In the last decade, lower courts have divided on the proper privacy protections that apply to opened e-mail held by Internet service providers. The Stored Communications Act gives high privacy protection to e-mails in the course of delivery, and then gives lesser privacy to remotely stored files in the cloud. The difficult question is how to treat opened e-mails held by an ISP: After the user has looked at the e-mail and read it, does the Stored Communications Act treat that copy of an already accessed e-mail stored on the server as an e-mail in the course of delivery or does it treat that copy as a remotely stored file in the cloud?
In Jennings v. Jennings, handed down today, the Supreme Court of South Carolina considered this question in the context of access to opened e-mails held by Yahoo!. The case involves a domestic dispute. A husband was cheating on his wife, and the wife’s daughter-in-law figured out the husband’s e-mail password and logged in to his personal account to read the e-mails between the husband and his paramour. The daughter-in-law found the e-mails and shared them. The husband filed suit under several laws including the Stored Communications Act, 18 U.S.C. 2701, which only allows a civil suit if the e-mails accessed were in “electronic storage.” Electronic storage is defined in 18 U.S.C. 2510(17):
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication.
How to interpret that definition has caused courts a lot of headaches. Part (A) of the definition pretty clearly refers to communications in transit — that is, pre-delivery. On the other hand, what does part (B) mean? The divide in the lower courts is over what storage “for the purposes of backup protection” means. Does that mean backup by and for the ISP, made in the course of the ISP’s usual practices to ensure that a copy of the e-mail exists in case there is a problem with the server? Or does backup mean by and for the user, made in the course of the user’s conduct in case the user needs to go back and re-read the e-mail? If you take the former view, then an opened e-mail sitting on the server is not in electronic storage, as it is no longer pre-delivery and is not a back-up copy of a pre-delivery communication for the network provider. If you take the latter view, then an opened e-mail sitting on the server is normally in electronic storage, as users typically keep e-mails on the server in case they need to go back to them.
In the Jennings case, all five Justices agreed that the e-mails viewed by the daughter-in-law were not in “electronic storage” under the definition. But they divided sharply as to why, with no view getting a majority. Here’s the break down:
Two Justices — Justice Hearn, joined by Justice Kittredge — argued that the Yahoo! e-mails were not in electronic storage because there was no evidence that Jennings had ever downloaded any other copies. Because there were no other copies, the copy stored with Yahoo! could not logically be a backup, as the word “backup” presupposes the existence of another copy.
Two Justices — Chief Justice Toal, joined by Justice Beatty — rejected this reading of “backup” and would instead conclude that the e-mails are not backups because they were not made by the ISP for ISP purposes.
Finally, Justice Pleicones largely agreed with the Chief Justice’s opinion but had a different view of the relationship between (A) and (B).
A few comments on the opinions. First, as might be clear from the opinions, I agree with the Toal/Beatty/Pleicones view that the “backup” language is about backups created by the ISP for the ISP’s purposes, and that the Ninth Circuit was wrong in Theofel v. Farey-Jones to interpret backup based on the user’s perspective.
Second, this result creates a clear split with Theofel. Even Justice Hearn’s opinion is contrary to Theofel. Theofel presumed that users would keep copies of opened e-mails until they “expired in the usual course,” so all opened e-mails are by default in electronic storage. In contrast, Justice Hearn’s opinion indicates that opened e-mails are presumed not to be in electronic storage unless there is affirmative proof that copies of the e-mail were downloaded or saved. Those are two very different standards, with opposite results in most cases (including this one).
Third, even under the view that backup copy means backup from the user’s perspective, I’m not persuaded by Justice Hearn’s argument that no back up existed because “apparently [Jennings] did not download them or save another copy of them in any other location.” The problem is that another copy of the e-mail was generated: Jennings could not read a copy of the e-mail unless Yahoo!’s software generated a copy and sent it to him on whatever computer he was using to read his e-mail. Whether or not Jennings permanently saved the copy, he certainly had the copy when he read the message. I don’t know why the e-mail on the server couldn’t be a backup of that copy even if the user’s perspective controls.
Fourth, this is an issue that really calls out for U.S. Supreme Court review. Internet providers often have a national customer base. A provider in one state or circuit can have millions of customers in any other state or circuit. Given the national customer base, any disagreement among lower courts causes major headaches: ISPs don’t know which rule to follow. Making matters even more worrisome, it’s not at all clear whether the legal standard should be based on where the litigation arises or where the ISP is located. United States v. Weaver, 636 F. Supp. 2d 768 (C.D. Ill. 2009), nicely raised the problem: If the rights concerning records held by an ISP in California are litigated in Illinois, Weaver held, the Illinois court is not bound by the interpretation of the Ninth Circuit. Under that approach, the privacy protection varies based on where the litigation arises, which can be almost anywhere. That kind of dynamic creates a strong need for a uniform reading of the statute.
Finally, for the novice reader who tries to wade in to this, there are some misstatements in some of the opinions about the different arguments and positions which might cause some confusion. For example, Justice Hearn misstates the basis of the “traditional view” of the definition that has been adopted by DOJ. That view is not that both (a) and (b) must apply, but rather that (b) refers to back up copies of e-mails in (a). I realize that’s just a quibble, but I figured I would flag the point for interested readers.