© 1999 Joshua M. Masur.

J.D. 1999, Columbia Law School; A.B. 1990, Columbia College of Columbia University. Prior to attending law school, Mr. Masur worked in the computer and networking industries for eight years, including stints as director of management information services for a nonprofit law firm, director of consulting services for a computer consulting company, and computer technology manager for an international advertising agency. This article represents the views of the author only, and is not to be attributed to any client or employer of the author.

The author wishes to thank the editorial staff of the Berkeley Technology Law Journal for their assistance and dedication; Richard Ziegler, for having suggested and guided his research into this topic; Michael Geist, for early editorial advice and input; Lance Liebman, for requesting that he teach relevant portions of this material in his course on telecommunications law; those unfortunate members of Columbia Law School's class of 2000 whom he forced to argue these issues as first-year students in Moot Court; and Shelly K. Masur and Julia Astrid Masur, for their love, understanding, and support.

This Comment was the first-place winner of the 1999 Berkeley Technology Law Journal Comment Competition.

1. ABA Comm. on Ethics and Professional Responsibility, Formal Op. 99-413 (1999) (on protecting the confidentiality of unencrypted e-mail) available at <http://www.abanet.org/cpr/fo99-413.htm> [hereinafter ABA Op.].

2. Id. (emphasis added).

3. See In re Horowitz, 482 F.2d 72, 81 (2d Cir.), cert. denied, 414 U.S. 867 (1973) ("[Privilege] is to be strictly confined within the narrowest possible limits consistent with the logic of its principle.").

4. ABA Op., supra note 1 (emphasis added).

5. See infra Part IV.C.1.

6. 8 JOHN HENRY WIGMORE, EVIDENCE 2292, at 554 (McNaughton rev. 1961) (emphasis omitted).

7. RESTATEMENT (THIRD) OF THE LAW GOVERNING LAWYERS 118 (Proposed Final Draft No. 1, 1996) [hereinafter RESTATEMENT].

8. 449 U.S. 383 (1980).

9. Id. at 394-95.

10. RESTATEMENT, supra note at introductory note to chapter 5.

11. See, e.g., Jonathan Rose, Note & Comment, E-mail Security Risks: Taking Hacks at the Attorney-client Privilege, 23 RUTGERS COMPUTER & TECH. L.J. 179, 182 (1997) ("In applying the attorney-client privilege to e-mail, ... the most crucial elements to consider are the requirements that the communications be confidential and that the privilege has not been waived.").

12. See In re Horowitz, 482 F.2d 72, 81 (2d Cir.), cert. denied, 414 U.S. 867 (1973).

13. Todd H. Flaming, Internet E-mail and the Attorney-Client Privilege, 85 ILL. B.J. 183, 183 (1997).

14. 117 S. Ct. 2329 (1997).

15. See Julienne W. Bramesco, Employee Privacy: Avoiding Liability in the Electronic Age, 562 PLI/LIT 515, 527 (1997).

16. See, e.g., United States v. Keystone Sanitation Co., 903 F. Supp. 803, 808 (M.D. Penn. 1995); Int'l Marine Carriers v. United States, No. 95 Civ. 10670, 1997 WL 160371 (S.D.N.Y. Apr. 4, 1997); Heidelberg Harris v. Mitsubishi Heavy Indus., No. 95 C 0673, 1996 WL 732522 (N.D. Ill. Dec. 18, 1996).

17. See Wendy R. Leibowitz, Communication in the E-mail Era: Deciphering the Risks and Fears, NAT'L L.J., Aug. 4, 1997, at B9. See also infra Part V.

18. See Leibowitz, supra note .

19. See id.

20. 18 U.S.C. 2510-2520 (1982) (amended 1994).

21. N.Y. C.P.L.R. 4548 (McKinney 1999) (originally enacted as 4547 and renumbered in 1999).

22. Kevin J. Connolly, Cryptography Can Ensure E-mail Confidentiality, 19 NAT'L L.J. 41, at B13 (Jun. 9, 1997).

23. See discussion of ECPA, infra at Part IV.C.

24. See James K. Lehman, Litigating in Cyberspace: Discovery of Electronic Information, S.C. LAW., Apr. 1997, at 14, 15, 17 (citing S.C. Bar, Advisory Op. 94-27 (1995)).

25. See Joan C. Rogers, Ethics, Malpractice Concerns Cloud E-mail, Online Advice, 12 Law. Man. on Prof. Conduct (ABA/BNA) 59, 60-61 (Mar. 6, 1996) (citing S.C. Bar, Advisory Op. 94-27 (1995)).

26. William Freivogel, Internet Communications-Part II, A Larger Perspective, ALAS LOSS PREVENTION J., Jan. 1997, at 2 (quoting S.C. Bar, Advisory Op. 94-27 (1995)).

27. See id.

28. Iowa Supreme Court Board of Professional Ethics and Conduct Op. 96-1 (1996).

29. See Victoria Slind-Flor, Defense Bar Misses a Good Show on High Tech, NAT'L L.J., Oct. 14, 1996, at A6.

30. See Susan B. Ross, E-mail: How Attorneys Are Changing the Way They Communicate, C. HILL LEGAL PRAC. NEWSL. (page unavailable) (July 1996), available at <http: //www.interlegal.com/1artcollege.html>.

31. See Rogers, supra note , at 61.

32. South Carolina Bar Advisory Op. 97-08 (1997), available at <http://www.scbar.org/apps/reference/EthicsOpinions/ethicsopinion.dbm?OpinionID=97%2D08&OpinionType=ethics>.

33. Id.

34. Pub. L. No. 103-322, 108 Stat. 2147 (1994).

35. ECPA's putative role in privilege analysis is discussed infra Part IV.B.2.

36. See Alaska B. Ass'n, Ethics, Op. 98-2 (1998) (on communication by electronic mail), available at <http://www.alaska.net/~akctlib/eo98-2.txt>.

37. See New York St. B. Ass'n Committee on Professional Ethics, Op. 709 (1998), available at <http://www.nysba.org/opinions/Opinion709.html>.

38. See Vermont B. Ass'n Comm. on Professional Responsibility, Advisory Op. 97-5 (1997), available at <http:www.vtbar.org./AdvisoryEthicsOpinions/1997/97.05htm>.

39. ABA Op., supra note 1.

40. RESTATEMENT, supra note , 121.

41. WIGMORE, supra note , 2311, at 599 (footnote omitted).

42. Id. 2327, at 634.

43. Id. 2311, at 600 (footnotes omitted).

44. See id. at 601-03.

45. See William P. Matthews, Comment, Encoded Confidences: Electronic Mail, the Internet, and the Attorney-Client Privilege, 45 U. KAN. L. REV. 273, 281 (1996) (citing PAUL R. RICE, ATTORNEY-CLIENT PRIVILEGE IN THE UNITED STATES 9:26, at 681 (1993)).

46. See Rose, supra note , at 184.

47. See id. at 184-85. However, certain jurisdictions, such as New York, depart from this rule. The New York Court of Appeals has held that communications created by a potential defendant to be sent to non-attorneys, but which were prevented from delivery, were protected in a criminal prosecution. See, e.g., In re Vanderbilt, 439 N.E.2d 378 (N.Y. 1982).

48. See Rose, supra note , at 185.

49. See In re Grand Jury Proceedings, 727 F.2d 1352, 1356 (4th Cir. 1984).

50. In re Horowitz, 482 F.2d 72, 81 (2d Cir. 1973), cert. denied, 414 U.S. 867 (1973).

51. See Arthur L. Smith, E-mail and the Attorney-Client Privilege (visited Dec. 2, 1999) <http://www.bamsl.org/lpm/email.htm>.

52. See id.

53. See Daniel J. Pope & Helen Whatley Pope, "Is It Safe...", 64 DEF. COUNS. J. 138, 141 (1997).

54. This idea is analyzed at some length in the discussion of ECPA, infra Part IV.C.

55. A discussion of various waiver approaches can be found in Bank Brussels Lambert v. Credit Lyonnais (Suisse) S.A., 160 F.R.D. 437 (S.D.N.Y. 1995).

56. See, WIGMORE, supra note , 2327, at 634-38.

57. See id. at 635 (emphasis in original).

58. See id. at 635-36 (footnote omitted).

59. See Smith, supra note .

60. See WIGMORE, supra note , 2311, at 599-603.

61. Susan J. Silvernail, Electronic Evidence: Discovery in the Computer Age, 58 ALA. LAW. 176, 179 (1997).

62. See Rose, supra note , at 187.

63. 471 U.S. 343 (1985).

64. See id. at 348.

65. Upjohn Co. v. United States, 449 U.S. 383, 390 (1981) (quoting Philadelphia v. Westinghouse Electric Corp., 210 F. Supp. 483, 485 (E.D. Pa. 1962)).

66. See id.

67. See Jonathan Corp. v. Prime Computer Inc., 114 F.R.D. 693 (E.D. Va. 1987).

68. Rose, supra note , at 188-89.

69. First Interstate Bank v. Nat'l Bank & Trust Co., 127 F.R.D. 186, 189 (D. Or. 1989).

70. Rose, supra note , at 190-91 (citing, respectively, In re Horowitz, 482 F.2d 72, 82 (2d Cir. 1973), cert. denied, 414 U.S. 867 (1973); In re Victor, 422 F. Supp. 475, 476 (S.D.N.Y. 1976); Bower v. Weisman, 669 F. Supp. 602, 605-06 (S.D.N.Y. 1987); Jarvis, Inc. v. American Tel. & Tel. Co., 84 F.R.D. 286 (D. Colo. 1979)).

71. Lois Sportswear, U.S. v. Levi Strauss & Co., 104 F.R.D. 103, 105 (S.D.N.Y. 1985).

72. See, e.g., In re Sealed Case, 877 F.2d 976, 980 (D.C. Cir. 1989); Golden Valley Microwave Foods Inc., v. Weaver Popcorn Co., 132 F.R.D. 204, 208-09 (N.D. Ind. 1990); Underwater Storage Inc. v. United States Rubber Co., 314 F. Supp. 546, 549 (D.D.C. 1970).

73. Mary Frances Lapidus, Using Modern Technology to Communicate with Clients: Proceed with Caution and Common Sense, HOUS. LAW., Sept./Oct. 1996, at 39, 40 n.41 (citing Alldread v. City of Grenada, 988 F.2d 1425 (5th Cir. 1993); Granada Corp. v. First Court of Appeals, 844 S.W.2d 223 (Tex. 1992)).

74. Id. (citing FDIC v. Marine Midland Realty Corp., 138 F.R.D. 479, 482 (E.D. Va. 1991)).

75. See Pope & Pope, supra note , at 138.

76. Richard M. "Rick" Georges, The Impact of Technology on the Practice of Law-2010, FLA. B.J., May 1997, at 36, 38.

77. See, e.g., Robert L. Jones, Client Confidentiality: A Lawyer's Duties with Regard to Internet E-mail (Aug. 16, 1995) <http://www.computerbar.org/netethics/bjones.htm>; Ross, supra note .

78. 1995 WL 360526 (N.D. Ill. June 15, 1995).

79. Id. at 1.

80. See, e.g., Georges, supra note , at 38 ("Communication by e-mail is not as formal as written correspondence, nor as informal as speech."); Bramesco, supra note , at 527 ("E-mail messages tend to be conversational, brief and 'folksy.'")

81. See Michael Traynor, E-mail Authentication Is Key, NAT'L L.J., Aug. 1, 1994, at B9. See also Charles R. Merrill, Toward a Paperless Federal Practice by the Year 2000, 484 PLI/PAT 125, 130 (1997) ("[T]here is a tendency to use [e-mail] for internal conversations which would formerly have taken place in-person or by phone, and for external conversations which would formerly have taken place by phone.").

82. Charles A. Lovell & Roger W. Holmes, The Dangers of E-mail: The Need for Electronic Data Retention Policies, R.I. B.J., Dec. 1995, at 7.

83. Leslie Helm, The Digital Smoking Gun: Mismanaged E-mail Poses Serious Risks, Experts Warn, L.A. TIMES, June 16, 1994, at D1 (quoting John H. Jessen of Electronic Evidence Discovery, Inc.).

84. See Lehman, supra note , at 15.

85. Silvernail, supra note , at 181; see also Lovell & Holmes, supra note , at 7 ("[P]laintiffs' attorneys increasingly view e-mail as a source of 'smoking gun' evidence waiting to lead to painful revelations and, possibly large settlements.").

86. See Bramesco, supra note , at 527; see also Lovell & Holmes, supra note , at 8; Charles R. Merrill, E-mail for Attorneys from A to Z, N.Y. ST. B.J., Jun. 1996, at 20, 23 (1996); Silvernail, supra note , at 180-181 ("Electronically stored records are not as easily destroyed as paper records. Contrary to conventional wisdom, when a user strikes the 'delete' key, the data is [sic] not physically removed from the hard drive.... The data remains [sic] undisturbed until more space is needed on the hard drive.").

87. See Bramesco, supra note , at 527.

88. A corporate employee sending a private memorandum to corporate counsel will ordinarily not make several additional copies, while sending the same information by electronic mail will often inherently create such copies.

89. See Betty Ann Olmsted, Electronic Media: Management and Litigation Issues when "Delete" Doesn't Mean Delete, 63 DEF. COUNS. J. 523, 523 (1996); see also Lehman, supra note , at 15 (explaining that electronic communications can result in keeping backup copies, both intentionally and unintentionally).

90. See Merrill, supra note 83, at 130.

91. See id.

92. See id.

93. The discussion of encryption technology and cryptography in this section is based on the author's personal knowledge. For additional sources on cryptography and encryption, see generally A. Michael Froomkin, The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. PA. L. REV. 709, 885-97 (1995) and RSA LABS., FREQUENTLY ASKED QUESTIONS ABOUT TODAY'S CRYPTOGRAPHY (4th ed. 1998), available at <ftp://ftp.rsasecurity.com/pub/labsfaq/labsfaq4.pdf> (PDF file).

94. RSA LABS., supra note , 1.2, at 10.

95. Also referred to as "secret" or "private."

96. Also referred to as "asymmetrical."

97. PGP was the first commonly-available implementation of asymmetrical cryptography in end-user software. With over 6 million users, it has become the de facto standard for message encryption. See Network Assoc., PGP Total Network Security-PGP Encryption & PKI (visited Oct. 17, 1999) <http://www.nai.com/asp_set/products/tns/pgp_freeware.asp>.

98. See, e.g., RSA LABS., supra note , 3.1.3 at 61.

99. RSA, named after inventors-Ronald L. Rivest, Adi Shamir, and Leonard M. Adelman-is the most commonly used asymmetric encryption algorithm. It is described by U.S. Patent No. 4,405,829 (issued Sept. 20, 1983).

100. Id. 3.1.6 at 64.

101. Id. 2.1.3 at 20.

102. See Freivogel, supra note .

103. See Jones, supra note .

104. See Pope & Pope, supra note , at 143.

105. 60 F.2d 737 (2d Cir. 1932).

106. 159 F.2d 169 (2d Cir. 1947)

107. See id. at 173.

108. See Freivogel, supra note .

109. See Jones, supra note .

110. See id.

111. See Albert Gidari, Privilege and Confidentiality in Cyberspace, COMPUTER LAW., Feb. 1996, at 1, 3.

112. See id.

113. See Ross, supra note .

114. See David Willis, Secure Electronic-Mail: Return To Sender?, NETWORK COMPUTING, Nov. 1, 1997, at 108; see also Ronald V. Grant, Law Office Technology, HAW. B.J., Jun. 1997, at 24.

115. See Willis, supra note , at 108.

116. See Rogers, supra note , at 65.

117. See Jones, supra note (citing BRUCE SCHNEIER, E-MAIL SECURITY 41 (1995)).

118. See Securing Electronic-Mail Across Borders, NETWORK COMPUTING, Nov. 1, 1997, at 112.

119. See Willis, supra note , at 116.

120. See Larry Stevens, Mac Encryption Finding Its Way Into Corporations, MACWEEK, Oct. 27, 1997, at 16 (describing corporate use of encryption software).

121. Such an infrastructure would provide for secured electronic transactions, both financial and informational, and is seen as a primary mechanism to further develop the Internet and other network technologies.

122. G. Burgess Allison, Technology Update, L. PRAC. MGMT., Apr. 1996, at 16, 20.

123. Ross, supra note (discussing PGP).

124. Samuel Lewis, Memoirs From the Corner Suite: An Update on Security and the Internet (last modified Mar. 24, 1997) <http://www.collegehill.com/ilp-news/lewis2.html>.

125. Take Charles R. Merrill, for instance. Merrill "heads [McCarter & English's] Computer and High Tech Law Practice Group[,] ... [s]erves as National Moderator of the Lexis Counsel Connect E-mail and Electronic Commerce Forum, and is Co-Rapporteur of the Digital Signature Guidelines, a project of the ABA Information Security Committee, Section of Science and Technology." Charles R. Merrill, E-mail for Attorneys from A to Z, 443 PLI/PAT 187, n.1 (Dec. 1996). Yet Merrill misstates that secure socket layer ("SSL") technology would be available "probably within the next twelve months." Merrill, supra note , at 23. In fact, it had been in place for at least a year prior to publication of his article. He also claims that SSL provides a mechanism to secure interaction between SMTP-compliant e-mail servers, when in reality, it applies only to communications between web servers and browsers. He is also incorrect to claim, as do others, that private commercial internetworks like "ATTMail, MCIMail, Sprint, Compuserve, AOL, Prodigy, Lexis Counsel Connect" provide added security via use of circuit-switched connections rather than packet-switched ones. Id. In fact, all computer networks use packet-switched communications; the added security provided by private commercial networks is due to their total control over traffic.

126. See Grant, supra note , at 33-34.

127. See, e.g., United States v. Maxwell, 45 M.J. 406 (C.A.A.F. 1996) (finding Fourth Amendment privacy interest in e-mail sent over America OnLine's network).

128. See Smith, supra note .

129. Henry H. Perritt, Jr., Security in Open Networks: Maintaining Confidentiality and Getting Paid (visited Sept. 24, 1999) <http://www.cilp.org/chron/articles/pbisecu6.htm> (footnote omitted).

130. See Merrill, supra note 85, at 128.

131. See, e.g., Mike Fratto, The State of Security 2000 (Oct. 4, 1999) <http://www.nwc.com/1020/1020f22.html> (discussing virtual private networks).

132. 18 U.S.C.A. 2517(4) (West 1999).

133. See 18 U.S.C.A. 2516 (1982) (amended 1994).

134. See 18 U.S.C.A. 2511(1982) (amended 1994).

135. 18 U.S.C.A. 2517(4) (1982) (amended 1994) (emphasis added).

136. See, e.g., Flaming, supra note , at 184.

137. Id.

138. See Matthews, supra note .

139. 909 F. Supp. 137, 145 (S.D.N.Y. 1995) (application of ECPA denied because party does not "provide[] a communication service to the public, but ... is in the business of financing and ... merely uses fax machines and computers as necessary tools of almost any business today").

140. See Matthews, supra note , at 291.

141. See id. at 290-91. Service provider contracts commonly permit administrative interception by service provider employees, which is a loophole expressly provided in ECPA. See id. (citing 18 U.S.C. 2511(2)(a)(i)).

142. Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508, 101(c)(A) (1988). The Senate Report on ECPA, S. REP. NO. 99-541, reprinted in 1986 U.S.C.C.A.N. 3555, contains no specific references to privilege.

143. S. REP. NO. 90-1097 (1968), reprinted in 1968 U.S.C.C.A.N. 2112 (cases omitted).

144. See, e.g., United States v. Kahn, 415 U.S. 143 (1974), rev'g 471 F.2d 191 (7th Cir. 1972); United States v. Vastola, 899 F.2d 211 (3d Cir. 1990); Cruz v. Alexander, 669 F.2d 872 (2d Cir. 1982); United States v. Ford, 553 F.2d 146 (D.C. Cir. 1977); United States v. Hall, 543 F.2d 1229 (9th Cir. 1976); United States v. Feldman, 535 F.2d 1175 (9th Cir. 1976); United States v. Turner, 528 F.2d 143 (9th Cir. 1975); United States v. Kerrigan, 514 F.2d 35 (9th Cir. 1975).

145. See, e.g., Turner, 528 F.2d 143 (wiretap orders entered lawfully under ECPA void attorney-client privilege as to intercepted communications); Kerrigan, 514 F.2d 35 (same); Commonwealth v. Alves, 608 N.E.2d 733 (Mass. 1993) (same as to spousal communications privilege).

146. 18 U.S.C.A. 2517(4) (1982) (amended 1994).

147. See Matthews, supra note , at 292 (citing, e.g., CAL. PENAL CODE 630-632 (West 1986 & Supp. 1996); CONN. GEN. STAT. ANN. 53a-187 to 53a-189 (West 1994); GA. CODE ANN. 16-11-66 to 16-11-69 (1996); KAN. STAT. ANN. 21-4001 to 21-4002 (West 1995); MICH. COMP. LAWS ANN. 750.539d (West 1991); 18 PA. CONST. STAT. ANN. 5705-5748 (1983 & Supp. 1996)).

148. See id.

149. See Lapidus, supra note , at 40.

150. See, e.g., Freivogel, supra note ; Gidari, supra note 115; Georges, supra note 77.

151. Freivogel, supra note .

152. Id. (emphasis in original).

153. Id. (citing Iowa Supreme Court Board of Professional Ethics and Conduct Op. 96-1 (Aug. 29, 1996); South Carolina Bar Advisory Op. 97-08 (1997)) .

154. 91 F.R.D. 254 (N.D. Ill. 1981).

155. Freivogel, supra note .

156. See id. However, Freivogel fails to note that protecting all communications might be an effective means to protect the extraordinary as well.

157. Gidari, supra note , at 1-2.

158. Georges, supra note , at 38.

159. See Connolly, supra note .

160. See Rose, supra note , at 211-12.

161. See text accompanying infra Part IV.C.2.b.

162. See Matthews, supra note , at 291-92.

163. Grant, supra note , at 33.

164. Smith, supra note .

165. 42 U.S.C. 3711 (1976 & Supp. IV 1980).

166. See Katz v. United States, 389 U.S. 347 (1967).

167. Matthews, supra note , at 295.

168. TCP/IP (Transmission Control Protocol/Internet Protocol) is the standard set of protocols used on the Internet. It was "developed to allow cooperating computers to share resources across a network." Charles L. Hedrick, What is TCP/IP? (visited Dec. 2, 1999) <http://oac3.hsc.uth.tmc.edu/staff/snewton/tcp-tutorial/sec1.html>.

169. See, e.g., Gidari, supra note , at 2 ("To intercept an Internet communication ... requires a wiretap. Thus, there is no greater insecurity when the Internet communication is in transit over the phone lines than there is with an ordinary phone.").

170. See, e.g., Perritt supra note ("If an intruder were on the same subnetwork as the law firm or its correspondent (or if she managed to get physical access to the relevant packet path), the physical access would exist, and all the intruder need do is program a computer to search for the packets with the desired addresses. If the intruder does not have access to those subnets, however, he must establish a physical connection to a wire or optical fiber over which the traffic moves. This is a significant barrier to eavesdropping not present when an intruder wishes to intercept cellular telephone messages. The main barrier to eavesdropping on email thus is equivalent to the principal barrier to eavesdropping on ordinary telephone conversations: effectuating a physical tap. On the other hand, once physical access is obtained, screening for the desired information is much easier in the case of Email because a computer can be programmed to do it, while a human being must screen voice conversations to find the desired one.").

171. That is, lack of a physical wiretap.

172. Packetization is the process of dividing Internet communications into smaller pieces, or packets, for delivery.

173. Dynamic routing is the ad hoc direction of individual packets based on estimated efficiency of different network segments.

174. See, e.g., Allison, supra note , at 18.

175. See Smith, supra note .

176. A node is any device connected to a network. I use the term to refer primarily to users' computers, servers, and routers, but other devices such as terminal servers and printers are nodes as well.

177. By way of analogy, my father can drive on any number of roads from his home to the grocery store, but his journey inevitably begins in his driveway and ends in their parking lot.

178. Typically including, in order of receipt, several of the following: (1) the sender's computer; (2) the sender's e-mail server; (3) the sender's e-mail server's SMTP gateway if one is used; (4) the router connecting the sender's local area network ("LAN") to the leased line to its Internet service provider ("ISP"); (5) the router connecting the leased line to the sender's ISP; (6) the router connecting the sender's ISP to the leased line to its backbone provider; (7) the router connecting the leased line to the sender's ISP's backbone; (8) the router connecting the leased line from the recipient's ISP to its backbone; (9) the router connecting the recipient's ISP to the leased line to its backbone provider; (10) the router connecting the leased line from the recipient's LAN to its ISP; (11) the router connecting the leased line to the recipient's LAN; (12) the recipient's e-mail server's SMTP gateway if one is used; the recipient's e-mail server; and finally, (13) the recipient's computer.

179. Tables of these routes follow this Comment as Appendices. See infra, page *.

180. See Dean Takahashi, Technology & Telecommunications: Cisco's Net for Quarter Surged 61% as Firm Continued to Dominate Market, WALL ST. J., Feb. 5, 1997, at B2.

181. CISCO SYSTEMS, INC., 1998 ANNUAL REPORT, at front cover (1999) available at <http://www.cisco.com/warp/public/749/ar98/pdf/ar98.pdf> (PDF file).

182. See Matthews, supra note , at 273 (citing Katz v. United States, 389 U.S. 347, 360 (1967)).

183. Allison, supra note , at 16 (emphasis in original).

184. See Leibowitz, supra note .

185. Id.

186. See, e.g., id.; Freivogel, supra note .

187. See, e.g., Freivogel, supra note .

188. See id.

189. Pope & Pope, supra note , at 142.

190. See supra Part IV.C.1.

191. See Matthews, supra note , at 293 (citing Tyler v. Berodt, 877 F.2d 705, 706-07 (8th Cir. 1989); People v. Fata, 529 N.Y.S.2d 683, 696 (Rockland County Ct. 1988); State v. Smith, 438 N.W.2d 571, 577 (Wis. 1989)).

192. See Rogers, supra note , at 61.

193. See Matthews, supra note , at 293 (citing McKamey v. Roach, 55 F.3d 1236, 1240 (6th Cir. 1995); In re Askin, 47 F.3d 100, 104-06 (4th Cir.), cert. denied, 516 U.S. 944 (1995)).

194. Smith, supra note .

195. Id.

196. This is commonly known as "packet sniffing," and is discussed in detail in infra Part IV.D.2.e.

197. See, e.g., Allison, supra note , at 16-20.

198. Transactional data recorded tend to be that required for billing and system monitoring purposes, including the fact that a call was made by a specific party to another party, the time of the call, and its duration.

199. See Rogers, supra note , at 66.

200. See id.

201. See id.

202. See Lapidus, supra note , at 39 (citing Arizona Ethics Op. No. 95-11 (1995); Association B. City N.Y. Comm. Prof. Jud. Eth., Formal Op. No. 1994-11 (1994)).

203. Smith, supra note .

204. Froomkin, supra note , at 724.

205. Willis, supra note , at 108.

206. Allison, supra note , at 16.

207. See id.

208. Id.

209. See Lewis, supra note .

210. Flaming, supra note , at 183.

211. See generally Rose, supra note at 202-05.

212. See Traynor, supra note .

213. See Rose, supra note , at 202-05.

214. See Matthews, supra note , at 279.

215. See supra Part III.A.2.

216. Willis, supra note , at 108.

217. Id.

218. See id.

219. See Matthews, supra note , at 279.

220. See Rose, supra note , at 202-05.

221. See Allison, supra note , at 18.

222. See Lewis, supra note .

223. Silvernail, supra note , at 180.

224. See Flaming, supra note , at 184.

225. See id.

226. See id. at 183-84.

227. See Freivogel, supra note .

228. Id.

229. Most sniffers are able to target specific traffic by the "port" number used therefor. There are over 65,000 available ports; however, both machines must agree on the port to use. Therefore, traffic which commonly travels between networks, such as SMTP and HTTP, uses default ports to allow intercommunication.

230. See, e.g., Freivogel, supra note .

231. Lapidus, supra note , at 42.

232. While determining the probability of interception will remain impossible as a practical matter, see Jones, supra note , there is no reason to believe that it will not stay relatively constant. See also Lapidus, supra note , at 42.

233. Freivogel, supra note .

234. See id.

235. For example, network operating systems often have settings for the preferred and minimum amount of time to wait before forgetting the location of a file which has been deleted and permit specification of directories whose contents are immediately purged if deleted. Electronic mail software often supports filtering, which can be customized to delete mail according to criteria such as date sent.

236. A directory written to the beginning of a tape will be erased each time the tape is reused; one written to its end may be recoverable even after subsequent backups. Thus, if a daily backup run includes both privileged information like client files and unprivileged information like backups of software applications, backing up the privileged data first ensures that reuse of the tape will destroy it, even if multiple copies of software remain.

237. See Lovell & Holmes, supra note , at 8.

238. See Jones, supra note .