A departing employee who turns in her office BlackBerry incautiously allowed her former boss access to 48,000 (!) private g-mails messages. Are the boss and employer possibly liable for violations of the federal Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., by opening and reading some of those messages? A district court in Ohio holds in favor of the employee, denying a motion to dismiss her complaint on this count.Lazette v. Kulmatycki, No. 3:12CV2416, 2013 WL 2455937 (N.D. Ohio June 5, 2013)According to the plaintiff's complaint, summarized in the opinion:"[Defendant] Verizon provided the blackberry for plaintiff's use.
The Stored Communications Act (“SCA”), found at 18 U.S.C. §§ 2701-2712, establishes both a criminal offense and a civil cause of action against anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” Successful plaintiffs may obtain damages, equitable or declaratory relief, and reasonable attorney’s fees.
Although these cases are largely at the motion to dismiss stage, and therefore there is little insight into how certain key defenses will play out, some recent decisions surrounding VPPA claims have shifted the landscape in certain defendant’s favor.The VPPA provides that “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider shall be liable to the aggrieved person.” 18 U.S.C. 2701(b)(1). That is, a video tape service provider cannot knowingly disclose, without the consent of the consumer, his or her personal video viewing information, to a third party. In these class actions, plaintiffs are alleging that if a website they visit to watch a video has a tracking pixel embedded in its code, the visitor’s video viewing information will be disclosed to the third party associated with that pixel without the visitor’s consent. If this activity is deemed a violation of the VPPA, the plaintiff stands to recover $2,500 per violation. In a class action where the class members are visitors to a website, the exposure can be in the tens of millions, if not higher.There are, however, some limitations in the statute as to who can sue and be sued, and recent case decisions have been helpful to clarify those limits, particularly in the context of who is a video tape service provider and who is a consumer.Definition of Video Tape Service Provider narrowedIn Carrol v. General Mills, Inc.
While these cases are largely at the motion to dismiss stage and therefore there is little insight into how certain key defenses will play out, some recent decisions surrounding VPPA claims have shifted the landscape for certain defendants in their favor.The Video Privacy Protection Act (“VPPA”) provides that “a video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider shall be liable to the aggrieved person.” 18 U.S.C. 2701(b)(1). That is, a video tape service provider cannot knowingly disclose, without the consent of the consumer, his or her personal video viewing information, to a third party. In these class actions, plaintiffs are alleging that if a website they visit to watch a video has a tracking pixel embedded in its code, the visitor’s video viewing information will be disclosed to the third party associated with that pixel without the visitor’s consent. If this activity is deemed a violation of the VPPA, the plaintiff stands to recover $2,500 per violation. In a class action where the class members are visitors to a website, the exposure can be in the tens of millions, if not higher.There are, however, some limitations through the statute as to who can sue and be sued and recent case decisions have been helpful to clarify those limits, particularly in the context of who is a video tape service provider and who is a consumer.Definition of Video Tape Service Provider narrowedIn Carrol v. General Mills,
The Stored Communications Act (“SCA”) establishes a criminal offense for whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a). The SCA also creates a civil cause of action, in which the plaintiff may obtain damages plus reasonable attorneys’ fees and other costs.
The SCA establishes a criminal offense for whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a). The SCA also creates a civil cause of action, in which the plaintiff may obtain damages plus reasonable attorneys’ fees and other costs.
We refer to the Wiretap Act throughout, as we did in Google.33 18 U.S.C. § 2701, et seq. 34 Cal. Penal Code § 630, et seq. 35 18 U.S.C. § 2710.36 N.J. Stat. Ann. § 2A:38A–3. The plaintiffs’ first complaint also included a count alleging unjust enrichment.
In the Matter of a Warrant to Search a Certain E Mail Account Controlled and Maintained by Microsoft Corporation, Microsoft Corporation v. United States, 2016 U.S. App. LEXIS 12926 (2d Cir. July 14, 2016):Microsoft Corporation appeals from orders of the United States District Court for the Southern District of New York (1) denying Microsoft’s motion to quash a warrant (“Warrant”) issued under the Stored Communications Act, 18 U.S.C. §§ 2701 et seq., to the extent that the orders required Microsoft to produce the contents of a customer’s e-mail account stored on a server located outside the United States, and (2) holding Microsoft in civil contempt of court for its failure to comply with the Warrant. We conclude that § 2703 of the Stored Communications Act does not authorize courts to issue and enforce against U.S. based service providers warrants for the seizure of customer e mail content that is stored exclusively on foreign servers.
In Parts One and Two of this e-alert series, we discussed the federal Computer Fraud And Abuse Act ("CFAA") and its California corollary the California Computer Data Access And Fraud Act (CDAFA). In Part Three, we provide a presentation of the federal Stored Communications Act, 18 U.S.C. 2701 et seq. ("SCA"). The act is similar to the CFAA; however, unlike the CFAA, the SCA provides for the recovery of attorney's fees and does not contain a minimal loss requirement.
The complaint states causes of action for violations of the Electronic Communications Privacy Act and the Stored Communications Act, as well as unjust enrichment. The Stored Communications Act (“SCA”), 18 U.S.C. §§ 2701-2712 provides criminal penalties for anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility.” The SCA has been cited by plaintiffs in other class actions in which users allege that a technology company has overstepped its bounds.