Jennings v. Broome
- Online Privacy Bills Introduced in Congress, EPIC Recommends Further Changes: Senators and House Members have introduced bills to update the federal communications privacy law. The proposals would require law enforcement agents to obtain a warrant before they could access e-mails or location data. EPIC has called for a comprehensive overhaul of the federal privacy law. EPIC has recommended protections for location data, data minimization requirements, and end-to-end encryption for commercial email services. (Feb. 4, 2015)
- Privacy Case Moves Forward Against Facebook and Zynga: The Ninth Circuit found that the companies may have violated Facebook's privacy policies when they disclosed user information for advertising purposes. Separately, the court ruled that there was no violation of the Electronic Communications Privacy Act because the data disclosed (including Facebook IDs and HTTP referers) is not "contents" of a communication. Congress is set to consider several ECPA reforms, and could fix the court's ruling by making clear that the law prevents the disclosure of personally identifiable information. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Facebook Privacy. (May. 9, 2014)
- Texas Bill to Require Warrants for E-mail Searches Awaits Governor's Signature: The Texas legislature has passed H.B. No. 2268, a bill that creates a warrant requirement for law enforcement access to stored electronic communications and customer data. The law, which was presented to Governor Rick Perry this week, is the first successful state effort to establish an across-the-board warrant requirement for stored communications. Congress is considering similar changes to the federal Electronic Communications Privacy Act. Others have proposed more sweeping privacy reforms, and there are bills in both the House and Senate that would establish location privacy protections. EPIC testified before the Texas Legislature on H.B. 1608, a location privacy companion to H.B. 2268. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (May. 29, 2013)
- Senator Paul Introduces Bill to Protect Fourth Amendment, Abolish "Third Party Doctrine": Senator Rand Paul (R-Ky) has introduced the Fourth Amendment Preservation and Protection Act of 2013, which would prohibit the warrantless collection of information about individuals held by third parties. The law would overturn the "third party doctrine," which has been widely criticized by courts and legal scholars. The bill has been referred to the Senate Judiciary Committee. Senator Paul will receive a 2013 EPIC Champion of Freedom Award in Washington, DC on June 3. For more information, see EPIC: Awards Dinner and EPIC: Electronic Communications Privacy Act. (May. 28, 2013)
- Senate Committee Clears Update to Email Privacy Law: The Senate Judiciary Committee has approved a bill that would update the Electronic Communications Privacy Act, a 1986 law that provides privacy protections for email and digital communications. The update, sponsored by Senator Patrick Leahy (D-VT) and co-sponsored by Senator Mike Lee (R-UT), would extend protections to communications that are stored in the cloud. Earlier this year, the Supreme Court declined to review a decision by the South Carolina Supreme Court which held that ECPA does, protect emails stored on remote computer servers. EPIC, joined by 18 national organizations filed an amicus brief, urging the Supreme Court to clarify the scope of e-mail privacy protections. In March, EPIC sent a letter to the House Judiciary Committee, recommending a comprehensive review of the law. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Jennings v. Broome. (Apr. 26, 2013)
- Supreme Court Will Not Review E-mail Privacy Case: In an order today, the U.S. Supreme Court has declined to review a decision concerning e-mail privacy. In Jennings v. Broome, the South Carolina Supreme Court held that the federal Electronic Communications Privacy Act (ECPA) does not protect emails stored on remote computer servers. As a result of this case, users in South Carolina have lesser privacy protections than those in California where a federal court reached the opposite conclusion. EPIC, joined by 18 national organization filed an amicus brief, urging the US Supreme Court to clarify the scope of e-mail privacy protections. For more information, see EPIC: Jennings v. Broome and EPIC: Electronic Communications Privacy Act. (Apr. 15, 2013)
- EPIC Highlights Need for Broad Reform of Federal Privacy Law: In response to a request from the House Judiciary Committee, EPIC has recommended a comprehensive review of the federal communications privacy law. Congress will begin hearings this week on ECPA Part 1: Lawful Access to Stored Content. EPIC's letter to the Committee noted the recent settlement by the state Attorneys General with Google in the Street View matter and the reluctance of federal officials to pursue a similar investigation. EPIC also noted growing confusion in the lower courts about the application of the federal privacy law. Finally, EPIC pointed out that the current law provides inadequate protection for private location records. For more information, see EPIC: Electronic Communications Privacy Act and EPIC: Locational Privacy. (Mar. 18, 2013)
- Senator Leahy Supports International Privacy Day: Senator Patrick Leahy, Chairman of the Senate Judiciary Committee, today issued a statement in commemoration of January 28, International Data Privacy Day. International privacy day marks the adoption of the Council of Europe Privacy Convention, the first global framework for privacy protection. Senator Leahy said, "In the Digital Age, Americans face new threats to their digital privacy and security as consumers and businesses alike collect, share and store more and more information in cyberspace. Data Privacy Day is an important reminder about the need to improve data privacy as we reap the many benefits of new technologies." EPIC has urged the United States to ratify the Privacy Convention. For more information, see EPIC: Electronic Communications Privacy Act, EPIC: International Privacy Day, and EPIC - Facebook, International Privacy Day. (Jan. 28, 2013)
- Senator Leahy Sets Out Judiciary Committee Agenda for New Congress: On January 16, 2013, Georgetown University Law School hosted Senator Patrick Leahy (D-VT), the chairman of the Senate Judiciary Committee. Leahy set out the agenda of the Judiciary Committee in the 113th Congress, vowing to commit the Committee to addressing "out most fundamental rights, and our most basic freedoms." Updates to key legislation, including laws on e-mail privacy and cybersecurity, are included in the Committee's agenda. The Chairman explained that the Committee would also address the need for oversight of US counterterrorism programs as well as privacy issues involved with the growing use of domestic surveillance drones. Furthermore, Senator Leahy emphasized the importance of open government as an American value, promising to "continue to fight for transparency that keeps the government accountable to the people." For more information, see EPIC: Electronic Communications Privacy Act, EPIC: Open Government, and EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones. (Jan. 17, 2013)
- Senate Judiciary Committee Approves Location Privacy Bill: The Location Privacy Act of 2011, sponsored by Senator Al Franken has been reported favorably by the Senate Judiciary Committee. The bill requires affirmative consent for the collection and disclosure of location information, an important protection for cell phone users and users of location-based services. EPIC previously recommended similar protections for location data and filed comments with the Federal Communications Commission advocating location privacy safeguards under the Communications Act. For more information, see EPIC: Locational Privacy and EPIC: Electronic Communications Privacy Act. (Dec. 14, 2012)
- Whether e-mails stored by an e-mail provider after delivery are in "electronic storage" under the Stored Communications Act
This case involves unauthorized access to an e-mail account arising from a domestic dispute. After Mr. Jennings confessed that he "had fallen in love with someone else," and "admitted the two had been corresponding via e-mail for some time," his wife's daughter-in-law, Holly Broome, gained access to his Yahoo! e-mail account by answering his security questions to obtain his password. When Mr. Jennings discovered that Ms. Broom had accessed his e-mails and shared them with his wife, her attorney, and a private investigator, he brought suit in South Carolina state court. All claims were dismissed by the trial court, but the court of appeals ruled that Mr. Jennings could state a claim against Ms. Broome under the Stored Communications Act, 18 U.S.C. §§ 2701-12, because the e-mails were in "electronic storage" as defined in § 2710(15).
The Supreme Court of South Carolina granted certiorari, and reversed the judgment of the court of appeals. However, the five justices of the South Carolina court did not agree on the proper interpretation of "electronic storage" under the Electronic Communications Privacy Act. The justices wrote three separate opinions, which can be summarized as follows:
- Justice Hearn's opinion found that the definition of "electronic storage" did not cover the e-mails at issue in this case because they were not stored "for the purposes of backup protection." This opinion relies on the "ordinary" definition of the term "backup" - "one that serves as a substitute or support" - and the fact that Mr. Jennings did not make a second copy of his e-mail. As a result, Justice Hearn held that his e-mail could not have been a "backup" and thus was not protected by ECPA.
- Chief Justice Toal's opinion finds that there need not be a second copy in order for the e-mail storage to constitute "backup protection," but that the definition of "electronic storage" only includes temporary, intermediate copies. As a result, Justice Toal found that when "a recipient opens the e-mail" it is no longer in "electronic storage" and thus no longer protected from unauthorized access.
- Justice Pliecones wrote a separate opinion concurring with Chief Justice Toal's opinion, but specifying that the definition of "electronic storage" is disjunctive, rather than conjunctive, and includes either "(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," or "(B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication." 18 U.S.C. § 2510(17)(A). Justice Pleicones found that the e-mails at issue in this case were not in "electronic storage" because they were not copies made by the service provider for backup protection.
Justice Hearn's Opinion of the Court (Joined by Justice Kittredge)
Chief Justice Toal's Concurring Opinion (Joined by Justice Beatty)
Justice Pleicones' Opinion
All three of the South Carolina Justices' opinions conflict with the Ninth Circuit's view in Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), that e-mails received and read, and then left on the server instead of being deleted, could be characterized as stored "for the purposes of backup protection" and therefore kept in electronic storage under subsection (B) of 18 U.S.C. § 2510(17). Id. at 1075.
The definition of "electronic storage" is used throughout the Stored Communications Act ("SCA"), and defines the scope of important privacy rights for e-mail users. The SCA prohibits unauthorized access to e-mail and other communications in "electronic storage." See 18 U.S.C. § 2701. The SCA also regulates the voluntary disclosure by service providers of messages in "electronic storage." See 18 U.S.C. § 2702. And finally, the SCA specifies the legal process the government must use to compel disclosure of messages in "electronic storage." See 18 U.S.C. § 2703. The SCA specifies that government must obtain a warrant in order to access an e-mail that has been in "electronic storage" for 180 days or less. See id.
The primary form of electronic communication is e-mail. Unlike at the time the Electronic Communications Privacy Act was passed in 1986, the majority of e-mail is now stored and accessible remotely in cloud-based services. Yet protecting the privacy of e-mail messages, as EPIC has noted in the past, is still one of the core purposes of ECPA. In United States v. Councilman, a case involving a criminal prosecution under the wiretap act for interception of e-mail, EPIC joined leading civil liberties organizations in an amicus brief authored by Professor Orin Kerr. EPIC argued that an e-mail can be simultaneously in "electronic storage" and subject to interception under the Wiretap Act. Several EPIC advisory board members who are technical experts and leading authorities on Internet architecture, e-mail communications, and computer privacy also filed an amicus brief in Councilman, arguing that "ECPA was intended to deal precisely with the improper capture of information by one party that is intended solely for delivery to other(s) . . . ." Senator Patrick Leahy, one of the authors of ECPA, also filed an amicus brief in the case arguing that the definition of "electronic storage" was "designed to distinguish the SCA from ordinary computer crime statutes covering unauthorized system access unrelated to the communications process," and that the definition should not "cast doubt upon Title III's protection of electronic communications" during the transmission phase.
EPIC also filed an amicus brief in Bunnell v. MPAA, a civil wiretap act case involving a question substantially similar to that in Councilman. EPIC's brief argued that Congress added "electronic storage" to the definition of wire communications to expand protections for voicemail, not to lessen protections for stored e-mail.
United States Supreme Supreme Court
- 401 S.C. 1 (2012), cert. denied¸ 133 S. Ct. 1806 (2013).
- Brief Amici Curiae of Nineteen Privacy, Civil Liberties, and Consumer Organizations in Support of Petition for Certiorari
- Petition for Certiorari
- Jennings v. Jennings, __ S.E. 2d ___, 2012 WL 4808545 (S.C. Oct. 10, 2012).
- Supreme Court and Appellate Court Cases
- Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004)
- Fraser v. Nationwide Mut. Ins. Co, 352 F.3d 107 (3d Cir. 2003)
- Steve Jackson Games, Inc. v. U.S. Secret Service, 36 F.3d 457 (5th Cir. 1994)
- Orin S. Kerr, A User's Guide to the Stored Communications Act - And a Legislator's Guide to Amending It, 72 Geo. Wash. L. Rev. 1 (2004)
- The Electronic Communications Privacy Act of 1986, S. Rep. No. 99-541, 1986 USCCAN 3555
- Orin Kerr, South Carolina Supreme Court Creates Split With Ninth Circuit on Privacy in Stored E-Mails — and Divides 2-2-1 on the Rationale, SCOTUSblog (Oct. 10, 2012).
South Carolina Supreme Court
Relevant Law Review Articles, Reports, and Books
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.