11th Circuit Holds that Stored Communications Act Does Not Apply to Password Protected Discussion Web Site

June 1, 2006. The U.S. Court of Appeals (11thCir) issued its opinion [17 pages in PDF] in Snow v. Directv, a civil case alleging violation of the Stored Communications Act (SCA), at 18 U.S.C. 2701, and password protected online discussion groups. The Court of Appeals affirmed the judgment of the District Court, which dismissed the complaint for failure to state a claim.

The Court of Appeals largely ignored the phrases "intentionally accesses without authorization" and "intentionally exceeds an authorization" in Section 2701, and focused on the phrase "readily accessible to the general public" in 18 U.S.C. 2511. This opinion is barely distinguishable from that of the 9th Circuit in Konop v. Hawaiin Airlines, which held that accessing a password protected web based discussion group does violate Section 2701.

The plaintiff, Michael Snow operated a web site, with an electronic bulletin board. The web site stated that it was for use by "individuals who have been, are being, or will be sued by any Corporate entity." Access to the bulletin board required entry of a password. Passwords were obtained by registering online. This required agreement to certain terms, including that the user was not "DIRECTV or its agents".

In the present case Directv is alleged to have accessed the web site without authorization. If it did so, it would have been as part of its effort to stop the theft of its encrypted satellite transmissions.

Snow filed a complaint in U.S. District Court (MDFl) against Directv, and two of its law firms, alleging that they accessed the bulletin board in violation of the SCA, at 18 U.S.C. 2701.

The District Court dismissed the complaint for failure to state a claim upon which relief can be granted. It reasoned that electronic bulletin boards are not "in electronic storage" within the meaning of the SCA, and therefore not protected by the SCA.

The Court of Appeals affirmed the judgment of the District Court, although with different reasoning.

The SCA was included as Title II of the Electronic Communications Privacy Act of 1986 (ECPA). Title I amended the Wiretap Act to, among other things, add interception of electronic communications.

18 U.S.C. 2701, at subsection (a), provides, in part, that

However, the Court of Appeals devoted little analysis to this prohibition. Rather, it focused on 18 U.S.C. 2511. Subsection (2)(g) provides in part that

The Court of Appeals reasoned that any member of the general public could register to access the web site. Hence, it was "readily accessible to the general public", notwithstanding the fact that some members of the public could only obtain access to web site by engaging in fraud and dishonesty. The unstated implication of the Court of Appeals' reasoning is that one has ready access to anything that one can obtain through fraud and dishonesty.

The Court of Appeals suggested that a contrary conclusion might cause the "floodgates of litigation" to open.

It is difficult to reconcile the holding in this case with the opinion of the U.S. Court of Appeals (9thCir) in Konop v. Hawaiian Airlines, another case involving application of the SCA to password protected discussion web sites. The Court of Appeals issued two opinions in that case. See, August 23, 2002, opinion [39 pages in PDF], and January 8, 2001, opinion [PDF].

See also, story titled "9th Circuit Rules on Application of Wiretap Act and Stored Communications Act to Secure Web Sites" in TLJ Daily E-Mail Alert No. 498, August 26, 2002.

That case is Robert Konop v. Hawaiian Airlines, Inc., U.S. Court of Appeals for the 9th Circuit, App. Ct. No. 99-55106, an appeal from the U.S. District Court for the District of Hawaii, Judge Spencer Letts presiding, D.C. No. CV-96-04898-SJL (JGx)."

In both cases the communications were stored in web based discussion fora. In both cases the web sites required registration, a password, and agreeing to certain terms. In both cases the terms provided that certain classes of persons were not eligible to access the fora. In both cases the defendants were alleged to have accessed the stored communications in violation of those terms. Yet, the 9th Circuit held that the defendants violated the SCA, while the 11th Circuit held that the defendants' alleged actions could not constitute a violation of the SCA.

The 11th Circuit attempted to distinguish the two cases. It identified a single difference in the registration process. The registration process in Konop required the entry of an "eligible employee's name".

The 11th Circuit concluded that the web site in Konop, but not in the present case, was configured "so as to limit ready access by the general public".

In Konop, the web site was set up for discussion by members of a labor union. Unauthorized representatives of of their employer accessed the web site. They would have had no difficult obtaining the names of the union members. However, the facts of the case were that the company representatives obtained passwords from two union members.

The present case is Michael Snow v. Directv, Inc., et al., U.S. Court of Appeals for the 11th Circuit, App. Ct. No. 05-13687, an appeal from the U.S. District Court for the Middle District of Florida, D.C. No. 04-00515-CV-FTM-33-SPC. Judge Wilson wrote the opinion of the Court of Appeals, in which Judges Carnes and Pryor joined.