Jennings v. Broome
- House to Consider Narrow Update for Communications Privacy Law: Congress is scheduled to consider the "Email Privacy Act" (H.R. 387) next week. The bill passed the House 419-0 last session. The Act amends the Electronic Communications Privacy Act of 1986 to extend the warrant requirement to communications stored for more than 180 days. An earlier version of the the Act would have required notice of email searches to the user, with some exceptions. EPIC has recommended several other ECPA updates, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Feb. 3, 2017)
- Google Settles Wiretapping Suit, Shifts Scanning of Gmail Messages to Servers: Google and lawyers for a class of Gmail users have reached a settlement in a case concerning the company's interception of private emails. The 2015 lawsuit accused Google of violating the federal Wiretap Act and California law by surreptitiously scanning Gmail messages for advertising revenue. Google has now agreed "to eliminate any processing of email content" for advertising purposes "prior to the point" when a Gmail user can retrieve email, but scanning of Gmail users (and non-Gmail users) on Google's servers will continue. EPIC recently filed an amicus brief in a related case before the Massachusetts Supreme Court, calling attention to Google's "systematic data mining of millions of private email messages" as a clear violation of the state's Wiretap Act. EPIC has also warned of collusive settlements in consumer privacy cases that enrich lawyers and leave business practices essentially unchanged. (Dec. 15, 2016)
- US Government Loses on Overseas Data Searches: A federal appeals court has ruled that the U.S. government cannot seize user data in foreign data centers under the Stored Communications Act. The decision reverses a lower court opinion that would have required Microsoft to hand over the contents of an email account stored in Ireland. The appeals court concluded that the purpose of the Act was to protect “users’ privacy interests in stored communications” not the creation of law enforcement powers that could reach overseas. The decision will likely bolster efforts to keep data in jurisdictions with stronger privacy safeguards. EPIC has recommended US ratification of the International Privacy Convention to preserve trans border data flows. (Jul. 14, 2016)
- House Passes Narrow ECPA Update: The Email Privacy Act of 2016 has passed the House 419-0 The Act amends the Electronic Communications Privacy Act of 1986 to extend the warrant requirement to communications stored for more than 180 days. An earlier version of the the Act would have required notice of email searches to the user, with some exceptions. Senator Leahy tweeted that "Long past time to protect American people's emails & info stored in the cloud from warrantless searches." EPIC has recommended several other ECPA updates, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Apr. 27, 2016)
- U.S. Government Sued Over Refusal to Notify Users of E-mail Searches: Microsoft has sued the Department of Justice, arguing that orders which prevent the company from notifying users about surveillance are unconstitutional. These secrecy orders, issued in connection with orders to disclose users’ private information, arise in thousands of cases each year. EPIC has supported similar challenges to “gag orders" and has opposed the expansion of “no notice” searches. EPIC has also recommended notice requirements for e-mail searches. (Apr. 14, 2016)
- House Moves Forward on Modest ECPA Updates: The House Judiciary Committee has voted 28-0 in favor of the Email Privacy Act, H.R. 699, a bill that would establish a warrant requirement for the disclosure of all electronic communications. The law would also require notice to customers whose communications have been collected. With 314 members of the House cosponsoring, the bill is slated to be considered by the House on April 25th. Senator Leahy, who has sponsored an identical bill in the Senate, said that "Congress has waited far too long to enact these reforms." But the bill stops short of several updates recommended by EPIC, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Apr. 14, 2016)
- Senate Considers Modest Updates to ECPA: The Senate Judiciary Committee will hold a hearing on proposed amendments to the Electronic Communications Privacy Act. The bill under consideration would establish a warrant requirement for the disclosure of electronic communications. The ECPA Amendments Act would also require notice to customers whose communications have been collected. Senator Leahy said that passage of the bill should be a "no brainer." But the bill stops short of several updates recommended by EPIC, including protections for location data, data minimization requirements, and end-to-end encryption for commercial e-mail services. (Sep. 16, 2015)
- EPIC Challenges Samsung's Surveillance of the Home, Files FTC Complaint: EPIC has filed a complaint to the Federal Trade Commission about Samsung's SmartTvs. "Samsung routinely intercepts and records the private communications of consumers in their homes," EPIC wrote. EPIC detailed widespread consumer objections and charged that "privacy notices" do not diminish the harm to American consumers. In setting out the privacy violations, EPIC cited the FTC Act, the Children's Online Privacy Protection Act, The Cable Act, and the Electronic Communications Privacy Act. EPIC also noted a recent speech of FTC Chair Edith Ramirez about privacy and consumer products. EPIC asked the FTC to enjoin Samsung and other companies that engage in similar practices. (Feb. 24, 2015)
- Online Privacy Bills Introduced in Congress, EPIC Recommends Further Changes: Senators and House Members have introduced bills to update the federal communications privacy law. The proposals would require law enforcement agents to obtain a warrant before they could access e-mails or location data. EPIC has called for a comprehensive overhaul of the federal privacy law. EPIC has recommended protections for location data, data minimization requirements, and end-to-end encryption for commercial email services. (Feb. 4, 2015)
- Privacy Case Moves Forward Against Facebook and Zynga: The Ninth Circuit found that the companies may have violated Facebook's privacy policies when they disclosed user information for advertising purposes. Separately, the court ruled that there was no violation of the Electronic Communications Privacy Act because the data disclosed (including Facebook IDs and HTTP referers) is not "contents" of a communication. Congress is set to consider several ECPA reforms, and could fix the court's ruling by making clear that the law prevents the disclosure of personally identifiable information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Facebook Privacy. (May. 9, 2014)
- Whether e-mails stored by an e-mail provider after delivery are in "electronic storage" under the Stored Communications Act
This case involves unauthorized access to an e-mail account arising from a domestic dispute. After Mr. Jennings confessed that he "had fallen in love with someone else," and "admitted the two had been corresponding via e-mail for some time," his wife's daughter-in-law, Holly Broome, gained access to his Yahoo! e-mail account by answering his security questions to obtain his password. When Mr. Jennings discovered that Ms. Broom had accessed his e-mails and shared them with his wife, her attorney, and a private investigator, he brought suit in South Carolina state court. All claims were dismissed by the trial court, but the court of appeals ruled that Mr. Jennings could state a claim against Ms. Broome under the Stored Communications Act, 18 U.S.C. §§ 2701-12, because the e-mails were in "electronic storage" as defined in § 2710(15).
The Supreme Court of South Carolina granted certiorari, and reversed the judgment of the court of appeals. However, the five justices of the South Carolina court did not agree on the proper interpretation of "electronic storage" under the Electronic Communications Privacy Act. The justices wrote three separate opinions, which can be summarized as follows:
- Justice Hearn's opinion found that the definition of "electronic storage" did not cover the e-mails at issue in this case because they were not stored "for the purposes of backup protection." This opinion relies on the "ordinary" definition of the term "backup" - "one that serves as a substitute or support" - and the fact that Mr. Jennings did not make a second copy of his e-mail. As a result, Justice Hearn held that his e-mail could not have been a "backup" and thus was not protected by ECPA.
- Chief Justice Toal's opinion finds that there need not be a second copy in order for the e-mail storage to constitute "backup protection," but that the definition of "electronic storage" only includes temporary, intermediate copies. As a result, Justice Toal found that when "a recipient opens the e-mail" it is no longer in "electronic storage" and thus no longer protected from unauthorized access.
- Justice Pliecones wrote a separate opinion concurring with Chief Justice Toal's opinion, but specifying that the definition of "electronic storage" is disjunctive, rather than conjunctive, and includes either "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," or "(B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication." 18 U.S.C. § 2510(17)(A). Justice Pleicones found that the e-mails at issue in this case were not in "electronic storage" because they were not copies made by the service provider for backup protection.
Justice Hearn's Opinion of the Court (Joined by Justice Kittredge)
Chief Justice Toal's Concurring Opinion (Joined by Justice Beatty)
Justice Pleicones' Opinion
All three of the South Carolina Justices' opinions conflict with the Ninth Circuit's view in Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), that e-mails received and read, and then left on the server instead of being deleted, could be characterized as stored "for the purposes of backup protection" and therefore kept in electronic storage under subsection (B) of 18 U.S.C. § 2510(17). Id. at 1075.
The definition of "electronic storage" is used throughout the Stored Communications Act ("SCA"), and defines the scope of important privacy rights for e-mail users. The SCA prohibits unauthorized access to e-mail and other communications in "electronic storage." See 18 U.S.C. § 2701. The SCA also regulates the voluntary disclosure by service providers of messages in "electronic storage." See 18 U.S.C. § 2702. And finally, the SCA specifies the legal process the government must use to compel disclosure of messages in "electronic storage." See 18 U.S.C. § 2703. The SCA specifies that government must obtain a warrant in order to access an e-mail that has been in "electronic storage" for 180 days or less. See id.
The primary form of electronic communication is e-mail. Unlike at the time the Electronic Communications Privacy Act was passed in 1986, the majority of e-mail is now stored and accessible remotely in cloud-based services. Yet protecting the privacy of e-mail messages, as EPIC has noted in the past, is still one of the core purposes of ECPA. In United States v. Councilman, a case involving a criminal prosecution under the wiretap act for interception of e-mail, EPIC joined leading civil liberties organizations in an amicus brief authored by Professor Orin Kerr. EPIC argued that an e-mail can be simultaneously in "electronic storage" and subject to interception under the Wiretap Act. Several EPIC advisory board members who are technical experts and leading authorities on Internet architecture, e-mail communications, and computer privacy also filed an amicus brief in Councilman, arguing that "ECPA was intended to deal precisely with the improper capture of information by one party that is intended solely for delivery to other(s) . . . ." Senator Patrick Leahy, one of the authors of ECPA, also filed an amicus brief in the case arguing that the definition of "electronic storage" was "designed to distinguish the SCA from ordinary computer crime statutes covering unauthorized system access unrelated to the communications process," and that the definition should not "cast doubt upon Title III's protection of electronic communications" during the transmission phase.
EPIC also filed an amicus brief in Bunnell v. MPAA, a civil wiretap act case involving a question substantially similar to that in Councilman. EPIC's brief argued that Congress added "electronic storage" to the definition of wire communications to expand protections for voicemail, not to lessen protections for stored e-mail.
United States Supreme Supreme Court
- 401 S.C. 1 (2012), cert. denied¸ 133 S. Ct. 1806 (2013).
- Brief Amici Curiae of Nineteen Privacy, Civil Liberties, and Consumer Organizations in Support of Petition for Certiorari
- Petition for Certiorari
- Jennings v. Jennings, __ S.E. 2d ___, 2012 WL 4808545 (S.C. Oct. 10, 2012).
- Supreme Court and Appellate Court Cases
- Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004)
- Fraser v. Nationwide Mut. Ins. Co, 352 F.3d 107 (3d Cir. 2003)
- Steve Jackson Games, Inc. v. U.S. Secret Service, 36 F.3d 457 (5th Cir. 1994)
- Orin S. Kerr, A User's Guide to the Stored Communications Act - And a Legislator's Guide to Amending It, 72 Geo. Wash. L. Rev. 1 (2004)
- The Electronic Communications Privacy Act of 1986, S. Rep. No. 99-541, 1986 USCCAN 3555
- Orin Kerr, South Carolina Supreme Court Creates Split With Ninth Circuit on Privacy in Stored E-Mails — and Divides 2-2-1 on the Rationale, SCOTUSblog (Oct. 10, 2012).
South Carolina Supreme Court
Relevant Law Review Articles, Reports, and Books
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,