Governor Mark Sanford Email Disclosure: An ECPA Violation?

Thursday, June 25, 2009 was eventful. In the morning (Eastern Time in North America), Farrah Fawcett passed away after an extended battle with cancer. In the evening, Michael Jackson suffered an apparent cardiac arrest, and passed.

Somewhat overshadowed by these event in the entertainment and culture world, a political drama was unfolding with the revelations of an extra-marital relationship involving sitting Governor Mark Sanford (R-SC). I have no comment on the issues surrounding those involved in this affair, except that I am sorry that they must deal with these issues in the glare of public view. I have particular sympathy for the Sanford children, who are innocent bystanders. What happens between the Sanfords is not my concern.

This affair (pun unintended) does raise another issue, one that should be of concern to all users of electronic communications.

Many media outlets quoted from email messages between Mr. Sanford and his Argentinian correspondent. The State, a South Carolina newspaper, reported that it had received these messages this past December, but had been unable to authenticate them.[1]

The question of their publication does not interest me. What does interest me is: How were they supplied to The State?

The Electronic Communications Privacy Act of 1986 (ECPA),[2] makes it illegal to disclose private electronic communications. Such disclosure or diversion is a crime, a fact that I noted in the recently published Computer Security Handbook, 5th Edition.[3]

The question that everyone should be asking may be far from titilating, but is far more important: Who provided the messages to The State?

The ECPA does not include an exemption for messages involving public figures. Public figures have the same privacy rights in their electronic communications as does everyone else. When Governor Sarah Palin's electronic mail account was improperly accessed, an investigation and prosecution ensued.[4] In that case, the account was improperly accessed by a third party.

However, the privacy of electronic communications is a serious public concern. When mobile phone records belonging to now-President Obama were improperly accessed, the errant employees were, if I recall correctly, terminated. All of these cases are purely privacy issues relating to electronic communications, not First Amendment issues involving the press.

There should be a full investigation as to how these messages were retrieved. The titillating nature of the messages may be unseemly, and they involve a public figure, but that is not the point. There would seem to be no justification for the messages to have been disclosed in any event.


June 28, 2009

Following the original posting of this item, additional information has come to light. On June 27, The New York Times has printed a follow-up on this story tracing the disclosure of the E-mail messages between Governor Sanford and his inamorata, identified as Maria Belen Chapur. The disclosure has been reported as a spurned former co-worker of Ms. Chapur's.[5]

The report says that the source “hacked into Ms. Chapur's account to retrieve the messages.” Since the identity of the ISP has not appeared, it is not possible to identify whether a crime was committed, and in what jurisdiction (e.g., ECPA would probably not apply if the server was outside of the United States).

June 29, 2009

A clarification has emerged concerning the compromise of the e-mail messages at the heart of this case.

In “Woman Linked to Sanford Comments on E-Mail”[6] it would appear that the E-mail messages were forwarded to multiple recipients, and that at least one of the accounts improperly accessed was an account at Hotmail. This information appears to have been from a transcription of a dignified statement by Ms. Chapur read on Argentine television station CN5.[7]


[1] “Read e-mails between Sanford, woman” The State
[2] 18 U.S.C.A. Section 2510, et seq.
[3] Chapter 30, Section 7.3, Computer Security Handbook, 5th Edition
[4] “Judge delays trial of accused Palin e-mail hacker” Network World, November 17, 2008
[5] “Argentine Man Said to Be Souce of Sanford E-Mail” The New York Times, June 27, 2009, page A12.
[6] “Woman Linked to Sanford Comments on E-Mail” The New York Times, June 29, 2009, page A12.
[7] Transcription of statement by Ms. Maria Belen Chapur read on Agentine station CN5, June 28, 2009


Picture of Robert Gezelter, CDP
RSS Feed Icon RSS Feed Icon
Add to Technorati Favorites
Follow us on Twitter
Bringing Details into Focus, Focused Innovation, Focused Solutions
Robert Gezelter Software Consultant Logo
+1 (718) 463 1079