The Supreme Court of South Carolina recently ruled that the federal Stored Communications Act (“SCA”) provides no cause of action against a hacker who accessed a user’s webmail without authorization, creating a split with the Ninth Circuit’s 2004 case, Theofel v. Farey-Jones. See Jennings v. Jennings, No. 27177, 2012 WL 4808545 (S.C. Oct. 12, 2012).
In connection with a divorce proceeding, the wife enlisted the help of a relative to access her husband’s webmail, which she believed would reveal the details of an affair. The relative was able to guess the answers to the husband’s webmail account security questions, and thereby gain access to the emails and details about the affair.
In pertinent part, the husband sued the wife’s relative in state court for violating the federal SCA. The trial court granted summary judgment in favor of the defendant, but the intermediate appellate court reversed to allow the case to proceed, finding that the emails were in “electronic storage,” and therefore protected by the SCA. The South Carolina Supreme Court granted certiorari, and the sole issue on appeal was whether the emails at issue were in “electronic storage.”
The SCA, 18 U.S.C. § 2701(a), prohibits an individual from accessing an electronic communication while it is in “electronic storage,” defined to mean “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for the purposes of backup protection of such communication.” 18 U.S.C. § 2510(17).
In a plurality decision, the South Carolina Supreme Court concluded only that the emails were not in “electronic storage” for purposes of the SCA, and that therefore the relative had no legal liability under the SCA. Three of the five justices wrote opinions, explaining their rationales:
- Based on the plain meaning of the term “backup” (as defined by Merriam-Webster Dictionary), the term requires that a substitute copy must exist somewhere. Because the copy of the email that was read and retained by the webmail server was the only copy, there is no “backup” under the SCA. This opinion gained the vote of two justices.
- The SCA provides protection for emails placed in temporary transmission incidental to the transmission of the communication (e.g., mail stored on a server before the recipient accesses it) and to the backups of such temporary storage made by the service provider. Thus, if an email is received by the webmail provider but not yet opened by the recipient, it is in electronic storage; but when it is opened, the message reaches its final destination and is no longer in “electronic storage.” If the recipient leaves the copy on the webmail server, it is no longer in “electronic storage” because it no longer in temporary storage incidental to the electronic transmission. This opinion also gained the vote of two justices.
- The two types of storage referred to in the SCA are distinct: an email can be protected either in temporary transmission until it reaches its destination, or if the email is a backup copy made by the service provider (i.e., even after it is opened by the recipient). Because the messages at issue were not backups made by the webmail provider, they were not protected by the SCA.
The Jennings opinion establishes a split with the Ninth Circuit’s opinion in Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004), which found that emails that had been received, read, and left on the server were stored “for purposes of backup protection” and therefore within the ambit of the SCA. As highlighted by the Jennings opinion, several district courts also interpret the SCA differently.
Thus, until the split of authority is resolved, the same conduct will disparately subject some individuals to civil liability, depending on the interpretation of the SCA applied by the court. Such disparate interpretations could create an incentive for forum shopping and pose conflict of law questions, when multiple states (and even nations) could be involved in an email hacking case. Such disparate interpretations may also pose problems for employers investigating suspected employee misconduct involving webmail.