eDiscovery: protect information stored on personal electronic devices

Issue. With the proliferation of personal electronic devices of communication such as "i" and other "smart" phones, tablets, and all versions of computers and their stored data, compounded by the access and ability to use, even at a very early age, where can we look for protection of potential intrusion on our individual privacy through unauthorized access to personal electronic information? That question was addressed recently by the 5th U.S. Circuit Court of Appeals in Garcia v. City of Laredo, Texas, et al., 2012 WL 6176479 (5th Cir. 2012).

Facts. Garcia claimed while she was employed as a police dispatcher for the city of Laredo, the city violated the Stored Communications Act (SCA) by accessing the contents of her cell phone without her permission, which ultimately led to termination of her employment. While the court did not disclose the personal factual information lurking in the background of the series of events, it did leave us with the bare facts necessary for its opinion. It seems that as far back as 2008 Garcia's cell phone was removed from an unlocked police substation locker by "a police officer's wife" who then "accessed text messages and images found on Garcia's phone." This led to the wife's belief that she "had discovered evidence of violations of a department policy," causing her to go to the deputy assistant city manager and the interim/assistant police chief with her findings. She used Garcia's cell phone to disclose the text messages that had been "sent from and received by the phone and the photographs stored" on it. Subsequently, while the text messages could not be downloaded by investigators, they were able to download a video recording and numerous digital images. Interestingly, nothing was disclosed concerning exactly what constituted "evidence of violations of a department policy," but Garcia was ultimately terminated from her employment because a subsequent investigation determined that ("based in whole or in part upon images and text messages retrieved from her cell phone") she had "violated police department rules and regulations."

Garcia appealed from, among other things, the granting of summary judgment by the district court in favor of the defendants, and denial of Garcia's motion for partial summary judgment that had been based on violation of the SCA. The district court had determined that the SCA did not apply to this case.

Discussion. The key question to the 5th Circuit was whether the SCA applied to "images and text messages accessed from and stored in an ordinary cell phone." The court noted that prior to 1986 there had been "no protection for stored communications in remote computing operations and large data banks that stored e-mails." Then Congress enacted the SCA "as part of the Electronic Communications Privacy Act to protect potential intrusions on individual privacy that the Fourth Amendment did not address." The court noted that the unauthorized access that the SCA prohibits concerns "wire and electronic communications in temporary and back-up storage," and defendants' liability would depend on whether they had "gained unauthorized access to a facility through which electronic communication services are provided (or the access must have exceeded the scope of authority given) and must thereby have accessed electronic communications while in storage." So, was Garcia's personal cell phone a "facility" that kept "electronic storage in the form of text messages and pictures stored on the cell phone" that qualified for protection under the SCA?

The court emphasized that, while the statute has been interpreted "to apply to providers of a communication service such as telephone companies, Internet or email service providers, and bulletin board services," the SCA was intended to protect "not computers that enable the use of an electronic communication service, but instead are facilities that are operated by communication service providers and used to store and maintain electronic storage." Citing a Northern District of California federal case (In re iPhone Application Litig., 844 F.Supp.2d 1040, 1057-58 (N.D. Cal. 2012)), the court emphasized that iPhone plaintiffs do not have a claim under the SCA because iPhones do not "constitute facilities through which an electronic communication service is provided." Therefore, there is judicial agreement that the SCA does not protect home computers of end users. Citing the important law review article by Orin Kerr, the court underlined that "the words of the statute were carefully chosen" to envision "a provider (the ISP or other network service provider) and a user (the individual with an account with the provider), with the user's communications in the possession of the provider."

So the court was quick to point out that, even assuming a cell phone could be considered a "facility," this would not demonstrate that storage of text messages and pictures on that instrument comes within the SCA definition of "electronic storage" that clearly "encompasses only the information that has been stored by an electronic communication service provider." Therefore, "information that an Internet provider stores to its servers or information stored with a telephone company - even if such information is stored temporarily pending delivery or for purposes of backup protection - are examples of protected electronic storage under the statute. But information that an individual stores to his hard drive or cell phone is not an electronic storage under the statute." SCA protection does not extend to emails and messages stored only on an individual's personal computer.

The court concluded that, "just because the device enables use of electronic communication services," individual personal cell phones do not "provide an electronic communication service." Since there was no evidence that any information was obtained by defendants from the cellular company or network, the court determined that the text messages and photos stored on Garcia's phone were not in "electronic storage" as defined by the SCA and thus were not protected because they were outside the scope of the statute.

Moral of the story. Unless you are certain that your cell phone will always be in your custody, or that it contains a remote-controlled self-destruct button operational on demand, leaving an unprotected cell phone in a place like an unsecured locker is an invitation to your enemies to unceremoniously hang you from the masthead of your indiscretions.