The ECPA was passed by Congress to protect privacy potentially compromised by emerging technologies. In contrast to FERPA and HIPAA, the ECPA applies to all entities, prohibiting the unauthorized interception of oral or electronic communication. The ECPA implies a liability on any individual who (i) intentionally accesses without authorization a facility through which an electronic communication service is provided, or (ii) intentionally exceeds an authorization to access that facility and thereby obtains, alters or prevents authorized access to a wire or electronic communication while it is in electronic storage. (U.S.C. §2701) ECPA applies to providers of public communication where the substance, purport or meaning of the communication is intercepted. Thus the ECPA would allow for network monitoring and would not apply to internal networks of organizations as they constitute private electronic communication (Cassat). However, higher education institutions often provide communication services to the public, thus the correct application of ECPA depends on the relation of the user and the organization. For example, a member of the public using a state university library’s communication infrastructure, would be protected by ECPA.