The Stored Communications Act (SCA) is a law that addresses voluntary and compelled disclosure of stored wire and electronic communications and transactional records held by third-party internet service providers (ISPs). It was enacted as Title II of the Electronic Communications Privacy Act.
The Fourth Amendment to the U.S. Constitution protects the people’s right to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures. The application of this to information stored online is potentially far weaker. One of the issues is that users generally entrust the security of online information to a third party, an ISP. In some court decisions, courts have held that the Fourth Amendment doctrine concerning privacy with online setting is not as robust. Some courts have held that users relinquish any expectation of privacy when such information is given to an ISP.
The third party doctrine pertaining to online storage states that knowingly revealing information to a third party relinquishes Fourth Amendment protection in that information. While a search warrant and probable cause are required to search one’s home, under the third party doctrine only a subpoena and prior notice (a much lower standard than probable cause) are needed to compel an ISP to disclose the contents of an email or of files stored on a server. The SCA creates Fourth Amendment-like privacy protection for email and other digital communications stored on the internet.
An Overview of the SCA
The SCA targets two types of online service, electronic communication services, and remote computing services. The statute defines an electronic communication service as any service that provides to users the ability to send or receive wire or electronic communications. A remote computing service is the provision to the public of computer storage or processing services by means of an electronic communications system. If an unopened email has been in storage for 180 days or less, the government must obtain a search warrant.
If a communication has been in storage for more than 180 days or is held solely for providing storage or computer processing services the government can use a search warrant, or a subpoena. Prior notice can be delayed for up to 90 days if it would jeopardize an investigation. Historically, opened or downloaded email held for 180 days or less has fallen in this category, because it is held solely for the purpose of storage.
The Act describes conditions under which a public ISP can voluntarily disclose customer communications or records. ISPs are forbidden to divulge to any person or entity the contents of any communication, which is carried or maintained on that service. ISPs are allowed to share non-content information, such as log data and the name and email address of the recipient, with anyone other than a governmental entity. Furthermore, ISPs that do not offer services to the public, such as businesses and universities, can freely disclose content and non-content information. An ISP can disclose the contents of a subscriber’s communications authorized by that subscriber.
What are the Elements for Violating the SCA?
One may be in violation of the SCA if:
• intentionally accesses without authorization a facility through which an electronic communication service is provided; or
• intentionally exceeds an authorization to access that facility
• In addition, thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.
What are Consequences for Violating the SCA?
The penalties for violating the SCA are:
• a fine or imprisonment for not more than 5 years, or both, in the case of a first offense and
• A fine under this title or imprisonment for not more than 10 years, or both, for any subsequent offense under this subparagraph.
Section 2701 of the SCA provides criminal penalties for anyone who intentionally accesses without authorization a facility through which an electronic communication service is provided or intentionally exceeds an authorization to access that facility and thereby obtains, alters, or prevents authorize access to a wire or electronic communication while it is in electronic storage in such system.
What are the Defenses for Violating the SCA?
A provider described in subsection may divulge the contents of a communication:
• To an addressee or intended recipient of such communication or an agent of such addressee or intended recipient.
• To a person employed or authorized or whose facilities are used to forward such communication to its destination.
• As may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service.
• To the National Center for Missing and Exploited Children.
• to a law enforcement agency, if the contents were inadvertently obtained by the service provider and appear to pertain to the commission of a crime or
• To a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure immediately of communications relating to the emergency.
The law of the right of privacy is complex. If you believe you are a victim of a violation of the SCA then contact the experienced attorneys at Meyers Roman Friedberg & Lewis, LPA to evaluate your case. The laws regarding the SCA vary depending on the state. Call today to find out more information at (216) 831-0042.