All technical problems of sufficient scope or impact are actually political problems first.
Protection is NOT based on its reason for storage of a file copy.
“Prof. Kerr has provided an excellent write-up of something that mostly escaped notice but that is really a big deal.
In order to service a laudable goal, supporting international justice in Myanmar, a judge in DC gutted one of the most important US privacy laws.”
Provider-deleted files and contents are not protected by the Stored Comm’s Act, DDC rules per MJ Faruqui. In effect, if a provider moderates contents, all private messages and e-mails deleted can be freely disclosed and are no longer private.
First, some context. Back in 2018, Facebook deleted a bunch of accounts run by the Myanmar government because it was spreading disinformation on Facebook. Later, the Gambian government sued the Myanmar government in the International Court of Justice.
The Gambian govt is trying to get the contents of the accounts that Facebook deleted to show Myanmar’s disinformation campaign. It is using a federal statute that allows discovery from the US to aid in foreign litigation to get it.
Facebook has objected to the disclosure. FB is trying to protect the privacy of its accounts, as directed under the Stored Comm’s Act: 18 U.S.C. 2702, the non-disclosure rule, says that contents of accounts usually can’t be disclosed. FB is saying the non-disclosure applies.
In the new decision, MJ Faruqui concludes that the non-disclosure rule protecting account privacy doesn’t apply. The reasoning goes like this.
1) The SCA provides protections for messages in transit, and backups of those messages, as well as for storage and processing.
2) After a provider has decided to delete an account, the provider is no longer providing those services. The provider may keep copies of what it has deleted, but it’s no longer keeping the copies for purposes associated with the statute.
Therefore all privacy protections end.
This strikes me as a fairly astonishing interpretation of the statute. As a matter of law, it seems wrong: I don’t think SCA’s protections hinge on the provider’s motive, with a provider creating or eliminating statutory protection based on its reason for storage of a file copy.
Also, it’s a stunning interpretation in its consequences. Under the op, the most fundamental rule of Internet privacy — that your e-mails and messages are protected from disclosure — is largely meaningless. A provider can just delete your account and hand out your messages.
I was particularly disappointed in how Judge Faruqui responds to Facebook when it raised the policy consequences. His first reaction was to mock Facebook for trying to protect privacy.