The Stored Communications Act's Focus is on User Privacy

2. Other Aspects of the Statute

In addition to the text’s plain meaning, other aspects of the statute confirm its focus on privacy.

As we have noted, the first three sections of the SCA contain its major substantive provisions. These sections recognize that users of electronic communications and remote computing services hold a privacy interest in their stored electronic communications.  In particular, § 2701(a) makes it unlawful to “intentionally access[] without authorization,” or “intentionally exceed[] an authorization to access,” a “facility through which an electronic communication service is provided” and “thereby obtain[], alter[], or prevent[] authorized access to a wire or electronic communication while it is in electronic storage.” Contrary to the government’s contention, this section does more than merely protect against the disclosure of information by third parties. By prohibiting the alteration or blocking of access to stored communications, this section also shelters the communications’ integrity. Section 2701 thus protects the privacy interests of users in many aspects of their stored communications from intrusion by unauthorized third parties.

Section 2702 generally prohibits providers from “knowingly divulg[ing]” the “contents” of a communication that is in electronic storage subject to certain enumerated exceptions. 18 U.S.C. § 2702(a). Sections 2701 and 2702 are linked by their parallel protections for communications that are in electronic storage. Section 2703 governs the circumstances in which information associated with stored communications may be disclosed to the government, creating the elaborate hierarchy of privacy protections that we have described.

From this statutory framework we find further reason to conclude that the SCA’s focus lies primarily on the need to protect users’ privacy interests. The primary obligations created by the SCA protect the electronic communications. Disclosure is permitted only as an exception to those primary obligations and is subject to conditions imposed in § 2703. Had the Act instead created, for example, a rebuttable presumption of law enforcement access to content premised on a minimal showing of legitimate interest, the government’s argument that the Act’s focus is on aiding law enforcement and disclosure would be stronger. Cf. Morrison, 561 U.S. at 267.  But this is not what the Act does.

The SCA’s procedural provisions further support our conclusion that the Act focuses on user privacy. As noted above, the SCA expressly adopts the procedures set forth in the Federal Rules of Criminal Procedure. 18 U.S.C. § 2703(a), (b)(1)(A). Rule 41, which governs the issuance of warrants, reflects the historical understanding of a warrant as an instrument protective of the citizenry’s privacy.  See Fed. R. Crim. P. 41. Further, the Act provides criminal penalties for breaches of those privacy interests and creates civil remedies for individuals aggrieved by a breach of their privacy that violates the Act. See 18 U.S.C. §§ 2701, 2707. These all buttress our sense of the Act’s focus.

We find unpersuasive the government’s argument, alluded to above, that the SCA’s warrant provisions must be read to focus on “disclosure” rather than privacy because the SCA permits the government to obtain by mere subpoena the content of e‐mails that have been held in ECS storage for more than 180 days. Gov’t Br. at 28–29; see 18 U.S.C. § 2703(a). In this vein, the government submits that reading the SCA’s warrant provisions to focus on the privacy of stored communications instead of disclosure would anomalously place newer e‐mail content stored on foreign servers “beyond the reach of the statute entirely,” while older e‐mail content stored on foreign servers could be obtained simply by subpoena, if notice is given to the user.  Gov’t Br. at 29. This argument assumes, however, that a subpoena issued to Microsoft under the SCA’s subpoena provisions would reach a user’s e‐mail content stored on foreign servers. Although our Court’s precedent regarding the foreign reach of subpoenas (and Marc Rich in particular) might suggest this result, the protections rightly accorded user content in the face of an SCA subpoena have yet to be delineated. Today, we need not determine the reach of the SCA’s subpoena provisions, because we are faced here only with the lawful reach of an SCA warrant. Certainly, the service provider’s role in relation to a customer’s content supports the idea that persuasive distinctions might be drawn between it and other categories of subpoena recipients. See supra note 23.

In light of the plain meaning of the statutory language and the characteristics of other aspects of the statute, we conclude that its privacy focus is unmistakable.