Deepening the split among courts on this issue, a federal judge in Ohio ruled that a former Verizon employee’s claim that her former manager accessed her opened, but undeleted personal e-mails was not a violation of the Stored Communications Act (SCA). This case not only adds to the divide on this issue, but it also creates additional confusion for Internet Service Providers (“ISPs”) and highlights the need for SCA reform (discussed previously by Louisa Marion here and here).
In Lazette v. Kulmatycki, Case No. 3:12CV2416 (N.D. Ohio June 5, 2013), Sandi Lazette, a former employee of Verizon Wireless, sued Verizon and her supervisor for violating the SCA, 18 U.S.C. § 2701 et. seq., in addition to other laws. Lazette alleged that after she left her job at Verizon and returned her company-issued blackberry, her former supervisor, Kulmatycki, read 48,000 emails sent to Lazette’s personal Gmail account over a period of 18 months without her authorization or consent. Lazette believed she had deleted her Gmail account from the phone before returning it, but did not close the account.
Section 2701(a) of the SCA makes it an offense to:
(1) [I]ntentionally access[] without authorization a facility through which an electronic communication service is provided, or (2) intentionally exceed[] an authorization to access that facility; and thereby obtain[]… access to a wire or electronic communication while it is in electronic storage in such system.”
“Electronic storage” is defined at § 2510(17) as:
(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.
After concluding that Kulmatycki’s conduct was not “authorized” within the meaning of the statute, Judge Carr granted Verizon’s motion to dismiss Lazette’s SCA claims to the extent she sought recovery for Kulmatycki’s access of open but undeleted emails. The court reasoned that the emails were not in “backup” status or “electronic storage” as those terms are defined by the statute, and thus were not protected by the SCA. The court also dismissed the civil liability claim brought under 18 U.S.C. § 2520 (which allows a person to recover damages when an electronic communication is intercepted or disclosed) on the grounds that Kulmatycki did not “intercept” Lazette’s e-mails because under the statute, the term interception does not include electronic communications stored for the intended recipient’s retrieval on her own computer. However the court did conclude that Lazette had stated a viable claim under Ohio common-law for invasion of privacy.
With this ruling, the court joined several other federal courts holding that only e-mails awaiting opening by the intended recipient are within the SCA’s definition of electronic storage, and rejected the view expressed by the Ninth Circuit in Theofel v. Farey-Jones, 359 F.3d 1066, 1071 (9th Cir. 2004) (holding that “backup storage,” as used in § 2510(17)(B), also includes opened, undeleted mails). Judge Carr, relying on an article by Professor Orin Kerr, stated that the conclusion that the SCA covers opened e-mails is a “minority” position and is contrary to the statute. Judge Carr also noted that it is unlikely that the Sixth Circuit would follow Theofel and extend SCA protections to opened but undeleted emails after the Sixth Circuit’s ruling in United States v. Warshak, 631 F.3d 266, 291 (6th Cir. 2010) (requiring a warrant for production of all stored electronic communications).
The growing split between courts is particularly noteworthy because some national service providers, such as Yahoo!, are headquartered in the Ninth Circuit, where Theofel remains the governing law. This divide in interpretations of the SCA, first enacted in 1986, highlights the need for electronic privacy statute reforms to enhance and clarify the role of privacy in modern communications technology.