Posted by Collin Gaines
April 20, 2015
In 2007, Google rolled out the “archive and next” shortcut in Gmail “to help improve the speed and convenience of managing email.” Merriam-Webster definition of archive is “to collect and store materials (such as recordings, documents, or computer files) so that they can be found and used when they are needed.” Therefore, the average person would conceivably believe that once emails are archived they are stored for backup purposes only.
Accordingly, when a message in Gmail is “archived” the message is removed from the inbox tab but not deleted or removed entirely. By archiving the messages, users perceive that their inbox is void of such messages but the emails are indeed still in storage and can be easily retrieved. Interestingly, it is possible to “archive” messages that have been read and unread messages as well. Users may retrieve messages by accessing the “All Mail” tab, or if someone responds to an archived message. Because archived messages seem as though they have been deleted and can only be retrieved in limited inboxes or responses, not only is Google’s “archive” label likely to confuse the a person of average sensibilities but it may also confuse someone who is familiar with the Stored Communications Act.
The Stored Communications Act (SCA) provides “network account holders a range of statutory privacy rights against access to stored account information held by network service providers.” Therefore, the SCA codified in 18 U.S.C. § 2701(a) should protects individuals against, “(1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.”
It is necessary to look at the overarching Electronic Communications Protection Act (ECPA) to obtain a definition of “electronic storage.” The ECPA defines “electronic storage” as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”  In U.S. v. Warshak the court found that the SCA “permits a ‘governmental entity’ to compel a service provider to disclose the contents of [electronic] communications in certain circumstances” and grants electronic communications stored on an internet service provider’s remote server the same reasonable expectation of privacy and constitutional protections as traditional postal mail and telephone calls.
When Congress enacted the Stored Communications Act, electronic communications were stored on servers for a short period before permanently downloaded to a user’s computer. In Jennings v. Broome the court stated that e-mail service providers store emails on the company’s servers for an indeterminate amount of time. As found in Theofel v. Farey-Jones, this means, electronic communications are not “in electronic storage” because “remote computing service might be the only place a user stores his messages and in that case, the messages are not stored for backup purposes.” Therefore, even if an individual “archives” a message for backup purposes it is still not protected under the SCA because the “electronic storage” exception is only permitted for the transmission of electronic communications and “archives” are instead.
Furthermore, even if “google archiving” did serve as a stored communications function the SCA provides only limited protection to electronic communication that is over 180 days old. Therefore, the SCA provides two distinct ways for law enforcement to access stored electronic communications; Under, (1) Section 2702 and (2) Section 2703. In particular, Section 2702 grants permission for a company may disclose the content of a customer’s communication to law enforcement in the case of inadvertent discovery of information relating to commission of a crime, or to any government entity in an emergency:
A provider described in subsection (a) may divulge the contents of a communication … (7) to a law enforcement agency—(A) if the contents—(i) were inadvertently obtained by the service provider; and (ii) appear to pertain to the commission of a crime … (8) if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.
Section 2702 grants companies the ability to voluntarily show the contents of electronic communications of customers to law enforcement agencies, without the consent of a communicating party.
Conversely, Section 2703 limits governmental entities seeking to obtain stored communications from service providers by distinguishing recent communications and communications in “electronic storage” for over 180 days. Section 2703 requires the government to attain a search warrant for electronic communications held in electronic storage for less than 180 days.
(1) A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection—(A) without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure by a court with jurisdiction over the offense under investigation or equivalent State warrant; or (B) with prior notice from the governmental entity to the subscriber or customer if the governmental entity—(i) uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or (ii) obtains a court order for such disclosure under subsection (d) of this section; except that delayed notice may be given pursuant to section 2705 of this title.
However, Section 2703 permits governmental entities to use a warrant, subpoena, or a court order to force companies to disclose electronic communications and related records in electronic storage for more than 180 days.
A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.
Pursuant to Section 2703, therefore, the government may compel production of electronic communications in “electronic storage” for less than 181 days only using a warrant based on probable cause. For electronic communications over 180 days old, the government can require third parties to production using a subpoena.
There is a dispute among the courts, however, regarding whether electronic communications that are held on company servers, such as Gmail, are for backup services and thus, require a warrant once viewed by the recipient. In, In re doubleclick, Inc. Privacy Litig., the court decided that the SCA covers e-mail messages stored on an ISP’s server pending delivery to the recipient. There is also a dispute among the courts whether viewed electronic communications held on company servers more than 181 days are “for purposes of backup protection,” that would require a warrant, under the SCA. In Hilderman v. Enea TekSci, Inc., the Court held that:
E-mails stored on the laptop computer are not in ‘temporary, intermediate storage’ [as required by § 2510(17)(A)]. Furthermore, the e-mails on the laptop are not stored ‘by an electronic communication service for purposes of backup protection’ as required by subsection (B).
Therefore, “archived” e-mails that are stored on a service provider’s server, is no longer considered “electronic storage.” Even though the customer may be specifically intending to “archive” the entire service provider, store the emails for backup purposes. The government merely needs a subpoena to force cloud-computing providers to release electronic communications data over 180 days old.