Unauthorized Use of Passwords and PINs in Divorce Actions

4.11 What Is Unlawful Under the Wiretap Statute?

The basic rule of the “New Jersey Wiretapping and Electronic Surveillance Control Act” FN1 is that the interception FN2 of wire, electronic or oral communications by means of any electronic, mechanical or other device is illegal. FN3 There are some exceptions to this basic rule which are set forth in N.J.S.A. 2A:156A-4 and those exceptions relating to law enforcement will be discussed in succeeding sections. FN4 In addition, there are a number of other exceptions to the basic rule which are not apparent. First, interception conducted without the use of any electronic, mechanical or other device, as defined in N.J.S.A. 2A:156A-2(d), is not within the purview of the statute. Therefore, interceptions accomplished through the use of an unaided ear are not prohibited. FN5 Second, N.J.S.A. 2A:156A-2(d)(1) exempts from the definition of “electronic, mechanical or other device” [any] telephone or telegraph instrument, equipment or facility, or any component thereof, furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business; or furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business; or being used by a provider of wire or electronic communication service in the ordinary course of its business. Pursuant to the first part of this exception the routine recording of telephone conversations on police department telephone phone lines without prior authorization from a court is permitted as being in the ordinary course of law enforcement duties. FN6 Similarly, the monitoring of prisoner’s telephone conversations with the aim of maintaining prison security by using monitoring equipment installed by the telephone company is exempt from the statute. FN7 In addition, there are exceptions which are not mentioned in the statute. For example, the police may record any telephone conversation which the police receive while lawfully in premises to execute a search warrant. FN8 The police may also intercept the conversations of prisoners in jail without prior authorization from a court. FN9

Even though an interception may be exempt from the operation of the statute, or may have been made in compliance with the statute, it should be remembered that the communication may still be unlawfully seized and therefore should be suppressed. For example, where a defendant has been indicted for a crime and the police enlist the aid of an informer or agent to obtain an incriminating statement from the defendant regarding that crime, such statement may have been properly intercepted in accordance with the statute, but it should still be suppressed as evidence because of a violation of the defendant’s 5th and 6th Amendment rights

White v. White

*221 [5] [6] It has been held that “without authorization” means using a computer from which one has been prohibited, or using another’s password or code without permission. Sherman & Co. v. Salton Maxim Housewares, Inc., 94 F.Supp.2d 817 (E.D.Mich.2000). Although she did not often use the family computer, defendant had authority to do so. Additionally, defendant did not use plaintiff’s password or code without authorization. Rather, she accessed the information in question by roaming in and out of different directories on the hard drive. As stated in Sherman, where a party “consents to another’s access to its computer network, it cannot **91 claim that such access was unauthorized.” Id. at 821.

As to the meaning of an “intercept,”the treatment of messages in “electronic storage” is not governed by the restrictions on “interception.” “Congress did not intend for ‘intercept’ to apply to ‘electronic storage’ “. Steve Jackson Games Inc. v. United States Secret Service, 36 F.3d 457, 462 (5th Cir.1994).

Said another way – An “electronic communication,” by definition, cannot be “intercepted” when it is in “electronic storage,” because only “communications” can be “intercepted,” and, … the “electronic storage” of an “electronic communication” is by definition not part of the communication. 
[Bohach v. City of Reno, 932 F.Supp. 1232, 1236 (D.Nev.1996).]

Here, the electronic communications had already ceased being in “electronic storage” as defined by the Act. They were in post-transmission storage– therefore defendant did not intercept them.

Statea v. Gaikwad

The following facts were developed at the trial. On September 3, 1996, Lori Kershner, a software developer with AT & T at its Red Hill location, logged onto her computer at work and noticed that the last date and time she accessed her account as reported by the computer appeared odd as it did not appear to be a time when she had logged on to the system. Although the login reported that she had recently logged on to the “trumpet system,” she had not personally logged on to that system in several days. Kershner then accessed her account’s history file to determine why the computer reported that she had logged onto the trumpet system. This file revealed a variety of UNIX commands which she was positive she had not entered, including a connection to AT & T’s “uhura” system through a remote login command; [FN2] an attempt to access the mail **44 directory and home account of Mike Romano, an AT & T Supervisor; and an attempt to delete her history file so as to erase the record of entered commands. However, unbeknownst to the intruding user, Kershner used a different name for her history files, and thus, her history files were not erased. From these observations it became evident to *71 Kershner that someone had broken into her account. As a result, she contacted Dave Williamson, a co-worker with a substantial knowledge of the UNIX operating system.

FN2. Remote login commands are described as shortcuts that allow individual users to move through the internal systems, such as trumpet or uhura, without having to reenter a login I.D. and password each time for each system. Remote login commands are set up in a file named “.rhost.” Such remote login shortcuts are referred to as “trusted hosts.”

After discussing the matter, Kershner and Williamson called Charles Bennett of corporate security. Williamson discussed the break-in with Bennett, Glenn Evans, and the AT & T District Manager. They determined that Kershner’s account had been accessed without authorization using the “.rlogin” command to edit her “.rhosts” file and then using the shortcut to navigate through systems, deleting all commands and changing the file back upon exiting the system.

On September 6, 1996, Williamson installed a program that would notify him any time Kershner’s account was modified. He also installed monitoring devices to trace the intruder’s actions once in her account. Williamson determined that the intruder’s originating account was through a group account labeled “INT” with a single user password accessed by multiple users to test software. He then traced the access to the INT account back to the harbor system, which had been accessed through a network providing access to various AT & T systems. Williamson concluded from security billing records that the access was from outside the AT & T Red Hill location, and specifically from the Corporate Wide Area Network, and an originating group with the name “841/297/erredfs1,” and the “node name” “m97a.”

From this it was further learned that the originating group was located at 580 Howard Avenue, Somerset, in a building shared by AT & T and Lucent Technologies, which had recently been spun-off from AT & T as a separate company. The node name m97a, however, belonged to Lucent.

Williamson went to Bennett with his findings and they met with Lucent’s Security Manager, District Manager, and a representative from its Outsourcing Contractor, IBM Global Securities. By examining network server logs, Norborne Preas of IBM was able to determine the precise computer terminal that had accessed the AT & T system from an office occupied solely by Gaikwad.

*72 At that time, Gaikwad was a contract employee with Lucent and was employed as a full time software developer on August 2, 1996. Gaikwad’s employment with Lucent did not anticipate or require access to the AT & T computer system. Prior to his employment with Lucent, Gaikwad was a contract employee of AT & T from November 11, 1992 to July 31, 1996, as a software developer and tester. Gaikwad’s supervisor during that time, Michael Romano, testified that Gaikwad’s performance was generally good but towards the end of his employment there was a drop off in performance which, combined with management’s desire to reduce staff, led to his dismissal. Gaikwad’s individual username and password were locked out of the AT & T system when he was dismissed on July 31, 1996.

Preas installed a database monitor on Gaikwad’s terminal on September 12, 1996. This monitor was a security device which captured all activity to and from the terminal and enabled security to monitor and capture every strike of the keyboard at Gaikwad’s terminal. On September 29, 1996, security installed a pin hole surveillance **45 camera in the office which confirmed that Gaikwad was responsible for the commands captured by the database monitor.

AT&T’s investigation revealed that from August 2 to October 5, 1996, Gaikwad accessed AT & T’s system, without authorization, from his terminal at Lucent 144 times. On October 9, 1996, the State Police obtained a warrant for Gaikwad’s arrest. On October 10, 1996, he was arrested.

AT&T’s District Manager, Joseph Zeigler reviewed the print-out logs from the database monitor from September 16, 1996 to October 10, 1996. He concluded that they revealed a consistent pattern of Gaikwad entering into various coworkers’ individual accounts using the trusted hosts shortcut feature, impersonating the user, copying their electronic mail to the directory he was located in so that he could view the contents of the mail without detection, and using a shell to avoid leaving a history of commands on the account or simply deleting the history. Zeigler testified *73 that copying the file prevented the legitimate user from knowing Gaikwad had accessed it. The State presented a step by step, keystroke by keystroke, reenactment of Gaikwad’s entering into certain co-workers’ systems and reading of their mail. At trial, Williamson presented examples of sensitive proprietary information actually accessed by Gaikwad through reading co-workers’ e-mail, including various e-mails regarding an AT & T bid for a system to monitor capacity management of telephone call volume that could have been used by AT & T’s competitors to obtain an unfair advantage.

Due to Gaikwad’s unauthorized access, AT & T was forced to employ certain remedial measures to ensure security. First, they shut down all the systems Gaikwad had accessed without notice to its users prior to Gaikwad’s arrest. Williamson testified that shutting down the systems without notice was a great inconvenience to its users but was necessary because AT & T did not want news of the shut down to get back to Gaikwad or any other unauthorized users. After Gaikwad was arrested they reloaded the systems with new software, disrupting the systems and their users for several days. Additionally, all access through group accounts was blocked and all .rhosts files were removed, eliminating the trusted host shortcuts between computer systems, thus inconveniencing legitimate users of the shortcuts. Zeigler placed the cost of the investigation and the cost of the four systems administrators involved in reloading the systems at $21,875. He also estimated that the disruption in service of the systems affected fifty users at a cost of $35,000, for a total of $56,875, not including AT & T’s corporate security costs.

Gaikwad testified in his own defense that he was authorized by Romano to access AT & T’s computer system to check the status of, and to aid in developing, the projects he was working on when he left AT & T. He asserted that Romano and his co-workers called him after he left for help with the project. Gaikwad further stated that he accessed the AT & T system to determine whether the project was to be canceled. If he discovered that the project *74 was to be canceled, he intended to alert his friends still working on the project of the pending cancellation.