Court Case Proves the Electronic Communications Privacy Act Protects More than U.S. Citizens

When Suzlon Energy Ltd. tried to get Microsoft to release e-mails from the Hotmail account of an Indian prisoner outside of the United States, both companies tested the boundaries of the Electronic Communications Privacy Act of 1986. The act prohibits interception of private communications of American citizens, but Suzlon argued that the prisoner in question wasn’t an American citizen. The courts ruled that the prisoner fell under the same protections as American computer users, allowing Microsoft to seal up the user’s Hotmail account and resume business as usual.

The case in question is being fought in Australian court between Suzlon Energy, an energy company, and a former employee accused of defrauding Suzlon in a shipping scam. Suzlon’s attorneys requested the e-mails as part of its case, claiming the employee wasn’t protected by the American act. However, Microsoft argued that since the e-mails are stolen on an American server by an American company, they fall under that country’s privacy protection laws.

The courts agreed. The U.S. District Court for the Western District of Washington, as well as the Ninth Circuit, ruled in favor of protecting the e-mails. The case is being watched closely in the industry, with Cloud Computing creating questions as to just what is protected content and what isn’t. At one time, courts were arguing that e-mail was not protected under the ECPA while in temporary storage awaiting transit. Since e-mail sometimes passes through several intermediary servers before landing at its final destination, this would have taken away an element of protection. In 2005, the Circuit of Appeals overturned the original decision that they were not protected, causing security experts to breathe a sigh of relief.

While the ECPA protects third-party services from being forced to cough up member e-mails, courts can still subpoena individuals for copies of their own e-mails. And it should be stressed that an employee’s work e-mails are not protected, as your work e-mail is generally seen as belonging to the company, not the individual employee. E-discovery software is able to uncover e-mails even after deletion.

One issue where consumer protections are still unclear, however, is Cloud Computing. Since “the cloud” is generally a server, such as Hotmail, where a user’s files are stored and accessed directly, protections of the law are still unclear, complainants say. The ECPA always differentiated between data stored on a user’s computer and transmitted data, such as e-mail, but with so many things being transmitted back and forth now, experts feel the act needs to be updated.

Mobile technology, location-based services, and many other new issues that have come to light in the past few years have prompted many in the industry to cry out for an update to the law. But privacy refers to more than just the courts’ rights to subpoena e-mails or files. Consumers want to know their data is safe from any private eyes, as well as from resale. But the Suzlon Energy Ltd. v. Microsoft Corporation case provides consumers and businesses with the knowledge that courts stand behind protecting any data stored on an American server, no matter where the user resides.

Contact:
John Alston
1911 Westlake Ave
Seattle, WA 98101
3478577162