On Wednesday, some hackers apparently obtained unauthorized access to Gov. Sarah Palin's Yahoo! email account by posing as Gov. Palin and getting a new password (Michelle Malkin and Wired News have details). Yesterday we noted that, based on the facts in newspaper reporting, a court would likely consider this a violation of the Stored Communications Act (SCA).
However, the Department of Justice may be hamstrung in any prosecution of this invasion of privacy by its restrictive view of "electronic storage." The SCA prohibits unauthorized "access to a wire or electronic communication while it is in electronic storage." The act defines "electronic storage" as "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," or in the alternative as "any storage of such communication by an electronic communication service for purposes of backup protection of such communication."
Under Ninth Circuit precedent, both received and unreceived emails are in electronic storage. This is because when the recipient accesses an email but does not delete it, it moves from storage incident to transmission to backup storage under the second part of the SCA's "electronic storage" definition. See Theofel v. Farey-Jones, 359 F.3d 1066, 1075 (9th Cir. 2003)(finding that “obvious purpose” for storing a message on the provider’s server after delivery is to provide a second copy of the message in the event it needs to be downloaded again). Thus, since Gov. Palin and Yahoo! are both in the Ninth Circuit (Alaska and California respectively), it would violate the SCA to obtain unauthorized access to her emails, whether opened or not.
The DOJ, however, strongly disagrees with Theofel. According to its Prosecuting Computer Crimes Manual, the DOJ "continues to question whether Theofel was correctly decided, since little reason exists for treating old email differently than other material a user may choose to store on a network." Rather, the DOJ argues:
If the recipient chooses to retain a copy of the communication on the service provider's system, the retained copy is no longer in "electronic storage" because it is no longer in "temporary, intermediate storage ... incidental to ... electronic transmission," and neither is it a backup of such a communication.
The DOJ's interpretation of the SCA means that any emails that Gov. Palin had already opened (but left on the Yahoo! Mail servers) would not be protected under this email privacy law. This would mean no SCA privacy protection for the majority, if not the entirety, of the Gov. Palin's email messages at issue. As the DOJ acknowledges, "[i]f Theofel's broad interpretation of 'electronic storage' were correct, prosecutions under section 2701 would be substantially less difficult..." On the flip side, if the DOJ were right and Theofel were wrong, any hacker responsible for obtaining access to those emails - or any other individual's opened messages - could not be prosecuted under the SCA.
What happened to Gov. Palin shows why Theofel is good for privacy. As more and more people use Web mail like Yahoo!, Gmail, Hotmail and others, they also will naturally leave opened email on the server. People should not have to sacrifice their privacy protections under the law when they do so.