January 27, 2023

Volume XIII, Number 27


January 26, 2023

Subscribe to Latest Legal News and Analysis

January 25, 2023

Subscribe to Latest Legal News and Analysis

January 24, 2023

Subscribe to Latest Legal News and Analysis

Litigation Minute: Subpoenas and The Stored Communications Act


"Our business runs an electronic communication system and we got a subpoena for something that one of our users stores on our system. Can't we just produce it?" STOP! The content (explained below) of an electronically stored communication is treated differently under federal law than hard copy content or non-content information (e.g., information other than the content of a message, such as a username or the date the last user accessed the system.)

In-house counsel at companies that provide electronic communication services or remote computing services must consider the Stored Communications Act (SCA), 18 U.S.C. §§ 2701 et seq. when they receive subpoenas. An electronic communication service is any service that provides users with the ability to send or receive wire or electronic communications. A remote computing service is the provision to the public of computer storage or processing services by means of an electronic communication system. So, a business that provides an email system or a social network may be covered by the SCA.

The SCA governs access to “electronic communication services” and “remote computing services.” Because of the increasing volume of information stored in these services, in-house counsel and their outside litigators should be familiar with the provisions of the SCA.

What is the Stored Communications Act?

The SCA prohibits providers of an electronic communication service or a remote computing service from disclosing the contents of the information stored on their systems, except under certain circumstances. It also prohibits unauthorized access to an electronic communication service.

When Does the SCA Apply?

Companies that provide covered services should be alert to the SCA whenever they consider disclosing information provided by a user, customer, or subscriber. This includes disclosures pursuant to civil subpoenas or requests from the government. A company may be regulated by the SCA even if its primary business is something other than communication or internet services. For example, a company that provides an internal social network for employees may be covered, even if that company’s primary business has nothing to do with electronic communication or remote computing services.

The SCA also comes into play when requesting information from a covered business, whether in litigation against that entity or via a third-party subpoena. The SCA establishes procedures for requests by the government.

Accessing electronically stored information without authorization, such as stealing a user’s password in order to access their email account, may violate the SCA.

Content vs. Non-Content Data.

The SCA distinguishes between content (the text of an email or social media message) and other information (the identity of the sender or the date the message was sent). While the SCA bars production of content, it does not bar production of other information, including information provided by the user. This may include information like usernames or IP addresses.

Tips for Navigating the SCA.

  • Obtain User Consent. The SCA authorizes disclosure with the consent of the user, customer, or subscriber. If practicable, obtain user consent before requesting data. But note, an employer may not be able to consent to the release of its employees’ data.

  • Request Data from the User. Request data (e.g., social media information) directly from the user, rather than from the provider.

  • Request Non-Content Information. Requesting non-content information may help you to identify other parties to the communication at issue who may be willing to consent to its release.

  • Use the SCA as a Shield. Businesses covered by the SCA may be able to invoke the law to decline to produce requested documents.

  • Control Data Access. Companies should maintain robust data controls. This will make it easier to show a violation of the SCA in the event of unauthorized access.

What Happens if the SCA is Violated?

Any person aggrieved by a violation of the SCA has a civil cause of action and may recover equitable or declaratory relief, damages not less than US$1,000 and possibly including punitive damages and lawyer's fees. SCA violations may also result in criminal liability. If an SCA violation results in criminal charges against the victim, suppression of the wrongly disclosed evidence will likely not be available as a remedy.

Copyright 2023 K & L GatesNational Law Review, Volume XI, Number 322

About this Author

Philip M. Guess Securities & Transactional Litigation K&L Gates Seattle, WA & Portland, OR

Phil focuses his litigation practice on complex business disputes and has particular experience representing clients in the technology, energy, and financial services industries. He has served on the firmwide Management Committee and as the Managing Partner of the Seattle office.

Phil is currently listed in Chambers USA as one of the top lawyers in Washington for General Commercial Litigation and has represented clients in courts throughout the United States in cases involving contractual breaches, usurpation of trade secrets, tortious interference, and class action...

Aaron Millstein Associate Seattle Investigations, Enforcement and White Collar Lawyer

Mr. Millstein is an associate in the Seattle office of K&L Gates where he is a member of the firm’s complex commercial disputes practice group. Mr. Millstein’s practice focuses on litigation at the trial and appellate level in various matters, including municipal law, trademarks and copyrights, contracts, and real property. Mr. Millstein also has experience counseling and litigating matters relating to Washington’s Public Records Act and Open Public Meetings Act for both governmental and private clients.

In addition, Mr. Millstein maintains an active pro bono...

Andrew N. Stokes Commercial Litigation Lawyer

Andrew Stokes is an associate in the firm’s Seattle office. His practice focuses on commercial litigation, with an emphasis on issues relating to electronic discovery, information governance, and attorney-client and related privileges. Andrew has participated in litigation in state and federal court and has argued in state court. He is a member of the firm’s e-discovery analysis and technology group (e-DAT).

Andrew maintains an active pro bono practice, and has recently participated in immigration representation and civil rights litigation.

+1 206-370-7839