Articles Tagged with SCA

The Stored Communications Act (“SCA”) establishes a criminal offense for whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a). The SCA also creates a civil cause of action, in which the plaintiff may obtain damages plus reasonable attorneys’ fees and other costs. 18 U.S.C. § 2707(b).

Federal district courts around the country have reached inconsistent conclusions when grappling with the issue of whether a particular communication is in “electronic storage” at the time it is accessed. The SCA defines electronic storage as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” 18 U.S.C. § 2510(17). Some courts have interpreted subsection (A) as applying only to “unopened” communications, reasoning that the “temporary, intermediate” language contemplates the interception of a communication before it reaches its intended recipient. Others, like Hoofnagle v. Smyth-Wythe Airport Comm’n, No. 1:15CV00008 (W.D. Va. May 24, 2016), found no reason to draw a distinction between “opened” and “unopened” communications for purposes of evaluating SCA liability. Similar disagreement exists with respect to subsection (B), where courts reached different conclusions about the relevance of whether it is the Internet Service Provider or user for whose benefit a backup copy of an email is made. Earlier this month, the Fourth Circuit weighed in on both issues for the first time.

Continue reading

Hackers aren’t the only ones who can gain unauthorized access to your private data. Maybe you shared a password with your spouse, then got divorced and forgot to change it. Maybe you neglected to lock your phone and a passerby was able to pick it up and view your bank-account balances. There are innumerable ways in which your personal files can be exposed to someone you never intended to share them with. Revenge porn laws offer some protection when the files consist of sexually explicit selfies, but when the files at issue consist of mundane (but nevertheless private) emails or texts, the federal Stored Communications Act (“SCA”) often comes into play. The SCA establishes a criminal offense for whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a). The SCA also creates a civil cause of action, in which the plaintiff may obtain damages plus reasonable attorneys’ fees and other costs. 18 U.S.C. § 2707(b).

Many of us store all kinds of files in “the cloud” that we do not intend to share with the world: financial documents, proprietary information, trade secrets, personal notes–the list is endless. Suppose a former colleague intentionally accesses your Apple iCloud account–or your Dropbox account–or your Gmail account–without your knowledge or permission, finds your stuff and downloads copies. In many cases, this kind of behavior would create a right of action under the SCA. But the law contains a number of requirements that may or may not apply in your particular situation, and proof is often hard to come by.

Continue reading

Unauthorized access to another’s email account can give rise to a variety of claims. The Computer Fraud and Abuse Act (“CFAA”), for example, prohibits a wide variety of improper computer activity, including unauthorized access to another’s email account. Specifically, it makes it illegal to intentionally access a computer without authorization and to thereby obtain information which results in a loss worth at least $5000 over the course of a year. (See 18 U.S.C. § 1030(a)(2)(C)). In Virginia, the Computer Crimes Act prohibits “computer fraud,” which occurs when a person uses a computer without authority and thereby obtains property or services by false pretenses. It also makes it a crime to commit “computer invasion of privacy,” which occurs when a person, without permission, logs onto someone else’s computer and examines that person’s employment, salary, credit, or any other financial information.

To obtain relief under the Virginia Computer Crimes Act, a plaintiff must have suffered injury to person or property. (See Va. Code § 18.2-152.12). And as mentioned above, you need at least $5000 in damages to recover anything under the CFAA. But what if someone hacks into your email and reads your personal messages without actually causing any direct pecuniary loss or personal injury?

Continue reading

Suppose your employer asks you to create a Google account for the company. So you do. You set up everything yourself: Google Drive, Google+, Gmail–the works. You even set the password to your dog’s name. All of Google’s terms and conditions are accepted by you personally when creating the account. You proceed to use the account on behalf of the company, using Google Drive to store hundreds of company documents. Then you leave your job. Is the Google account yours? You created it, so are you free to make whatever use of the account you wish? Can you delete it?

Marcelo Cuellar thought so, but he was wrong. According to papers filed in Estes Forwarding Worldwide v. Cuellar in the Eastern District of Virginia, here are the facts. Cuellar joined Estes Forwarding Worldwide (“EFW”)–a transportation logistics company–in 2010. EFW has developed trade secrets relating to the best transportation solutions for various types of shipments, including information about type of freight, freight dimensions, routing decisions, vendor selection, and so on. It keeps this information in spreadsheets and other electronic documents.

Continue reading

The Stored Communications Act (“SCA”), found at 18 U.S.C. §§ 2701-2712, establishes both a criminal offense and a civil cause of action against anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” Successful plaintiffs may obtain damages, equitable or declaratory relief, and reasonable attorney’s fees. (See 18 U.S.C. § 2707(b)). In the employment context, the SCA is often understood to place restrictions on those situations in which an employer can access its employees’ private email accounts (i.e., accounts maintained by third-party email service providers like Google, Microsoft, and Yahoo). A few weeks ago, the Western District of Virginia decided Hoofnagle v. Smyth-Wythe Airport Commission, in which it rejected various justifications offered by an employer for accessing a former employee’s private Yahoo! email account.

Charles H. Hoofnagle was a government employee who worked as the Operations Manager for Mountain Empire Airport in Rural Retreat, Virginia. He reported to the Smyth-Wythe Airport Commission and his duties included answering phone calls and responding to emails from the public and customers. The Commission, however, did not have in place an official policy regarding use of computers or email. The airport did not even provide employees with an email address, so Hoofnagle created a Yahoo! Mail address, charliemkj@yahoo.com, which he used for both personal and business purposes. (MKJ is the airport’s FAA idendifier code). It was this Yahoo! address that was held out to the public as an official contact for the airport and provided to nearly all vendors and customers.

Continue reading

Contact Us
Virginia: (703) 722-0588
Washington, D.C.: (202) 449-8555
Contact Information