5th Circuit: Personal Computers and Devices Not Protected by the Stored Communications Act

You know that massive Stored Communications Act lawsuit you were planning? The one based on your opponent’s sinister and entirely unconsented intrusions into your clients’ personal laptops and mobile devices? Yeah, well you can forget about that.

At least in the Fifth Circuit, that is. The Fifth Circuit, in its new decision in Garcia v. City of Laredo, has held that personal computers, laptops, mobile devices, and whatnot are entirely unprotected by the Stored Communications Act. Mrs. Garcia was a former police officer who had left her phone in an unlocked locker at the police station, whereupon “a police officer’s wife” just happened to find it (?) and discovered several texts and images which, as the court put it, constituted “evidence of violations of a department policy.” (The Court did not describe the policy-or the images–any further, and for that, we are all grateful.) Mrs. Garcia was fired, and she claimed that the above events infringed upon her rights under the SCA.

The SCA protects data that resides in any “facility through which an electronic communication service is provided,” and generally proscribes attempts to extract that data without a valid consent from its owner. The question is whether or not the above personal devices constitute “facilit[ies] through which an electronic communication service is provided.” The Fifth Circuit tossed its hat in with a handful of other courts which have held that:

the relevant ‘facilities’ that the SCA is designed to protect are not computers that enable the use of an electronic communication service, but instead are facilities that are operated by electronic communication service providers and used to store and maintain electronic storage. [emphasis in original]

The Fifth Circuit also noted that even if personal computers and devices were the type of “facility” covered by the SCA, the data stored on these devices were not either in “temporary, intermediate storage” or in storage “by an electronic communication service for purposes of backup protection,” other requirements of various parts of the SCA.

There had been a small handful District Court level decisions on this issue which had likewise rejected SCA protection for personal computers and devices (in California, Michigan, and Ohio; they are cited in the opinion). But this is the first Circuit level rejection that I have seen. One wonders if this case might have been different had the employer in question gained access to locally cached copies of cloud content (stored on Google Drive, or in iCloud, or someplace like that), since that data is probably stored on exactly the type of “facility” contemplated by the SCA “for purposes of backup protection” (a key purpose of any cloud service). Technology marches on, for better or for worse, with the law in tow behind it. Maybe. Stay tuned.

South Carolina Supreme Court: Webmail Not Procted by Stored Communications Act

This is interesting. The South Carolina Supreme Court last week ruled that keeping old emails stored in webmail was not considered storage “for the purposes of backup protection” within the meaning of the Stored Communications Act.

The Court–in a very short opinion–held instead that “retaining an opened email” in one’s Yahoo! mail account did not constitute “storing it for backup protection under the Act.” Why not? The only explanation offered by the Supreme Court was a reference to the Merriam-Webster Dictionary definition of “backup”:

We decline to hold that retaining an opened email constitutes storing it for backup protection under the [Stored Communications] Act. The ordinary meaning of the word “backup” is “one that serves as a substitute or support.” Merriam-Webster Dictionary, [citation omitted]. Thus, Congress’s use of “backup” necessarily presupposes the existence of another copy to which this e-mail would serve as a substitute or support. We see no reason to deviate from the plain, everyday meaning of the word “backup,” and conclude that as the single copy of the communication, Jennings’ e-mails could not have been stored for backup protection.

In other words, because there wasn’t some other copy of the email floating around somewhere, the email living in Yahoo! webmail was not “backup” of anything.

Hmm…

The Court remarked in passing that its holding essentially contradicted virtually every prior case on this subject, most especially Theofel v. Farey-Jones, 359 F.3d 1066, 1075 (9th Cir. 2004). The Court’s explanation of why it was blowing past this line of prior cases? “[W]e believe the plain language of subsection (B) does not apply to the e-mails in question,” based on the aforementioned reference to the dictionary. The Court also stated, without explanation, that it “question[ed] the reasoning expressed in Theofel that such passive inaction” pertaining to email retention “can constitute storage for backup protection under the SCA.”

What does this holding mean? Well, if other courts adopt the reasoning of this new case, emails and other communications residing in web storage (Gmail, Yahoo! mail, Facebook messages, etc.) would likely be fair game for subpoenas in litigation. Right now, anyone lobbing a subpoena over the bow of Facebook, etc., is likely to get a form letter in response, pointing to the Stored Communications Act and explaining that the Act does not permit a response to the subpoena. This case, if it stands, opens things up a bit. Perhaps a lot.

Incidentally, this new case did not involve a subpoena, but rather a curious someone who hacked into a cheating husband’s Yahoo! mail account “by guessing the correct answers to his security questions.” The emails from said cheating husband were subsequently printed and given to his wife’s lawyer. Lovely.

The case is Jennings v. Jennings, and you can read it by clicking the link below.