Stored Communications Act: Reform of the Electronic Communications Privacy Act (ECPA) [May 19, 2015] [open pdf - 301KB]
"In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA) to both protect the privacy of an individual's electronic communications and provide the government with a means for accessing these communications and related records. Although passed at the infancy of the Internet, the Stored Communications Act (SCA), which is part of ECPA, has been interpreted over the years to cover the content of emails, private Facebook messages, YouTube videos, and so-called metadata, or non-content information, connected to our Internet transactions (e.g., websites visited, to/from and time/date stamps on emails). The scope of the SCA is determined largely by the entities to which it applies, 'electronic communication service' (ECS) providers and 'remote computing service' (RCS) providers, as defined in the statute. It does not apply to government access to records held by a party to the communication. The SCA has two core components. First, it creates a broad bar against service providers voluntarily disclosing a customer's communications to the government or others, subject to various exceptions, and second, it establishes procedures under which the government can require a provider to disclose customers' communications or records. As to government access, ECPA utilizes a tiered system with different levels of evidence required depending on whether the provider is an ECS or RCS; whether the data sought is content or non-content; whether the email has been opened; and whether advance notice has been given to the customer."
CRS Report for Congress, R44036