The Seventh Circuit decided an interesting Wiretap Act case today that was largely a replay of United States v. Councilman, the First Circuit case that I blogged about here a bunch of times back in 2004 to 2005. In the new case, United States v. Szymuszkiewicz (glad I don’t have to pronounce that one), the panel reached the right result. It agreed with the result of the en banc Councilman decision (if not its precise reasoning, given the curious narrowness of the Councilman decision) that it violates the Wiretap Act to go into someone else’s e-mail account and secretly program it to forward a copy of all of their e-mails to you.
After reaching the right result in this case, Judge Easterbrook then added some dicta in which he argued that other courts had misconstrued the Wiretap Act by imposing a requirement that the Wiretap Act only applies to “real-time” acqusiition and not one-time access to stored contents. Judge Easterbrook is a brilliant guy, but his dicta badly misunderstands the Wiretap Act. Fortunately, Easterbrook’s errors raise some conceptually interesting questions about what leads judges to misread statutes. In particular, I wanted to post on one aspect that is a recurring issue in statutory privacy law: Whether judges can overcome the blinders imposed by the remedial context of the case before them.
To understand the problem, let’s start with the basic structure of the statutory privacy laws. Such laws generally follow the following structure:
1) Anyone who intentionally does privacy-invading thing “X” commits a crime,
2) However, the government can do “X” if it has an appropriate court order based on a certain level of cause, and
3) Victims of “X” have a civil remedy against whoever does “X.”
Because of this structure, statutory privacy laws generally serve three distinct functions all at once: First, they impose criminal punishment for conduct that violates privacy interests (part 1 above); Second, they provide a civil remedy for victims against those who invade privacy interests (part 3 above); and Third, they enact a code of criminal procedure regulating law enforcement investigations by which the government can obtain court orders allowing them to invade privacy interests in appropriate cases (part 2 above).
This structure creates interpretive challenges for courts because judges often have very different instincts when interpreting criminal statutes, civil statutes, and codes of criminal procedure. Sound statutory interpretation requires understanding all of the remedial contexts, and how they work together: Otherwise a judge will confidently interpret the statute based on the assumptions of one remedies scheme in ways that are clearly mistaken (and create very odd result results) in the other contexts.
The civil cases interpreting the Computer Fraud and Abuse Act (18 U.S.C. 1030), which prohibits “unauthorized access” to a computer, demonstrate the problem. In civil cases, computer owners come in to court asking judges to stop people from using their computers in ways the owners don’t like: Judges are very sympathetic to the request, so they are very willing to say that conduct the owner doesn’t like is “unauthorized” and that the behavior has to stop. But the same statute is a criminal statute, too. As a result, the civil cases interpreting the law inadvertently end up criminalizing a great deal of innocent conduct. (The usual rule of interpretation is that precedents from one setting are equally applicable to another setting, so the civil cases apply in the criminal realm.)
This problem is a recurring issue when it comes to understanding how the Wiretap Act applies to the Internet. On one hand, the Wiretap Act is primarily a rule of criminal procedure: The scope of the Act is relevant to thousands of criminal investigations every year. In contrast, there are usually only about 20 criminal prosecutions for wiretapping every year. However, Congress did not include a statutory suppression remedy for violations of the Wiretap Act for computer communications. This creates a really warped dynamic that I explained in this law review article in 2004: Because there is no statutory suppression remedy, there are no cases applying the Wiretap Act in the usual context in which it arises (that of criminal investigations). Thus the scope of the Wiretap Act tends to get litigated in very unusual settings that make it unusually likely that courts will misconstrue the statute.
I think that explains Judge Easterbrook’s dicta in United States v. Szymuszkiewicz. In this part of the opinion, Easterbook has just held that assuming that that the Wiretap Act only applies to real-time monitoring — that is, acqusition contemporaneous with transmission — then the monitoring here was contemporaneous. He then adds that he thinks there is no such requirement in the statute, contrary to what several other circuits have held. Here’s the passage, with my paragraph breaks added:
Decisions articulating such a requirement are thinking football rather than the terms of the statute. There is no timing requirement in the Wiretap Act, and judges ought not add to statutory definitions.
Forget about packet switching and email for a moment, and think about 1968-vintage telephony, with an old-fashioned answering machine containing an old-fashioned tape recorder on the receiver’s end (which is how what today is called “voicemail” used to be set up). Perkins, the phone subscriber with an answering machine, could call his own number and key in a code to have his messages replayed from the tape. Suppose Smith learned the code, called Perkins’s number, and listened to all of the messages on the answering machine. That means of acquiring the contents of a phone call is as effective as placing a “tap” on the phone line outside Perkins’s house, or placing a hidden transmitter on the bottom of Perkins’s phone, and comes within the definition of “interception” in §2510(4) even though the acquisition is not contemporaneous with the message. Under the statute, any acquisition of information using a device is an interception. And if getting access to an answering machine’s contents is an interception, so is getting access to an email inbox’s contents by automated forwarding.
The Stored Communication Act imposes its own penalties for clandestinely accessing information held “in electronic storage.” 18 U.S.C. §2701(a). Playing back the messages on the answering machine would violate the Stored Communications Act—but this does not imply that the activity does not violate the Wiretap Act too. Overlapping criminal statutes are nothing new. The two statutes have different definitions, different penalties, and different provisions for civil suit; they establish different rules for when (if at all) improperly acquired information may be used in court. There is no need to invent “contemporaneity” to keep them apart.
This is all very interesting, but it’s also very wrong. If you look at the Wiretap Act and the Stored Communications Act as codes of criminal procedure — that is, you look at it from the standpoint of how the police must comply with these acts as they obtain evidence — you realize Easterbook’s error.
Let’s start with some history to put it in context. The Wiretap Act was passed in response to Berger v. New York, a Fourth Amendment case that had held that any wiretapping law had to have special privacy protections given the special privacy concerns raised by real-time wiretapping. In its initial passage in 1968, the Act applied then to phone calls — transfers of the human voice — but not computer communications. The initial statute didn’t specify a contemporaneousness requirement in the text of the definition of intercept. But beyond such a requirement it being implicit from Berger, it was explicit in 18 U.S.C. 2518, the provision that governs what the government must do to obtain a court order permitting government wiretapping. The provision is framed in terms of time: To get the order the government’s application must make “a statement of the period of time for which the interception is required to be maintained”; If granted, the court order must specify “the period of time during which such interception is authorized.” These requirements exist because interceptions, being contemporaneous, are things that are maintained over a period of time.
Court decisions recognized this pretty early. The leading early case probably was United States v. Turk, 526 F.2d 654 (5th Cir. 1976). which had facts very similar to Judge Easterbrook’s “1968-vintage telephony” hypothetical. Contra Easterbrook’s analysis, however, Turk held that the playing of a stored recording was not an interception: “Whatever the precise temporal parameters under Title III of an ‘aural acquisition’ (and thus of an interception),” the court wrote, “we conclude that no new and distinct interception occurs when the contents of a communication are revealed through the replaying of a previous recording.
Fast forward to 1986, when Congress passed the Electronic Communications Privacy Act. In the same Act, Congress did two things: It expanded the Wiretap Act to computer communications, and it enacted the Stored Communications Act. By expanding the Wiretap Act to computers, Congress made it a felony to “intercept” a computer communication in “transfer” without a Wiretap Order. Then, in the non-criminal sections of the Stored Communications Act, Congress created a very explicit set of rules for when the government could compel access to stored contents of computer communications. See 18 U.S.C. 2702-05. Congress chose much lower standards for access to the contents of stored computer communications than for the accesses to computer communications under the Wiretap Act. While the Wiretap Act requires a “super warrant” Title III order, Section 2703 permitted the government to compel contents of some e-mails (and other stored electronic communications) with a standard probable cause warrant and other e-mails and communications, such as those stored more than 180 days with a subpoena and prior notice.
Once you see the Wiretap Act and the Stored Communications Act as codes of criminal procedure, you realize the problems with Easterbrook’s effort to reconcile the two statutes. The Wiretap Act makes it a crime for the police to conduct a wiretap without a Wiretap Order. The Stored Communications Act then says that it is lawful for the police to obtain access to stored e-mails with a subpoena or a warrant, without a Wiretap order. But if the two statutes regulate the same activity — that is, if one-time access to stored e-mails is a wiretap — then the two Titles of the same statute are hopelessly in conflict. So read, one part of ECPA makes it a felony crime to do the same thing that another part of ECPA explicitly permits. The two also have conflicting notice requirements: For example, the Wiretap Act requires post-wiretapping notice while the Stored Communications Act explicitly rejects that. If the two statutes apply to the same conduct, which notice provision governs? To avoid concluding that the ECPA is at war with itself, the only plausible way to read ECPA is that the Wiretap Act and the Stored Communications Act regulate different activity: The Wiretap Act applies to contemporaneous acquisition (see Berger, Turk, and 2518) while the Stored Communications Act applies to one-time acquisition.
It doesn’t necessarily look that way if you treat the Wiretap Act as a criminal statute. As Easterbrook says, overlapping criminal statutes are common. But once you look at these statutes in their natural habitat, as codes of criminal procedure, it becomes clear that this common instinct for interpreting criminal statutes can’t apply here. (It doesn’t help that nearly every phrase in Easterbrook’s contrast between the two statutes — his remark that “the two statutes have different definitions, different penalties, and different provisions for civil suit; they establish different rules for when (if at all) improperly acquired information may be used in court” — is incorrect. But this post is long enough.)