Which is More Confusing: ECPA or the Tax Code?

Hearing Sarah Lawsky crack wise so often and so hilariously about the Internal Revenue Code during her visit made me think of a little joke I have used many times when lecturing about the Electronic Communications Privacy Act (ECPA). After warning listeners that ECPA is complex and confusing, I will often say something like, “And I challenge any tax experts in the room to go head-to-head with me in a battle for the title of ‘most confusing part of the U.S. Code.'” The comment usually inspires a few polite titters–from the kind of people who find jokes about comparative statutory complexity funny–so I keep using it.

The problem is, I have no idea whether I have a leg to stand on. Can ECPA really hold a candle to the infamous complexity of the IRC? Is there another part of the U.S. Code that makes both of these seem lucid in comparison?

This connects to James Grimmelmann’s recent series of posts about a new lawyer being a menace to his or her clients. He has been developing the point that mere book larnin’ isn’t enough to prepare a lawyer to represent a client competently, at least not in certain substantive areas, and he offers wills & trusts, bankruptcy, and copyright as examples. What makes a substantive area of law more complicated than another?

Keeping it focused on legislation, what factors conspire to make a statute complex and confusing (and, as an aside, can a statute be complex but not confusing or confusing but not complex?) Within my areas of expertise, here are a few factors that make ECPA complex:

  1. ECPA defines many terms, and it defines many terms in ways that are disconnected from ordinary meaning. (I’m looking at you, “electronic storage”!)
  2. ECPA (and more generally speaking, the Wiretap Act which predates ECPA) has many parallel definitions that Congress may not have intended to treat alike (yes, I’m talking about you two, “wire communication” and “electronic communication.”).
  3. ECPA interacts in mysterious ways with other laws (try to figure out what “readily accessible to the general public” means!)
  4. ECPA is rarely litigated. Orin Kerr explains how this has made a mess of the law in Lifting the ‘Fog’ of Internet Surveillance: How a Suppression Remedy Would Change Computer Crime Law, 54 Hastings Law Journal 805 (2003).
  5. ECPA regulates technology, so its meaning often shifts as technology changes. This problem is exacerbated because the basic structure and essential definitions are unchanged from 1986, so a law written to regulate mainframes is today applied to Web 2.0 and cloud computing.

So to all of the tax experts out there, what makes the tax code so complicated? Do all of the factors listed above apply to the IRC as well? The IRC is much longer than ECPA, and it is supplemented with reams of CFRs and other regs, but that can’t be enough alone to earn it the title, can it?

And what say you bankruptcy and copyright experts?

And even more generally, what are the objective metrics we can use to calculate comparative statutory complexity. (Yes, I’m picturing a NCAA-style tourney bracket right now.)

You may also like...

12 Responses

  1. Bruce Boyden says:

    Great idea Paul. I’ve often thought that a useful comparison could be done between the Copyright Act and other statutes, like the tax code. My own hypothesis is that the Copyright Act is not notably worse than a lot of other statutes; so if its complexity is a remarkably bad thing, it’s due to some other factor.

    Re: the ECPA, I hear you. To add to your list, one of the reasons I find it maddening is that it’s organized very poorly. There are several multi-part definitions with carve-outs that are then used in sections with multiple prongs defining liability (again with exceptions, sometimes in the same subsection, sometimes elsewhere, occasionally with provisos). Also there are carve-outs from definitions that really should have been made exceptions (e.g., business extensions and hearing aids); and there are exceptions that really should have been put into the definitions (consent). That last one constantly confuses courts; technically it’s an illegal interception to answer your telephone, but for (thank goodness!) the consent exception.

    Plus, two of the key concepts underlying the entire framework — “acquisition” and “access” — are undefined and not intuitively obvious. And there’s the whole way the definition of “electronic storage” refers to backup by a “service” — not a service provider, mind you, but the service itself, e.g. telephone service or internet access. How does internet access backup an email? And then there’s the vague nature of what a “service facility” is subject to 2701’s protections — every device attached to the Internet, or just some subset of that? Courts go back and forth on that one depending on their intuitions on who should be liable in a given case.

    Sure, Sections 108, 110, 114, and 115 of the Copyright Act are confusing, but they matter mostly to particular industries, not to everyone who touches the statute (libraries, bars, broadcasters, and record companies, respectively). The ECPA is confusing at the core. So I would pick it over the Copyright Act in the bracket.

  2. eck says:

    technically it’s an illegal interception to answer your telephone, but for (thank goodness!) the consent exception

    That’s ridiculous.

    Everybody knows that doing so isn’t an “interception” in the first place because it doesn’t involve the use of an “electronic, mechanical, or other device” (defined at section 2510(5)(a) to exclude “any telephone or telegraph instrument … furnished by [a] subscriber or user for connection to the facilities of [a] service and used in the ordinary course” etc.).

    No “device,” ergo no “intercept.”

    If it’s excitement you want, try figuring out which radio communications are protected (vel non) by Title III. I especially like the “hall of mirrors” interaction with 47 USC 605.

  3. Bruce Boyden says:

    Everybody knows that doing so isn’t an “interception” in the first place because it doesn’t involve the use of an “electronic, mechanical, or other device” …

    Eck, if everyone around you knows that, I’d say you hang out with a pretty geeky crowd!

    But I’m not sure it’s right. The business extension exception refers to use of a telephone “in the ordinary course of [the subscriber or user’s] business.” When you answer your telephone at home, is that in the ordinary course of your business? The business of being at home? That line of reasoning could make the business extension exception really, really broad (“I’m just using this scanner in the ordinary course of the business of using a scanner”). There are even some decisions applying saying this same carve-out applies to computers (e.g. Hall v Earthlink), so residential use of a computer in the ordinary course of the “business” of using a computer would also be excepted. It’s true that there are court decisions that have held that using a home telephone, or a device connected to a home telephone, is “in the ordinary course of business” of a residential subscriber, but there are others that delve into what the person’s purpose actually was, and I think it’s a bit dicey to rely on this provision to answer your phone.

    It’s a much more direct route, and I think the one Congress intended, to say that the interception is excused under the consent exception, as you consent to pick up your phone every single time.

  4. Bruce Boyden says:

    P.S. And what if you answer the phone at someone else’s house? Is that the ordinary course of the business of being-a-visitor-at-someone’s-house-who-is-unable-to-reach-the-phone?

  5. Paul Ohm says:

    I don’t want to get in the middle of this, but I needn’t pick sides to agree with Bruce’s point that Hall v. Earthlink is a flawed decision. It has troubling implications, too, because it opens the door to immunizing some types of ISP monitoring that would otherwise be illegal. I’ll probably say more about this in a later post.

  6. Eric Goldman says:

    I agree with Bruce that the ECPA v. Copyright comparison is no contest. The copyright code is filled with all kinds of stupid and ridiculous policy decisions, but most of those bad decisions are clear. I have no idea what the EPCA says in the first place, so I can’t even judge if its policy results are good or bad! Eric.

  7. eck says:

    When you answer your telephone at home, is that in the ordinary course of your business? The business of being at home?

    As you probably know, that’s precisely the rationale applied by numerous federal courts to exempt from Title III parental eavesdropping on minors.

    And what if you answer the phone at someone else’s house?

    Then it probably isn’t “your phone” as originally posited.

    if everyone around you knows that, I’d say you hang out with a pretty geeky crowd

    Would that Concurring Opinions supported XIML (extensible irony markup language). In any event, Paul is competent to testify about the ambient geek quotient.

  8. Orin Kerr says:

    Eck, if everyone around you knows that, I’d say you hang out with a pretty geeky crowd!

    Cough, cough.

  9. The complexity in ECPA, copyright, and tax is of different sorts.

    ECPA is a thicket, pure and not-so-simple. There’s a straightforward basic idea, implemented in a hideously tangled way. Bad definitions, overlapping provisions, terrible organization, you name it. The result is that it’s hard to reason towards a conclusion; everything knots up quickly.

    The tax code has two kinds of complexity. First, it has an intricate but crystalline set of rules: Every transaction needs to be slotted into exactly the right bin or bins. The rules are many, but it is possible to learn and work through them carefully (or so my tax-y friends tell me). Second, it has a lot of ambiguity in characterizing transactions, so that there are often two or three or more competing narratives as to what’s really going on. That kind of complexity is also intimidating, but it’s also often manageable by taxperts.

    Copyright has three things going on. First, it’s filled with quicksand pits: substantial similarity, fair use, idea/expresson, useful articles, and so on. It’s impossible to state general rules here; everything depends on analogical comparisons among cases. Second, there’s the calculus of the exclusive rights; the recent Cablevision case is a nice illustration of how tangled they can get. Here, the problem is not so much thinking through particular cases — it’s often clear that there are only a few plausible possibilities and case is mostly about arguing over them — as it is trying to fit them into a coherent theory. And third, there are all the crazy sections in the 100s (I call them “the dense stuff” with my class), but those are pretty easy to avoid most of the time.

  10. eck says:

    Bad [ECPA] definitions

    What could possibly be wrong with definitions like this:

    “oral communication” means any oral communication uttered by a person exhibiting an expectation that […]


  11. Jay Levitt says:

    Well, is “most confusing” judged by the potential for confusion, or the potential for differing opinions in litigation, or by the actual confusion experienced by the “end user” of the law?

    Because, while taxes are so complex that even most accountants don’t know the whole code, ECPA, to an ISP, was pretty simple, at least pre-Hall:

    You don’t read e-mail.

    Yes, there are a thousand shadings of each of those words. But it’s hard, in a day when we trade most privacy for free(er) access to content, to imagine what the world would have been like if this law hadn’t existed at the birth of the commercial Internet.

    You. don’t. read. e-mail.

    This drew, as you lawyers like to say, a bright line. It set the ground rules for what was and wasn’t okay on this new Internet thing. Remember, your e-mail is rarely (if ever!) encrypted in transit, unlike your banking transactions. And it’s stored, not transient. And, I’d wager, you’ve received or sent most of your personal details, by e-mail, at least once in your electronic life. Or the passwords to get them.

    Without ECPA? Can you imagine the sorts of data mining that would be done on what is, essentially, a stream of easily-parseable text that outlines EXACTLY what interests and compels you? Can you imagine how many times the technologists were able to say “no” to marketers with dollar signs in their eyes, because federal law made it pretty darned clear that it’s simply not done?

    If you think G-Mail ads are a little eerie sometimes… hoo boy.

    Laws don’t have to be litigated to be influential.

  12. eck says:

    Worst of all, the text of ECPA neither states expressly nor even implies that Orin owes me a beer.