The ECPA was passed by Congress to protect privacy potentially
compromised by emerging technologies. In contrast to FERPA and HIPAA, the
ECPA applies to all entities, prohibiting the unauthorized interception of oral or
electronic communication. The ECPA implies a liability on any individual who (i)
intentionally accesses without authorization a facility through which an electronic
communication service is provided, or (ii) intentionally exceeds an authorization
to access that facility and thereby obtains, alters or prevents authorized access to
a wire or electronic communication while it is in electronic storage. (U.S.C. §
2701) ECPA applies to providers of public communication where the substance,
purport or meaning of the communication is intercepted. Thus the ECPA would
allow for network monitoring and would not apply to internal networks of
organizations as they constitute private electronic communication (Cassat).
However, higher education institutions often provide communication services to
the public, thus the correct application of ECPA depends on the relation of the
user and the organization. For example, a member of the public using a state
university library’s communication infrastructure, would be protected by ECPA.