Hacking Into Personal E-Mail Account Not a Violation of the Stored Communications Act According to South Carolina Supreme Court

On October 10, 2012, the Supreme Court of South Carolina found in Jennings v. Jennings, et al., that a defendant who allegedly hacked into a plaintiff’s personal e-mail account to retrieve messages that were already read by the plaintiff was not liable under the Stored Communications Act (“SCA”), 18 U.S.C. § 2701.

The Defendant allegedly hacked into plaintiff’s Yahoo! account once she learned that plaintiff was allegedly cheating on his wife. At issue in Jennings was whether the hacked e-mails — which were single copies of e-mails on the Yahoo! server and not downloaded or saved to another location — were in “electronic storage” under the SCA. While all of the Justices agreed that the e-mails at issue were not in electronic storage under the statute’s definition, and therefore, not protected under the SCA, their rationale in reaching their conclusion diverged and resulted in a 2-2-1 decision.

Section 2701(a) of the SCA proscribes accessing an electronic communication while it is in “electronic storage.” The SCA defines “electronic storage” as

(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and

(B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication.

18 U.S.C. § 2510 (17).

The lower court held that the e-mails were in “electronic storage” because they were stored for backup protection pursuant to subsection (B) of Section 2510 (17). On appeal, Broome argued that the plaintiff needed to establish that the e-mail met both subsections (A) and (B) to constitute electronic storage. The Supreme Court’s decision, written by Justice Hearn, noted that although the Department of Justice espoused Broome’s interpretation of Section 2510(17), called the “traditional interpretation,” it was not one favored by the majority of courts that have considered the topic, which have instead found that subsection (A) or (B) must be met. In any event, plaintiff only argued that his e-mails were in electronic storage pursuant to subsection (B), and therefore the court found that it was unnecessary to determine whether to adopt the traditional interpretation or the interpretation recognized by most courts.

In discussing the applicability of subsection (B), the Justice Hearn relied upon Merriam-Webster’s definition of “backup,” which is “one that serves as a substitute or support.” The court concluded that Congress’s use of the word “backup” necessarily presupposes the existence of another copy to which the e-mail would serve as a substitute or support. The court found that because the plaintiff’s e-mails were a single copy of the communication, they could not have been stored for backup protection, and thus, not protected by the SCA.

Chief Justice Toal, on the other hand, in his separate concurring opinion, disagreed with Justice Hearn’s reliance upon the dictionary definition of “backup,” arguing that an e-mail message on an internet service provider’s website could be considered stored for “support” in the event the user needs to retrieve it. Instead, he argued that the traditional interpretation advanced by the DOJ (requiring that both subsections (A) and (B) are met for it to be considered in “electronic storage”) should be adopted. In his view, an e-mail is in electronic storage only if it has been received by a recipient’s service provider but has not yet been opened by the recipient. Because the e-mails at issue had already been received, opened and read by the plaintiff when they were retrieved by Broome, they fell out of the scope of electronic storage under the statute.

A third opinion written by Justice Pleicones concurred in result but noted that it was also necessary to consider that, in addition to the fact the e-mails at issue were not in temporary storage during the course of transmission (subsection A), they were also not copies made by plaintiff’s service provider for purposes of backup (subsection B), and therefore not protected by the SCA.

Given that the Justices could not agree even amongst themselves on the basis for their decision, it’s not surprising that other courts considering the applicability of the SCA have reached differing results, most notably the Ninth Circuit in the case of Thoefel v. Farey-Jones, 359 F.3d 1066, 1075 (9th Cir. 2004). In Thoefel, the court found that e-mail messages which were delivered to the recipient, read, and stored by the internet service provider were in “electronic storage” under the SCA.

The Justices in Jennings were quick to acknowledge that even if Broome did not violate the SCA, her alleged actions weren’t necessarily acceptable either. Justice Hearn said that “this should in no way be read as condoning her behavior. Instead, we only hold that she is not liable under the SCA because the e-mails in question do not meet the definition of ‘electronic storage’ under the Act.” Similarly, Chief Justice Toal noted that the SCA, which was enacted in 1986, “is ill-fitted to address many modern day issues, but it is this Court’s duty to interpret, not legislate.”

The Jennings decision has led commentators to express frustration with the SCA’s lack of protection for webmail and information stored in the cloud. Most agree that Supreme Court review of the SCA or even a new federal statute addressing this type of activity is necessary to protect information stored using today’s technology. While the Computer Fraud and Abuse Act might be another possible avenue for plaintiff Jennings, plaintiffs oftentimes are unable to prove the requisite amount of damages under the CFAA, which was recently demonstrated in the case of Eagle v. Morgan, et. al., no. 11-4303 (E.D. Penn. Oct. 4, 2012). Because this issue is far from resolved, employers (and, yes, even scorned lovers) shouldn’t necessarily view the Jennings decision as a green light to hack into one’s personal e-mail.