Bunnell v. MPAA
Plaintiffs, the owners and operators of TorrentSpy, sued the Motion Picture Association of America (MPAA), alleging that the MPAA had violated the federal Wiretap Act when it allegedly paid $15,000 for information contained in emails sent by TorrentSpy executives. The trial court held that the MPAA did not violate the Wiretap Act, because the emails were intercepted while in in temporary storage, not “in transit.”
On appeal, EPIC filed a “friend of the court” brief supporting the plaintiffs’ claims. TorrentSpy went offline in 2008. The case was dismissed by stipulation of the parties before it could be heard at the Ninth Circuit.
- EPIC Argues for High Privacy Standard in Email Interception Case. EPIC submitted a brief in Bunnell v. MPAA, a case that could substantially impact email privacy. EPIC’s “friend of the court” brief supported the application of the federal Wiretap Act's protections to email messages in circumstances when the messages are briefly stored while they pass through mail servers. In Bunnell, a former employee hacked his ex-employer's corporate email server to secretly swipe private emails as they were transmitted. EPIC argued that the Wiretap Act applies to these sorts of circumstances by barring "interception" of electronic communications. EPIC has long advocated for application of the "interception" standard to email, and filed an amicus brief on this issue in 2004 in U.S. v. Councilman. (Aug. 7)
EPIC submitted an amicus curiae ("friend of the court") brief in Bunnell v. MPAA. The case implicates email privacy rights, and is presently pending before a federal appeals court in San Francisco. Oral argument is scheduled for October 7, 2009. Bunnell concerns allegations that the Motion Picture Association of America violated the federal Wiretap Act while snooping on TorrentSpy, a peer-to-peer search engine. Justin Bunnell and other TorrentSpy employees claim that the movie-industry trade association paid a former TorrentSpy worker to tap the company's email server. The MPAA allegedly paid $15,000 for information derived from private emails sent by TorrentSpy executives. EPIC's brief is adapted from a 2004 "friend of the court" brief filed in U.S. v. Councilman, a case that implicated similar issues. The Councilman friend of the court brief was filed on behalf of several organizations, including EPIC, and the counsel of record was Orin Kerr.
Bunnell sued the MPAA for the covert email surveillance. The federal Wiretap Act bars the unauthorized interception of electronic communications. The Act sets forth penalties for intercepting communications while messages are "in transit," but does not govern access to historic, archived data. A California trial court held that the MPAA did not violate the Wiretap Act, reasoning that the emails were secretly swiped while they were in milliseconds-long "storage" on TorrentSpy's email server, not while they were "in transit." Similar reasoning has been rejected by other courts, and Bunnell appealed to the Ninth Circuit Court of Appeals.
On August 1, 2008, EPIC filed a "friend of the court" brief supporting Bunnell. EPIC argued that the Wiretap Act's language and legislative history reflect Congress' intent to prohibit exactly the sort of unauthorized email interceptions implicated by Bunnell. EPIC stated:
The Wiretap Act's legislative history demonstrates that Congress intended to bar the interception of e-mail messages at all stages of the messages' transmittal. In doing so, the Wiretap Act provides some of the strongest protections for Americans' privacy. The District Court's failure to find that [the MPAA's] actions violated the Wiretap Act is contrary to the Wiretap Act's legislative history, and threatens to strip citizens of vital privacy safeguards. If the Ninth Circuit Court of Appeals does not reverse the District Court's holding in this matter, [Bunnell] will be wrongfully denied important privacy protections - protections that Congress intended to apply in these circumstances. Furthermore, failure to reverse would imperil the privacy rights of anyone who uses electronic mail.
EPIC has long advocated for strong email privacy safeguards. In 2004, EPIC filed an amicus brief in a similar case, U.S. v. Councilman. In Councilman, EPIC argued that the Wiretap Act prohibits interception of email, even if the message was briefly "in storage." EPIC noted that email technology guarantees that all messages are briefly "in storage" at various points in their journey between sender and recipient. EPIC observed that Congress intended to protect emails from interception at all stages of their transmittal.
Senator Patrick Leahy, the original sponsor of the federal legislation at issue in Councilman and Bunnell, also filed an amicus brief in Councilman. The brief discussed Congress' intent when it extended legal protections to email, supported electronic privacy, and is consistent with EPIC's briefs in email privacy cases. In 2005, a federal appeals court decided Councilman, ruling in accordance with EPIC's arguments, and agreeing that the Wiretap Act protects email against wrongful, contemporaneous snooping.
- Trial Court Opinion (U.S. District Court of the Central District of California) (pdf)
- Bunnell's Appeal Brief (Ninth Circuit) (pdf)
- EPIC's amicus curiae Brief in Support of Bunnell (Ninth Circuit) (pdf)
- The Electronic Frontier Foundation's Brief in Support of Bunnell (Ninth Circuit) (pdf)
- E-Mail Hacking Case Could Redefine Online Privacy, The Washington Post, August 6, 2008
- Court records: MPAA sought info on PirateBay founders, CNet, July 24, 2008
- Exclusive: I Was a Hacker for the MPAA, Wired, October 22, 2007
- Court rules against TorrentSpy in hacking case, CNet, August 28, 2007
- Torrentspy names alleged MPAA hacker, ZDNet, June 23, 2006
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.