In a decision that will significantly impact the ability of the government to access electronic communications, the United States Court of Appeals for the Sixth Circuit on June 18, 2007, affirmed a district court’s issuance of a preliminary injunction prohibiting governmental entities from obtaining Internet Service Providers’ (“ISP”) subscribers’ e-mail communications unless the subscriber first receives prior notice and an opportunity to be heard. Warshak v. United States, No. 06-4092 (6th Cir. 2007). The Court found unconstitutional the Stored Communications Act (“SCA”) provisions allowing Government seizure of such communications without prior subscriber notice, because the court order could be issued without a showing of probable cause that the subscriber had committed a crime. The Sixth Circuit found that individuals have an expectation of privacy regarding the contents of emails sent or stored through an Internet Service Provider (ISP).
The SCA, passed in 1986 as an amendment to the Electronic Communications Privacy Act, contains various provisions regarding “stored wire and electronic communications and transactional records” impacting ISPs’ subscribers’ records and communications. The specific provisions of the SCA at issue in Warshak were sections 2703(b) and (d) and 2705(a). Sections 2703(b) and 2705(a), in pertinent part, allow a governmental entity to obtain the contents of electronic communications that have been stored by an ISP for more than 180 days without notice to the subscriber if obtained by a warrant (which is subject to the usual probable cause standard) and with delayed notice to the subscriber if the governmental entity obtains a court order and the court finds there may be an adverse result from providing notice. Section 2703(d) allows the issuance of court orders when the government has “reasonable grounds to believe” that the communications are pertinent to an active criminal investigation, a less rigorous standard then probable cause.
In Warshak, the U.S. Government directed its order to Plaintiff Steven Warshak’s ISPs to obtain, among other things, his stored e-mail communications in support of its criminal investigation of wire and mail fraud. The Government did not seek e-mails in electronic storage less than 180 days old (which can only be obtained with a warrant). The court order approved delayed notice. After the Government provided the delayed notice, Warshak filed a complaint seeking a preliminary injunction and alleging that the disclosure of his emails without a warrant or notice violated the Fourth Amendment and the SCA. The U.S. District Court for the Southern District of Ohio held that individuals sending emails have an expectation of privacy, and preliminarily enjoined the seizure of emails from an ISP account when an account holder was not given notice and a hearing. The government appealed the district court’s decision.
On appeal, the Government argued that an SCA court order is akin to a subpoena and therefore probable cause is unnecessary. The Sixth Circuit acknowledged that, for a subpoena to issue, the Government must meet only the lower “reasonableness standard.” However, in reviewing the case law, the court concluded that individuals may challenge a third party subpoena before disclosure is compelled if they have a “legitimate expectation of privacy” regarding the records at issue. The Warshak court therefore reasoned that, where an email user has an expectation of privacy regarding the email content, the government must meet the more rigorous “probable cause” standard. The court found an expectation of privacy in e-mail communications by analogizing the emails to the surveillance of telephone conversations at issue in Katz v. United States, 389 U.S. 347 (1967). In Katz, the Supreme Court of the United States held that the government interception of telephone conversations was a search for Fourth Amendment purposes, and that individuals have a legitimate expectation of privacy regarding the conversations.
The Sixth Circuit made only one modification to the district court’s injunction, adding that, “if the government can show, based on specific facts, that an e-mail account holder has waived his expectation of privacy via-a-vis the ISP, compelled disclosure of e-mails through notice to the ISP alone would be appropriate.” The Court explained such a waiver requires more than the ISP having some level of monitoring policies in place. For example, an ISP’s terms of use reserving a right of access to e-mail communications for specific, limited purposes or its use of technological monitoring of e-mails to identify child pornography, would not constitute a waiver by the subscriber. Rather, for a subscriber to waive his expectation of privacy in e-mail communications, the ISP would have to have clear terms of service apparent to the user allowing it to regularly audit, inspect, or monitor subscriber e-mails. The Court analogized the recent Ninth Circuit decision in United States v. Heckenkamp, Nos. 05-10322, 10323, 2007 U.S. App. LEXIS 7806 (9th Cir. Apr. 5, 2007), where a student who connected his computer to the university’s network was held to have a legitimate expectation of privacy regarding his computer files because the university’s monitoring policy was limited in scope. See our discussion of Heckenkamp here. The Court distinguished workplace privacy where an employer explicitly notifies employees of its right to monitor and access e-mail.
The Sixth Circuit’s decision does not effect other provisions of the SCA, including the government’s ability to obtain, without notice, e-mail communications with a warrant and subscriber account information with a warrant, court order or subpoena.
