The California Court of Appeal has just held that, under the Stored Communications Act, service providers need not — and may not — turn over the contents of subscriber e-mail when those contents are subpoenaed in a civil case, unless the subscriber consents. (Warrants and other court orders in criminal cases are another matter.) This came in the same case, O'Grady v. Superior Court (Apple Computer, Inc.) that I discuss below.
UPDATE: Added the "unless the subscriber consents" clause; I at first omitted it because I thought it went more or less without saying, and that the controversies arise precisely when the subscriber doesn't want the information turned over. But, prompted by the first comment posted below, I thought I'd add the clause for the sake of precision.
Related Posts (on one page):
- Subpoenas to Service Providers for Contents of Stored E-Mail:
- Web Sites Covered by the California Journalist's Privilege:
So they would create a free email acount then type a DRAFT. They would never actually send it. Then someone in another place would logon with the same acount and read the email stored in the draft box. When I read that originally I couldnt help but think what crafty bastards they were and couldn't help but wonder how far behind in the game we were.
Better late than never? I would feel a lot better if I knew there was SOME OVERSIGHT of the programs though.
I would think that ISPs wouldn't want to insist on such a waiver. The ability to say to civil litigants, "Sorry, I can't hand over these customer records," is an asset to ISPs: It saves them money, and prevents potentially customer-alienating publicity. The only people who are hurt by this ability -- which is the Stored Communications Act default, under the California Court of Appeal decision, unless it's waived by the customer -- are civil litigants who want the records, and they're not parties to the ISP-customer contract. So I'd doubt that ISPs would be interested in demanding that customers waive their rights up front. Am I missing something here?
(2) The Yahoo contract isn't just a device to get legally necessary waivers from the customer. It's also a way of alerting the customer so that he'll be less upset when Yahoo does some things. It's a way of rebutting arguments that Yahoo wrongfully failed to disclose certain possibilities that it should have disclosed. And it's a way of possibly giving Yahoo extra protection should the matter be litigated -- perhaps unnecessary protection, but cheap and harmless for Yahoo. So there's no reason to infer that the waiver somehow does anything beyond what the contract says, which is agreeing that Yahoo may do what it's legally obligated to do.
Specifically, I think the O'Grady decision is perfectly consistent with disclosure in response to a civil subpoena where the user has consented (whether via terms of service or otherwise). Having reread it, I don't see anything in the opinion to the contrary; indeed, at several points the court takes pains to identify subscriber consent as a pertinent exception to the bar against disclosure.
I understand that you think the Yahoo waiver doesn't apply to civil subpoenas. (I disagree, but put that aside.) If a service provider's hypothetical terms of service did adequately effect a waiver, in sum, that user communications contents could be disclosed in response to civil subpoenas, are you saying that such waiver/consent would still be insufficient under O'Grady to permit disclosure? (If so, can you point out the section of the decision supporting that claim?)
On your earlier point re the providers and avoidance of liability, it may be useful to note that standard practice among the large ISPs/providers such as Yahoo is to give the subscriber pre-disclosure notice of a third-party civil subpoena requesting communications contents. Typically, the providers let the customer duke it out with the requesting party, and do not themselves move to quash.