​DOJ Tightens Requirements for Obtaining SCA Non-Disclosure Orders

On October 19, 2017, Deputy Attorney General Rod Rosenstein issued a memorandum to United States attorneys and agents that directed their use of protective orders (also called non-disclosure orders) pursuant to 18 U.S.C. § 2705(b) of the Stored Communications Act (“SCA”). The SCA allows the government to issue subpoenas, search warrants, and court orders to retrieve information from companies that provide electronic communications or remote computing services under 18 U.S.C. § 2703(d). 18 U.S.C. § 2705(b) allows the government to obtain non-disclosure orders from courts that prevent companies from notifying their subscribers of such actions. Courts grant these orders when disclosure would jeopardize the investigation or put individuals at risk.

In October’s memorandum, Rosenstein strengthened the application requirements for non-disclosure orders beyond the wording of the original statute. Now each application for a protective order must (1) include a factual basis, detailing the specifics of the case as well as stating which factors of § 2705(b)(1)–(5) apply, and (2) extend only as long as is necessary to fulfill the government’s needs, for up to a one year.

The new limits on the use of non-disclosure orders are widely accepted to have been issued in response to Microsoft Corp. v. U.S. Department of Justice, 16-cv-00538 (W.D. Wash., June 17, 2016). Microsoft alleged that its First Amendment rights were violated by the non-disclosure orders because they prevented the company from communicating with customers about the government’s information-gathering activities. The presiding judge allowed Microsoft’s case to move forward, stating that “First Amendment rights may outweigh the Government interest in secrecy.” Order on Mot. to Dismiss, Feb. 08., 2017.

Microsoft’s case against the use of non-disclosure orders is one of many complaints against the DOJ’s use of § 2705(b). This summer, Facebook challenged a non-disclosure order by alleging First Amendment violations. The case ended when Facebook and the DOJ filed a joint Motion to Dismiss, wherein they agreed that the non-disclosure orders were no longer necessary. In 2016, a California district court ruled that Adobe could not be subject to a non-disclosure order indefinitely after Adobe brought suit alleging First Amendment violations.

In response to the DOJ’s memo, Microsoft praised the new policy’s more rigorous standards and dropped its suit. However, groups such as the Electronic Frontier Foundation (“EFF”) argue that the DOJ’s order did not go far enough. The government can still issue non-disclosure orders without regard to the high bar that the First Amendment places on “prior restraints.” The EFF also argues that the orders should have a more definite time limit than the vague language outlined in the memorandum.

One concern with the DOJ’s policy shift is that, as an administrative action, it can be undone as quickly as it was implemented. If § 2705(b) is as unconstitutional as Microsoft claimed, then this administrative step would not fix the underlying unconstitutionality of the statute. The EFF also argued that a judicial determination on the constitutionality of the statute would be preferable to the DOJ’s memorandum.

Alternatively, legislative action could remedy the current shortcomings of the SCA. Earlier this year, the House of Representatives passed legislation that would reform the statue in question. The ECPA Modernization Act of 2017, introduced by Senators Mike Lee (R-UT) and Patrick Leahy (D-VT), is currently before the Senate Judiciary Committee. The proposed act would address the time frame issue by limiting orders of protection to a maximum of ninety days. Additionally, the bill would require government non-disclosure order requests to be “based on specific and articulable facts.”

Lilianna Rembar is a 1L student at Harvard Law School.