The FCC’s ruling interprets two subsections of the TCPA. The first subsection — 47 U.S.C. § 227(b) — includes several restrictions, including a general prohibition on making calls to landline or mobile telephones using a prerecorded message without  the recipient’s prior express consent. Section 227(b)(3) allows individuals or companies to bring private lawsuits “based on a violation of this subsection” or the FCC’s implementing regulations.

A separate portion of the TCPA — 47 U.S.C. § 227(c) — authorizes the FCC to set up a national Do Not Call registry, which the FCC did in coordination with the Federal Trade Commission several years ago. Section 227(c)(5) authorizes private lawsuits by individuals who receive “more than one telephone call within any 12-month period by or on behalf of the same entity” in violation of the Do Not Call rules.

Last week’s declaratory ruling came in response to questions referred to the FCC by two federal courts in two separate TCPA-based lawsuits.

In accordance with the federal courts’ referrals, the parties in both cases petitioned the FCC to interpret the relevant TCPA provisions and regulations and determine whether sellers like DISH could be liable for unlawful telemarketing calls made by dealers or other third parties.

The FCC concluded that a seller is not always liable for calls made by third parties for the seller’s benefit, but that sellers may be held vicariously liable for the conduct of third-party telemarketers in some circumstances. Specifically, the FCC concluded that, at a minimum, federal common law principles of agency law allow a seller to be held vicariously liable under either statutory provision if the telemarketer acts as the seller’s agent or has “apparent authority” to do so, or if the seller ratifies the telemarketer’s conduct.

The FCC provided “illustrative examples” of situations in which sellers might be vicariously liable for telemarketers’ conduct, such as situations in which:

• the seller approves, writes, or reviews telemarketing scripts;
• the seller gives telemarketers access to customer information or the seller’s internal systems;
• the seller authorizes telemarketers to use the seller’s trade name, trademark and service mark;
• the seller “knew (or reasonably should have known) that the telemarketer was violating the TCPA on the seller’s behalf and the seller failed to take effective steps within its  power to force the telemarketer to cease that conduct.”

In a partial dissent, Commissioner Ajit Pai argued that the majority incorrectly interpreted the two TCPA provisions at issue to incorporate the same standard of vicarious liability, even though the provisions’ language differs. Pai argued that, given the language of the TCPA’s do-not-call provision, “the Commission should give meaning to [the words] ‘on behalf of’ and impose third-party liability for do-not-call violations whenever a telemarketer initiates a call on a seller’s behalf, even if that telemarketer is not under the seller’s control.”

The majority decision left open the possibility that the FCC could in the future interpret the TCPA to allow “a broader standard of vicarious liability for do-not-call violations,” but said the agency could not establish such a broad standard in a declaratory ruling, given the FCC’s existing precedent.

The FCC also recently released a Small Entity Compliance Guide outlining changes to the TCPA rules that were adopted by the FCC in early 2012 and that began taking effect last fall. Among other changes, the revised rules require all prerecorded telemarketing calls to include an automated, interactive opt-out mechanism throughout the duration of the call, as well as a toll-free telephone number that can be contacted to opt out when a prerecorded telemarketing message is left on voicemail. That rule took effect in January. As of October 16, 2013, prior express written consent will be required to transmit prerecorded or autodialed telemarketing calls to wireless numbers, and the established business relationship exception will no longer apply to prerecorded telemarketing calls to residential lines.

Nike argued that the specifications for its point-of-sale (“POS”) software, as well as store policies and procedures, showed that any request for ZIP codes would have occurred after a credit card transaction was complete; thus, no reasonable consumer would have believed that his or her ZIP code was being requested as a condition ofbeing able to use a credit card.  However, the court noted that the specifications for the POS software suggested that the software would prompt a cashier to request a ZIP code after the “receipt had started printing.”  The court therefore concluded that “under the POS system in place during the relevant time period, it was possible for a cashier to request a customer’s ZIP code prior to giving the customer his or her receipt and merchandise.” 

As businesses explore options for complying with Song-Beverly, they should consider the holding of the Nike case. 

The decision adds to the growing case law around screenscraping, and serves as a timely reminder of the fact that the language of a Web site’s terms of use (TOU) is an important factor in such cases.  In this case, Craigslist faces questions over whether it has standing to sue for copyright infringement because of the drafting of the content license in the Craigslist TOU.  The license grant provision in the Craigslist TOU is arguably ambiguous as to whether it provides for an “exclusive” license from users to Craigslist.  Citing Ninth Circuit case law, the order noted, “[O]nly the owner of an exclusive right under the copyright is entitled to sue for infringement.”  TOUs are often drafted with a non-exclusive license to user created content or with ambiguity as to exclusivity, and thus some Web site owners  may lack sufficient standing to bring copyright infringement claims in relation to some of the content on their sites.  Of course, it may not always be appropriate to request an exclusive license from users, but it is a question that all Web site owners should consider when preparing or maintaining their TOU.

Warren Hospital alleges that two anonymous individuals hacked into its web and email servers and sent inappropriate and defamatory messages to all hospital employees.  The hospital and some employees filed a civil action against the John Doe defendants for defamation and other torts.  To obtain the true identities of the defendants, the plaintiffs subpoenaed four Internet Service Providers. The anonymous defendants moved to quash the subpoena under the First Amendment.

To decide the motion to quash, the state trial court applied a four-part qualified First Amendment analysis, known as the Dendrite test, which considers whether the plaintiffs identified the defendant with sufficient specificity, whether the plaintiffs made a good-faith effort to serve the defendants, whether the suit can withstand a motion to dismiss, and whether the discovery will likely lead to identifiable information that will enable service of process.  Applying these factors, the trial court quashed the subpoenas.

The New Jersey Appellate Division reversed the trial court’s decision, concluding that Dendrite does not apply because this case involves hacking. The appellate court stated that the anonymous defendants’ alleged actions were “no different than if they had broken into the hospital and spray painted their messages on the hospital's walls.”  The court rejected the argument “that those who engage in this type of conduct are entitled to cling to their anonymity through a strict or overly-formulaic application of the Dendrite test.”

This ruling is particularly noteworthy because the New Jersey Appellate Division developed the Dendrite test in a 2001 decision, Dendrite Int'l, Inc. v. Doe No. 3.  Since then, many state and federal courts nationwide have adopted the Dendrite test when considering motions to quash subpoenas for identities of anonymous defendants.

In December 2008, Yahoo! received two grand jury subpoenas from a Georgia state prosecutor, seeking the name, address, and other identifying information associated with a user account.  The subpoenas were signed by a Georgia state court judge and court clerk.  Yahoo! complied with the subpoenas before the production deadline.

The Yahoo! account holder, Fayelynn Sams, filed a putative class action lawsuit.  Sams claimed that the subpoenas failed to comply with Georgia law, and therefore violated the Stored Communications Act.  The federal district court granted Yahoo!’s motion to dismiss, concluding that Yahoo! was statutorily immune from lawsuit.

On appeal, the Ninth Circuit affirmed the district court.  The Stored Communications Act states that “good faith reliance on . . . a grand jury subpoena” is a “complete defense” to a civil action under the SCA.  Writing for a unanimous three-judge panel, Judge Milan D. Smith, Jr. wrote that this defense is available when the defendant complies with a subpoena or other process “that appears valid on its face, in the absence of any indication of irregularity sufficient to put the defendant on notice that the subpoena may be invalid or contrary to applicable law.”  The defense is not available, the court wrote, “if the defendant actually knew that the subpoena (or other process) was invalid under the applicable law.”

Applying this legal standard to Sams’s lawsuit, the Ninth Circuit concluded that Yahoo! is immune because Sams pled no facts to lead to a plausible inference that Yahoo! knew that the subpoenas were invalid.  Moreover, the Court held that the subpoenas were objectively reasonable because “they bore all of the indicia of lawful authority.”

Ensuring that your company has appropriate insurance coverage is a critical step in managing the risk of these kinds of claims.  Join us, along with Marsh Risk Consulting ― a global leader in insurance broking and risk management, for an interactive discussion that will cover the legal and practical issues facing corporate policyholders in connection with employment-related claims and liabilities.  The presentation will be held on Wednesday, April 17, 2013, from 3:00-4:30 pm at Covington & Burling, New York Times Building, 620 Eighth Avenue, New York, New York, 10018-1405.  A cocktail reception will follow the presentation.  There is no charge, but please RSVP to 202-662-6440 or RSVP9@cov.com by April 12th if you wish to attend.

Thomas M. Cooley Law School sued several defendants for allegedly defaming the school online and issued subpoenas for their identities.  Defendant John Doe 1, who operated a website about the law school, sought a protective order and moved to quash the subpoena to his Internet service provider.   The trial court applied a First Amendment balancing test, first articulated by state appellate courts in New Jersey and Delaware, that considers factors including (1) whether the defendant is a person or entity who could be sued, (2) whether the plaintiff made a good-faith effort to serve the defendant with process, (3), whether the lawsuit could withstand a motion to dismiss, and (4) whether there is a reasonable likelihood that discovery would uncover information that would allow service of process.   Under this analysis, the state trial court denied the motion to quash and denied the protective order.

Although the ruling is a short-term victory for the defendant, it may be a setback for advocates of anonymous online speech because the court held that the more robust First Amendment balancing test does not apply. 

In a partial concurrence and partial dissent, Judge Jane M. Beckering argued that the Michigan discovery rules do not provide sufficient protection.  For instance, she noted, the First Amendment tests require that subpoena targets receive notice.  “Because an anonymous defendant cannot undertake any efforts to protect against disclosure of his or her identity until the defendant learns about the lawsuit -- which may well be too late given that discovery is available to a plaintiff as soon as the action is commenced -- we, like numerous appeal courts in other jurisdictions, must adopt a formal procedure that balances the rights of plaintiffs and defendants,” Judge Beckering wrote. 

Rule 23(b)(3) requires a court to find that “the questions of law or fact common to class members predominate over any questions affecting only individual members.”  Here, the Court found instead that “[q]uestions of individual damage calculations will inevitably overwhelm questions common to the class.”  This was because the model used by the respondents’ expert assumed the validity of all four theories of antitrust liability initially advanced by respondents, even though one theory—“overbuilder deterrence” —was the sole theory of antitrust impact that still survived in the case.  As such, the Court found the model “cannot possibly establish that damages are susceptible of measurement across the entire class for purposes of Rule 23(b)(3).”    

The Court also took issue with the lower courts’ determinations that respondents need not tie each theory of antitrust impact to a calculation of damages because this exercise would involve a consideration of the “merits” having “no place in the class certification inquiry.”  This reasoning, the Court found, contradicted precedent such Wal-Mart v. Dukes, “requiring a determination that Rule 23 is satisfied, even when that requires inquiry into the merits of the claim.”

The Comcast ruling could heighten the threshold for class certification under Rule 23(b)(3) by requiring a more rigorous damages inquiry--and so may have a meaningful impact on how privacy class actions proceed to certification. That said, the four dissenting Justices sought to cabin the significance of the decision, writing that “[t]he Court’s ruling is good for this day and case only.” The view of these dissenting Justices was that the writ of certiorari should have been dismissed as improvidently granted because the question presented had been reformulated by the Court in a misguided manner—from whether a district court may certify a class action without resolving “merits arguments” that bear on Rule 23’s prerequisites for certification, to whether a district court may certify a class action without resolving whether the plaintiff class has introduced admissible evidence, such that the Court had abandoned the question it instructed the parties to brief.

In its recent ruling, the SJC held that (1) a ZIP code is “personal identification information” within the meaning of the Massachusetts credit card privacy law; (2) a plaintiff may bring a lawsuit for a violation without showing identity fraud; and (3) “credit card transaction forms” could be construed to mean an in-store electronic form (e.g., a keypress form at the register).   The plaintiffs who have sued Bed Bath & Beyond claim that the housewares chain violates state law by collecting zip codes when customers make purchases by credit card at retail stores.   Both plaintiffs, one of whom was the named plaintiff in the case against Michaels Stores, filed in federal court in Massachusetts. 

Section 105(a) provides that “[n]o business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form.”  “Personal identification information,” in turn, “shall include, but shall not be limited to, a credit card holder’s address or telephone number.”  Violations of Section 105(a) are treated as “unfair and deceptive trade practices” under Mass. Gen. Laws. ch. 93A, §§ 2, 9, which provides “injured” persons a private right of action against any entity that commits an unfair or deceptive trade practice.

The plaintiff in Tyler alleged that Michaels Stores violated §105(a) by requesting her ZIP code during a credit card transaction at one Michaels Stores retail location.  The district court agreed that the plaintiff had sufficiently pled a violation of that statute, but nonetheless dismissed the complaint because she had failed to allege a cognizable injury stemming from the violation, which is required to bring an action under Massachusetts’s unfair and deceptive trade practices statute.  The court explained that the purpose of §105(a) was to prevent identify fraud, and suggested a plaintiff would need to allege that fraud had occurred because of the alleged violation of §105(a).   

Much of the trade press discussing the SJC’s decision has focused on the rather unremarkable holding that ZIP codes are “personal identification information.”  The statutory definition of PII is very broad, and the district court already had concluded it was broad enough to cover ZIP codes.  (The California Supreme Court reached this same conclusion interpreting a very similar statute in Pineda v. Williams-Sonoma, decided in late 2011.)  The SJC also agreed with the district court that “credit card transaction forms” could be construed to mean an in-store electronic form (e.g., a keypress form at the register), which apparently is what Michaels Stores used to record the plaintiff’s ZIP code in this case.

More notable is the point on which the SJC disagreed with the district court.  While the district court held that a plaintiff would have to demonstrate a tangible economic injury in order to maintain a suit for violation of §105, the SJC took a broader view: 

When a merchant acquires personal identification information in violation of § 105 (a ) and uses the information for its own business purposes, whether by sending the customer unwanted marketing materials or by selling the information for a profit, the merchant has caused the consumer an injury that is distinct from the statutory violation itself and cognizable under G.L. c. 93A, § 9.

The case now returns to the district court for further proceedings. 

The opinion stressed that stipulations must be binding, and the kind of stipulation that Knowles brought to keep his suit out of federal court could not be enforced against class members.  “Here, the precertification stipulation can tie Knowles’ hands because stipulations are binding on the party who makes them,” Justice Stephen Breyer wrote. “However, the stipulation does not speak for those Knowles purports to represent, for a plaintiff who files a proposed class action cannot legally bind members of the proposed class before the class is certified.”

The Court said such non-binding stipulations potentially could allow plaintiffs to subdivide a $100 million case into 21 cases just below $5 million in order to stay in state court. “Such an outcome would squarely conflict” with the class-action law’s intention that major cases go to federal court, the opinion said.

These respondents argued first that, because their work requires them to engage in sensitive and/or privileged communications with individuals located abroad who are likely targets of surveillance, there was an objectively reasonable likelihood that their communications would be acquired under section 1881a at some point in the future, thus causing them injury.  (Section 1881a, which was added by the FISA Amendments Act of 2008, authorizes, under certain circumstances, the government surveillance of individuals who are not “United States persons” and are reasonably believed to be located outside the United States).  Second, the respondents maintained that the risk of surveillance under section 1881a is so substantial that they had been forced to take costly and burdensome measures to protect the confidentiality of their communications that constitute present injury and are fairly traceable to section 1881a. 

The Supreme Court rejected each of these arguments holding (1) that respondents’ “highly attenuated chain of possibilities” and theory of future injury was too speculative to satisfy the well-established Article III standing requirement that threatened injury be “certainly impending” and, moreover, that they could not establish that the injury was fairly traceable to section 1881a; and (2) that the respondents “cannot manufacture standing by choosing to make expenditures based on hypothetical future harm that is not certainly impending.”

Beyond the immediate implications as to the ability to challenge the U.S. government’s international surveillance powers, this ruling may impact plaintiffs’ ability to establish standing in privacy and data breach litigation that is predicated on theoretical future harms and the measures consumers take to prevent those harms from occurring.   For example, the Supreme Court’s ruling may undermine decisions such as the Ninth Circuit’s holding in Starbucks, which found standing following a data breach based on an increased risk of identity theft.  As we have written about here and here, courts typically have been reluctant to find standing based on speculative injuries in privacy litigation relating to data use and disclosure practices outside of the data breach context.

In a lengthy opinion that considered the statutory text and legislative history, the Court overturned a lower court’s finding that Song-Beverly prohibited Apple from collecting personal identification information (“PII”) in connection with an online transaction.  Song-Beverly generally prohibits retailers from requesting or requiring as a condition to accepting credit card payment, that the cardholder be required to provide PII upon a credit card transaction form or otherwise.  In Pineda v. Williams Sonoma Stores—decided in early 2011—the California Supreme Court held that ZIP codes were PII, and that the defendant had violated Song-Beverly by requesting the plaintiff's ZIP code during a credit card transaction that took place in a traditional brick-and-mortar retail store, a decision that spurred a wave of Song-Beverly litigation in California.

In Krescent, the California Supreme Court determined that Song-Beverly was enacted by the California legislature with the intent of safeguarding consumer privacy while also protecting consumers and retailers from undue risk of fraud.  It then reasoned that online purchases are different from brick-and-mortar purchases: 

The safeguards against fraud that are provided in section 1747.08(d) are not available to the online retailer selling an electronically downloadable product.  Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card, or the customer‘s photo identification.  Thus, … the key antifraud mechanism in the statutory scheme . . . has no practical application to online transactions involving electronically downloadable products.”

The Court went out of its way to note that the decision does not address whether Song-Beverly applies to online transactions that do not involve electronically downloadable products or to any other transactions that do not involve in-person, face-to-face interaction between the customer and retailer.  Most lower courts to consider the issue, including Saulic v. Symantec Corp, have held that Song-Beverly does not apply to other types of online transactions.

The problems that come with attempting to apply outdated legislation to today’s online environment have been the subject of recent congressional attention, as we have seen in connection with recent amendments to the Video Privacy Protection Act, described here, and a continued focus on the need for ECPA reform, summarized here. 

In its motion to dismiss, Humana argued that CIPA exempts “service observing,” or a business’s recording of calls between its employees and customers for quality assurance purposes.  Judge Josephine Staton Tucker rejected Humana’s interpretation of the statute and further found that plaintiff’s complaint did not allege that Humana recorded the call for service observing purposes, refusing to read such purpose into the allegations.

The court also rejected Humana’s contention that plaintiff’s complaint failed to allege that the company did not provide proper notice to him at the outset that the call was being recorded. The court held that plaintiff’s allegation that he was not warned “at any point during the telephone conversation” was sufficient at the pleadings stage, but acknowledged that the issue could be raised again in a motion for summary judgment. 

Finally, the order rejected Humana’s argument that the call between plaintiff and the customer service representative was not confidential (an argument discussed in previous blog posts), finding that plaintiff had sufficiently alleged a reasonable expectation that his communication with Humana—which was to discuss a sensitive medical condition—would be confidential.

John Faulkner brought his putative class action in California state court in February 2011, alleging that ADT recorded his phone conversation with a company representative without his consent in violation of CIPA, Cal. Penal Code § 632. The plaintiff specifically alleges that he called ADT in March 2010 to dispute a charge the company assessed, and that, when he was transferred to the company’s technical line, he heard periodic beeping sounds during his conversation. When he inquired about the sounds, he was told that the conversation was being recorded, according to his complaint.

A judge in the Northern District of California dismissed the case in May 2011, holding that Faulkner’s conversation was not “confidential” because he had no objectively reasonable expectation that the call would not be overheard or recorded, and that he had failed to allege circumstances that would support an expectation of privacy in his call. 

The California Supreme Court has held that a conversation is “confidential” within the meaning of § 632 “if a party to that conversation has an objectively reasonable expectation that the conversation is not being overheard or recorded.”

The Ninth Circuit wrote Thursday that to survive ADT’s motion to dismiss, Faulkner would have to allege facts that would lead to the “plausible inference” that his communication was confidential. Faulkner’s present allegation that his conversation was “confidential” because it was carried on “in circumstances as may reasonably indicate that any party to the communication desires it to be confined thereto” is nothing more than a “bald legal” conclusion that could not defeat a motion to dismiss, the Ninth Circuit held.

Senior Judge Robert D. Sack of the Second Circuit, sitting by designation, authored the opinion.

The Tenth Circuit affirmed these holdings last week.  Although the trade press and bloggers have focused on the court’s holding that there is no civil liability for aiding and abetting under the Wiretap Act, this aspect of the decision is less remarkable, as a number of courts, including at the circuit level, have held this in the past. 

Perhaps more interesting is the Tenth Circuit’s discussion of the “ordinary course of business” (or “business use”) exclusion in the statute.  The court explained that the exclusion permits ISPs to access data travelling over their networks in the ordinary course of business; thus, to the extent Embarq had access to the data that NebuAd intercepted, that access was permitted.   While the lower court seemed to suggest that if Embarq had “acquired” (rather than merely “accessed”) such data it might have violated the Wiretap Act, the Tenth Circuit explained that even if the data had been “acquired” by the ISP, there still would not have been an actionable “interception.”   In fact, the court seemed to suggest that, as long as Embarq did not gain “access to . . . more of its users’ electronic communications than it had in the ordinary course of its business as an ISP,” its activities were protected by the business use exception. 

Only a week earlier, a district court reached a very similar decision Valentine v. WideOpen West Finance, LLC, which also concerns an ISP's alleged partnership with NebuAd.  Judge Edmond E. Chang of the Northern District of Illinois dismissed plaintiffs’ claim that the WOW violated the Wiretap Act by intercepting their communications.  (Judge Chang noted that the parties did not brief the issues of whether WOW is liable for using or disclosing intercepted communications, which is independently actionable conduct under the Wiretap Act.)  Like the Tenth Circuit in Embarq, Judge Chang held that WOW could not be liable for aiding and abetting NebuAd’s interception of the plaintiffs’ communications. 

Plaintiffs Laura McCabe and Latroya Simpson brought a putative class action lawsuit against InterContinental Hotels, alleging that the company recorded or monitored telephone calls made to its reservations number without notifying callers. The plaintiffs claim that InterContinental violated the California Invasion of Privacy Act ("CIPA"), which prohibits intentional interception and recording of telephone communications without consent from all parties.

InterContinental moved to dismiss the complaint, asserting that the federal Communications Act preempts CIPA by “occupying the field” of telecommunications regulation and leaving no room for states to regulate telephone recording.  In an opinion on Tuesday, Magistrate Judge Nathanael M. Cousins, of the U.S. District Court for the Northern District of California, rejected that argument, concluding that federal law does not preclude states from regulating interstate communications. 

InterContinental also argued that the California law conflicts with the federal Wiretap Act that requires only one party to provide consent for call monitoring.  Judge Cousins disagreed, holding that the laws do not conflict merely because CIPA is more stringent. 

The decision is the latest in a series of conflicting decisions on Wiretap Act preemption.  We discuss the others here.

A federal jury convicted former Virginia state legislator Phillip A. Hamilton of federal program bribery and extortion under color of right.  During trial, the court admitted email messages that Hamilton sent to his wife from his work account.  On appeal, Hamilton contended that admission of those messages violated the marital communications privilege, which covers private spousal communication that was intended to remain confidential. 

In an opinion last week, the Fourth Circuit disagreed, concluding that Hamilton had no reason to expect that his work emails were confidential.  The Court analogized Hamilton’s claim to a 1934 case in which the Supreme Court held that a defendant could not claim the marital privilege for communication that he shared with a stenographer.  “Email has become the modern stenographer,” the Fourth Circuit wrote.

Under the Fourth Circuit’s reasoning, a defendant still may claim the marital communications privilege for work emails if the defendant had an objectively reasonable belief in the privacy of those emails.  For instance, if the employer’s computer use policy guarantees email privacy, the defendant may argue that he reasonably believed the email was confidential.

Generally speaking, to be liable under the SCA, a defendant must have gained unauthorized access to a facility through which an electronic communication service is provided (or exceeded authorized access) and must thereby have accessed electronic communications while held in electronic storage.

In interpreting the meaning under the SCA of the phrase “facility through which an electronic communication service is provided,” the Fifth Circuit observed that past cases holding that the SCA covered the seizure of a computer used to operate an electronic bulletin board system or applying the SCA to internet service providers were “not helpful” to plaintiff establishing that an individual’s computer, laptop, or mobile device fits the statutory definition.  Rather, the court looked to the Eleventh Circuit’s decision in United States v. Steiger, which held that a hacker’s access of an individual’s computer hard drive was beyond the reach of the SCA.  The Garcia court also agreed with the conclusions of a number of district courts (including Judge Lucy Koh’s decision in in re iPhone Application Litigation, which we wrote about here), that the relevant "facilit[ies'" that the SCA is designed to protect are not computers that enable the use of an electronic communication service, but instead are facilities that are operated by electronic communication service providers and used to store and maintain electronic communications.

The Garcia court further held that even if plaintiff’s cell phone somehow were considered to be a “facility” under the statute, her text messages and photos still would not fall under the SCA’s precise definition of “electronic storage,” a term which, the Fifth Circuit explained "emcompasses only the information that has been stored by an electronic communication service provider." 

In 2010, a Pennsylvania state police officer began investigating distribution of child pornography over a peer-to-peer file-sharing network.  The officer traced the IP address of one distributor to a home in Allegheny County.  The officer obtained a warrant and searched the residence, but he did not find any evidence of child pornography.  Because the home’s Wi-Fi connection was unsecured, the officer suspected that the child pornography distributor was using the home’s Wi-Fi connection for its activities and thus was located nearby.  The resident agreed to cooperate with police to identify the person who was accessing and using his Internet connection.

Stanley moved to suppress the evidence collected in the search of his home, arguing that use of the Moocherhunter software violated his Fourth Amendment rights.  On November 14, Judge Joy Flowers Conti of the United States District Court for the Western District of Pennsylvania denied the motion to suppress.  Judge Conti concluded that because the Wi-Fi signal Stanley was using belonged -- and was accessible -- to Stanley’s neighbor, Stanley “did not have a legitimate expectation of privacy in the wireless signal.”  In other words, Stanley had no reason to expect that the information he was transmitting over that Wi-Fi network would remain private.

In Kyllo v. United States, the Supreme Court held that the government’s use of a thermal imaging device to monitor a person’s home was a Fourth Amendment search because the device was “not in general public use.”  Stanley asserted that Moocherhunter also is not in general public use.  But Judge Conti disagreed, concluding that Kyllo does not apply because Stanley voluntarily transmitted his Wi-Fi signal to his neighbor’s router.