The new "anti-terrorist" legislation signed into law at the end of October and popularly known as the "USA-Patriot Act" creates some new exceptions to the Electronic Communications Privacy Act of 1986. This message outlines these new exceptions and states the OIT/CIT departmental procedures associated with that new legislation. This message governs only the Office of Information Technologies and Cornell Information Technologies.
The Electronic Communications Privacy Act (ECPA) makes the knowing "disclosure of contents," of any transmitted or stored contents of a communication illegal. A number of exceptions already existed to that rule, including for law enforcement under authorized conditions such as a search warrant, subpoena, or court order. The USA-Patriot Act has added another section, "required disclosures" involving law enforcement that expands the scope of obtainable material and the grounds upon which law enforcement may obtain and serve these authorizations.
Should an individual or individuals representing themselves as law enforcement agents approach you and ask you to provide the content of electronic communication or any information about users of or traffic on the Cornell network with or without any form of written authorization, do not disclose any information. Contact either the OIT/CIT security coordinator or the policy advisor. If they are unavailable, please contact the vice president of information technologies. OIT will make the necessary communication to Counsel's Office.
Section 212 of the USA-Patriot Act amends ECPA by adding a new voluntary disclosure exception for emergency situations.
Under this exception, if a provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of certain information without delay, the provider may disclose that information to a law enforcement agency.
Should you, in the course of business, reasonably believe that you have accessed information about an emergency involving immediate danger of death or serious physical injury, contact the campus police immediately. After contacting the campus police, please report that contact and underlying information immediately to the security coordinator and/or policy advisor of OIT/CIT. If they are unavailable, please contact the vice president of information technologies.
Under the USA-Patriot Act owners or operators of electronic systems may authorize federal law enforcement to investigate computer trespass. A computer trespasser is defined as a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.
Any member of OIT/CIT who knows or believes that their system or systems have been compromised by a computer trespasser and who would like to have law enforcement investigate the matter, should first report this request to either the OIT/CIT security coordinator or policy advisor who will decide whether to contact law enforcement.
If you have any questions about these procedures, please write it-policies@cornell.edu or contact the policy advisor at 4-3584.
For more about this topic, please visit our USA Patriot Act page.
