The SCA defines “electronic storage” as(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and(B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication.18 U.S.C. § 2510 (17).The lower court held that the e-mails were in “electronic storage” because they were stored for backup protection pursuant to subsection (B) of Section 2510 (17). On appeal, Broome argued that the plaintiff needed to establish that the e-mail met both subsections (A) and (B) to constitute electronic storage.

The statute identifies two categories of communications service providers covered under the SCA: 1) electronic communication service providers (“ECS providers”), defined as “any service which provides to [its] users . . . the ability to send or receive wire or electronic communications,” and 2) remote computing service providers (“RCS providers”), defined as the provision of “computer storage or processing services by means of an electronic communications system.” Stored Communications Act, 18 U.S.C. §2510(15), §2711(2). The SCA prevents ECS providers from divulging the contents of a communication while in “electronic storage” by that service, and prohibits RCS providers from divulging the contents of any communication “carried” or “maintained” on that service.

Conspicuously absent from the Act are any definitions of the terms “monitor,” “intercept,” “transmission,” and “photoelectronic or photo-optical systems.” Certain definitions for some of these terms are included in other statutes—e.g., the Federal Wiretap Act (18 U.S.C. §§ 2510‐2522), the Electronic Communications Privacy Act (18 U.S.C. §§ 2510-2523), and the Stored Communications Act (18 U.S.C. §§ 2701-2712). Nonetheless, there are open questions concerning how the statutory terms might be applied in the particular context of the Act.

The SCA defines electronic storage as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” 18 U.S.C. § 2510(17). Some courts have interpreted subsection (A) as applying only to “unopened” communications, reasoning that the “temporary, intermediate” language contemplates the interception of a communication before it reaches its intended recipient.

The SCA defines “electronic storage” as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” (See 18 U.S.C. § 2510(17)). And the files must be stored in “a facility through which an electronic communication service is provided,” not just any computer system.

An “aggrieved person” under Title III includes not just “a party” to an intercepted communication, but also anyone “against whom the interception was directed.” 18 U.S.C. § 2510(11). So, for a start, Title III must accord standing to people other than those who were parties to unlawfully intercepted communications, lest Section 2510(11)’s second clause do no work.

Here, Microsoft acted as both an electronic communication service and a provider of remote computing services.Under section 2703, governmental entities must use a warrant to obtain certain types of electronic communications, but they can access others using only a trial subpoena.An electronic communication service is "any service which provides to users thereof the ability to send or receive wire or electronic communications." 18 U.S.C. § 2510(15); 18 U.S.C. § 2711(1) (making the Wiretap Act's definitions applicable to the Stored Communications Act). A provider of remote computing services provides "to the public . . . computer storage or processing services by means of an electronic communications system."

After the supervisor discovered the forwarding, the employee was charged with violations of the Wiretap Act, which prohibits the intentional interception of the contents “of any wire, electronic or oral communication through the use of any electronic, mechanical or other device.” 18 U.S.C. § 2510(4). The employee was subsequently convicted in federal district court in the Eastern District of Wisconsin.Szymuszkiewicz’s AppealSzymuszkiewicz appealed on grounds that his forwarding was “a mistake” and that he did not know how to set up auto-forwarding rules.

vent the proliferation of CSAM. For example, providers can train their AI on NCMEC or other known CSAM hash databases to quickly identify, remove, and report CSAM.Conduct vendor due diligence. Ensure AI vendors have robust content moderation policies and technologies. This includes reviewing their record in handling sensitive content and their compliance with CSAM-related legal standards.Monitor legislation. It has become increasingly clear that legislators are poised to tackle the growing concerns about online child safety raised by rapid AI advances. Congress is considering several bills focused on online child safety. Orrick will report future developments.[1] Under 18 USC § 2258E(6), a “provider” within the scope of these CSAM reporting requirements is defined as any electronic communication service or remote computing service. An “electronic communication service” means any service which provides to users thereof the ability to send or receive wire or electronic communications (18 USC § 2510(15)); a “remote computing service” means the provision to the public of computer storage or processing services by means of an electronic communications system (18 USC § 2711(2)).[2] Laws against virtual CSAM have not gone uncontested. InAshcroft v. Free Speech Coalition (2002), the Supreme Court struck down the language of the then-current Child Pornography Prevention Action of 1996 which outlawed CSAM that “appears to be” or “conveys the impression of” a child engaging in sexual conduct. This forced Congress to change the language of the law to where it stands today: virtual CSAM that is “indistinguishable” from actual CSAM. With the advent and proliferation of AI-generated CSAM, the line between virtual and real CSAM is becoming increasingly blurred.

would amend a federal law (18 USC § 2258A) requiring interactive service providers [1] to report child sexual abuse material (also referred to as CSAM) to the National Center for Missing and Exploited Children’s CyberTipline once a provider knows about the material.The Senate unanimously passed the bill in late 2023. The measure now goes to the House of Representatives.Given the bipartisan support for the bill, any affected online service providers should be prepared to adjust their reporting processes and preservation mechanismsOrrick is tracking this and other proposed legislation related to children’s online safety and will report developments as they occur.[1] Under 18 USC § 2258E(6), a “provider” within the scope of these CSAM reporting requirements is defined as any electronic communication service or remote computing service. An “electronic communication service” means any service which provides to users thereof the ability to send or receive wire or electronic communications (18 USC § 2510(15)); a “remote computing service” means the provision to the public of computer storage or processing services by means of an electronic communications system (18 USC § 2711(2)).