A June 18, 2008 Ninth Circuit Court holding in Quon v. Arch Wireless establishes that law enforcement needs a probable cause warrant to access stored copies of electronic messages less than 180 days old (regardless of whether they’ve been downloaded or read) and would also prevent employers from obtaining the contents of employee emails or text messages from the service provider without employee consent. The case was decided under the Stored Communications Act (SCA), which is part of the Electronic Communications Privacy Act (ECPA) of 1986. The SCA prevents “providers” of communication services from divulging private communications to certain entities or individuals.
Historically, prosecutors have argued that, once a recipient accesses his messages –whether they be email or texts–, the message is no longer in “electronic storage” as the SCA defines it, an argument the Ninth Circuit rejected. Thus, if an archived message was created as a backup copy of an electronic communication sent through an Electronic Communications Service, that copy continues to receive ECS protection, even if it was downloaded, read and “has expired in the normal course” such that the copy is no longer performing any archival/backup purpose. For the same reason, even if an employer pays for the use of third party text or email service, the employer cannot obtain copies of messages from the provider without the recipient’s permission.
Additionally, the Ninth Circuit addressed whether text messages are protected by the Fourth Amendment, insofar as prosecutors often argue that, because email and text messages are stored by third parties that have the ability to read them, senders and recipients have no expectation of privacy in those messages and thus are entitled to no constitutional protection from unreasonable searches and seizures. The Ninth Circuit rejected this view, joining the Sixth Circuit in Warshak v. US, holding that text messages are akin to letters or packages, and are protected even though the shipper could open them.
Further, the panel considered the effect of acceptable use policies, monitoring policies or other terms of service that state that the service provider or employer reserves the right to monitor or audit the messages. While those policies may give employers or service providers the right to read messages, the question was whether law enforcement could, therefore, do so as well. The Ninth Circuit panel applied its ruling in United States v. Heckenkamp, which held that a student did not lose his reasonable expectation of privacy in information stored on his computer, despite a university policy that authorized the university to access his computer in limited circumstances while connected to the university’s network. The Court rejected the argument that user consent to access for some purposes destroyed the expectation of privacy for every purpose, including warrantless or unreasonable government searches. (Note: Compare this outcome to the “abandonment theory” applied by a Pennsylvania court, which held that consent given to a third-party PC repair service to install a DVD player (including testing associated therewith) constituted a waiver of expectation of privacy for every purpose – Click here).