SCA Framework

Section summaryThe SCA protects electronic communications stored by electronic communication services (ECS) and remote computing services (RCS). Different protection levels for different content types.

SCA structure:

  • §2701 — criminal access.
  • §2702 — voluntary disclosure restrictions.
  • §2703 — required disclosure procedures.
  • §2707 — civil remedy.

Criminal Offense

Section summary§2701 criminalizes intentional unauthorized access to electronic communications storage. Misdemeanor with felony enhancements.

§2701 elements:

  • Intentional access.
  • Without authorization or exceeding authorization.
  • To facility providing electronic communication service.
  • Obtaining, altering, or preventing authorized access.
  • Misdemeanor base; felony for commercial gain.

Civil Remedy

Section summary§2707 creates a private right of action. Statutory damages, actual damages, attorney fees available.

Civil remedy:

  • Private right of action.
  • Statutory damages ($1,000 minimum).
  • Actual damages.
  • Punitive damages for willful violation.
  • Attorney fees.

Law Enforcement Access

Section summaryLaw enforcement requires legal process to compel disclosure. Warrant for unopened communications stored 180 days or less; subpoena or court order for older or opened.

Required process:

  • Warrant: unopened communications 180 days or less.
  • Court order or warrant: unopened 180+ days.
  • Subpoena: subscriber information, transactional records (with limits).
  • Specific procedures for different content types.

Content vs Non-Content

Section summaryContent (the actual communication body) receives strongest protection. Non-content (transactional records, header information, subscriber info) receives less protection.

Distinction:

  • Content: emails, messages, files.
  • Non-content: timestamps, recipients, subscriber identity, IP addresses.
  • Content typically requires warrant.
  • Non-content sometimes available via subpoena.

Need defense counsel?

L&L Law Group, PLLC handles Computer Crimes Defense cases throughout DFW. Initial consultations are free.

Call (972) 370-5060 →

Forensic Foundation

Stored Communications Act Charges cases turn on digital-forensic evidence: device images, file metadata, network logs, cloud-account records, malware reverse engineering, and attribution analysis. Counsel handling an SCA charge under 18 U.S.C. §2701 must engage with the forensic record at a technical level, not just legal level.

The defense's threshold task is review of the government's forensic methodology. Was the device imaged using accepted procedures? Was the image hash-verified against the original? Did the examiner have appropriate certifications? Did the analysis follow the examiner's lab's standard operating procedures? Each step in the chain produces potential challenges at hearing and trial.

Where the case turns on contested forensic findings, the defense should retain an independent examiner. The defense expert reviews the government's work, performs parallel analysis where possible, and is available to testify if needed. Funding for defense experts is available in federal cases under the Criminal Justice Act (18 U.S.C. §3006A) and in Texas indigent cases under Code of Criminal Procedure Article 26.05.

Van Buren and Authorization Screen

The Supreme Court's decision in Van Buren v. United States, 593 U.S. 374 (2021), reshaped the CFAA "exceeds authorized access" analysis. The Court held that the statute applies only where the defendant accessed an area of a computer system they were not entitled to enter at all — not where they had credentials but used them for an improper purpose. The "gates-up-or-down" inquiry asks whether the user could or could not access the specific area, not why they accessed it.

For an SCA charge under 18 U.S.C. §2701 (where authorization is in issue), the defense must screen the indictment against the post-Van Buren framework. Cases built on theories that the defendant misused authorized access — rather than entering a system they had no right to enter — should be evaluated for dismissal under Van Buren. Many CFAA charges filed before 2021 survived only because the law had not yet been clarified; charges filed since must satisfy the gates-up-or-down standard.

The defense should also consider whether parallel state charges (Texas Penal Code §33.02) provide the same protection. Texas "effective consent" analysis under Chapter 1 of the Penal Code is broad. A defendant who had colorable authorization — an unrevoked password, a shared account, an implied license — has a defense to the access element under state law that runs parallel to the federal Van Buren analysis.

The Stored Communications Act framework

The Stored Communications Act at 18 U.S.C. Sections 2701-2712 governs access to electronic communications held in electronic storage by communication service providers. The SCA was enacted as part of the Electronic Communications Privacy Act of 1986 and has been the central federal statute governing electronic communications privacy for decades. The framework establishes both privacy protections for communications users and procedures for government and private access to stored communications.

The SCA criminal provisions at Section 2701 reach unauthorized access to communications held in electronic storage by communication service providers. The base offense is a misdemeanor for most violations, with felony enhancement for violations committed for commercial advantage, financial gain, or in furtherance of any criminal or tortious act. The civil provisions at Section 2707 provide a private cause of action for SCA violations with statutory and actual damages, attorney fees, and other relief.

The SCA provisions distinguish between two categories of stored communications. The first category is communications held in electronic storage by providers of electronic communications services. The second category is communications and other records held by remote computing services. The two categories have different procedural requirements for government access and different protections against unauthorized private access.

Government access procedures under the SCA

The government access procedures under the SCA vary based on the type of information sought and the type of provider involved. Section 2703 establishes the procedural requirements for government access to stored communications and related records. The requirements include warrants based on probable cause for content of communications stored for 180 days or less, lesser process (including subpoenas with notice) for content stored for more than 180 days, and various forms of process for transactional records and subscriber information.

The procedural framework has been substantially affected by judicial decisions and statutory amendments. The Sixth Circuit decision in United States v. Warshak, 631 F.3d 266 (6th Cir. 2010), held that the SCA distinction between communications stored for 180 days or less and communications stored for longer periods is unconstitutional under the Fourth Amendment, requiring warrants for content regardless of storage duration. The Warshak framework has been generally followed by other circuits and has effectively imposed a warrant requirement for content access.

The defense in SCA cases must analyze whether the government access complied with the constitutional and statutory requirements. The defense can challenge the validity of the warrant or other process used, the scope of the access permitted, and the compliance with notice requirements where applicable. The motion-to-suppress practice in SCA cases follows the general framework for Fourth Amendment violations but with specific application to the electronic communications context.

The CLOUD Act and the international dimension

The Clarifying Lawful Overseas Use of Data Act enacted in 2018 amended the SCA to address access to communications stored outside the United States. The CLOUD Act provides that providers must comply with U.S. legal process for communications they control regardless of where the communications are physically stored. The Act also establishes a framework for executive agreements with foreign governments to facilitate cross-border access to communications.

The CLOUD Act framework responded to the Supreme Court litigation in United States v. Microsoft Corp., 584 U.S. 236 (2018), which addressed whether the SCA required disclosure of communications stored outside the United States. The CLOUD Act resolved the underlying legal question but created new procedural and substantive issues that continue to develop through litigation. The framework continues to affect international cooperation in criminal investigations and civil disputes.

The defense practice in cases involving international elements should understand the CLOUD Act framework and its implications. The framework affects both prosecution of cases involving foreign-stored communications and defense of cases where foreign privacy laws may limit the use of obtained communications. The international dimension adds substantial complexity to SCA practice and requires familiarity with both domestic and foreign legal frameworks.

Private cause of action and litigation considerations

The SCA private cause of action under Section 2707 provides substantial remedies for SCA violations. The remedies include actual damages but not less than $1,000 in statutory damages, equitable or declaratory relief, reasonable attorney fees, and punitive damages in cases of willful or intentional violations. The remedies framework makes SCA litigation attractive for plaintiffs and has produced substantial body of case law on the application of the statute.

The litigation framework includes various procedural and substantive issues. Standing requirements address who can bring SCA claims. The exhaustion requirements (none under the SCA) affect the timing of litigation. The discovery framework affects what information can be obtained in litigation. The summary judgment standards affect when cases can be resolved without trial. Each procedural area has substantial case law that affects SCA litigation strategy.

The defense in SCA civil cases involves both substantive defenses and procedural challenges. The substantive defenses include consent (express or implied), legitimate business purpose (for some forms of access), and various other affirmative defenses that may apply to specific factual situations. The procedural challenges include standing, statute of limitations, and the various other procedural defenses available in federal litigation. The defense practice requires comprehensive analysis of all available defenses and the strategic considerations affecting each.

Carpenter v. United States and the historical cell site location framework

The Supreme Court decision in Carpenter v. United States, 585 U.S. 296 (2018), held that the Fourth Amendment requires a warrant for government access to historical cell site location information, narrowing the third-party doctrine in the digital context. The Carpenter framework affects SCA practice in cases involving location data and other forms of digital surveillance that go beyond traditional stored communications. The decision creates substantial protection for location privacy and has been applied by lower courts to various forms of digital surveillance. Defense practice in cases involving location data should preserve Carpenter arguments through pretrial motions to suppress and should develop the factual record needed to demonstrate the type and duration of location surveillance at issue. The Carpenter framework continues to develop through ongoing litigation about its application to specific surveillance contexts.

Frequently Asked Questions

Can law enforcement access my old emails without a warrant?
Depends on storage period and whether opened. Unopened communications stored 180 days or less require warrant; older or opened typically subpoena. Recent legislation has tightened these requirements.
Does SCA apply to private parties accessing my account?
Yes. Unauthorized access by anyone (including spouses, exes, employers) can violate SCA. Civil remedies available regardless of criminal prosecution.
What if my employer accesses my work email?
Employer access to work email is typically authorized through employment relationship and policies. Personal email accessed at work raises different questions. Specific facts determine SCA applicability.
Does SCA cover cloud storage?
Generally yes. Cloud storage providers are typically electronic communication services or remote computing services. The specific service's status determines exact SCA application.
Part of a larger guide

Read the full Texas Computer Crimes Defense Guide

This article is one section of our comprehensive Texas Computer Crimes Defense Guide. The pillar guide covers recent developments, official resources, and the complete framework with deeper analysis.

Read the Pillar Guide →
⚖️
Texas Bar
Licensed
Bar Nos. 24043266 · 24043514
🏆
40+
Years Combined
Criminal Defense Experience
📞
Free
Consultation
Direct to Attorney
🔓
24/7
Jail Release
Available 7 Days a Week

Practical Checklist

  • Document everything early. Communications, records, and witness contact information lose value as time passes. Preserve them at the start of the case.
  • Identify all parallel proceedings. Criminal, administrative, civil, and regulatory tracks often run in parallel. A statement in one becomes evidence in another. Map the full picture before any disclosure.
  • Calendar every deadline. Filing deadlines, response deadlines, discovery deadlines, and hearing dates all have consequences. Missing a deadline can foreclose defenses that the facts otherwise support.
  • Build the mitigation package early. Witness letters, treatment records, employment verification, and character references take time to gather. Counsel should begin building the package at the first consultation, not as the hearing approaches.
  • Coordinate counsel across forums. Where the matter implicates multiple proceedings, having coordinated counsel (whether one firm or multiple firms in close communication) avoids the strategic errors that inconsistent representation creates.
  • Understand the public-record dimension. Many dispositions create searchable records that follow the licensee, defendant, or respondent for years. The decision to contest versus resolve must account for the public visibility of each path.

For a confidential evaluation of your matter, call L&L Law Group at (972) 370-5060 or email info@landllawgroup.com. Initial consultations are free.

Next Steps

If you are facing a situation described here, consult counsel promptly. Many issues in this area run on strict deadlines.

Reggie London & Njeri London

Co-Founding Partners · L&L Law Group, PLLC

Reggie London (Tex. Bar #24043514) and Njeri London (Tex. Bar #24043266) co-founded L&L Law Group in Frisco, Texas.

This guide was reviewed by Reggie London on May 30, 2026.

Cite this guide

Bluebook: Reggie London & Njeri London, Stored Communications Act (SCA), L&L Law Group (May 30, 2026), https://landllawgroup.com/insights/stored-communications-act-sca/.

APA: London, R., & London, N. (2026, May 30). Stored Communications Act (SCA). L&L Law Group.