My last article discussed whether a party controls a third party’s electronically stored information (ESI) and the potential consequences of its loss. A related issue concerns control of a litigant’s ESI possessed by email service providers (e.g., Google and Microsoft) and social media companies (e.g., Twitter and Facebook) (referred to individually as “internet service provider” and collectively as “providers”). Such providers store ESI on the cloud, which typically exists in more than one physical location. Obtaining a litigant’s ESI from a provider requires an assessment of the legal duties imposed by discovery requests and the effect of the provider’s control on those duties.
Federal statutes such as the Stored Communications Act (SCA) and the Electronic Communications Privacy Act dictate whether a provider can release an account holder’s ESI to another. The SCA governs two types of online services: (1) electronic communication services (ECS) (i.e., “any service which provides to users thereof the ability to send or receive wire or electronic communications”) and (2) remote computing services (RCS) (i.e., “the provision to the public of computer storage or processing services by means of an electronic communications system”). 18 U.S.C. §§ 2510(15), 2711(2).