Hackers aren’t the only ones who can gain unauthorized access to your private data. Maybe you shared a password with your spouse, then got divorced and forgot to change it. Maybe you neglected to lock your phone and a passerby was able to pick it up and view your bank-account balances. There are innumerable ways in which your personal files can be exposed to someone you never intended to share them with. Revenge porn laws offer some protection when the files consist of sexually explicit selfies, but when the files at issue consist of mundane (but nevertheless private) emails or texts, the federal Stored Communications Act (“SCA”) often comes into play. The SCA establishes a criminal offense for whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a). The SCA also creates a civil cause of action, in which the plaintiff may obtain damages plus reasonable attorneys’ fees and other costs. 18 U.S.C. § 2707(b).
Many of us store all kinds of files in “the cloud” that we do not intend to share with the world: financial documents, proprietary information, trade secrets, personal notes–the list is endless. Suppose a former colleague intentionally accesses your Apple iCloud account–or your Dropbox account–or your Gmail account–without your knowledge or permission, finds your stuff and downloads copies. In many cases, this kind of behavior would create a right of action under the SCA. But the law contains a number of requirements that may or may not apply in your particular situation, and proof is often hard to come by.