Ninth Circuit Decision Clarifies Provider Immunity Under ECPA

Published On April 19, 2013 | By Marc Zwillinger | General
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On April 16, 2013, the Ninth Circuit handed down its decision in Sams v. Yahoo!, dismissing a suit against Yahoo! based on Yahoo’s immunity under the Stored Communications Act.  ZwillGen represented Yahoo! in the case. fax machien

In Sams, the plaintiff appealed a motion to dismiss granted in Yahoo!’s favor in a class action challenging Yahoo!’s response to two Grand Jury Subpoenas issued from Lowndes County, Georgia.  The lawsuit alleged that Yahoo! violated ECPA by accepting two faxed subpoenas in California and responding to them rather than demanding they be served another way.   Yahoo! had a Georgia office, but law enforcement did not serve the subpoenas on the local Georgia office.  The plaintiff contended that the service of out-of-state process on Yahoo! in California was impermissible under the Uniform Act to Secure the Attendance of Witnesses from Without the State in Criminal Proceedings.  The plaintiff also alleged that Yahoo! failed to comply with the subpoenas’ terms because rather than sending a witness to appear at the Grand Jury, it produced documents before the due date, and the DA then waived Yahoo!’s personal attendance.  Yahoo! argued below the Stored Communications Act provided immunity for responding to the subpoenas and that producing documents before the date it was called to testify still complied with the subpoenas’ terms.  The district court had granted the motion to dismiss on the grounds that Yahoo! was amenable to service of process in Georgia, and thus the Uniform Act was not implicated.  This of course left open the question of what would have been the outcome if Yahoo! did not have a Georgia office.

On appeal, the Ninth Circuit issued a more helpful ruling, finding it did not have to determine whether the Georgia subpoenas were valid, because Yahoo! was immune from suit under 18 U.S.C. § 2707 – the SCA’s good faith provision.   Under § 2707(e), a good faith reliance on a grand jury subpoena is a complete defense to an SCA action.   Noting this was a case of first impression in the Ninth Circuit, the court found that the good faith defense is met “when the defendant complies with a subpoena (or other process detailed in 2707(e) of the SCA), that appears valid on its face, in the absence of any indication of irregularity sufficient to put the defendant on notice that the subpoena may be invalid or contrary to applicable law.”  But, the court held, a provider cannot rely on § 2707 if it actually knows the subpoena was invalid. The court called this test a mixed question of law of fact.  In applying this principle, the court found the plaintiff had not pled facts sufficient to support a plausible inference that Yahoo! did not act in good faith, and the court went on to find that Yahoo!’s reliance on the subpoena was objectively reasonable given the appearance of regularity of the subpoena.

SIgned documentThe court also gave short shrift to the idea that Yahoo! was required to hand-deliver the results to the Grand Jury to claim the benefit of the immunity provision of the statute, as such a rule would “wreak havoc on courts and litigants alike.”

The Sams decision provides some important lessons.  It is the duty of the subpoena compliance team to look for facial irregularities in legal process—such a signature—before responding.  Where none are found, and the legal process is believed to be valid, good faith immunity is available.  Only with an allegation of specific facts that could plausibly suggest the provider knew the subpoena to be illegal can the case to survive past a motion to dismiss.  Even then, a provider may be able to assert immunity under 18 U.S.C. § 2703(e) to defeat such a claim at the motion to dismiss stage.  The Ninth Circuit’s decision in Sams did not reach that question, presumably because immunity under 18 U.S.C. 2707(e) was so clear.

About The Author

Marc is the founder and managing member of ZwillGen PLLC and has been regularly providing advice and counsel on issues related to the increasingly complex laws governing Internet practices, including issues related to Electronic Communications Privacy Act (“ECPA”), the Wiretap and Communication Acts, privacy, CAN-SPAM, FISA, spyware, adware, Internet gambling and adult-oriented content. He also helps Internet Service Providers and other clients comply with their compliance obligations pertaining to the discovery and disclosure of customer and subscriber information.