Before ECPA, [Electronic Communications Privacy Act of 1986] the chief statutory protection for communications was the Wiretap Act, enacted in 1968, which regulated only the "aural acquisition of the contents of any wire or oral communication," 18 U.S.C. § 2510(4) (1970). In 1986, Congress enacted ECPA to update statutory privacy protections that had failed to keep pace with the technological developments in the 17 years since the Wiretap Act was enacted. (Citiations omitted.) In re Zynga Privacy Litigation, 750 F. 3d 1098 (9th Cir. 2014).
ECPA focused on two types of computer services that were prominent in the late 1980s: electronic communications services (e.g., the transfer of electronic messages, such as email, between computer users) and remote computing services (e.g., the provision of offsite computer storage or processing of data and files).
Electronic Communications Services
Title I of ECPA amended the existing Wiretap Act. [T]he amended Wiretap Act provides that (with certain exceptions), "a person or entity" (1) "providing an electronic communication service to the public" (2) "shall not intentionally divulge the contents of any communication (other than one to such person or entity, or an agent thereof)" (3) "while in transmission on that service" (4) "to any person or entity other than an addressee or intended recipient of such communication or an agent of such addressee or intended recipient." 18 U.S.C. § 2511(3)(a). The "contents" of a communication are defined as "any information concerning the substance, purport, or meaning of that communication." Id. § 2510(8). Even if a disclosure is otherwise prohibited by § 2511(3)(a), an electronic communications service provider can reveal the contents of communications transmitted on its service "with the lawful consent of the originator or any addressee or intended recipient of such communication." Id. § 2511(3)(b)(ii). In re Zynga Privacy Litigation, ibid.Remote Computing Services
Title II of ECPA, termed the Stored Communications Act, covers access to electronic information stored in third party computers. Id. §§ 2701-12. [The Act] imposes requirements on providers of remote computing services that are similar to the requirements of the Wiretap Act discussed above. Under the Stored Communications Act, "a person or entity" (1) "providing remote computing service to the public" (2) "shall not knowingly divulge to any person or entity the contents of any communication" (3) "which is carried or maintained on that service... on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service" (4) "solely for the purpose of providing storage or computer processing services to such subscriber or customer," unless the provider is authorized to access the contents of any such communications to provide other services. Id. § 2702(a)(2). Also, like the Wiretap Act, the Stored Communications Act allows a provider of covered services to "divulge the contents of a communication" to "an addressee or intended recipient of such communication," or "with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service." Id. § 2702(b)(1), (3). In re Zynga Privacy Litigation, ibid.The Stored Communications Act incorporates the Wiretap Act's definition of "contents." See id. § 2711(1). It also differentiates between contents and record information. Section 2702(c)(6) permits an electronic communications service or remote computing service to "divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by [§ 2702](a)(1) or (a)(2))... to any person other than a governmental entity." Although there is no specific statutory definition for "record," the Stored Communications Act provides examples of record information in a different provision that governs the government's power to require a provider of electronic communications service or remote computing service to disclose such information. Id. § 2703(c). According to § 2703(c), record information includes, among other things, the "name," "address," and "subscriber number or identity" of "a subscriber to or customer of such service," but not "the contents of communications." Id. § 2703(c)(2)(A), (B), (E). In other words, the Stored Communications Act generally precludes a covered entity from disclosing the contents of a communication, but permits disclosure of record information like the name, address, or client ID number of the entity's customers in certain circumstances. In re Zynga Privacy Litigation, ibid.
THIS CASEBOOK contains a selection of 24 U. S. Court of Appeals decisions that analyze and discuss issues involving the internet and computer networks. The selection of decisions spans from January 2011 to the date of publication.