Privacy & Information Security Law Blog

On October 25, 2022, the U.S. Department of Justice (“DOJ” or the “Department”) announced that Google had entered into an agreement to resolve a dispute over the loss of data responsive to a search warrant issued in 2016.

On June 22, 2018, the United States Supreme Court held in Carpenter v. United States that law enforcement agencies must obtain a warrant supported by probable cause to obtain historical cell-site location information (“CSLI”) from third-party providers. The government argued in Carpenter that it could access historical CSLI through a court order alone under the Stored Communications Act (the “SCA”). Under 18 U.S.C. § 2703(d), obtaining an SCA court order for stored records only requires the government to “offer specific and articulable facts showing that there are reasonable grounds.” However, in a split 5-4 decision, the Supreme Court held that the Fourth Amendment requires law enforcement agencies to obtain a warrant supported by probable cause to obtain historical CSLI.

This post has been updated. 

On July 14, 2016, the U.S. Court of Appeals for the Second Circuit held that Microsoft Corporation (“Microsoft”) cannot be compelled to turn over customer emails stored abroad to U.S. law enforcement authorities.

On December 15, 2014, Microsoft reported the filing of 10 amicus briefs in the 2nd Circuit Court of Appeals signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations, in support of Microsoft’s litigation to resist a U.S. Government’s search warrant purporting to compel the production of Microsoft customer emails that are stored in Ireland. In opposing the Government’s assertion of extraterritorial jurisdiction in this case, Microsoft and its supporters have argued that their stance seeks to promote privacy and trust in cross-border commerce and advance a “broad policy issue” that is “fundamental to the future of global technology.”

As reported in the Hunton Employment & Labor Perspectives Blog:

The U.S. District Court for the District of New Jersey recently ruled that non-public Facebook wall posts are protected under the Federal Stored Communications Act (the “SCA”) in Ehling v. Monmouth-Ocean Hospital Service Corp., No. 2:11-CV-3305 (WMJ) (D.N.J. Aug. 20, 2013). The plaintiff was a registered nurse and paramedic at Monmouth-Ocean Hospital Service Corp. (“MONOC”). She maintained a personal Facebook profile and was “Facebook friends” with many of her coworkers but none of the MONOC managers. She adjusted her privacy preferences so only her “Facebook friends” could view the messages she posted onto her Facebook wall. Unbeknownst to the plaintiff, a coworker who was also a “Facebook friend” took screenshots of the plaintiff’s wall posts and sent them to a MONOC manager. When the manager learned of a wall post in which the plaintiff criticized Washington, D.C. paramedics in their response to a museum shooting, MONOC temporarily suspended the plaintiff with pay and delivered a memo warning her that the wall post reflected a “deliberate disregard for patient safety.” The plaintiff subsequently filed suit alleging violations of the SCA, among other claims.

On June 5, 2013, the United States District Court for the Northern District of Ohio denied an employer’s motion to dismiss, holding that the Stored Communications Act (“SCA”) can apply when an employer reads a former employee’s personal emails on a company-issued mobile device that was returned when the employment relationship terminated. The defendants, Verizon Wireless (“Verizon”) and the manager who allegedly read the plaintiff’s emails, argued that the SCA applies only to computer hacking scenarios, and that the plaintiff authorized the reading of her personal emails. The court rejected both of the arguments, finding:

On December 14, 2010, the United States Court of Appeals for the Sixth Circuit ruled in United States v. Warshak that a “subscriber enjoys a reasonable expectation of privacy in the content of emails” stored, sent or received through a commercial internet service provider (“ISP”).  According to the court, the government must have a search warrant before it can compel a commercial ISP to turn over the contents of a subscriber’s emails.

In 2008, a jury sitting in the Southern District of Ohio convicted defendants Steven Warshak, Harriet Warshak and TCI Media, Inc. of various crimes relating to defrauding customers of Berkeley Premium Nutraceuticals, Inc.  Before trial, Warshak’s motion to exclude thousands of emails that the government obtained from his ISP was denied.  The defendants appealed their convictions, arguing that the government’s warrantless seizure of Warshak’s private emails violated the Fourth Amendment’s prohibition on unreasonable searches and seizures.

The United States Court of Appeals for the Seventh Circuit has rejected a defendant’s argument that the Wiretap Act’s prohibition on interception of communications applies only to an acquisition that is contemporaneous with the communication.  In United States v. Szymuszkiewicz, No. 07-CR-171 (7th Cir. Sept. 9, 2010), the defendant faced criminal charges under the Wiretap Act for having implemented an automatic forwarding rule in his supervisor’s Outlook email program that caused the workplace email server to automatically forward him a copy of all emails addressed to his supervisor.  The defendant argued that (i) the forwarding happened only after the email arrived at its intended destination and was thus not contemporaneous with the communication, (ii) the Wiretap Act prohibits only unauthorized contemporaneous interceptions (i.e., only interceptions of communications “in flight” as opposed to communications at rest or in storage), and (iii) only the Stored Communications Act applies to unauthorized access to non-contemporaneous communications.

On May 26, 2010, the court in Crispin v. Christian Audigier, Inc. quashed portions of subpoenas seeking the disclosure of private messages sent through Facebook and MySpace.  The court left open the question of whether Crispin’s wall postings and comments should be disclosed pending a more thorough review of his online privacy settings.