Imagine if the RIAA could ban critics from visiting its public website just by posting a warning linked from a webpage -- "No RIAA critics are allowed to read this website!" Suppose that it actually had the power to back up the ban with federal lawsuits, criminal penalties, and even prison time.
That's the world that a lawsuit against DirecTV threatened before a federal district court correctly dismissed the suit. But there was one problem: in dismissing the lawsuit, the court redefined a term in federal privacy law in such a way that it threatens the legitimate privacy of websites that aren't supposed to be accessed by the general public -- e.g., sites protected by password.
(Read more after the jump.)
Courts are often called upon to define terms used in statutes, in order to determine whether a particular statute was violated given a particular set of facts. But these terms, once defined, affect not just the particular statute at issue, but also every other code section that uses the term. So when a court defines a term, the effect can ripple throughout the law, unleashing the possibility of unintended side effects.
This is especially critical in the wonderful world of online privacy. The main federal law protecting your privacy online is the Electronic Communications Privacy Act (ECPA). This is the law that keeps your email service provider from disclosing the contents of your email, prevents wiretaps, sets the standards that regulate when and how the government can access your private communications, and protects private websites from unauthorized access. ECPA has a host of specially defined terms, the scope of which determine what does and does not get protected.
In Snow v. DirecTV, a federal district court examined the meaning of "electronic storage," a term that pops up throughout ECPA. The merits underlying the case were clear -- Snow was trying to hold someone liable for accessing his publicly available website criticizing DirecTV, based on the fact that he published a warning stating that DirecTV representatives were not authorized to enter. To hold surfing a public website illegal would swamp the Internet in a flood of litigation, and no court would be interested in such a result. (And as the RIAA example shows, no one would want to live in that world.)
Specifically, Snow alleged that when DirecTV representatives surfed his website, they violated Section 2701 of the Stored Communications Act (SCA), a part of the larger ECPA. Section 2701 forbids anyone from gaining unauthorized access to an "electronic communication while it is in electronic storage." If you're a court, you can't just say "this is silly" -- you have to show that the statute does not apply.
DirecTV had admittedly "accessed" the site, and the messages on Snow's site were clearly "electronic communications," so the court thought it had to redefine "electronic storage" in order to rule that Snow had no case. Some legal gymnastics, a double-speak linguistic judo-twist, and a bit of legislative history-fu later, Snow's site was not in "electronic storage," Section 2701 did not apply, and DirecTV won the case.
And so the rock was dropped, and the ripple began. If websites were not in electronic storage, then all sorts of other provisions in ECPA might stop protecting the privacy of websites. By trying to stop a bad result (saying that surfing a public website could be illegal), the court unintentionally created a different bad result (private websites would not be protected by ECPA).
The true tragedy is that there was no need to redefine "electronic storage." Congress had already addressed this problem, forbidding any cause of action under SCA for accessing material that is "readily accessible to the general public." However, Congress, in its wisdom, placed that provision in a different chapter ? in Chapter 119, in the middle of Section 2511, subpart 2, subdivision g. The SCA is just down the road at Chapter 121, and some important ECPA terms are defined next door in Section 2510. Both the court and the parties in Snow v. DirecTV simply missed it.
This is hardly surprising, since ECPA is one of the most complex, convoluted statutes ever to emerge from the sausage factory on Capitol Hill, and very few people understand its ins and outs. Luckily, some do. We knew instantly that the court had erred, and erred dangerously.
So when Snow appealed to the Eleventh Circuit Court of Appeals, we had to weigh in, supporting DirecTV. Of course, we oppose DirecTV for its misguided legal campaign against "smart cards," and we even co-sponsor a website, Directvdefense.org, designed to help those who have been sued by DirecTV. No matter -- bad law is bad law, and in this case, essential protections for Internet privacy are at stake.