Home > Legislation, New Technologies > The Law Struggles to Keep Up – ECPA, SCA and Privacy in Electronic Communications

The Law Struggles to Keep Up – ECPA, SCA and Privacy in Electronic Communications

Two federal laws enacted before the advent of the World Wide Web, are at the heart of class action complaints against Facebook and Google for violations of online privacy. It’s time to brush up on the Electronic Communications Privacy Act (ECPA), and the Stored Communications Act (SCA) – federal statutes that prevent intrusion by government and private actors into electronic communications. The ECPA works by preventing the interception and unauthorized access of electronic communications – such as email, texts and user keystrokes – by government agencies and law enforcement. The SCA is an “act within an act” as it is essentially Section II of the ECPA.  It regulates unauthorized access of electronic communications by service providers such as ISPs.

Plaintiffs in the Facebook class actions allege that the company violated both statutes, when changes in its privacy policy caused “unwary Users into inadvertently revealing large amounts of information about themselves.”  Similarly, class plaintiff Eva Hibnick (an enterprising Harvard 2L), alleges violations of both statutes in her complaint against Google for the unauthorized disclosure of users’ personal information during the launch of company’s social networking product, Google Buzz, in February.

It’s likely that the courts will struggle with the application of the ECPA and SCA in both of these cases. A pivotal question will be how the courts interpret the “consent” exception to ECPA in these cases i.e.  whether use of Facebook or Google’s service indicated user consent to the disclosure of personal information in the case of either Facebook’s privacy policy changes or the launch of Google’s buzz.

Both ECPA and the SCA are a legacy of a time when, two-way, not real-time, communication was the norm. The application of both statutes to email provides an illustrative example.  Under ECPA and the SCA, communication service providers are treated differently depending on whether they are “transmitters” or “storage facilities.” This is an important distinction for telephonic communication, but not so important for email – particularly web-based email that is stored on your providers’ server. Courts have interpreted ECPA to find greater protection for unopened email in transit to a computer, as opposed to unopened email sitting on your computer’s hard drive or provider’s server (from a user privacy perspective, is there a difference?).  Under the SCA, some courts have distinguished between pre and post transmission storage, even though the SCA defines “electronic storage” as “any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission.”  Luckily, the Ninth Circuit rejected this distinction in the 2004 case of Theofel v. Farey-Jones.

ECPA and the SCA statutes represent yet another example of how the law has failed to keep up with technology.  Indeed, both statutes have been the focus of much criticism, with several experts calling for ECPA reform and amendments to the SCA.

More importantly, neither statute gives us the answer to a question that has remained unanswered for too long – do users have a reasonable expectation of privacy in web communications such as emails, blogs and posts? Even though we live in the age of email and instant communication, the contents of an email sent from the privacy of your own home, has less constitutional protection than a conversation in a public phone booth.

The Supreme Court’s 1967 decision in US v. Katz – finding that privacy attaches to a person, not a place – has yet to be extended to electronic communications. Could the court’s dicta, stating that “[w]herever a man may be, he is entitled to know that he will remain free from unreasonable searches and seizures,” have some applicability to communication on the web in 2010? Will the recent class actions against Facebook and Google evolve into long-standing litigation that provides the Supreme Court the opportunity to consider the application of Katz to electronic, real-time communication?  With persistent litigants and the right rulings, it could happen.

In the meantime, legislators should seriously consider a redraft of both ECPA and the SCA – one that ushers both these important statutes into the Internet age.

  1. No comments yet.
  1. April 1, 2010 at 10:16 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: