The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

An Important Wiretap Act Case Pending in the New Jersey Supreme Court

The law professor hypo come to life.

|

For decades, a major uncertainty about the scope of the Federal Wiretap Act has been how it applies to the repeated but discrete access that can often occur with electronic communications. Telephone wiretapping occurs in real time; the eavesdropper listens in.  But electronic wiretapping can be periodic but discrete. An eavesdropper can access an account discretely but repeatedly over time. The question is, does the Wiretap Act, with its strong privacy protections, still apply?

Here's how I phrased the question in the LaFave Criminal Procedure treatise, for which I have written the electronic surveillance chapter, Chapter 4:

[A]n acquisition occurs under the Wiretap Act only if the collection of the communication is 'in flight' in real-time, during prospective surveillance of an ongoing communication. Exactly what this means can be tricky in cases involving electronic communications, as electronic communications can be stored or transmitted for extremely short periods of time. The basic question is this: If a tool makes copies of a communication shortly after it arrives at its destination, is that acquisition contemporaneous with transmission or is it only after the transmission has been completed? Put another way, can surveillance circumvent the Wiretap Act by acquiring communications immediately after they have arrived at their destination? If an e-mail account is accessed once an hour, is that an intercept? What about one a minute, once a second, or once a milli-second?

2 Wayne LaFave et al, Crim. Proc. § 4.6(b).

I asked the same question in my computer crime law casebook:

[T]he Wiretap Act regulates prospective surveillance and not retrospective surveillance.

At the same time, the line between prospective surveillance and retrospective surveillance can become fuzzy. Imagine a government agent has access to a suspect's e-mail account, and he can click a button and receive an update with all new incoming or outgoing messages. Is the access prospective or retrospective if the government agent clicks the button every hour? Every minute? Every second?

Orin Kerr, Computer Crime Law 667 (5th ed. 2022).

It turns out this hypothetical has turned into a real case, currently pending in the New Jersey Supreme Court, with oral argument scheduled for March 13.  The question: Can the government avoid the Wiretap Act by getting access to an account every 15 minutes?  New Jersey state prosecutors obtained Communications Data Warrants (CDWs) that required Facebook to hand over the contents of the suspects' accounts every 15 minutes for 30 days.  Facebook objected, saying that the orders violate the Wiretap Act.

The lower court opinion held that Facebook was required to comply with the CDWs because compliance was not an "intercept" under the Wiretap Act:

[T]he CDWs did not grant access to the contents of prospective communications on Anthony's and Maurice's Facebook accounts while they were either "en route," or "within the same second," that they were placed on Facebook's servers. Rather, police would not have access until, at earliest, fifteen minutes after any electronic communication's  transmission. Though the CDWs compelled Facebook to disclose the entire stored contents of each target's Facebook account for thirty prospective days, that did not make the disclosures contemporaneous with transmission. Luis, 833 F.3d at 627. Rather, once the communications would come to "rest" on Facebook's servers, they would be in "electronic storage," and thereby subject not to the wiretap acts, but to the SCA and the provisions of the NJWESCA that mirror that statute. Ibid.

The court then ruled that Fourth Amendment concerns limited this procedure to 10 days:

In formulating an acceptable constitutional solution to the disclosure of that information, we choose to apply a practical approach to the release of prospective electronically stored communications under a CDW. To remain within the parameters of state warrant procedure, the CDWs can be issued, assuming probable cause is once again established, and served on Facebook requiring that any information identified in the warrant and stored by Facebook during the period up to the day it is served with the warrant must be turned over. In addition, incorporating our state warrant procedures under Rule 3:5-5, going forward, if the State serves a CDW on Facebook for the disclosure of prospective electronic communications, no disclosures may be compelled beyond ten days from the issuance of the warrant. And, Facebook can comply with that requirement by producing the stored information on the day of or after the electronic communications have been stored.

Any further attempt to secure information from prospective time periods must be based upon new CDWs issued on new showings of probable cause. We believe that this practical approach, which modifies the trial courts' dispositions, is consistent with the federal and state constitutions and our warrant procedures, comports with the applicable statutes, and fairly balances the interests of the parties before us.

The New Jersey Supreme Court then accepted review.

I think the lower court Wiretap Act's analysis is wrong, and that the Wiretap Act applies to repeated access every 15 minutes.  This is one issue I felt strongly enough about that I included it in the LaFave treatise when I joined it, around 2008 or so.  Here's how I recommend answering this issue in the LaFave treatise, with emphasis added:

The caselaw on the question suggests that copying within a short time of receipt counts as contemporaneous and is therefore regulated by the Wiretap Act. [FN28] This answer is consistent with the Fourth Amendment principles that should guide the answer. The Wiretap Act's heightened protections beyond the ordinary Fourth Amendment warrant were inspired by Berger v. New York. Berger indicated that the Fourth Amendment triggers heightened scrutiny when surveillance is undertaken as "a series or a continuous surveillance" rather than as "one limited intrusion."Under Berger, a statute that regulates "a series or a continuous surveillance" must include special privacy protections or risk facial invalidity under the Fourth Amendment. Given the Wiretap Act's close connection to Berger,31 the meaning of "intercept" should mirror the distinction drawn by the Supreme Court in Berger. Acquisition is an intercept when it is part of "a series or a continuous surveillance," such as ongoing prospective surveillance or its functional equivalent. Exact lines will be difficult to draw, but the essential question should be whether the means of monitoring is the functional equivalent of continuous surveillance or whether it is more like a one-time or otherwise limited access to communications.[FN32]

One narrow exception to the requirement of acquisition contemporaneous with transmission involves access to wire communications under the version of the statute in effect from 1986 to 2001. During this period, Congress attempted to protect the privacy of voicemail through the definition of "wire communication" rather than the more sensible protections of 18 U.S.C.A. § 2703. By adding communications in storage to the definition of wire communication, Congress appeared to have wanted to regulate access to stored wire communications under the Wiretap Act.The passage of Section 209 of the USA Patriot Act removed this language from the definition of wire communication, however, such that the concept of "intercept" is now consistent and applies only to access contemporaneous with acquisition.

[FN28: United States v. Szymuszkiewicz, 622 F.3d 701 (7th Cir. 2010) (Easterbrook, J.) (copying within a second counts as "contemporaneous" and therefore regulated by the Wiretap Act); Lazette v. Kulmatycki, 949 F.Supp.2d 748 (N.D.Ohio 2013) (Carr, J.); Luis v. Zang, 833 F.3d 619 (6th Cir. 2016) (claim in pleading that WebWatcher surveillance tool "immediately and instantaneously" copied communications deemed sufficient to satisfy intercept standard). In Boudreau v. Lussier, 901 F.3d 65 (1st Cir. 2018), the First Circuit rejected a "functional approach" to contemporaneity, in which the test would have been if the surveillance occurred using "technology linked to the fleeting moment in which the victim sent the electronic communication." However, Boudreau ultimately leaves unresolved how the First Circuit's understanding of contemporaneity would apply to a software program that took repeated screenshots on the technical ground that, at the summary judgment stage, the plaintiff did not provide expert evidence that was required to explain on how the program worked. The New Jersey Supreme Court also has an important case pending on the meaning of intercept involving review of the Superior Court's decision in Facebook, Inc. v. State, 471 N.J. Super. 430, 273 A.3d 958 (App. Div. 2022).]

[FN32: The Ninth Circuit's decision in Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir.2002) could be read as drawing the line between a communication that is collected "during transmission" versus one that is collected "while it is in electronic storage." Konop, 302 F.3d at 878. To the extent Konop is so read, this line is not exactly correct. The scope of the Wiretap Act should be defined by whether the surveillance is undertaken as "a series or a continuous surveillance" rather than as "one limited intrusion," Berger, 388 U.S. at 57, not whether the communication was moving or at rest at the moment of acquisition. The confusion may result from the Ninth Circuit's conclusion that a communication cannot be both stored (and therefore subject to the Stored Communications Act, 18 U.S.C.A. §§ 2701 to 2722) and yet also subject to interception under the Wiretap Act. However, the two statutes can in some circumstances regulate access and copying of the same communication. The Wiretap Act regulates prospective continuous surveillance of an account that may result in a particular communication being copied, while the Stored Communications Act regulates a single intrusion to access and copy that communication. The peaceful co-existence of the two statutes is aided by 18 U.S.C.A. § 2702(b)(2) of the Stored Communications Act, which explicitly permits a provider to disclose the contents of communications "as otherwise authorized" in Sections 2511(2)(a) or 2517 of the Wiretap Act.]

2 Wayne LaFave et al, Crim. Proc. § 4.6(b).

To really really date myself, this is the same position I took in an amicus brief in the First Circuit's Councilman case in 2004, although the First Circuit didn't reach the issue. Almost twenty years later, the issue is finally teed up in a case that squarely raises the issue. As always, stay tuned.

Full disclose: I once did a short legal project for Facebook, and I have represented a client in a case against Facebook, too.

UPDATE: For past Volokh Conspiracy blog posts on the same legal issue, see my posts from 2004 and 2005 on the First Circuit's Councilman decision collected here, and my 2010 posts on the 7th Circuit's Szymuszkiewicz decision here and here.