Cell Phones are Not Facilities Under the Stored Communication Act

Does the Stored Communication Act protect all text messages and data stored on a personal cell phone accessed without the owner’s permission?

Not if you are arguing the cell phone is a “facility” under the Stored Communications Act. Garcia v. City of Laredo, 2012 U.S. App. LEXIS 25370 (5th Cir. Tex. Dec. 12, 2012).

The facts in Garcia v. City of Laredo involved a former police dispatcher who was terminated for violating department policy after another police officer’s wife first removed the Plaintiff’s phone from an unlocked locker in a police substation and then accessed the Plaintiff’s text messages and photos. Garcia, at *2. The police officer’s wife shared the information on the phone with city officials, because the wife believed the Plaintiff had violated department policy. Garcia, at *3. The Plaintiff was later terminated after an investigation. Id.

In order for a party to violate the Stored Communications Act, “they must have gained unauthorized access to a facility through which electronic communication services are provided (or the access must have exceeded the scope of authority given) and must thereby have accessed electronic communications while in storage.” Garcia, at *6, citing 18 U.S.C. § 2701(a) (2006).

The Plaintiff argued that her personal cell phone was a “facility” under the Stored Communications Act, claiming the electronic communication were kept in electronic storage in the form of text messages and pictures stored on the cell phone. Garcia, at *6.

The Stored Communication Act defines “electronic communication service” (“ECS “) as “any service which provides to users thereof the ability to send or receive wire or electronic communications.” Garcia, at *6-7, citing 18 U.S.C. §2510(15) and incorporated by reference in 18 U.S.C. §2711(1) of the SCA.

“Electronic storage” is defined as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” Garcia, at *7, citing §2510(17).

The Court cited case law that explained a hacker accessing a person’s photos and information on a laptop was outside of the Stored Communication Act.  Case precedent held the following:

“[T]he SCA clearly applies . . . to information stored with a phone company, Internet Service Provider (ISP), or electronic bulletin board system,” but does not, however, “appear to apply to the source’s hacking into Steiger’s computer to download images and identifying information stored on his hard-drive.” It noted that “the SCA may apply to the extent the source accessed and retrieved any information stored with Steiger’s Internet service provider.”

Garcia, at *8, citing United States v. Steiger 318 F.3d 1039, 1049 (11th Cir. 2003).

Other Courts have held the following on “facilities” under the Stored Communications Act:

“[T]he relevant ‘facilities’ that the SCA is designed to protect are not computers that enable the use of an electronic communication service, but instead are facilities that are operated by electronic communication service providers and used to store and maintain electronic storage.”

Garcia, at *9, Freedom Banc Mortg. Servs., Inc. v. O’Harra, No. 2:11-cv-01073, 2012 U.S. Dist. LEXIS 125734, at *9 (S. D. Ohio Sept. 5, 2012).

The Stored Communication Act was also originally envisioned where “a provider (the ISP or other network service provider) and a user (the individual with an account with the provider), with the user’s communications in the possession of the provider.” Garcia, at *10, citing Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide to Amending It, 72 GEO. WASH. L. REV. 1208, 1209-13 (2004) .

Information on personal computers and cell phones is not “electronic storage” under the Stored Communication Act. Garcia, at *11. Moreover, just because a cell phone enables the use of electronic communication services, does not mean it is a provider of electronic communication services.  Garcia, at *11-12. Furthermore, there was no evidence the Defendants acquired the data from the cell phone service provider, thus no violation of the Stored Communication Act.  Garcia, at *12.

Bow Tie Thoughts

The Plaintiff argued there were also violations of the Fourth Amendment, the Texas Constitution and the invasion of privacy; however, none of those issues were appealed.

It is important to understand the difference between a personal device, whether it is a cell phone or a personal computer, and a service, such as an email service provider. This can become complicated quickly, but just because a device enables the use of electronic communication services, does not mean it is a provider of electronic communication services.

2012 Case Law Year-In-Review

2012 eDiscovery Case Law included everything from Tweets to Computer-Assisted Review. However, there was also a very basic theme that is hard to ignore: Cases should be about the merits. And for cases to be decided on the merits, attorneys need to educate themselves on electronic discovery so they know what to argue to a Judge.

Many 2012 cases focused on search terms search term efficiency, demonstrating undue burden, and proportionality, which all highlighted the need for attorneys to understand electronic discovery. Attorneys cannot competently represent their clients without understanding what technology is relevant in a case; the possible sources of electronically stored information; and what technology to use to review electronically stored information.

I discuss many of these cases in my Year in Review, available on the above YouTube link and on my podcast channel.

I wish everyone a very success 2013.

Foreign Nationals Seeking Facebook Information

Surviving family members of a Facebook user in Great Britain filed an ex parte application for access to the deceased’s Facebook account to show the deceased’ state of mind for the Coroner’s investigation in Manchester, England. In re Facebook, Inc., 2012 U.S. Dist. LEXIS 134977, at *1-2 (N.D. Cal. Sept. 20, 2012).

The Court denied their application based on the Stored Communication Acts.

The Court explained that granting the application would violate the “specific [privacy] interests that the [SCA] seeks to protect.” In re Facebook, Inc., at *3. The Court further stated, “It would be odd, to put it mildly, to grant discovery related to foreign proceedings but not those taking place in the United States.” Id.

The Court also quashed the application on the issue of the survivors consenting on the deceased behalf, because the court lacked jurisdiction on that issue. In re Facebook, Inc., at *4.

The Court stated it would not give an advisory opinion on whether the Applications could offer consent so that Facebook could produce the user information voluntarily. However, the Court noted that Facebook could determine for itself if the Applicants had standing to consent on the deceased’s behalf and produce the user information voluntarily. In re Facebook, Inc., at *5.

Bow Tie Thoughts

The Stored Communication Act exists to protect privacy rights for those using remote computing services or stored communications. Given the tone of this case involving British subjects, it would be interesting to know whether any of them were the executor of the deceased’s estate, which would likely solve any consent issues.

Psychic Discovery

There is no psychic privilege. However, the legal tealeaves foretell a discovery dispute between online psychic advice and the Stored Communication Act.

Judge Frank Maas had to interpret the legal Tarot Cards in an employment dispute involving a Plaintiff who sought online psychic advice.

The Defendants sought discovery from the third-party online advice and consulting service, as the subject matter of the communications arguably were relevant to the lawsuit.  Glazer v. Fireman’s Fund Ins. Co., 2012 U.S. Dist. LEXIS 51658, 9-10 (S.D.N.Y. Apr. 4, 2012).

The third-party was a “…platform for on-line advice and professional consulting services.” Glazer, at *2.  The consulting services included many professions, including legal services. Id.

The Plaintiff “chatted” with a psychic on advice pertaining to her job, work performance and other issues the Defendant argued were relevant to the lawsuit. Further, the Plaintiff would email excerpts from her chat sessions to her work email account. Glazer, at *2-3. The Plaintiff closed her account in November 2011 and deleted her old chats sometime before closing her account. Glazer, at *3.

The third-party opposed the discovery request, arguing the Plaintiff could open a new account and access her old chats herself. Glazer, at *4-5.

The Plaintiff argued that the Stored Communication Act proscribed the third-party from producing chat transcripts, because an electronic communication service (“ECS”) provider may “not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.” Glazer, at *5-6, citing 18 U.S.C. § 2702(a)(1). The Plaintiff further argued that a remote computing service (“RCS”) provider may not “knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service.” Glazer, at *6, citing § 2702(a)(2).

The Court stated that the third-party was either a RCS or ECS, or both, but there was a questions whether the communications were electronically stored under the Stored Communication Act.  Glazer, at *6-7.

The Court effectively decided to avoid the SCA issues, including whether the communications were electronically stored or whether the Plaintiff consented to their disclosure.  Instead, the Court “directed” the Plaintiff to consent to the disclosure of relevant chats.  Glazer, at *9. The Court stated:

Indeed, even if the Court were to conclude that the SCA is inapplicable to the discovery that Fireman’s Fund seeks, it would make more sense to require that Glazer produce the relevant communications herself, with LivePerson needing to do so only to the extent that Glazer cannot.

Glazer, at *9-10.

Based on the above, the Court ordered the Plaintiff to do the following:

Open a new account

Retrieve all available paid chat transcripts

Produce non-privileged electronic copies to the Defendant

Glazer, at *10.

Judge Maas did not place any subject matter restrictions on the chat transcripts, because the material the Defendants presented to the Court was “relevant for at least discovery purposes.” Glazer, at *10.

Bow Tie Thoughts

I think Judge Maas got this case right on producing ESI highly comparable to social media information. Instead of propounding discovery on third parties with lengthy analysis of the Stored Communication Act, or compelling a producing party to surrender their login credentials to a requesting party, the burden should be on the producing party to review and produce relevant electronically stored information.

Discovery over email does not require passwords and login credentials being surrendered to a requesting party to review email messages at will.  Moreover, cases involving the mirror imaging of hard drives do not allow a requesting party to review the entire contents of someone’s digital life. In most situations, the producing party can review for relevance or privilege.

Social media should be no different. Relevancy should not ignored simply because of “friend requests” or Tweets.

Broken Hearted Early Discovery

In a case involving alienation of affection, the Plaintiff sought early discovery on third party electronic communication service providers.  Dockery v. Horvath, 2011 U.S. Dist. LEXIS 124997, 2-3 (S.D. Miss. Oct. 27, 2011). The case was in procedural limbo, because the Defendants were in New York state, had not filed an answer and the Plaintiff had not secured a default judgment.  Dockery, at *2.

The motion for early discovery sought, “permission to serve subpoenas on any known third party through which Defendant…and Plaintiff’s now ex-wife have communicated, prior to the Rule 26(f) attorney conference requirement, in an effort to obtain critical evidence and prevent it from being lost.” Dockery, at *2-3. The motion referred to electronic communications from the third-party service providers, such as cell phones, text messages and email, on the understanding the ESI was “time sensitive.” Id.

The Court noted the Plaintiff’s legal support for their position was “unclear.”  Id.

Good cause is required for early discovery on third parties prior to a Rule 26(f) conference.  Dockery, at *4.

The Court quickly held the Plaintiff did not establish good cause, because there was no particularized showing or evidentiary support that the ESI would be lost.  As the Court stated, “The assertions in his motion are supported only by understanding and belief, and are vague and conclusory at best.”  Dockery, at *4-5.

Bow Tie Thoughts

There are two challenges to seeking early discovery of ESI from third party communication providers: The first is showing good cause to justify the early discovery and the second is the Stored Communications Act.

Even if a party is able to demonstrate good cause, such as there is a specific time in which email messages are maintained on a provider server, the service provider cannot produce the content of those messages without violating the Stored Communication Act.  (From more SCA cases, see Dueling Definitions of “Interception” in Wiretap Violations, Being a Fugitive is Not Consent for Production under the Stored Communications Act, and Quashing Subpoenas with the Stored Communication Act).

Furthermore, the wholesale production of all communications from a specific individual would arguably be overly broad and include either irrelevant or privileged information.  The requesting part would want the ESI request narrowly tailored to what was relevant to the case to ease the cost and time of document review.

Dueling Definitions of “Interception” in Wiretap Violations

A Plaintiff sued her former employer alleging violations of the Federal Wiretap Act, the Indiana Wiretap Act and the Stored Communication Act. The facts at issue involved the Plaintiff’s email and banking passwords being recorded by keylogger software on a company computer, allowing the Defendants to access the Plaintiffs email and banking information. Rene v. G.F. Fishers, Inc., 2011 U.S. Dist. LEXIS 105202 (S.D. Ind. Sept. 16, 2011).

The Defendants brought a motion to dismiss, which was granted on the Federal Wiretap cause of action, but denied on the state and Stored Communication Act causes of action. Rene, at *18.

Federal Wiretap Act

The Federal Wiretap Act makes it a crime to intercept electronic communication and also allows for civil damages for an interception. Rene, at *5.

The Federal Wiretap Act defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” Rene, at *5, citing 18 U.S.C. § 2510(4). The interception must be “contemporaneously with the communication.” Id.

The Court held that the capturing of keystrokes was not enough for a violation of the Federal Wiretap Act. Rene, at *5. Specifically, keystrokes are not an “electronic communication” under the statute, because the transmission is internally within a computer and not affecting interstate commerce. Rene, at *6-7. As such, the cause of action failed.

The state wiretap act was a different story.

Indiana Wiretap Act

The Indiana Wiretap Act creates a cause of action when anyone’s “communications are intercepted, disclosed, or used in violation of this article.” Rene, at *10.

Furthermore, the state wiretap act defined “interception” as “the intentional recording or acquisition of the contents of an electronic communication by a person other than a sender or receiver of that communication, without the consent of the sender or receiver, by means of any instrument, device, or equipment under this article.” Rene, at *10, Ind. Code 35-33.5-1-5.

As the Court noted, “[T]hese definitions are hardly identical.” Rene, at *11.

Moreover, the Indiana statute did not require the communication be transmitted on a system affecting interstate commerce. Rene, at *11.

As the Court explained:

Yet a critical phrase is absent from the IWA — while the FWA requires that a communication be transmitted by a system “affecting interstate or foreign commerce,” the IWA does not include this restriction. This Court’s holding that Rene’s FWA claim fails turns on this important phrase. Absent this phrase, the transmitting system at issue — the cord between keyboard and computer — may satisfy the system requirements for an “electronic communication” under the FWA. Likewise, the system at issue may satisfy the requirements for “electronic communication” under the IWA. Thus, even if the federal requirement of “contemporaneous interception” is grafted on to the statute, the clear absence of this phrase would change the applicable standard for an “interception” under the IWA. While the FWA requires that the interception occur contemporaneously with transmission by a system affecting interstate commerce, the IWA appears to merely require that the interception occur contemporaneously with transmission by a system. For this reason, even if, as the Defendants’ claim, interpretation of the IWA follows federal case law as far as the text allows, Rene’s IWA claim survives.

Rene, at *11-12.

Stored Communications Act

The Defendants claimed the Stored Communication Act cause of action for accessing the Plaintiff’s email failed, because the email messages accessed were not in “electronic storage.” Rene, at *13.

The Stored Communications Act (“SCA”) prohibits “intentionally accessing without authorization a facility through which an electronic communication service is provided,” and accessing an “electronic communication while it is in electronic storage.” Rene, at *13, citing 18 U.S.C. § 2701(a).

“Electronic storage” is as “any temporary, intermediate storage of a[n] . . . electronic communication incidental to the electronic transmission thereof,” and “any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” Rene, at *13, citing 18 USC § 2510(17)(A) and 18 USC § 2510(17)(B).

The Defendants argued that regardless of whether email messages were opened or not, the messages were not in “electronic storage.” Rene, at *13-14.

The Court avoided wading too deep into the issue of whether open email messages are in “electronic storage.” The Court stated that “at a minimum email messages that have reached the addressee’s inbox, but which have yet to be opened by the addressee, are in “temporary, intermediate storage.” Rene, at *14-15. The Court specifically found:

Insofar as an email message waiting to be downloaded had yet to travel the channel between server and local computer, it remained in temporary, intermediate storage incident to transmission. Similarly, inasmuch as an email waiting in an inbox has yet to be accessed by the addressee, even though it may be kept after viewing only on the regional server, it too has yet to travel to its ultimate destination.

Rene, at *16.

The Court found the Plaintiff had alleged enough for her SCA claim to survive with her claims the Defendants had made unauthorized access to her email. Rene, at *17-18.

Bow Tie Thoughts

Privacy, and personal communications being disclosed, is an ever-growing battleground in Court. The fact two different definitions of “interception” can result in one cause of action surviving where another fails is telling of the complexity of these cases.

The 25-year-old Stored Communication Act excels at causes lawyers and judges to engage in Cirque du Soleil style mental acrobatics. The issue of whether or note “electronic storage” includes open webmail messages results in courts analyzing 21^st Century email technology to a statute passed in 1986. These issues will continue to be litigated and Congress may ultimately update the Stored Communication Act to reflect the advances in technology.

How to Exclude an Expert Who Says There is No Expectation of Online Privacy

A Plaintiff successfully excluded the Defendant’s testifying expert whose opinion was that “no one, including Plaintiffs, has a reasonable expectation of privacy in Internet communications.”  Clements-Jeffrey v. City of Springfield, 2011 U.S. Dist. LEXIS 81898, 2-3; 10 (S.D. Ohio July 27, 2011).

The case involved the theft of a laptop.  The “contextual expert” was going to offer the following opinions:

1. It is not reasonable to believe that electronic communication is private online.

2. Only the original owner of a computer can have meaningful knowledge of security protection it contains. Any subsequent user of a laptop cannot assume automatic protection of any kind.

3. Computer, laptop, and electronic equipment theft is a serious social and  criminological problem for organizations, businesses and individuals that requires reasonable remote and location-specific security solutions.

4. When a company activates system operation software capture for security reasons, the representatives of the company/employees cannot predict the nature of the material that will be accessed.

5. Security and theft protection tools are necessary and proper tools to combat computer theft.

Clements-Jeffrey, at *2-3.

The Court held the Defense Expert’s opinion was “absolutely irrelevant,” because the issue of whether the Plaintiffs had a reasonable expectation of privacy in their Internet communications was a question of law.  Clements-Jeffrey, at *6.

The Court further noted that the expert’s “opinion” was also contrary to case law.  Id.

The Court quickly recounted well-established precedent by multiple courts recognizing individuals having an objective reasonable expectation of privacy in their computers.  Clements-Jeffrey, at *7.

Moreover, case law has held that password-protected personal computers have an even greater privacy protection.  Id.

The Court further cited a Sixth Circuit case involving electronic communications holding that “a subscriber enjoys a reasonable expectation of privacy in the contents of emails ‘that are stored with, or sent or received through, a commercial [Internet service provider].’” Clements-Jeffrey, at *8, citing United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010), reh’g and reh’g en banc denied (2011) (quoting Warshak v. United States, 490 F.3d 455, 473 (6th Cir. 2007)).

Furthermore, the Sixth Circuit held that that “the very fact that information is being passed through a communications network is a paramount Fourth Amendment consideration.” Clements-Jeffrey, at *8, citing Warshak, at *285.  As the Court further explained:

The court in Warshak also held that even though email had to pass through an Internet service provider (“ISP”), and even though that provider may have contractually reserved the right to access the subscriber’s email in certain circumstances, neither the ability of the ISP to gain that access, nor its contractual right to do so, extinguished the user’s reasonable expectation of privacy.

Clements-Jeffrey, at *8-9, Warshak, at 286-87.

The Court drove the issue home on the expert’s opinion with the following:

These holdings can logically be extended to cover instant messages and webcam communications, the types of electronic communications at issue in this case. Applicable statutes also shed light on whether an individual has an objectively reasonable expectation of privacy in electronic communications. The Stored Communications Act (“SCA”), 18 U.S.C. § 1701 et seq., at issue in Warshak and Quon and the subject of one of Plaintiffs’ claims in this case, specifically prohibits the intentional, unauthorized access of stored communications such as email. The Electronic Communications Privacy Act (“ECPA”), 18 U.S.C. § 2511, also the subject of one of Plaintiffs’ claims in this case, specifically prohibits the intentional, unauthorized interception, disclosure, and use of wire, oral, and electronic communications.

Clements-Jeffrey, at *9-10.

The Court held that the expert’s opinion was “contrary to law, and thus not relevant to the issues in this litigation.”  Clements-Jeffrey, at *10.

Bow Tie Thoughts

To say that the expert’s opinion that “no one” has an objective reasonable expectation of privacy in Internet communication bothered the judge is an understatement.

Privacy is a key battleground in litigation today, because individuals live their lives connected to email, text messages, IM’s, social media and whatever network their data is being sent over.  Relevant information is rightly subject to discovery in litigation, but to say there are no privacy interests at issue is a grave mistake.

The fact data is sent over an ISP does not render the 4^th Amendment dead-letter law. Congress will continue to debate these issues and Courts will continue to vindicate these rights in litigation.  These issues will continue to make case law for the foreseeable future.

Streaming Early Discovery in Online Music Infringement

The Plaintiffs filed a suit alleging copyright infringement against the online proprietors of Korean pop music website where the Defendants “post, organize, search for, identify, collect and index links to infringing material that is available on third-party websites,” which the Plaintiff claimed was a “a one-stop shop for infringing material.” DFSB Kollective Co. v. Jenpoo, 2011 U.S. Dist. LEXIS 62163, *1-2 (N.D. Cal. June 10, 2011).

The Plaintiffs sought early discovery on eight third-party service providers and “other necessary entities that may be uncovered during discovery” to identify the Doe Defendants, because the Defendants allegedly used false names on their various websites and social networking profiles. DFSB Kollective Co., at *2, 4. The service providers included:

SoftLayer;

Facebook;

Twitter;

Google;

MySpace;

DPS;

HostGator and

GoDaddy

DFSB Kollective Co., at *4.

Requirements for Early Discovery

Early Discovery may be allowed by a Court when there is “good cause” and “for the convenience of parties and witnesses and in the interests of justice.” DFSB Kollective Co., at *4, citing Fed. R. Civ. P. 26(d).

A Moving Party must show the following to conduct early discovery:

(1) Identify the defendant with enough specificity to allow the Court to determine whether the defendant is a real person or entity who could be sued in federal court;

(2) Recount the steps taken to locate the defendant;

(3) Show that its action could survive a motion to dismiss; and

(4) File a request for discovery with the Court identifying the persons or entities on whom discovery process might be served and for which there is a reasonable likelihood that the discovery process will lead to identifying information.

DFSB Kollective Co., at *4, citing Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573, 578-80 (N.D. Cal. 1999).

Downloading Good Cause

The Court found good cause for early discovery, because ISP subscriber logs are retained for a short time before the data is lost. DFSB Kollective Co., at *5. In short, time is of the essence to identify Doe Defendants with ISP information.

The Court outlined how the Plaintiffs had satisfied the four-factor test for conducting early discovery:

Defendants specifically identified e-mail addresses, user IDs, and account numbers.

The Defendants had hired investigators and presented the findings to the Court.

The Defendants established that the Complaint would likely to survive a motion to dismiss.

The Defendants demonstrated there was a reasonable likelihood that third-party discovery would produce identifying information, with a couple of big caveats.

DFSB Kollective Co., at *5-6.

The Court’s Terms & Conditions on Limited Discovery

The Court’s order was limited to six of the third-parties, because the Plaintiffs did not show a connection between MySpace and GoDaddy to the Defendant. DFSB Kollective Co., at *6-7. The Court noted that the MySpace account appeared dormant and contained no references to the Defendants’ website. Id.

Additionally, the Court limited the search into the different email addresses down to two, because those addresses appeared connected to the alleged infringing activity. DFSB Kollective Co., at *7.

Furthermore, the Court did not allow the Plaintiff to subpoena the Defendants’ financial institutions. Id.

The subpoenas were limited to the production of the names, addresses, phone numbers, e-mail addresses, and physical addresses associated with those accounts. Id.

No Tonkin Gulf Resolution for Production

Echoing the logic that enacted the War Powers Act, the Court refused to give an open-ended order where the Plaintiff could seek discovery from “other necessary entities that may be uncovered during discovery.” DFSB Kollective Co., at *7-8.

Pistols at Downloading: Dueling Procedures for Third-Party Service Providers

The third-party service providers subject to the discovery order were required to serve a copy of the subpoena on their affected subscribers. If the subscribers did not file a motion to quash, the third-parties would then produce the required information within 10 days. DFSB Kollective Co., at *8-9.

Bow Tie Thoughts

Early discovery from third-party service providers walks a delicate line between furthering the interests of justice and violating privacy laws. In this case, early discovery was absolutely required to identify the Doe Defendants. Early discovery from third-party service providers is often the only way to identify committing an online tort.

However, the idea of a Court giving a very open-ended Order to seek discovery from “other necessary entities that may be uncovered during discovery” should give everyone pause. Discovery requests are supposed to be narrowly tailored and reasonably particular against an entity; a blank check to seek discovery from un-named third-party service providers would be a very dangerous precedent. If a third-party is identified and has a causal connection to a case that may produce information to identify a doe defendant, a party should bring it before the Court for expedited discovery.

The other risk with early discovery is ordering the production of otherwise privileged information. For example, California has a state constitutional right to privacy which might apply in some cases. The Stored Communication Act protects the contents of email messages from production by a third-party. Financial information is also often protected by both Federal and State laws. While producing names, addresses, phone numbers, e-mail addresses, and physical addresses is within the interests of justice, Courts must guard against these procedures from being abused.

No Shirt, No Complaint, No Subpoena

A self-identified “Plaintiff” filed subpoenas in the Northern District of California directed to Google, MSN Hotnail, CableVision, AOL, Charter Communications, Verizon, Performanceix, and Yahoo!. Mission Trading Co. v. Doe, 2011 U.S. Dist. LEXIS 52681, 1-2 (N.D. Cal. May 16, 2011).

The subpoena to Yahoo! sought the identity, IP addresses and access logs associated with four email addresses.  The subpoena further requested, “copies of all electronic messages sent and received from said email addresses and any other email addresses associated with the IP addresses used to access these accounts.”  Mission Trading Co. v. Doe, at *1-2.

One small procedural issue: No complaint had been filed.  Mission Trading Co. v. Doe, at *1.

Despite this procedural omission, the subpoena was given a case number. Id.

Yahoo alerted one of the email address owners of the pending subpoena.  The new Opposing Party filed an Objection, which the Court treated as a motion to quash.  Mission Trading Co. v. Doe, at *2.

The Opposing Party argued the following:

1) No complaint is on file and no defendants have been named, so the subpoena is vague, ambiguous, overbroad, burdensome, oppressive and harassing;

2) The Opposing Party was not served with a copy of the subpoena and therefore cannot determine the purpose or scope of the subpoena;

3) The subpoena purports to impose requirements beyond those permitted by the Federal Rules of Civil Procedure; and 

4) The subpoena violates the Opposing Party’ right to privacy, could cause production of privileged documents or proprietary and confidential business records or trade secrets, and is overbroad to the extent it contains no time limits or subject matter limitations.

Mission Trading Co. v. Doe, at *2-3.

The Requesting Party admitted there was no pending litigation, but argued its subpoena equated to an “early discovery request” to identify a defendant.  Mission Trading Co. v. Doe, at *3-4.

There was no case authority for the Requesting Party’s position.  Moreover, cases that allow for early discovery actually have a complaint on file.  Mission Trading Co. v. Doe, at *4.

The Court granted the Opposing Party’s motion to quash, reasoning that without a complaint, it could not determine if it had jurisdiction or even if the complaint would survive a motion to dismiss. Mission Trading Co. v. Doe, at *4.

Bow Tie Thoughts

There are very valid times for early discovery to identity a Doe Defendant with ISP or other data, however, filing a complaint is a condition precedent before any subpoenas can be issued.

Once subpoenas are issued, a propounding party would need to contend with the Stored Communications Act, which is a barrier to production to the contents of email messages and other stored ESI.  While the information to identify a party is one thing to produce, the contents of messages are an entirely separate issue that are better suited for a request for production on a party.

Being a Fugitive is Not Consent for Production under the Stored Communications Act

The Plaintiff sued his former wife and EgyptAir for abducting their children and taking the children from the United States to Egypt without his consent.  The Defendant never appeared in the lawsuit and ignored the court proceedings.  Bower v. Mirvat El-Nady Bower, 2011 U.S. Dist. LEXIS 36677 (D. Mass. Apr. 5, 2011).

The Plaintiff served Google and Yahoo a third-party request to produce the Defendant’s emails from approximately the month before she took the children to Egypt to present.  Bower, at *3.

The Plaintiff requested the Court to order that the Defendant granted consent to the production of her email messages from Yahoo and Google.  Id.

Both Google and Yahoo argued they could not comply with the third-party discovery request, because such production is specifically not permitted under the Stored Communications Act.  Bower, at *3-4.

The Court agreed that the production was barred by the Stored Communications Act and further “declined” to find the defaulting Defendant “impliedly consented to the production of her emails.” Bower, at *4.

The Stored Communications Act

Yahoo and Google are both “electronic communication service” providers under the Stored Communications Act, which states in relevant part:

[A] person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service[.]

Bower, at *4, citing 18 U.S.C. § 2702(a)(1)

One Court explained the protections of the Stored Communications Act as follows:

“[P]rotecting privacy interests in personal information stored in computerized systems, while also protecting the Government’s legitimate law enforcement needs, the Privacy Act creates a zone of privacy to protect internet subscribers from having their personal information wrongfully used and publicly disclosed by ‘unauthorized private parties,’ S.REP. No. 99-541, at 3 (1986), as reprinted in 1986 U.S.C.C.A.N. 3555, 3557.”

Bower, at *4-5, citing, In re Subpoena Duces Tecum to AOL, LLC, 550 F. Supp. 2d 606, 610 (E.D. Va. 2008).

The Plaintiff’s Arguments

The Plaintiff argued that since his former wife was a fugitive, “she should be deemed to have consented to the disclosure of her emails.”  Bower, at *5.  Alternatively, the Plaintiff argued the Court order the Defendant to consent and any default to consent should be deemed as the Defendant’s consent.  Id.

The Court’s Finding

The Court refused to find that the Defendant’s default amounted to consent under the Stored Communications Act for the production of her email.  Bower, at *6-10.

There was no case law where a court ordered the production electronically stored information belonging to a fugitive defendant or by default under either Federal Rules of Civil Procedure Rules 34 or 45. Bower, at *6-7, fn 1.

While the Court recognized the Plaintiff’s frustration, there was no evidence that the Defendant “consented” to her email being produced.  Moreover, the Court would not order her “consent” through her failure to participate in the litigation.  Bower, at *6-10.

Bow Tie Thoughts

The Stored Communication Act creates a significant privacy interest in electronically stored information.  Moreover, it is questionable a Court to order a party to consent to waive their rights under the Stored Communication Act (as one California case is demonstrating).

There may not be a winnable scenario to compel third-party production from a defaulting defendant of “cloud” based email messages.  It might be possible for a Court to order the production of enough information to identify where a party is located, but disclosing the contents will likely be barred.