Fourth Circuit Deepens the Split on Accessing Opened E-Mails

The Stored Communications Act, a federal law governing e-mail privacy, is notoriously difficult to understand. The greatest confusion has been how the law treats privacy rights in opened e-mails. The Fourth Circuit recently deepened the disagreement and added an additional new theory in a published decision, Hately v. Watts. Hately holds that the civil cause of action for unauthorized access to e-mails found in 18 U.S.C. 2701 also extends to accessing opened web-based e-mails.

This is an issue that has been puzzling courts since at least the 1990s, and I thought I would explain the new decision and why it matters. I’ll start by explaining the basic debate over opened e-mail. I’ll then discuss the facts and reasoning of Hately. I’ll conclude with my thoughts on why I think the court is wrong, why the issue is hard, and why I hope the Supreme Court will review the case.

A. The Statutory Context

In 1986, Congress enacted the Stored Communications Act (SCA) to regulate the privacy of electronic messages sent over computer networks. Congress looked at the Internet of 1986 and saw a need for two kinds of privacy protections in stored communicatins. The first need was to protect the privacy of stored e-mails in the course of delivery. The second need was to protect the privacy of contents stored by remote computing services, what today we would think of, more or less, as cloud providers. In the 1986 statute, Congress decided that the privacy of e-mails in the course of delivery merited greater statutory privacy protections than contents held by cloud providers.

That greater privacy protection was expressed in two main ways. First, in a criminal investigation, investigators need a warrant to access e-mails in the course of delivery but do not need a warrant to access contents held by cloud providers under 18 U.S.C. 2703. Second, in 18 U.S.C. 2701, Congress made it both a crime and the basis of a civil action to commit an unauthorized access to obtain another person’s private e-mails stored in the course of delivery — but not to commit an unauthorized access to obtain

You can read the rest of this article at: