Overview
Section 2701 of the SCA provides criminal penalties for anyone who "intentionally accesses without authorization a facility through which an electronic communication service is provided or… intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorize access to a wire or electronic communication while it is in electronic storage in such system."
The SCA targets two types of online service, "electronic communication services" and "remote computing services." The statute defines an electronic communication service as "…any service which provides to users thereof the ability to send or receive wire or electronic communications." A remote computing service is defined as "the provision to the public of computer storage or processing services by means of an electronic communications system." Section 2703 of the SCA describes the conditions under which the government is able to compel an ISP to disclose "customer or subscriber" content and non-content information for each of these types of service:
• Electronic communication service. If an unopened email has been in storage for 180 days or less, the government must obtain a search warrant. There has been debate over the status of opened emails in storage for 180 days or less, which may fall in this category or the "remote computing service" category.
• Remote computing service. If a communication has been in storage for more than 180 days or is held "solely for the purpose of providing storage or computer processing services" the government can use a search warrant, or, alternatively, a subpoena or a "specific and articulable facts" court order (called a 2703(d) order) combined with prior notice to compel disclosure. Prior notice can be delayed for up to 90 days if it would jeopardize an investigation. Historically, opened or downloaded email held for 180 days or less has fallen in this category, on the grounds that it is held "solely for the purpose of storage."
§ 2702 of the SCA describes conditions under which a public ISP can voluntarily disclose customer communications or records. In general, ISPs are forbidden to "divulge to any person or entity the contents of any communication which is carried or maintained on that service." However, ISPs are allowed to share "non-content" information, such as log data and the name and email address of the recipient, with anyone other than a governmental entity. In addition, ISPs that do not offer services to the public, such as businesses and universities, can freely disclose content and non-content information. An ISP can disclose the contents of a subscriber's communications authorized by that subscriber.
Read more about this topic: Stored Communications Act