By Alicia Penn

If you subpoena a company like Meta or Snap, Inc. for records, what will you get? The answer depends on what you ask for, where you ask for it, and what you argue.

The current landscape of social media subpoenas looks like this: if you ask for records of messages sent to your client, you should get them. 18 U.S.C. § 2702(b)(1)(2018); see also Facebook, Inc. v. Pepe, 241 A. 3d 248 (D.C. 2020). If you ask for subscriber information (i.e. things that are not considered contents of communications), you should get it. 18 U.S.C. § 2702(a)(1)(2018).

But what if you need a message that was not addressed to your client? Or photographs that were posted on someone else’s page? Here we run into the Stored Communications Act (“SCA”), enacted by Congress in 1986. 18 U.S.C. §§ 2701-2712(2018). Some courts have construed the SCA to allow major technology companies to refuse to comply with criminal defense subpoenas.[1]

The unjustified privilege this creates for service providers has been identified and analyzed by legal scholars. In 2021, Harvard Law Review published Rebecca Wexler[2]’s article Privacy as Privilege: The Stored Communications Act and Internet Evidence, 134 Harv. L. Rev. 2721 (2021)[3]. In her article, Wexler argues that major technology companies have enjoyed an undeserved court-created subsidy because courts have incorrectly allowed them to ignore criminal defense subpoenas. Wexler’s scholarship provides a new path for defense counsel to argue the SCA does not and should not bar criminal defense subpoenas. The next year, in 2022, Yale Law Journal published Rebecca Steel’s article[4] Equalizing Access to Evidence: Criminal Defendants and the Stored Communications Act, 131 Yale L.J. 1584 (2022). In it, Steel provides a comprehensive list of ways to access contents of communications within the boundaries of the SCA, in addition to laying out the constitutional challenges that should be made when the SCA is claimed as a shield for major technology companies.

This blog post complies and summarizes some of the law, rules, and arguments relevant to our quest to obtain evidence relevant to our cases and helpful to our clients.

Federal Rule of Criminal Procedure 17: Subpoena

When parties will not turn over relevant evidence voluntarily or on request, a Rule 17 subpoena can be used to force compliance. A subpoena may order a witness to produce “any books, papers, documents, data, or other objects.” Fed. R. Crim. P. 17 (c)(1). The subpoena must state the court’s name and title of the proceeding, include the seal of the court, and command the witness to attend and testify when the subpoena specifies. Fed. R. Crim. P. 17 (a). The clerk must issue a blank subpoena—signed and sealed—to the party requesting it, and that party must fill in the blanks before it is served. Fed. R. Crim. P. 17 (a).

A typical subpoena looks like this:

Subsection (b) of rule 17 explicitly provides for ex parte applications by the defense. “Upon a defendant’s ex parte application, the court must order that a subpoena be issued for a named witness if the defendant shows an inability to pay the witness’s fees and the necessity of the witness’s presence for an adequate defense.” Fed. R. Crim. P. 17 (b). The rule initially did not include this, but in 1966 the rule was amended to shield the defense theory from the prosecution. Notes of Advisory Committee on 1966 amendment USCS Fed Rules Crim Proc R 17.

Generally, the party seeking the 17(c) subpoena must show

1. That the documents are evidentiary and relevant
2. That they are not otherwise procurable reasonably in advance of trial using due diligence
3. The party cannot properly prepare for trial without the production and inspection before trial, and the failure to get the documents might tend unreasonably to delay the trial and
4. The application is made in good faith and not intended as a general fishing expedition

United States v. Nixon, 418 U.S. 683, 699 (1974).

A party commanded to produce documents under a subpoena can fight the subpoena by filing a motion to quash or modify the subpoena. Fed. R. Crim. P. 17(c)(2). The court “may quash or modify the subpoena if compliance would be unreasonable or oppressive.” Id.

The Stored Communications Act

Some companies, when faced with a subpoena, will use the Stored Communications Act to excuse their non-compliance. Section 18 USC 2702 (a)[5] generally prohibits service providers from sharing the contents of electronically stored communications or records:

18 U.S.C. § 2702 (2018). Section 2702(b)[6] lists nine express exceptions. These are:

2702(b)(1): to an addressee or intended recipient of such communication or an agent of such addresses or intended recipient

The exception in 2702(b)(1)—“to an addressee or intended recipient of such communication or an agent of such addresses or intended recipient” has been interpreted to mean if your client is asking for communications sent to them or otherwise meant for them, the company must respond to the criminal defense subpoena and provide these records. Facebook, Inc. v. Pepe, 241 A. 3d 248, 2020 WL 1870591. In Facebook, Inc. v. Pepe, Facebook fought compliance with the subpoena. Pepe argued that what he was asking for—records of messages sent to him—was an exception to the prohibition stated in § 2702 (b)(1) and thus the SCA provided no shield against compliance.

On appeal, the court addressed (1) Pepe’s status as an “addressee or intended recipient,” and (2) the enforceability of a subpoena for information the SCA permits Facebook to divulge. Facebook, Inc. v. Pepe, 241 A.3d 248, 254. It found Pepe’s subpoena enforceable, affirming the trial court’s order holding Facebook in contempt and its order denying Facebook’s motion to quash. Facebook, Inc. v. Pepe, 241 A.3d 248, 265.

Facebook argued Pepe was not an “addressee or intended recipient” because the Instagram messages he sought were not visible on his Instagram platform after 24 hours. Id. at 254-255. The court disagreed, pointing out that this reading was unsupported by the ordinary meaning of the words or by any definition in the SCA itself. Id. Facebook also argued that the SCA implicitly created “an absolute service provider discovery privilege whenever the SCA does not specifically require a service provider to permit discovery.” Id. at 257. The court rejected this argument too, pointing out the presumption against inferring Congress intended to restrict rules of discovery in the judicial process. Id.

2702(b)(3): with the lawful consent of the originator

In Facebook v. Superior Court (Hunter), 4 Cal. 5^th 1245; 417 P.3d 725 (2018), the Supreme Court of California held that public posts had to be disclosed by technology companies in response to a defense subpoena. The Court looked at the history of the SCA to interpret that “consent” meant posts configured as public, but not posts configured as private or otherwise restricted to a group of people.  

Section 2702(b)(3) of the SCA lists an exception to the general prohibition on disclosure by a service provider in subsection (a) where disclosure is permitted “with the lawful consent of the originator or an addressee or intended recipient of such communication.” In Hunter, Derrick Hunter, Lee Sullivan, and Q.H. Hunter were charged with the murder of Jacquan Rice and the shooting of Rice’s girlfriend, B.K. Id. at 729. Sullivan’s girlfriend, Renesha Lee, was an important witness for the government. She gave differing statements but was also the only person who implicated Sullivan in the shooting. Id. at 729-730, 733.

The government’s theory was that that the drive-by shooting was because Rice and the Hunter brothers were members of rival gangs, and Rice had threatened Q.H. on social media. Id. at 730. The government obtained and disclosed some social media communications relevant to the case—some of Rice’s communications from Facebook and Instagram. Id. at 732. The government did not seek any of Renesha’s social media communications. Id. at 733.

Defense counsel subpoenaed communications for Rice and Renesha from Facebook, Instagram, and Twitter. Id. at 730-31. The companies moved to quash, defense counsel opposed the motions to quash, and the trial court ruled in favor of the defense. Id. at 735. The companies appealed to the California Court of Appeal, and the Court of Appeal sided with the companies but stressed that their order was limited to the pretrial context and left open that the defendants could seek the communications at trial. Id.

The Supreme Court granted review of the Court of Appeal’s decision. Id. at 728. It decided the case based on a textual interpretation of the SCA, instead of using the constitutional questions argued in the courts below. Id. at 735-736. It held, as both parties agreed after supplemental briefing, that a social media communication configured as public fell within section 2702(b)(3)’s lawful consent exception. Id. at 745. “We conclude that communications configured by a social media user to be public fall within section 2702(b)(3)’s lawful consent exception, presumptively permitting disclosure by a provider.” Id. It disagreed with the defense argument that publicly-configured posts included restricted posts accessible to a large group of friends or followers. Id. at 746. It also disagreed with the companies’ argument 2702(b)(3)’s lawful consent exception authorized but didn’t compel compliance with a defense subpoena.

There are more exceptions in 2702(c) and (d)[7]:

Privacy as Privilege: The Stored Communications Act and Internet Evidence

In her article[8], Wexler lays out a historical and legal path to argue that the correct treatment of the intersection of the SCA and criminal defense subpoenas would be to consider the SCA as creating a duty of confidentiality. Id. at 2745. Privacy as Privilege: The Stored Communications Act and Internet Evidence, 134 Harv. L. Rev. 2721, 2778. She argues that the courts that have allowed major technology companies to use the SCA as a shield against compliance with criminal defense subpoenas have given them an undeserved court-created subsidy and an unjustified court-created privilege. Confidentiality can be overcome through correct legal process instead of reading an implied privilege into the SCA that allows companies to avoid judicial process entirely. 

The sections of Wexler’s article that have stuck in my mind long after reading her work were the portions highlighting the disparity of resources (money, time, manpower) between companies and their well-funded legal teams and our clients and their counselors—us.[9] We, as criminal defense attorneys, are of course well-versed in the ways the content that is denied to us can help our clients. Wexler’s article starts with a litany of cases where the lack of content because of a quashed subpoena impeded justice—a homicide defendant blocked from arguing self-defense, a murder defendant denied access to key impeachment material, etc. etc. Id. at 2723. She puts in writing a quote from a federal defender who says what some of us think—attorneys or their investigators, even if we do not say it out loud—“Do I think that the content would be really helpful? Yes. Do I think that we could beat Facebook and Twitter in court? Probably not.” Id. at 2725.

The best part of her article is that she demonstrates how the result of reading privilege into the SCA—that we cannot subpoena certain information from major technology companies—is inconsistent with privilege law. Id. at 2745. The unfairness that results from reading privilege into the SCA could be avoided if it were properly viewed as creating a duty of confidentiality like that assigned to doctors, lawyers, banks, etc.. This privilege could then be overcome, where merited, through proper judicial process. Id. at 2751. This stark comparison between companies that provide access to a social media platform and the professions we associate with the most intimate parts of our human lives—death, law, and taxes–drives home the ridiculousness of of such a boon to these major technology companies. While our clients are entitled by law and right to medical records if relevant to their case, some courts have ruled that the SCA will not allow us to get social media posts that have been shared with the general public. This, Wexler explains, is legally wrong.

Her last section covers the policy implications of empowering major technology companies to escape criminal defense subpoenas. Strikingly, she points out that “[t]he primary effect of the current SCA privilege is not to protect privacy but, rather, to exempt technology companies from the administrative burdens of complying with subpoenas. The current SCA case law is…a subsidy that courts have gifted to technology companies and their data-mining markets…rather than protect privacy, the current SCA subsidy protects technology companies’ privacy-invasive business practices.” Id. 2782.

Equalizing Access to Evidence: Criminal Defendants and the Stored Communications Act

Steel supplements Wexler’s research with more avenues for criminal defendants to consider.[10] These avenues are first, that the SCAs incorrect privilege can be avoided by subpoenaing the sender or recipient of a desired communication directly, instead of seeking the communications through the service provider. Equalizing Access to Evidence: Criminal Defendants and the Stored Communications Act, 131 Yale L.J. 1584, 1600, March 2022. Second, that defense counsel could work with law enforcement to issue warrants. Id. Third, arguing that the company is not covered under the statute, or other exceptions contained within the SCA. Id. The last portion of Steel’s article provides a comprehensive review of constitutional challenges to the SCA. Id. at 1617. These are due-process rights (Brady and prosecutorial misconduct, Wardius and reciprocity requirements, actual innocence) and the sixth amendment (right to confrontation and cross-examination, compulsory process, effective assistance of counsel).

In July 2024, an appellate court in California relied upon one of these avenues to rule a social media company could not claim the SCA as a bar to compliance from a criminal defense subpoena. In Snap v. Superior Court, 2024 Cal. App. LEXIS 465 (July 23, 2024), the court held that because social media companies used customer data for their own business purposes, that they were excluded from the limitations imposed by the SCA—“we conclude that the companies’ ability to access and use their customers’ information takes them outside the strictures of the Act.” Id. at 2.

The Court took judicial notice of the Meta’s Terms of Service for Facebook, that provided for the use of personal data to show personalized ads and sponsored content, and that Meta would collect, mine, analyze content, and share that information with third-party partners. Id. at 31. It discussed the definition of an electronic communication service (ECS) and remote computing service (RCS) as defined by the SCA to conclude neither services were allowed to access the contents of communications. Therefore, if a social media company did not act as an ECS or RCS and chose to access and use data for purposes other than temporary storage or processing, they could not then claim to be an ECS and RCS and use the SCA as a shield against criminal defense subpoena compliance. “if an entity does not act as a provider of ECS or RCS with regard to a given communication, the entity is not bound by any limitation that the SCA places on the disclosure of that communication—and hence the entity cannot rely upon the SCA as a shield against enforcement of a viable subpoena seeking that communication.” Id. at 45, citing Facebook, Inc. V. Superior Court (2020), 10 Cal. 5^th 329 (267 Cal. Rptr. 3d 267, 471 P.3d 383 (Touchstone).

Conclusion

Recent caselaw around criminal defense subpoenas and major technology companies give reason for optimism. Older reviews of the SCA and defense subpoenas are not particularly defense-friendly, but are also neither robust nor controlling. Much of the litigation in this area has happened in California State courts, with Snap v. Superior Court, 2024 Cal. App. LEXIS 465 (July 23, 2024) completely dismantling the idea that large technology companies who use customer data for their own purposes are covered by the SCA at all. Every criminal defense attorney understands that a single social media image or message can hold the key to a favorable result, and the legal scholarship of Wexler and Steel, plus current caselaw, map multiple paths to get there.

---

[1] Here are some cases from jurisdictions that have allowed technology companies to use the SCA as a shield against criminal defense subpoena compliance:

2nd Cir:
United States v. Pierce, 785 F.3d 832, 842 (2d Cir. 2015)

Federal District Courts:
United States v. Glenn, 341 F.R.D. 217 (N.D. Ohio 2022); United States v. Amawi, 552 F.Supp 2d 679, 680-81 (N.D. Ohio 2008)
United States v. Wenk, 319 F.Supp. 3d 828, 829 (E.D. Va. 2017)
United States v. Meintzschel, No. 20-CR-00023-FL-1, 2020 WL 7340017, at *3 (E.D.N.C. 2020)
United States v. Nix, 251 F. Supp. 3d 555 (W.D.N.Y. 2017)

State Courts:
People v. Q.H., No. A142771, 2016 WL 5118287, at *13 (Cal. Ct. App. 2016)
Facebook, Inc. v. Wint, 199 A.3d 625, 629 (D.C. 2019)
R.C. v. Chilcoff, No. SJ-2020-008, 2020 WL 8079734, at *6 (Mass. 2020)
State v. Bray, 422 P.3d 250, 259 (Or. 2018)
State v. Johnson, 538 S.W.3d 32, 69 (Tenn. Crim. App. 2017)
State v. Vasquez, No. 08-16-00089-CR, 2018 WL 4178462, at *7-8 (Tex. Ct. App. 2018)

[2] https://www.law.berkeley.edu/library/ir/faculty/?id=47233#tab_publications

[3] https://harvardlawreview.org/print/vol-134/privacy-as-privilege/

[4] https://www.yalelawjournal.org/note/equalizing-access-to-evidence-criminal-defendants-and-the-stored-communications-act

[5] https://www.law.cornell.edu/uscode/text/18/2702

[6] https://www.law.cornell.edu/uscode/text/18/2702

[7] https://www.law.cornell.edu/uscode/text/18/2702

[8] https://harvardlawreview.org/print/vol-134/privacy-as-privilege/

[9] “In many ways, it is unsurprising that an erroneous view of the SCA as barring judicially ordered criminal defense subpoenas has proliferated through the courts. On the one hand, this view has been advanced by multinational companies with power and privilege…on the other hand, this view has been marshaled against underresourced, decentralized public defenders managing full felony dockets and representing poor, disproportionately Black, and marginalized clients. Id. at 2725

[10] https://www.yalelawjournal.org/note/equalizing-access-to-evidence-criminal-defendants-and-the-stored-communications-act