The Electronic Communications Privacy Act (ECPA) have well defined the legal responsibilities, and exemptions regarding the prohibition of interception and disclosure of wire, oral, or electronic communications and the access and disclosure of stored communications. In Bohach v. The City of Reno case, it is clearly stated that the City of Reno is the “service provider” of the “Electronic Communication Systems” used by the Reno Police Department’s personnel.
The “plaintiff” in the case, which is the user of the provided service accused the city of unlawful access to stored messages, and argued that those retrieved messages can’t be used as evidence against him. After the ruling of the court, the plaintiff’s claim has been declared no legal basis under ECPA provisions. The opinion and the final decision of the court are justifiable. The City of Reno being the provider, is exempted from any offense stated in ECPA § 2701 subsection (a)(1)(2) and subsection (c) (Cornell University Law School).
Further, the purpose of accessing the stored messages is for the investigation being conducted against the police officer’s alledge misuse of the police department’s “Computerized, Alphanumeric Paging System”. Under § 2703, the city has the right to disclose the stored messages directly from the provider’s storage systems (from their own system) in pursuant to a warrant issued using the Federal Rules of Criminal Procedures with a court handling the case (Cornell University Law School).
Assuming the city followed all necessary procedures, I do believe the city is free from any legal responsibility aside from being the provider, under the ECPA provisions. In the general setting, § 2701 of ECPA places a separate authority to the service provider and the user of an electronic communication system in taking control of the system. Whether it’s an employer, or any other institution, the very first requirement for an exemption in § 2701 subsection (a)(1)(2) is that you must have to be the provider of the service to be exempted from unlawful access.
ECPA § 2701 subsection (a)(1) applies only to other entity “except the provider”. Other entity who intentionally accesses without authority, or who intentionally access beyond the authority as stated in § 2701 subsection (a)(1), will be held liable for punishment as stated in § 2701 subsection (b)(1)(2) (Cornell University Law School). In other case, when the retrieval of a stored messages is requested by a third party, it has to be in compliance with ECPA § 2703, particularly the government institutions seeking for evidence.
But prior to any disclosure, the requesting party has yet to present the requirements stated under § 2703 subsection (b) and subsection (c). However, I believe subsection (b)(1) of ECPA § 2701 also calls anybody, the user, and even the provider of the service to make justifiable access to stored messages. In case it is not requested by law, as stated in subsection (b)(1) it should not be disclosed for the purpose of commercial advantage, or of malicious damages, or of private commercial gain, otherwise it’s another issue outside the scope of the ECPA provision.
Therefore, service providers despite of their major control of using stored messages have yet to take extra measure to avoid causing harm to the private and public life of their users. And the users, has to be responsible for their actions and has to stick to the limitations as provided in the agreements of using any provided service.