Dispute report: subpoenas and stored communications law



“Our company operates an electronic communications system and we have obtained a subpoena for something that one of our users stores on our system. Can’t we just produce it? »STOP! The content (explained below) an electronically stored communication is treated differently under federal law than paper content or non-content information (For example, information other than the content of a message, such as a username or the date the user last accessed the system.)

In-house legal advisers of companies providing electronic communication or remote computing services should consider the Stored Communications Act (SCA), 18 USC §§ 2701 and following. when they receive subpoenas. An electronic communication service is any service that offers users the ability to send or receive wired or electronic communications. A remote computing service is the provision to the public of computer storage or processing services by means of an electronic communication system. Thus, a company that provides a messaging system or a social network may be covered by the SCA.

The SCA governs access to “electronic communication services” and “remote computing services”. Due to the increasing volume of information stored in these services, in-house lawyers and their external litigators should familiarize themselves with the provisions of the SCA.

What is the law on stored communications?

The SCA prohibits providers of an electronic communication service or remote IT service from disclosing the content of information stored on their systems, except in certain circumstances. It also prohibits unauthorized access to an electronic communication service.

When does the SCA apply?

Companies that provide covered services should be alerted to the SCA whenever they consider disclosing information provided by a user, customer or subscriber. This includes disclosures under civil summons or government requests. A business can be regulated by the SCA even if its main activity is other than communication or Internet services. For example, a company that provides an internal social network to its employees may be covered, even if that company’s main activity has nothing to do with electronic communications or remote computer services.

The SCA also comes into play when requesting information from a covered business, whether in litigation against that entity or through a subpoena from a third party. The SCA establishes procedures for government requests.

Accessing information stored electronically without authorization, such as stealing a user’s password to access their email account, can violate the SCA.

Content vs. data without content.

The SCA distinguishes between content (the text of an email or social media post) and other information (the identity of the sender or the date the message was sent). Although the SCA prohibits the production of content, it does not prohibit the production of other information, including information provided by the user. This can include information such as usernames or IP addresses.

Tips for navigating the SCA.

  • Obtain user consent. The SCA authorizes disclosure with the consent of the user, customer or subscriber. If possible, obtain user consent before requesting data. But beware, an employer may not be able to consent to the disclosure of employee data.
  • Request data from the user. Request data (for example, social media information) directly from the user, rather than the provider.
  • Request non-content information. Requesting non-content information may help you identify other parties to the communication in question who may be willing to consent to its broadcast.
  • Use the SCA as a shield. Companies covered by the SCA can invoke the law to refuse to produce the requested documents.
  • Control access to data. Businesses need to maintain strong data controls. This will make it easier to demonstrate a SCA violation in the event of unauthorized access.

What happens if the SCA is violated?

Anyone harmed by a violation of the SCA has a civil cause of action and can recover fair or declaratory relief, damages of at least $ 1,000, and possibly punitive damages and attorney fees. Violations of the SCA can also result in criminal liability. If a SCA violation results in criminal charges against the victim, removal of wrongly disclosed evidence is unlikely to be available as a remedy.


Comments are closed.