The Stored Communications Act After the Microsoft Case

19 August 2016 Publication
Author(s): Peter Vogel

Cyber Security Law & Practice

The US Court of Appeals for the Second Circuit decided on 14 July 2016, In re a Warrant to Search a Certain E-mail Account Controlled and Maintained by Microsoft Corporation, that emails stored on Microsoft’s overseas servers were not subject to the warrant provisions of the US Stored Communications Act (‘SCA’). While the decision has been hailed in many quarters as a victory for Microsoft, an interesting facet of the judgment is the concurring opinion of Appellate Judge Lynch and what this suggests about the future of the SCA; Judge Lynch opined that while the SCA clearly precluded extraterritorial application, in the context of data sitting on overseas servers that could easily be accessed in the US, perhaps this should no longer be the case.
In 1986, the US Congress passed the SCA as part of the broader Electronic Communications Privacy Act (‘ECPA’) to protect electronic communications. At the time, the overall goal of the SCA was to protect the privacy of individuals who were, at that time, generating telephone records with the assistance of third party service providers like AT&T. Because the technological context in 1986 was very different than it is today (indeed, the World Wide Web as we know it in 2016 did not even exist before 1995, when Microsoft started giving away its Internet Explorer browser free to anyone who purchased Windows 95), application of the SCA to telephone records stored outside of the US seemed like a contingency that would never occur. Diplomatic issues relating to the US’s relationship with foreign countries vis-à-vis law enforcement and the protection of a country’s own citizenry was simply not an issue because an individual’s country of residence was likely the same as the country where the individual’s telephone records were stored.
At some point in the late 1990s internet service providers (‘ISPs’) started relying on the SCA to protect emails just like telephone records. The ISPs claimed that the SCA applied so as to limit who could access its customers’ email and internet content. The US courts agreed and the applicability of the SCA expanded from telephone records to email without much fanfare.
Read more.


Related Services