§ 8.04 Civil Violations (Section 2707)

• Jurisdiction: United States
• Publication year: 2020

§ 8.04 Civil Violations (Section 2707)

[1] Elements

Section 2707 creates private right of action against "any provider of electronic communication service, subscriber, or other person aggrieved by any violation of this chapter in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity, other than the United States, which engaged in that violation such relief as may be appropriate."³⁸¹ As discussed above, the statute does not provide a remedy for unauthorized access to all digital materials.³⁸² It covers only actions in which a party obtains an electronic communication "while it is in electronic storage."³⁸³

To state a claim under the SCA, an aggrieved party must sufficiently allege two elements: (1) the defendant intentionally accessed without authorization a facility through which an electronic communication service is provided or intentionally exceeded an authorization to access that facility and (2) the defendant obtained, altered, or prevented authorized access to a wire or electronic communication while it was in electronic storage in such system.

Thus, the plain language of § 2707(a) requires that in order to establish a claim that the conduct constituting a violation is engaged in with a knowing or intentional state of mind. The court in Alexander v. Verizon Wireless Services, L.L.C.,³⁸⁴ agreed with the court's analysis in Freedman v. America Online, Inc.,³⁸⁵ that "to make a disclosure violation turn on whether [the provider] acted with a bad faith intent to violate the statute would render the statute's good faith defense provision superfluous, an impermissible result under the well-established rule 'that a statute ought, upon the whole, to be so construed that, if it can be prevented, no clause, sentence, or word shall be superfluous, void, or insignificant.'"³⁸⁶ The Alexander court also expressly disagreed with the Sixth Circuit decision in Long v. Insight Communications of Central Ohio, LLC,³⁸⁷ in which the court acknowledged that it is "the conduct constituting the violation" that must have been knowing or intentional, it defined the relevant conduct as the violation itself—"that [the provider] 'knowingly' divulged plaintiffs' subscriber information without authorization" in violation of 18 U.S.C. § 2702.³⁸⁸ Thus, the Alexander court concluded that "with respect to the SCA, a provider acts 'knowingly' if it has knowledge of the factual circumstances (i.e., divulging records or other information pertaining to a subscriber to a governmental entity) that constitute the alleged offense and 'intentionally' if its acts are not inadvertent."³⁸⁹

Notably, unlike the CFAA, the SCA damages are not an element of the claim.³⁹⁰ A prevailing plaintiff may be awarded equitable relief and actual damages; statutory damage, punitive damages; or just attorney fees and costs.³⁹¹

Parties have used this provision to bring actions against service providers who, for example, erroneously divulged subscribers' information to the government.³⁹² A district court found that a domain registrar's accessing of electronic registrar database records for assignee registrant's domain names and changing nameserver records for those domain names without notice or authorization from assignee, court order, or administrative panel order violated the SCA.³⁹³ At least one court has held that a defendant acts intentionally provided its acts are not "inadvertent."³⁹⁴ The SCA does not provide for secondary liability for violations.³⁹⁵

The SCA also provides a private cause of action against an "electronic communication service to the public" that "divulges the contents of a communication while in electronic storage by that service."³⁹⁶ However, an ECS may divulge the "contents" to an addressee or intended recipient of such communication to a person whose facilities are used to forward a communication to its intended destination.³⁹⁷ An ECS may also divulge for the rendition of that service, such as to protect the property of the service, or as otherwise authorized in other sections of the ECPA.³⁹⁸ Further, if the ECS inadvertently obtains the contents of an "electronic communication" that appear to pertain to the commission of a crime, then the service provider may divulge the contents to the government.³⁹⁹

The rise of social media has created a number of issues that have stretched the limits of the SCA (and the Wiretap Act), and which were not even remotely foreseeable at the time Congress originally enacted the ECPA in 1986. For example, the issue has arisen whether the unique features of social networking sites, such as wall posts, status updates, notes, pictures, etc., could also be protected against third-party intrusions under the SCA. In one of the first decisions addressing this issue, a court found that all Facebook posts are: (1) electronic communications; (2) transmitted via an electronic communication service; (3) stored for backup purposes; and (4) in this case were configured to be private.⁴⁰⁰ The court's analysis to the first two factors is straightforward and does not warrant discussion; however, the court's approach to the last two factors bears repeating. The court found that the posts are not in "temporary intermediate storage," because Facebook is the posts' final destination.⁴⁰¹ However, the court found that Facebook stores the posts for backup purposes. "When new posts are added, Facebook archives older posts on separate pages that are accessible but not displayed . . . Because Facebook saves and archives wall posts indefinitely, the Court finds that wall posts are stored for backup purposes."⁴⁰² As to the last factor, to wit, that the communications not be public, the court found that when Facebook's users avail themselves of Facebook's privacy settings and limit their wall posts to a selected group, such wall posts are "configured to be private" for purposes of the SCA. Ultimately, however, the court found that based on the specific facts of the case that the SCA's authorized user exception under Title 18, Section 2701(c) of the United States Code applied and granted defendant's motion for...