How Third Party ESI Requests Collide with the Stored Communications Act

The Plaintiff in an online fraud case sought the production of personal email messages from Yahoo.  Jimena v. UBS AG Bank, Inc., 2010 U.S. Dist. LEXIS 95050 (E.D. Cal. Aug. 27, 2010).

The allegations of the lawsuit involved a “Nigerian advance fee scheme,” where the Plaintiff claimed the Defendant, the Chief Financial Officer of UBS AG Bank, Inc., sent the Plaintiff emails from his Yahoo accounts.  Jimena, at *1.

The Defendant’s CFO purportedly offered to transfer $19 million to the Plaintiff if the Plaintiff sent $51,000 via wire transfer, so millions of dollars could clear “Anti-Drug/Terrorist Clearance” fees for transfers from Nigeria.   Id.

The Plaintiff did not get $19 million dollars. 

However, Yahoo did get a Federal Rule of Civil Procedure Rule 45 subpoena for emails from the Defendant’s two email accounts relevant to the lawsuit.  Jimena, at *2. 

Yahoo responded by that they did not have any subscriber information or responsive ESI for the named Defendant’s CFO.  Jimena, at *4. 

Yahoo also claimed that if there were responsive electronically stored information, it could not disclose the content of that information under the Stored Communications act without the consent of the subscriber.  Jimena, at *4-5. 

The Stored Communication Act states, in relevant part,

(a) Prohibitions. Except as provided in subsection (b) or (c)–
   (1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and
   (2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service–
      (A) on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service;
      (B) solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing; and
   (3) a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity.

(b) Exceptions for disclosure of communications. A provider described in subsection (a) may divulge the contents of a communication–
   (1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient;
   (2) as otherwise authorized in section 2517, 2511(2)(a), or 2703 of this title [18 USCS § 2517, 2511(2)(a), or 2703];
   (3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;
   (4) to a person employed or authorized or whose facilities are used to forward such communication to its destination;
   (5) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service;

18 USCS § 2702

The Plaintiff filed a motion to compel the Defendant to give its consent to disclose the Yahoo email content of the Defendant’s CFO.  Jimena, at *5. 

The Plaintiff argued that because the CFO was employed by the Defendant, the Defendant had the legal right to consent to the production of the CFO’s personal data from Yahoo.  Jimena, at *5. 

Yahoo filed an opposition to the motion out of the concern that the motion would be used to compel Yahoo’s compliance with the original subpoena.  Jimena, at *6.

The Defendant responded they were willing to consent for the CFO’s Yahoo subscriber information to be produced. However, the Defendant argued that there were no responsive email messages, as evidenced from Yahoo’s prior declarations.  Jimena, at *6.

The Court noted in a footnote that it was largely unaddressed whether the Defendant had the legal right under the Stored Communication Act to consent to the CFO’s personal email being produced.  Jimena, at *7, fn 1.  This issue alone is worthy of a detailed Court opinion.

Hitting Delete on the Motion to Compel

The Court denied the motion to compel Yahoo to produce electronically stored information.   Jimena, at *8.

The Federal Rule of Civil Procedure Rule 45 subpoena had a fatal procedural defect:

Yahoo was served in Sunnyvale, California (near San Jose). 

The subpoena required production at the United States District Courthouse in Fresno, California, which is more than 100 miles away. 

According to Rule 45, the production must take place within 100 miles of the issuing District Court. Jimena, at *8-9.

The Court assumed even if the subpoena could be enforced, Yahoo had demonstrated it had no responsive electronically stored information.  Jimena, at *9.  Yahoo argued that additional searches would “require the company to dedicate an incalculable amount of resources to conduct a manual search of all of its stored data.”  Jimena, at *9.

A court may not force a third-party to endure “undue burden” in the enforcement of a subpoena.  Jimena, at *9, citing Fed. R. Civ. P. 45(c)(3)(A)(iv). 

The Court held Yahoo would not be compelled to conduct additional searches, because of the cost and unlikelihood to prove different results.  Jimena, at *9-10. 

Bow Tie Thoughts

The Court’s two footnotes foreshadow an issue that will be decided: Does an employer have the legal authority to authorize the disclosure of an employee’s relevant personal electronically stored information under the Stored Communication Act?  The Court in Jimena did not decide this issue, but questioned whether the Defendant had such legal authority.  See, Jimena, at *fn 1 and 2. 

The analysis of whether such consent is proper would likely include if personal emails were being sent on a company device, during company time and in the course of the individual’s employment. However, this should make all of us stop and think. 

The idea of an employer having the power to consent to the production of an employee’s personal Facebook activity, webmail messages or text messages on a personal phone should strike fear into everyone.  Such an application of the Stored Communication Act would gut any protections the Act is supposed to offer, nevermind any state constitutional privacy rights.

One thought on “How Third Party ESI Requests Collide with the Stored Communications Act

  1. Pingback: Tweets that mention How Third Party ESI Requests Collide with the Stored Communications Act « Bow Tie Law's Blog -- Topsy.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s