Back More
Salem Press

Table of Contents

Privacy Rights in the Digital Age

Stored Communications Act (SCA)

by Lissa N. Snyders

Title II of the Electronic Communications Privacy Act (ECPA), 100 Stat. 1848 (1986). The Stored Communications Act became effective on October 21, 1986. The SCA provisions are codified at 18 U.S.C. Chapter 121 §§ 2701–2712.

The Fourth Amendment to the U.S. Constitution prohibits unreasonable search and seizure of physical property, but the courts have not always agreed on how best to apply these principles to modern information and communication technology. The ECPA extended privacy protections to cell phones and emerging electronic communications of that time, such as email.

The SCA provides privacy protections specifically to stored electronic and wire communications. It prevents service providers from voluntarily disclosing customer communications and requires legal authorization to release communications to the government. The statute does not specify how long an item must be held before it is considered to be in storage. Therefore, the SCA theoretically covers communications stored at any time in the past, from one second to several years ago.

The law applies only to providers of electronic communication service (ECS) and remote computing service (RCS) to the public. An ECS is defined as “any service which provides … the ability to send or receive wire or electronic communications” (18 U.S.C. 2510). An RCS provides the public with “computer storage or processing services” (18 U.S.C. 2711). Private providers of these services, such as workplace email providers, are not covered under SCA and can voluntarily disclose communications without restriction.

ECS and RCS providers may not share the contents of customer communications except in the following circumstances:

  • with the intended recipient of the communication;

  • when authorized by the necessary court order, subpoena, or search warrant;

  • with the permission of the sender or intended recipient of the communication;

  • to another provider in order to deliver the communication to its intended recipient;

  • as needed to provide the service or protect the rights of the service provider;

  • to the National Center for Missing and Exploited Children in cases of kidnapping;

  • to law enforcement if the communication was accidentally obtained by the provider and appears to relate to a crime; and

  • to a government entity in cases of “emergency involving danger of death or serious physical injury to any person” (18 U.S.C. 2702).

To obtain the contents of communications, the government must obtain a court order, subpoena, or search warrant depending on the type of provider, the age of the communication, and whether notice is given to the customer. These requirements are outlined in the following table:

Type of Provider Age of Communication Notification Needed to Access ECS 180 days or less Not applicable Warrant ECS More than 180 days No Warrant ECS More than 180 days Yes Administrative subpoena or court order RCS Any No Warrant RCS Any Yes Administrative subpoena or court order

In cases in which customer notice is required, the government may delay notification if notification could adversely affect the ongoing investigation or put someone in danger (18 U.S.C. 2705). In certain counterintelligence cases, the service provider may be prohibited from disclosing that customer records were requested or obtained (18 U.S.C. 2709). This is commonly known as a gag order.

Information that an ECS or RCS keeps about its customers does not receive as much protection as the content of customer communications. The government can use an administrative subpoena to obtain a customer's name, address, telephone records (including the recipient, date, time, and length of calls), ID numbers, and payment information. Additional customer information may be obtained with the permission of the customer, a court order based on reasonable grounds that the information is relevant to an ongoing criminal investigation, or a warrant. The government is not required to notify the customer that this information has been requested (18 U.S.C. 2703). Noncontent information about customers may be released voluntarily to nongovernment entities such as marketing firms.

The SCA also protects videotape rental and sales records. Customer records of videotape rental and sales may be shared with law enforcement only if a warrant, grand jury subpoena, or court order based on probable cause is issued. The subject area of the video rental or sales may be provided to marketing agencies as long as specific titles are not disclosed (18 U.S.C. 2710). More robust protections for video rental records are found in the Video Privacy Protection Act of 1988, 102 Stat. 3195, codified as, 18 U.S.C. § 2710.

In 2010, the Sixth Circuit Court ruled in United States v. Warshak, 631 F.3d 266 (2010), that emails stored on third-party servers are protected under the Fourth Amendment, regardless of their age, and may be obtained only with a warrant. This ruling applies only to investigations conducted in the Sixth Circuit. In Riley v. California, 134 S.Ct. 2473 (2014), the U.S. Supreme Court held that a warrant was needed to search the digital information stored on a cell phone.

Although the SCA was written to balance the right for privacy with the needs of law enforcement, privacy advocates argue that the major changes in technology since 1986 have left technology users vulnerable and have given too much power to law enforcement. At the time the ECPA was enacted, commercial email for the public did not exist. Email users downloaded messages from a third-party server and saved them on their own computers. The messages were then deleted from the remote server (ECPA [Part I] 2013). Communications left on the remote server for more than 180 days were considered abandoned (S. Rep 113–34 2013).

The third-party doctrine, affirmed by the Supreme Court in Katz v. United States, 389 U.S. 347 (1967), holds that a person who voluntarily provides information to a third party (such as an email or Internet service provider or a phone company) does not have an expectation of privacy for that information. Current electronic communication technology encourages long-term storage of all messages on a third-party server. Therefore, modern technology practices have fewer privacy protections for contemporary electronic communications than when the SCA was enacted.

Legislators and privacy advocates pushing for reform of the SCA and its parent law, the ECPA, believe updated language would reduce confusion for the courts and law enforcement and would better protect the privacy of users of modern communication technologies. Among the proposed changes are elimination of the distinction between ECS and RCS providers because current technology blurs the boundaries between these types of providers. Many, including the Department of Justice, also believe the 180-day rule and provisions for opened versus unopened email are no longer meaningful.

Further Reading

1 

Burshnic, Rudolph J. “Applying the Stored Communications Act to the Civil Discovery of Social Networking Sites.” Washington and Lee Law Review 69 (2012): 1259–1293.

2 

Fox, Christopher. “Checking In: Historic Cell-Site Location Information and the Stored Communications Act.” Seton Hall Law Review 42 (2012): 769–792.

3 

Horton, David. “The Stored Communications Act and Digital Assets.” Vanderbilt Law Review 72, no. 6 (2014): 1729–1739.

4 

Kerr, Orin S. “A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It.” George Washington Law Review 72, no. 6 (August 2004): 1208–1243.

5 

Medina, Melissa. “The Stored Communications Act: An Old Statute for Modern Times.” American University Law Review 63, no. 1 (2013): 267–305.

6 

Robison, William Jeremy. “Free at What Cost?: Cloud Computing Privacy under the Stored Communications Act.” Georgetown Law Journal 98 (2010): 1195–1239.

See also: Big Data; Electronic Communications Privacy Act (ECPA); Email; Fourth Amendment to the U.S. Constitution; Katz v. United States; Riley v. California; Video Privacy Protection Act

Citation Types

Type
Format
MLA 9th
Snyders, Lissa N. "Stored Communications Act (SCA)." Privacy Rights in the Digital Age, edited by Christopher T. Anglim & JD, Salem Press, 2016. Salem Online, online.salempress.com/articleDetails.do?articleName=PRDA_0206.
APA 7th
Snyders, L. N. (2016). Stored Communications Act (SCA). In C. Anglim & JD (Ed.), Privacy Rights in the Digital Age. Salem Press. online.salempress.com.
CMOS 17th
Snyders, Lissa N. "Stored Communications Act (SCA)." Edited by Christopher T. Anglim & JD. Privacy Rights in the Digital Age. Hackensack: Salem Press, 2016. Accessed September 17, 2025. online.salempress.com.