Anyone know why a website would seek protection under 18USC2511?

jkmassey · October 21, 2007, 02:11:27 AM

I was just perusing some wing web sites and found the following statement on the FL Wing one at http://flwg.us/eservices/Login.asp which includes the statement:

"WARNING: The information you are receiving is protected from interception or disclosure. Any person who intentionally distributes, reproduces or discloses its contents is subject to the penalties set forth in 18 United States Code Section 2511 and/or related state and federal laws of the United States."

18USC2511 covers wire and wireless intercepts (taps). As I recall, web content presented to a public viewer may be protected by copyright (covered under 17USC) but once it has been received I don't see how it would be covered by a wire tap law or why such a statement would be needed. Am I missing something?

RiverAux · October 21, 2007, 02:30:59 AM

I'd put it on a par with those confidentiality statements that people are putting in their emails lately....

pixelwonk · October 21, 2007, 03:49:30 AM

Quote from: CAPR 110-17. Personal Information. Personal information regarding CAP members or employees, including but not limited to, social security number, residence address, date of birth, should only be made available through CAP internet operations to those individuals who have a specific need to have such information for official CAP business only. When this information is placed on a web server as part of a CAP internet operation, reasonable security, such as password access, should be implemented to protect the information. Such information when included in a CAP internet operation shall be accompanied by the following notice:
Warning: The information you are receiving is protected from interception or disclosure. Any person who intentionally distributes, reproduces or discloses its contents is subject to the penalties set forth in 18 United States Code Section 2511 and/or related state and federal laws of the United States.

E.M.

jkmassey · October 21, 2007, 04:20:39 AM

OK, so CAPR 110-1 says to put the notice out when the personal information is distributed. That still doesn't answer why they would use 18USC, and particularly in the pre-login section. My interpretation of that regulation statement would indicate that it should be presented AFTER the login whenever access to the actually (presumably) restricted information would be.

I don't really see any US Codes that would apply to CAP release of personal information other than financial or account # (eg. SSN). The financial stuff might be covered under 15USC (Commerce and trade) Chapter 94 (Privacy), Section 6801 (Protection of nonpublic personal information). But even that applies specifically only to "financial institutions."

I don't see any US Code section that would indicate any law about restricting release of information regarding membership in a non-DOD, non-law enforcement, or non-financial institution or organization. CAP simply is NOT a government agency.

Clearly the CAP as a corporation could develop a personal privacy policy to this end, but it is not in any way, as far as I can see, backed up by any US code legal requirement. Also, there might be USAF or DOD restrictions with respect to "official business" related releases (eg. home address or other personal information of USAF Liaison staff, or the well known NTIA frequency assignment data). But that is not what is referenced.

Hawk200 · October 21, 2007, 08:08:30 AM

Quote from: jkmassey on October 21, 2007, 04:20:39 AM
OK, so CAPR 110-1 says to put the notice out when the personal information is distributed. That still doesn't answer why they would use 18USC, and particularly in the pre-login section. My interpretation of that regulation statement would indicate that it should be presented AFTER the login whenever access to the actually (presumably) restricted information would be.

I don't really see any US Codes that would apply to CAP release of personal information other than financial or account # (eg. SSN). The financial stuff might be covered under 15USC (Commerce and trade) Chapter 94 (Privacy), Section 6801 (Protection of nonpublic personal information). But even that applies specifically only to "financial institutions."

I don't see any US Code section that would indicate any law about restricting release of information regarding membership in a non-DOD, non-law enforcement, or non-financial institution or organization. CAP simply is NOT a government agency.

Clearly the CAP as a corporation could develop a personal privacy policy to this end, but it is not in any way, as far as I can see, backed up by any US code legal requirement. Also, there might be USAF or DOD restrictions with respect to "official business" related releases (eg. home address or other personal information of USAF Liaison staff, or the well known NTIA frequency assignment data). But that is not what is referenced.

Considering that CAP has directives from how they operate from the Air Force, it stands to reason that the AF would want the info protected. Even when in corporate status, we have many directives that would still apply, uniforms and safety practices being the most prominent that I can think. No reason to have separate requirements for AF missions and corporate.

Why does it matter? The purpose is for the protection of information. I can see people joining the local unit in order to have access to that info, but then they would be hobbled (rightfully, I feel) by the limitation. It just keeps the honest people honest, and makes it easier to pursue actions against the dishonest.

Do you feel it should be removed? If so, why?

Pylon · October 22, 2007, 03:45:52 AM

Since most legalese text in CAP has come from CAP Legal Officers (aka: real lawyers, not of the guardhouse variety) there is probably some reasoning of which that we, as non-JD-holding CAP members, may not always immediately understand the entirety.

Questions about why the statement is there? The question was answered above by Tedda; because it's in the regulation to do so.

Questions about why the statement is written the way it is in the regulation? Ask a CAP Legal Officer or the OPR for the regulation. They might have more insight into the particular why's of how it was written. Rest assured, I highly doubt that just some random CAP member with no legal background drafted that statement, didn't pass it by any CAP legal officer, and it made its way through the entire approval process including vote by the NB to be printed in a regulation without any verification or checks.

James Shaw · October 22, 2007, 12:28:11 PM

CAP lists and servers are not supposed to be used or accessed by non-members. Members that may use that information for non CAP related issues violate the trust they have been given through access. I would simply view it as a precaution and a reminder to that effect.

BlackKnight · October 22, 2007, 02:50:01 PM

Interestingly enough, the subject text from CAPR 110-1 referencing "18 United States Code Section 2511" does NOT appear on the CAP e-services website.

It would thus appear that jkmassey has a legitimate question.

With regard to the regulation receiving a thorough review before being approved by the NB, I wouldn't put too much stock in that. There is a tendency by upper echelon managers/commanders not to spend much time on reviews- they assume that it's "good enough", and that someone else will have caught any mistakes before it got to their level. So unless someone else points out a problem they will happily add their approval signature or vote without further review. If you need proof, pull almost any CAP regulation at random and fly-speck it for errors, omissions, and inconsistencies with other regulations. You'll find them in abundance if you look closely.

CAP_truth · October 22, 2007, 07:42:59 PM

This may have to do with former members putting information about other senior members that can only be obtained from an official CAP web-sites.

Hawk200 · October 22, 2007, 07:52:01 PM

Quote from: BlackKnight on October 22, 2007, 02:50:01 PM
You'll find them in abundance if you look closely.

And a lot times, you don't have to look too closely.

jkmassey · October 28, 2007, 09:46:28 PM

Sorry, I have been out of town for the past 7 days and did not trust the public access terminals for logging into things other than my public e-mail account or I would have participated more on the discussion.

At any rate, the warning may show up to serve as a warning about non-CAP related use of the information contained, but as I stated earlier, it just doesn't seem to be a relevant citation. Wiretapping is the act of "intercepting" traffic (wired or wireless nowadays) between the sender and recipient. Legal precedent is very clear that if a sender sends it to your browser, once it is there then it is yours subject to any contractual agreements you may have with the sender (ie. copyright, trade secret, business policy for employees, etc). There are laws affecting fraudulent use of such information, misuse in violation of contract terms, or use of illegal methods to obtain the information (hacking, pretending to be an authorized user when you aren't, etc.) but none of them are covered under the wiretapping section cited.

My question was really about their attempt to conceal through intimidation by referencing a non-relevant
federal statute as their protection. It just wreaks of an uninformed or questionable legal position to me. Don't get me wrong, I fully support that the organization has a right to protect its business related information, but don't see the misuse of a federal statute as the right way to do so. If you want to warn users that the information behind the closed door is protected by a business policy or some other actual defendable position then that is fine. It just doesn't appear to be "professional" to obscure via intimidation.

It is a lot like the shrink wrap "licenses" on software. Most have no basis in contract law and other than one circuit in Florida are not enforceable as legal contracts in the state (for a contract to be enforceable, one requirement is that both parties are fully informed PRIOR to the agreement becoming in force, a situation not possible for most software since breaking the shrink wrap to read the contract often makes the software non-returnable by the potential user, non-resaleable by the vendor (try it at Best Buy some time), and non-returnable to the original manufacturer). Most shrinkwrap licences are unenforceable junk, but the cost to fight them for return of a $50 or even $700 piece of software is just not economically feasible. Thus, the shrinkwrap license serves as an intimidation weapon masquerading under the UCC (in most states).

Now I don't need to hear about software piracy, that is another animal covered by, at a minimum, copyright law. It is also often covered under group licenses businesses purchase (which ARE usually legal contracts). Software piracy is wrong! Don't do it! But putting terms in a software EULA in a sealed case before I purchase it that limits my ability to use it in a reasonable manner is not enforceable.

So that is where I am coming from. Not that CAP cannot protect its information as it desires or be required to by contracts with other agencies (like the USAF). It is simply that I don't see the citation of that particular USC as relevant and hoped that someone would be knowledgable enough to set me straight if I am wrong (via other citation and references). I do happen to think there should be full transparency at all budgetary levels with respect to income and expenses (by category-by mission-by division to a fairly fine level of detail as at my former University employer), but that's a different kettle of warthogs.