Jennings v. Broome
- Senate Committee Clears Update to Email Privacy Law: The Senate Judiciary Committee has approved a bill that would update the Electronic Communications Privacy Act, a 1986 law that provides privacy protections for email and digital communications. The update, sponsored by Senator Patrick Leahy (D-VT) and co-sponsored by Senator Mike Lee (R-UT), would extend protections to communications that are stored in the cloud. Earlier this year, the Supreme Court declined to review a decision by the South Carolina Supreme Court which held that ECPA does, protect emails stored on remote computer servers. EPIC, joined by 18 national organizations filed an amicus brief, urging the Supreme Court to clarify the scope of e-mail privacy protections. In March, EPIC sent a letter to the House Judiciary Committee, recommending a comprehensive review of the law. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Jennings v. Broome. (Apr. 26, 2013)
- Supreme Court Will Not Review E-mail Privacy Case: In an order today, the U.S. Supreme Court has declined to review a decision concerning e-mail privacy. In Jennings v. Broome, the South Carolina Supreme Court held that the federal Electronic Communications Privacy Act (ECPA) does not protect emails stored on remote computer servers. As a result of this case, users in South Carolina have lesser privacy protections than those in California where a federal court reached the opposite conclusion. EPIC, joined by 18 national organization filed an amicus brief, urging the US Supreme Court to clarify the scope of e-mail privacy protections. For more information, see EPIC: Jennings v. Broome and EPIC: Electronic Communications Privacy Act. (Apr. 15, 2013)
- EPIC Highlights Need for Broad Reform of Federal Privacy Law: In response to a request from the House Judiciary Committee, EPIC has recommended a comprehensive review of the federal communications privacy law. Congress will begin hearings this week on ECPA Part 1: Lawful Access to Stored Content. EPIC's letter to the Committee noted the recent settlement by the state Attorneys General with Google in the Street View matter and the reluctance of federal officials to pursue a similar investigation. EPIC also noted growing confusion in the lower courts about the application of the federal privacy law. Finally, EPIC pointed out that the current law provides inadequate protection for private location records. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (Mar. 18, 2013)
- Senator Leahy Supports International Privacy Day: Senator Patrick Leahy, Chairman of the Senate Judiciary Committee, today issued a statement in commemoration of January 28, International Data Privacy Day. International privacy day marks the adoption of the Council of Europe Privacy Convention, the first global framework for privacy protection. Senator Leahy said, "In the Digital Age, Americans face new threats to their digital privacy and security as consumers and businesses alike collect, share and store more and more information in cyberspace. Data Privacy Day is an important reminder about the need to improve data privacy as we reap the many benefits of new technologies." EPIC has urged the United States to ratify the Privacy Convention. For more information, see EPIC: Electronic Communications Privacy Act, EPIC: International Privacy Day, and EPIC - Facebook, International Privacy Day. (Jan. 28, 2013)
- Senator Leahy Sets Out Judiciary Committee Agenda for New Congress: On January 16, 2013, Georgetown University Law School hosted Senator Patrick Leahy (D-VT), the chairman of the Senate Judiciary Committee. Leahy set out the agenda of the Judiciary Committee in the 113th Congress, vowing to commit the Committee to addressing "out most fundamental rights, and our most basic freedoms." Updates to key legislation, including laws on e-mail privacy and cybersecurity, are included in the Committee's agenda. The Chairman explained that the Committee would also address the need for oversight of US counterterrorism programs as well as privacy issues involved with the growing use of domestic surveillance drones. Furthermore, Senator Leahy emphasized the importance of open government as an American value, promising to "continue to fight for transparency that keeps the government accountable to the people." For more information, see EPIC: Electronic Communications Privacy Act, EPIC: Open Government, and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Jan. 17, 2013)
- Senate Judiciary Committee Approves Location Privacy Bill: The Location Privacy Act of 2011, sponsored by Senator Al Franken has been reported favorably by the Senate Judiciary Committee. The bill requires affirmative consent for the collection and disclosure of location information, an important protection for cell phone users and users of location-based services. EPIC previously recommended similar protections for location data and filed comments with the Federal Communications Commission advocating location privacy safeguards under the Communications Act. For more information, see EPIC: Locational Privacy and EPIC: Electronic Communications Privacy Act. (Dec. 14, 2012)
- Senate Committee to Consider Location Privacy Bill: The Senate Judiciary Committee is set to consider S. 1223, the Location privacy Act of 2011, sponsored by Senator Al Franken. The bill would establish important privacy protections for cellphone users and require affirmative consent for the collection or disclosure of location data by service providers. EPIC previously recommended new protections for location data as part of the update of federal law. EPIC also filed comments with the Federal Communications Commission supporting guidelines for the protection of location data under the federal Communications Act. For more information, see EPIC: Locational Privacy and EPIC: Electronic Communications Privacy Act. (Dec. 6, 2012)
- Senate Committee Updates ECPA, Modifies Video Privacy Law: The Senate Judiciary Committee approved a bill that updates the Electronic Privacy Communications Act and modifies the Video Privacy Protection Act. The bill generally requires law enforcement to obtain a warrant before accessing email or other electronic communications and allows for blanket consent of video viewing information. An amendment by Senator Feinstein, adopted by the Committee, limited the opt-in to two years or till whenever the user withdraws consent. EPIC previously testified against a proposal that would weaken the consent provision of the Video Privacy Protection Act. EPIC has also favored more extensive updates for ECPA, including coverage of locational information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Video Privacy Protection Act. (Nov. 29, 2012)
- Verizon Begins Invasive Marketing Program: Verizon has begun selling the personal information of Verizon users, including location information and web browsing activity. The collection of content information implicates federal wiretapping law, although some have suggested that Verizon escapes liability by allowing users to opt-out. EPIC previously filed a complaint with the Federal Trade Commission regarding Verizon’s business practices, which EPIC described as “unfair and deceptive, contrary to the privacy and security interests of Verizon Wireless customers, and actionable by the Federal Trade Commission.” For more information, see EPIC: Federal Trade Commission, and EPIC: Electronic Communications Privacy Act. (Oct. 22, 2012)
- On Google Spy-Fi, Senator Durbin Calls for Update to Wiretap Law, FCC Chair Agrees Law Should Protect Unencrypted Communications: In a hearing with Federal Communications Commission Chairman Julius Genachowski, Senator Dick Durbin (D. IL.) criticized the agency's decision to issue a mere $25,000 fine against Google following the investigation of Street View data collection. (Hearing video beginning at 64:20) Senator Durbin said that Google's interception and collection of private wi-fi communication was a clear violation of privacy. Chairman Genachowski defended the agency's decision but agreed with the committee chairman that "the law should protect people even if they have unencrypted wi-fi." Senator Durbin said that he would consider changes to the law if that is necessary. Senator Durbin also asked the FCC to provide the legal memoranda supporting the FCC's decision not to find Google guilty of violating the Communications Act. EPIC has a similar FOIA request pending with the agency. For more information, see EPIC: FCC Investigation of Google Street View and EPIC: Electronic Communications Privacy Act. (May. 11, 2012)
- Whether e-mails stored by an e-mail provider after delivery are in "electronic storage" under the Stored Communications Act
This case involves unauthorized access to an e-mail account arising from a domestic dispute. After Mr. Jennings confessed that he "had fallen in love with someone else," and "admitted the two had been corresponding via e-mail for some time," his wife's daughter-in-law, Holly Broome, gained access to his Yahoo! e-mail account by answering his security questions to obtain his password. When Mr. Jennings discovered that Ms. Broom had accessed his e-mails and shared them with his wife, her attorney, and a private investigator, he brought suit in South Carolina state court. All claims were dismissed by the trial court, but the court of appeals ruled that Mr. Jennings could state a claim against Ms. Broome under the Stored Communications Act, 18 U.S.C. §§ 2701-12, because the e-mails were in "electronic storage" as defined in § 2710(15).
The Supreme Court of South Carolina granted certiorari, and reversed the judgment of the court of appeals. However, the five justices of the South Carolina court did not agree on the proper interpretation of "electronic storage" under the Electronic Communications Privacy Act. The justices wrote three separate opinions, which can be summarized as follows:
- Justice Hearn's opinion found that the definition of "electronic storage" did not cover the e-mails at issue in this case because they were not stored "for the purposes of backup protection." This opinion relies on the "ordinary" definition of the term "backup" - "one that serves as a substitute or support" - and the fact that Mr. Jennings did not make a second copy of his e-mail. As a result, Justice Hearn held that his e-mail could not have been a "backup" and thus was not protected by ECPA.
- Chief Justice Toal's opinion finds that there need not be a second copy in order for the e-mail storage to constitute "backup protection," but that the definition of "electronic storage" only includes temporary, intermediate copies. As a result, Justice Toal found that when "a recipient opens the e-mail" it is no longer in "electronic storage" and thus no longer protected from unauthorized access.
- Justice Pliecones wrote a separate opinion concurring with Chief Justice Toal's opinion, but specifying that the definition of "electronic storage" is disjunctive, rather than conjunctive, and includes either "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," or "(B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication." 18 U.S.C. § 2510(17)(A). Justice Pleicones found that the e-mails at issue in this case were not in "electronic storage" because they were not copies made by the service provider for backup protection.
Justice Hearn's Opinion of the Court (Joined by Justice Kittredge)
Chief Justice Toal's Concurring Opinion (Joined by Justice Beatty)
Justice Pleicones' Opinion
All three of the South Carolina Justices' opinions conflict with the Ninth Circuit's view in Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), that e-mails received and read, and then left on the server instead of being deleted, could be characterized as stored "for the purposes of backup protection" and therefore kept in electronic storage under subsection (B) of 18 U.S.C. § 2510(17). Id. at 1075.
The definition of "electronic storage" is used throughout the Stored Communications Act ("SCA"), and defines the scope of important privacy rights for e-mail users. The SCA prohibits unauthorized access to e-mail and other communications in "electronic storage." See 18 U.S.C. § 2701. The SCA also regulates the voluntary disclosure by service providers of messages in "electronic storage." See 18 U.S.C. § 2702. And finally, the SCA specifies the legal process the government must use to compel disclosure of messages in "electronic storage." See 18 U.S.C. § 2703. The SCA specifies that government must obtain a warrant in order to access an e-mail that has been in "electronic storage" for 180 days or less. See id.
The primary form of electronic communication is e-mail. Unlike at the time the Electronic Communications Privacy Act was passed in 1986, the majority of e-mail is now stored and accessible remotely in cloud-based services. Yet protecting the privacy of e-mail messages, as EPIC has noted in the past, is still one of the core purposes of ECPA. In United States v. Councilman, a case involving a criminal prosecution under the wiretap act for interception of e-mail, EPIC joined leading civil liberties organizations in an amicus brief authored by Professor Orin Kerr. EPIC argued that an e-mail can be simultaneously in "electronic storage" and subject to interception under the Wiretap Act. Several EPIC advisory board members who are technical experts and leading authorities on Internet architecture, e-mail communications, and computer privacy also filed an amicus brief in Councilman, arguing that "ECPA was intended to deal precisely with the improper capture of information by one party that is intended solely for delivery to other(s) . . . ." Senator Patrick Leahy, one of the authors of ECPA, also filed an amicus brief in the case arguing that the definition of "electronic storage" was "designed to distinguish the SCA from ordinary computer crime statutes covering unauthorized system access unrelated to the communications process," and that the definition should not "cast doubt upon Title III's protection of electronic communications" during the transmission phase.
EPIC also filed an amicus brief in Bunnell v. MPAA, a civil wiretap act case involving a question substantially similar to that in Councilman. EPIC's brief argued that Congress added "electronic storage" to the definition of wire communications to expand protections for voicemail, not to lessen protections for stored e-mail.
United States Supreme Supreme Court
- Brief Amici Curiae of Nineteen Privacy, Civil Liberties, and Consumer Organizations in Support of Petition for Certiorari
- Petition for Certiorari
- Jennings v. Jennings, __ S.E. 2d ___, 2012 WL 4808545 (S.C. Oct. 10, 2012).
- Supreme Court and Appellate Court Cases
- Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004)
- Fraser v. Nationwide Mut. Ins. Co, 352 F.3d 107 (3d Cir. 2003)
- Steve Jackson Games, Inc. v. U.S. Secret Service, 36 F.3d 457 (5th Cir. 1994)
- Orin S. Kerr, A User's Guide to the Stored Communications Act - And a Legislator's Guide to Amending It, 72 Geo. Wash. L. Rev. 1 (2004)
- The Electronic Communications Privacy Act of 1986, S. Rep. No. 99-541, 1986 USCCAN 3555
- Orin Kerr, South Carolina Supreme Court Creates Split With Ninth Circuit on Privacy in Stored E-Mails — and Divides 2-2-1 on the Rationale, SCOTUSblog (Oct. 10, 2012).
South Carolina Supreme Court
Relevant Law Review Articles, Reports, and Books