How much privacy protection are your stored emails and texts hosted by third parties, such as Hotmail or Yahoo, entitled to? In the United States, the privacy of such communications is governed by a federal statute called the Electronic Communications Privacy Act (“ECPA”) and, in particular, a subsection of the ECPA called the Stored Communications Act (the “SCA”). The SCA prohibits an unauthorized person from intentionally (1) accessing a “facility through which an electronic communication service is provided,” or (2) exceeding “an authorization to access that facility”, and thereby obtaining, altering or preventing authorized access to, an electronic communication.
Since its passage, some ambiguities in the SCA’s application have arisen, but two recent court opinions have helped to clarify the contours of the statute.
The first case addresses whether actual damages are required to be shown in order for a plaintiff to recover damages under the SCA. In Chadha v. Chopra, 12 C 4204, 2012 WL 6044701 (N.D. Ill. Dec. 5, 2012), the defendant was a husband in the midst of a divorce who allegedly obtained the password and username for the Hotmail account of his wife’s friends, the plaintiffs. The plaintiffs in the case alleged that the defendant accessed the plaintiffs’ emails and address book and then used information gleaned from such access in order to send out defamatory emails to the plaintiffs’ friends and family from a fake email account created by the defendant. In denying the husband-defendant’s motion to dismiss, the U.S. District Court for the Northern District of Illinois held that (i) accessing and reading emails stored on a server is, in and of itself, enough to violate the SCA, and that (ii) no actual damages need to be proven in order for a plaintiff to recover punitive damages and attorneys’ fees under the SCA. The Court declined to address whether actual damages would need to be demonstrated in order for the plaintiff to be able to recover statutory damages under the statute, noting a split of authority on the matter.
The second opinion, Garcia v. City of Loredo, Case No. 11-41118 (5th Cir., Dec. 12, 2012), concerns the firing of a police dispatcher over text messages and images found on the dispatcher’s phone that indicated violations of police policy. Rejecting the dispatcher’s assertion that the information on the phone was protected by the SCA, the Fifth Circuit Court of Appeals held that the SCA prohibits only unauthorized access of a “facility” used to provide an electronic communication service, and therefore that information stored locally on a cell phone is outside of the statute’s scope. In reaching its conclusion, the Court cited a number of decisions denying SCA protection to information stored on personal computers and cell phones.
By Glen Westerback and Adam Nelson