Last week the South Carolina Supreme Court, in Jennings v. Jennings, No. 27177 (Oct. 10, 2012), held that emails stored on Yahoo!’s web-based email service were not stored for the purpose of back up protection, and thus the plaintiff could not state a civil claim for unauthorized access to those emails under Section 2701(a) of the Stored Communications Act (SCA). The case involves a cheating husband suing his wife and daughter-in-law for accessing his Yahoo! account, which yielded revealing email exchanges between the husband and his paramour. The judgment reverses the earlier findings of the state’s Court of Appeals, which followed the reasoning in Theofel v. Farey-Jones, 359 F.3d 1066, 1075 (9th Cir. 2004). The SCA defines “electronic storage” as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication.” 18 U.S.C. § 2510(17). The plaintiff argued that the emails qualified under subsection (B), citing the 9th Circuit precedent in Theofel. The Court in Jennings split 2-2-1 as to the rationale for their holding, with each opinion finding that the emails were not in electronic storage for different reasons; no view gaining a majority.
- Justice Hearn’s opinion (joined by Justice Kittredge) rejected Theofel’s reasoning that emails left on a third party’s server after being received and read were in backup storage for the user. Instead, Jennings, applying a textual-approach to the Section 2510(17) definition, found that because the plaintiff had not downloaded emails or saved them in any other location, the emails on Yahoo!’s server were not in backup storage (because there was no other copy that was being backed up), and thus did not qualify for protection under the SCA. As a factual matter, this shouldn’t be true, since most web-mail providers allow mobile access to handheld devices, and web versions would be backups to the mobile copies. Notably, this point does not appear to have been argued.
- Chief Justice Toal’s concurrence opinion (joined by Justice Beatty) rejects Theofel entirely, and instead holds that an email is in “electronic storage” only if it complies with both subsection (A) and subsection (B), meaning that “electronic storage refers only to temporary storage, made in the course of transmission, by an electronic communications service provider, and to backups of such intermediate communications.” In effect, “if an e-mail has been received by a recipient’s service provider but has not yet been opened by the recipient, it is in electronic storage.”
- Justice Pleicones filed the final concurrence in the result, finding that an email is protected if it falls under either subsection (A) or (B), but unlike Justice Hearn, reads only subsection (B) to apply backups of emails created by the service provider, not the user. Pleicones would, thus, not consider opened emails in electronic storage regardless of whether the user had downloaded or created a second copy of the email. This was actually the U.S. D.O.J.’s initial argument in Theofel, which the 9th Circuit rejected.
Legal scholars, following the Jennings Court, believe the time has come for the U.S. Supreme Court to review the SCA’s definition now as the federal circuits and state courts are divided. In a recent blog post, GW Law Professor, Orin Kerr, raised an important practical consideration: “ISPs don’t know which rule to follow. Making matters even more worrisome, it’s not clear whether the legal standard should be based on where the litigation arises or where the ISP is located.” In addition, the result in Jennings impacts other aspects of the SCA:
- A warrant is arguably no longer required (in South Carolina) for opened emails less than 180 days old, pursuant to Section 2703(a), which requires a warrant only for the contents of wire or electronic communications held in electronic storage. But, this wouldn’t change the Sixth Circuit’s view in Warshak that the Fourth Amendment requires a warrant regardless of what the SCA says.
- A hacker does not violate 2701(a)(1) or (2) by accessing opened emails in a webmail account, leaving the Computer Fraud and Abuse Act (CFAA) as the only federal means of civil recovery (or criminal prosecution) for such violations, and, for civil cases, only when the $5,000 damage threshold is met. 18 U.S.C. § 1030.
[ZwillGen’s Anand Shah also contributed to this post]
