As people increasingly use social media sites as a communications network, they may not be aware that their posts may lose important privacy protections ordinarily granted to email.
The Stored Communications Act and emails
It is well-accepted that an internet service provider is prohibited from disclosing the contents of user emails in response to a discovery request, such as a subpoena, in a civil case. Under the Stored Communications Act (SCA), which is part of federal wiretap laws, a person who provides an electronic communications service to the public “shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.” (fn1)
Now there are exceptions to this rule: The service provider may disclose the contents of an email to the addressee -- that’s obvious, to law enforcement and governmental agencies – but subject to restrictions, or to other third parties -- but only with the consent of the author or addressee. (fn2)
However, these exceptions leave out an important party – civil litigants, who generally are able to obtain documents from third parties by serving them with a subpoena. As a result, a growing body of courts have held that a discovery request or civil subpoena to an ISP seeking the contents of a user’s email must be quashed. (fn3)
The Stored Communications Act and social media posts
The SCA can also apply to communications posted on social media. However, the SCA excepts from coverage any electronic communications that are “readily accessible to the general public.” (fn4)
What this means is that a post on a social media site may be disclosed by the site operator in response to a civil discovery request if it is posted on a section of the site that is available to the public at large. According to the Senate committee report for this portion of the SCA (which was written in the emergent Internet world of 1986), the SCA does not apply to information posted on electronic bulletin boards, “where the availability of information about the service, and the readily accessible nature of the service are widely known and the service does not require any special access code or warning to indicate that the information is private.” (fn5)
But what about information posted on “private” portions of social networking sites? If such posts are truly private, then under the court decisions announced in email cases, they should be immune from a civil discovery request to the site operator. However, the result may be different where the information needed to access a “private” post is made readily available to the public.
In Viacom International Inc. v. YouTube, Inc., Viacom alleged that many private videos posted on YouTube contained material that infringed Viacom copyrights, and wanted YouTube to disclose the contents of these videos. Viacom argued that many of these supposedly “private” video files had actually been shared with many members of the public, and thus were not entitled to SCA protection.
The trial judge stated that he thought that Viacom's arguments were at least “colorable.” He noted that the House committee report on the SCA stated that a person who places communications on a computer bulletin board “with a reasonable basis for knowing that such communications are freely made available to the public, should be considered to have given consent to the disclosure or use of such information.” The judge ultimately ordered YouTube to disclose that number of times each of these private videos had been viewed – so that Viacom would have the evidence needed to support its claims that these “private videos” were actually public. (fn8)