USA Today has an interesting story on efforts by several state Attorneys General to get MySpace to turn over the names and addresses of registered sex offenders who have profiles on the site. The state AGs wrote a letter asking MySpace to turn over the information. MySpace refused, citing the privacy protections of the Electronic Communications Privacy Act. The state AGs responded by “blasting” Myspace for its refusal to help:
Connecticut Attorney General Richard Blumenthal on Tuesday blasted MySpace for refusing to share the information and said no subpoena is needed for MySpace to tell the attorneys general how many registered sex offenders use the site “or other information relating to possible parole violations.”
“I am deeply disappointed and troubled by this unreasonable and unfounded rejection of our request for critical information about convicted sex offenders whose profiles are on MySpace,” Blumenthal said. “By refusing this information, MySpace is precluding effective enforcement of parole and probation restrictions that safeguard society.”
North Carolina Attorney General Roy Cooper echoed the sentiment, saying “it’s sad that MySpace is going to protect the privacy of sex offenders over the safety of children.”
MySpace is clearly right that federal privacy law prohibits them from complying with the AG’s letter, at least in its entirety. MySpace provides both electronic communications services and remote computing services under the Stored Communications Act portion of ECPA, so they can’t disclose basic subscriber information to the government without a subpoena or court order unless one of several exceptions in 18 U.S.C. 2702 applies (which none does).
It’s a trickier question with meta-data like the total number of registered sex offenders. The statute prohibits the disclosure of “information pertaining to a subscriber or customer.” 18 U.S.C. 2702(c)(1). Does the fact that X sex offenders are MySpace subscribers constitute information “pertaining” to its subscribers? I think it does — it does relate to them, even if it is not personally identifying. So although it’s a closer case, I would think that MySpace probably can’t turn over that information either.
Why did the state AG’s even bother writing this letter, given that federal privacy law blocks the disclosure in these circumstances (clearly for some information, less clearly for other information)? I can think of a few possible explanations. One possibility is that this California’s state privacy law may require a warrant for this information rather than a subpoena. See Cal. Penal Code 1524.2, 1524.3. In a federal investigation, the California law would be ignored under the Supremacy Clause, and the govermment would be able to obtain the information with a subpoena. In contrast, state investigations have to comply with California state law. If that law requires a warrant, obviously the AG’s can’t get one — they don’t have any PC.
So perhaps the AG’s knew that they couldn’t compel the information from MySpace legally, and instead they wrote a letter hoping that MySpace might conclude that disclosure would fit in a voluntary disclsoure exception to 2702. (To be clear, I’m not at all sure about this theory, as California’s statutory scheme is rather puzzling. But it seems like a possibility worth floating. Note that even barring state law regulation, out-of-state court orders are not binding on MySpace in California.) That’s the less cynical explanation, anyway.