Stored Communications Act

By Serrin Turner and Megan Behrman

Another front recently emerged in the legal battle over whether US law enforcement authorities can use a search warrant issued under the Stored Communications Act (SCA) to obtain data stored overseas. Until now, the battle has been focused in New York, where Microsoft filed a challenge in December 2013 to an SCA warrant for an Outlook.com e-mail account stored on a server in Ireland. Last summer, the US Court of Appeals for the Second Circuit sustained Microsoft’s challenge, holding that the use of an SCA warrant to obtain data stored overseas would constitute an impermissible extraterritorial application of the statute. On January 24, 2017, the Second Circuit declined to rehear the case en banc. It remains to be seen whether the Government will petition the Supreme Court to hear the case.

For the moment, however, the action has shifted to Philadelphia, where Google is litigating a similar issue. On February 3, 2017, US Magistrate Judge Thomas J. Rueter of the Eastern District of Pennsylvania issued a decision compelling Google to comply with search warrants issued under the SCA for two separate Google accounts. Google initially refused to comply fully with the warrants, relying on the Second Circuit’s decision in the Microsoft case. Because the data associated with the two Google accounts at issue is distributed across multiple servers in a variety of jurisdictions, Google sought to comply with the Microsoft ruling by turning over only the account data stored on servers located in the United States, while withholding any account data stored on servers abroad. Judge Rueter, however, disagreed with the reasoning of the Second Circuit’s decision in the Microsoft case—which was not binding on him, as Philadelphia sits within the Third Circuit—and ordered Google to produce all of the account data in response to the warrants, regardless of its physical location.

By Serrin Turner

Last week saw action on two fronts regarding the Stored Communications Act (SCA) – the US federal statute regulating government searches of online accounts in criminal investigations. In Congress, a proposal to reform the SCA advanced in the House; and in the courts, Microsoft sued to challenge a provision of the SCA as unconstitutional. Although the reform bill has been portrayed as a major piece of privacy legislation, the version now under consideration is quite modest and would not substantially change how the SCA is applied in practice. However, the Microsoft lawsuit, if successful, could significantly reshape and restrict how the SCA is used by law enforcement.

What is the Stored Communications Act?

The SCA sets forth the procedures by which US law enforcement authorities can compel electronic communications service providers to disclose the contents of (and other records pertaining to) user accounts. While the SCA is applied most often in the context of email accounts, it applies equally to social-networking accounts, cloud-storage accounts, web-hosting accounts, and any other type of account where a user may store electronic communications. Like everyone else, criminals are increasingly communicating over the Internet, and as a result the SCA is now routinely used by law enforcement to obtain the contents of online accounts used by criminal suspects to communicate and do business.