Don't ask, don't AOL

If you've ever wondered why online privacy is such a big deal, ask Navy sailor Timothy R. McVeigh.

3 min read
Little lapses in electronic privacy can hurt a lot. Ask Navy sailor Timothy R. McVeigh.

At midnight on Friday, McVeigh's 17-year Naval career is slated to end because the Navy believes he entered the word "gay" in his America Online profile. Unlike the other Tim McVeigh--the one convicted of bombing the Oklahoma City federal building--this highly decorated senior chief petty officer has enjoyed a distinguished military career with a spotless record until now.

It all started in December when a civilian employee received an email from someone she thought might be McVeigh. Unsure of the sender, she checked his online profile, where she found someone described only as "Tim" of Honolulu. In the marital status box was typed "gay." She forwarded the information to the Navy, which held a hearing and promptly discharged McVeigh in response.

What made the Navy so sure this Tim is one and the same as its top enlisted man on the nuclear attack submarine Chicago? Simple. It rang up AOL and asked.

Anyone who subscribes to an online service should be rattled by McVeigh's plight. Not only did AOL apparently ignore its own privacy policy in his case, but both AOL and the Navy appear to have flagrantly violated a federal privacy law.

The Electronic Communications Privacy Act of 1986 (ECPA) requires government agents to identify themselves and present a court order to get online subscriber information. It also requires that online providers demand a court order before releasing subscriber info. In McVeigh's case, neither happened. A Navy investigator simply called AOL customer service and spoke to an "Owen" who allegedly linked the member profile to McVeigh.

Yet, because this privacy law is so weak, neither the Navy nor AOL is clearly responsible for quite possibly ruining the 36-year-old's military career. The career Navy man is just three years short of collecting a pension.

McVeigh is suing the Navy for violating the ECPA and his constitutional rights to due process and freedom from unlawful search and seizure. In an 11 a.m. hearing in Washington today, he asked federal Judge Stanley Sporkin to counter the Navy's ouster order originally scheduled to be executed today. At today's hearing, the Navy delayed the order until Friday.

Even if McVeigh can prove that the Navy and AOL knowingly violated the ECPA, there's no prescribed penalty for either party. "It's what we call in the law a 'wrong without a remedy,'" said David Sobel, counsel for the Electronic Privacy Information Center, who has been assisting the Servicemen's Legal Defense Network in McVeigh's case.

In fact, Sobel believes that such privacy violations occur regularly in the private sector, but are rarely detected (much less punished) because the ECPA only limits governmental officials. It puts no curbs on private parties. "Most of those cases are invisible, not only to the public but to most of the victims," said Sobel. "You could have exactly the same scenario outside the military," but the employee could be fired without ever knowing why. McVeigh's case is unique because the details have been recorded in sworn testimony.

If the Navy in its wisdom (or desperation) takes as fact something written in an AOL profile, then what's to stop a private employer from doing the same? Tim of Honolulu could just as easily have claimed to be Wonder Woman or a unicorn as he could claim to be gay or in the Navy. Being written in a profile doesn't make it true.

If today's electronic privacy laws are so weak, then the voluntary privacy guidelines proposed by the Clinton administration are sure to be weaker. AOL has demonstrated clearly that when push comes to shove, we cannot expect that private industry will voluntarily protect anyone but itself.