Fourth Circuit Grapples With Legal Fallout for Email Hack

RICHMOND, Va. (CN) – Does an opened email lack the same privacy rights as unopened emails? That was the question before a Fourth Circuit on Tuesday as a man whose email was hacked by an ex fought to revive federal claims.

A former Marine Corps sergeant, Patrick Hately learned of the breach on Oct. 13, 2015, when he was awaked by an alert on his cellphone notifying him that the password to one of his email addresses had been changed.

As he began the process of regaining access to his account, assessing the damage and restoring his security, Hately learned that three separate IP addresses had accessed his private email that night while he slept.

Hately quickly connected an ex-girlfriend to two of the IP addresses — they had just broken up in the spring, and his email password had been a combination of their two names — but pinning down the third IP address proved more difficult.

As noted in his brief to the Fourth Circuit, Hately later learned that his ex had shared the password with David Watts, a co-worker of hers, and walked Watts through how to sign in.

Hately explains that in addition to being co-workers, his ex and Watts were enamored of each other, and that Watts was in the middle of a divorce.

In Hately’s email, according to the brief, Watts found several messages that his estranged wife had exchanged with Hately.

Though Hately contends that the breach violated the Stored Communications Act of 1986, a federal judge dismissed his claims against Watts, setting the stage for today’s appeal at the Fourth Circuit in Richmond, Va.

Lexero Law attorney Eric Menhart argued for Hately at oral arguments this afternoon that Stored Communications Act applies here, even if the statute was not crafted with today’s understanding of email.

“When the law was written, data came from the cloud to you. The law was written to address that,” said Menhart. “Now, it stays in the cloud and you access it from the cloud.”

The law may have been written to protect emails in transit, Menhart said, but he said protecting private communications on digital platforms was always the goal.

“While the law didn’t predict how things would go today, the intent is the same,” he said. “It’s always been electronic storage.”

U.S. Circuit Judge James Wynn, an Obama appointee, adamantly agreed.

“Things have changed,” he said, noting the law, if read plainly, offers protections for unopened emails as opposed to those marked read.

“Those are the most important emails, and probably the ones I don’t want anyone to read,” he said. “But spam is protected?”

Jonathan Frieden, a lawyer for Watts at the firm Odin, Feldman & Pittleman, pushed meanwhile to affirm the lower court’s narrow reading of the law.

“They didn’t have spam in 1986,” said Miller, emphasizing that the law was intended to protect unopened email in transit.

“Spam is a collateral beneficiary?” joked Chief U.S. Circuit Judge Roger Gregory.

Seeming to agree with the catch-22 in which he found himself, Frieden relented:

“The court is supposed to interpret the law, not make it,” he said. “Congress needs to fix this.”

Other groups have interest in this case, including digital-privacy watchdogs the Electronic Frontier Foundation.

“The district court’s decision in this case would strip [digital communications like text and email] of [federal] protections … as soon as they are opened,” the digital advocacy group wrote in an amicus brief supporting Hatley.

They pointed to an Eighth Circuit ruling, which found an email’s status of “opened” or “unopened” does not make it any less protected, a ruling which would further complicate the issue if the Fourth Circuit finds otherwise.

“Affirming the district court’s decision would provide electronic communications with different levels of protection in different states, and as people travel between states, undermining the fundamental purpose of ECPA and the SCA,” they wrote.

The Fourth Circuit did not indicate when it will rule on the case.

%d bloggers like this: