under the current laws that we have that regulate wiretapping.
Maybe I should code up a patch for GAIM...
"as part of his official duties, Detective Frank Warchol of the Portsmouth, New Hampshire Police Department signed on to a chat room on America Online, posing as a fourteen-year-old girl "Okay, repeat after me..
There are few horny women in chat rooms.
There are fewer horny non-male women in channel.
The are even fewer horny non-male under 50 years of age women in channel.
Okay.. that leaves 1 left..
MOM! WTF are you doing online!!!
Exactly what constitutes recording? Saving on magnetic media? Printing on paper? Storage in RAM? Storage in SRAM? Storage in human memory?
The answer is important, since chat software "saves" conversations in RAM, at least as long as the chat window is open. I can preserve a record of a chat session for as long as I want by simply not closing the window. Given that fact, I would expect that all chat sessions are recorded, and therefore use of chat software implies consent by all parties to record the session.
I suppose that if you're really concerned about this, you could strengthen that case by transmitting a statement immediately after starting a chat session along the lines of "This chat session may be recorded. If you do not consent to the recording of this session, disconnect from this session now."
I really don't think this will pose much of a problem to employers, since they will undoubtedly already have a clause in either their computer/Internet use policy or your contract stating that either all of your work is the property of the Company, or any communication using Company-owned computing resources is the property of the company. And if you don't agree, then you either don't sign or don't use the Internet at work.
Of course, in a smaller company where this is undefined, this kind of monitoring may pose a problem under this law... but otherwise I think that police surveillance is what is primarily going to be affected, not employer policies.
IIRC apples ichat does this by default. looks like its time to call grandma and alert her to the breaking of the law by using that functionality.
<ranting>
seriously now, what are govt officials thinking? more recently about the gmail privacy issue (which is only made an issue by folks who dont understand it) and now this sillyness? and why is this post under the science section? yro maybe?
argh!
</ranting>
from the article: " Why should e-mail be any different? Why should VOIP? Why should IM? IRC? SMS? Either communications are private, or they are not. To the Internet, packets is packets. Maybe its time for the law to make up its mind."
IMO these mediums -should- be different bc they have different acuisition(sp?) methods.
lets take email and snailmail for example
to open another person mail is a crime. it involves using your hands or some tool to break the paper/cardboard that the item arrived in and view its contents.
to open another persons email is an invasion of privacy which may involve simply turning the computer on. (auto email checking that puts a cute icon on teh screen, grandma clicks it and voila)
IMO we need laws that accomodate and understand the technology, not make some half arsed RL relation to it.
besides, if you think that your plaintext sent IM messages are ensured to be private to only you and your intended recipient then you really need to learn about el interneto. if ppl want that then use encryption!
I believe that online chatting is analogous to the beep on the phone. I think the argument should be that online chatting is implied consent to record. The -vast- majority of chat programs save the chat logs, sometimes automatically (ie gaim). I think if the court is going to rule that ctrl+a pasting is recording, then the network card and associated drivers are also recording, though deleting as it passes. When does having something in memory become storage? Is there a nanosecond clause to that law? (If you have the data in memory for more than one ns, then you are copying/recording?) If so, then what about video buffers? It stays in the video buffer as 'text', or in the memory behind the textbox values until the window is closed. Anyway, like I said, i think the chat box should be the beep.
...is a failure to communicate.
This really only applies to police making logs of chats and then whether or not those logs hold up in court.
You aren't going to be prosecuted for keeping logs of all your online chat sessions. That is not what is in question here. Only time it matters is if your chat log could somehow be admissible as evidence in a criminal or civil court case.
I also doubt you'd get in trouble for posting bits and pieces of a chat log on the web somewhere either. Anyway, I wouldn't go posting "private" conversations online without all parties' consent. It's rude to do otherwise.
Also note, the article isn't about IRC here, but ICQ and AOL which are one on one chat clients for the most part. The law is talking about "private" conversations.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
I'm in the UK so it probably will not affect me, but how does this law interact with this ? IM Monitoring
..another clause that the *employee* must inform and get consent from all parties that he engages in conversation with, that the communication is monitored. Since the employee is part of the firm, the firm can claim clean hands "according to company policy, consent should have been acquired".
Of course, it's CYA of the worst sort. But it should let the company continue monitoring employees just like they do today. If someone complains, well you can probably blame the employee (read: scapegoat).
Kjella
Live today, because you never know what tomorrow brings
Where does the "chat" happen?
is it in the jurisdiction of the server, or the chat client, if in the client side, which client? the operator of the IRC channel for instance.
If its the operator, which one?
as is said, the devil is in the details.
"expectation of privacy"
In a public forum, there is no expectation of privacy. People may record what you say. Get over it.
How's my programming? Call 1-800-DEV-NULL
When you're using a chat, the conversation is already captured and recorded.
It's merely deleted when it reaches the end of the buffer. But if the buffer is a ream of tractor-feed paper, it's only deleted when the paper is destroyed.
Lawyers really need to learn how computers work, and stop mooting themselves by presuming technical unrealities.
By viewing contents on [your website here], you consent to monitoring and logging.
Looks like a universal EULA similar to the above is needed just to not find oneself in violation of the law for logging anything.
What those who want activist courts fear is rule by the people.
FUD. This law requires that both parties consent to monitoring. That's what an employee agreement is- a documented form of consent.
So how is this different from a physical letter, in which the consent of the sender is presumed?
So what you're doing isn't copying their conversaiont - you're making another copy of a pre-existing copy which they consented to.
AIM, YIM, and the like should still be disallowed.
I've worked in an environment where we were pretty scattered and reliant on IM too. But we had a private IRC server set up on-site, and behind our firewall. AIM, YIM, and so on, route their messages through the 'net at large, and through servers owned by AOL, Yahoo, and so on. That's a very BAD thing if there's even a CHANCE that you'll pass along code snippets or discuss confidential company information.
cya,
john
Imagine all the people...
"well you can probably blame the employee"
IANAL, and I don't have any knowledge about how this works in other countries, but in the US, I don't think that will fly in a court of law. The employee is an agent of the company. If the employee fails to get the permission, an agent of the company failed to get permission. Therefore, it's the company's fault (respondeat superior). I.e. companies are responsible for hiring employees, so they are responsible for the employees' actions.
I know that after knee surgery my father was not able to return to work when he felt ready because they were concerned that he might reinjure his knee on work time (the original injury was not work related). Even if *he* had been at fault, they would have been liable if he was on work time.
CYA of this sort only works inside a corporation. It has no weight in a court case, AFAIK.
A better solution is to simply automatically inform anyone who connects that the conversation is being recorded (in the log file) and direct them to other methods of conversation if this is unacceptable. A buddy list request response might be able to handle this (if you only accept messages from someone on your buddy list; those not on it have to send you a request to be on it).
DO you give implicit permission to record buddy requests that you make? If not, then how could they add you to the buddy list (doesn't that record it)?
This kind of thing would never be an issue with postal mail, because a tangible copy is made. By convention this is assumed to be true of email. Instant messaging blurs the lines. Thanks to the wonders of internet technology, we have modes of communication inherently unlike anything contemplated by legislative bodies at the time of the writing of these laws.
What do appeals courts generally do to convictions based on laws that weren't written with the circumstances of the alleged crime in mind? They generally throw them out. Lets hope this holds, and also badger our legislators to allow recording of communications by those known by the speaker to be receiving them. Two-party consent lets the powerful screw over the little people and not be held accountable for it. It's arguably a first amendment violation, though apparently nobody has argued that lately, or at least not convincingly.
WARNING: there is a trojan on your
I think we need more people like this.
I mean, no, I don't want to be put in jail for saving a chat log, but I do believe that this type of thinking promotes freedom. You would have the freedom of saying something to a friend on IRC without worrying that someone is going to use it against you.
In a country where the laws keep on getting more crappy for joe american, we need protection.
- It's not the Macs I hate. It's Digg users. -
You would have the freedom of saying something to a friend on IRC without worrying that someone is going to use it against you.
If you don't trust your friend, why are you telling him your secrets in the first place? Even if it's somehow possible to prevent him from saving the transcript, there's no way you can stop him from "using it against you".
In a country where the laws keep on getting more crappy for joe american, we need protection.
On the other hand, I see great potential for abuse. I'm sure certain individuals in government would love to prevent all permanent records of their statements.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
I guess it's too late to get modded up, but what the heck.
New Hampshire, 2004. Brains are now officially forbidden in New Hampshire, said House spokesman Turner. The recent court decision forbidding recording equipment from capturing chat logs has essentially extended the ban on everything, from pen and paper to modern human brains. "This shouldn't cause too much problem, only a few people still had brains in working order within the state, anyway", said spokesman Turner. "Although you can still possess brains, you are forbidden to use them for recording any kind of information, so complete lobotomy is probably the only option unless you can produce a medical certificate to the effect that your brain is incapable (permanently or temporarily) of recording memories." The main character from Memento was recently seen in the state, and the state governor has announced plans to convert the state into a giant hospital for taking care of alzheimer patients - if he can remember giving the order.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
I'm no constitutional scholar, but shouldn't the issue of whether participants have a right of privacy in this case be dependent on whether they have a reasonable expectation of privacy? It seems at least arguable that they don't.
Shop as usual. And avoid panic buying.
Way to tamper with evidence. You might have wanted to post that anonymously....
I wonder if it would be legal if you put a diclamer in your AOL or AIM profile that says "by IMimg me you give consent to have the conversation logged".
Since profiles are public and easily veiwed I think it would be fair warning.
If you say you have DeadAIM in your profile, which logs by default, then wouldn't that also be fair warning.
The only people who aren't able to view profiles are using third party clients, which use auto-logging anyway.
Well, actually the party consent is considered under federal wiretapping laws and mimicked with state laws. All but 12 states have one-party consent law where only one member of the conversation must consent to the recording. 12 state have an all-party consent law where all members of the conversation must consent to the recording. There is no such thing as a two-party consent law. I had this discussion earlier this week so it's very fresh in my mind. Google for "one party consent wiretap."
Ok, is this going to be realistically possible to police? I mean, I live in the UK, and as far as I know, there is no such law here. So if I record a chat with someone who's in New Hampshire... What then? If I am liable in this situation, how do I know whether or not the person I'm talking to is in a state with these laws? Also, I have MSN Messenger set up to automatically save a log (great since my cousin sends me URLs to all kinds of stuff, and it's nice to be able to get to them once the chat is closed). Am I potentially breaking the law? I'd probably say that anyone who signs onto a chat room implicitly gives their consent to have their messages recorded.
For me they'd probably apply the maximum sentence. I not only log my conversations, I also parse them with a Perl script and store them in a mySQL database.
This is because I have a rather bad memory, and it also comes very handy sometimes. For example, it's useful to find URL that appeared in a conversation, find what exactly somebody said about some subject without having to dig in all my logs (having 4 different places with logs is quite a nuisance), and it's especially useful to find things like birthdays and addresses.
I think the current database has somewhere about 100K rows.
I'm sure certain individuals in government would love to prevent all permanent records of their statements.
Like Scalia barring reporters from recording his speeches?
Freedom: "I won't!"
What if I take a real chat session and change the names? Heck, real chat sessions don't even have real names; Can Munkygurl69 show me some legal ID with that name on it?
What if some hacker put those logs there! Seems like some California judge got off on some sort of child porn charges by claiming it was put there [actually he got off because the search of his computer was illegal - but the claim was hey, if this guy could break into my computer and "search" it, why couldn't he have put the stuff there!]
If you leave an open wireless connection can you then plausibly deny anything coming from your IP address was necessarily "you"? Isn't it like those red-light cameras - if the driver doesn't come out in the picture, they only know that it was your car, but can't prove you went thru the light.
This issue is a bit more complicated than you think.