Keep Factually independent
Whether you agree or disagree with our analysis, these conversations matter for democracy. We don't take money from political groups - even a $5 donation helps us keep it that way.
Fact check: What are the legal implications of releasing someone's text messages without consent?
Executive Summary
Releasing someone’s text messages without their consent can trigger federal criminal liability under the Stored Communications Act (18 U.S.C. §2701), expose the releaser to statutory penalties and fines, and implicate a separate regulatory regime that treats certain texts as calls under the TCPA, especially when messages are used for commercial or mass-marketing purposes [1] [2] [3]. State privacy laws and industry compliance guides add overlapping civil exposure and regulatory enforcement risks; messages disclosed in marketing or platform contexts can also run afoul of state statutes like the California privacy regime and state anti-spam laws [4] [5]. This analysis compares the core legal claims, shows where laws overlap and diverge, and flags potential non-privacy statutes and compliance rules that frequently get conflated with unauthorized disclosure [6] [7].
1. Why federal criminal law can make disclosure a crime — the statute that matters and its penalties
The primary federal criminal exposure arises under 18 U.S.C. §2701, which makes it unlawful to intentionally access without authorization a facility through which an electronic communication service is provided and thereby obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage [1]. The statute is explicitly applied to stored text messages and has been interpreted to cover unauthorized access and retrieval of texts from service providers; penalties include imprisonment and fines, with first-offense punishment reaching up to a year and heightened penalties for repeat offenses [2] [8]. These statutory provisions were codified to protect electronic communications in storage, and criminal exposure does not require publication—the act of unauthorized access and obtaining stored messages itself can trigger liability, which makes the legal risk distinct from later dissemination issues [1] [2].
2. Civil and regulatory exposure: TCPA and communications compliance are separate but overlapping risks
Separately from criminal law, text messaging is tightly regulated under communications rules, and the Telephone Consumer Protection Act (TCPA) treats texts as calls in many contexts, imposing statutory damages that can be recovered in private suits and class actions; typical per-message statutory damages range from $500 to $1,500 when violations are found [3]. The communications regime focuses on consent and the nature of messages—conversational, informational, or promotional—and requires express consent for many marketing uses [5]. The Federal Communications Commission has also taken steps to require blocking of messages likely to be illegal, with targeted compliance dates already implemented for blocking by wireless providers, which adds an enforcement layer that can intersect with disclosures if messages are used in mass messaging or marketing contexts [7]. Civil damages and regulatory enforcement can arise even without criminal charges, making dual exposure common [3] [7].
3. State laws and privacy regimes create additional civil risk and patchwork rules
State-level rules create a patchwork that can expand liability beyond federal statutes; states like California impose broad consumer privacy protections and many states have anti-spam and text-specific laws that add requirements or prohibitions beyond federal law [4]. Businesses and individuals must account for both federal and state compliance when texts are disclosed or repurposed—for example, a text used for marketing without consent could violate state anti-spam laws and the CCPA-style privacy rules while also triggering TCPA claims [4] [5]. The practical effect is overlapping civil exposure: unauthorized disclosure can spawn privacy tort claims, statutory damages claims under communications law, and state regulatory actions, depending on how the messages are used after disclosure [4] [5].
4. Non-privacy statutes and special contexts that can widen legal exposure
Some claims cited in investigatory material can pull in non-privacy statutes or unrelated registration regimes when messages are used for political or foreign-influence activities; for example, the Foreign Agents Registration Act (FARA) governs agents acting on behalf of foreign principals, and while not a privacy statute, it can become relevant if disclosed messages serve as part of coordinated foreign-directed activity requiring registration [6]. This highlights that disclosure liability is use-dependent: the same set of texts can trigger a criminal unauthorized-access prosecution, communications-law damages, state privacy enforcement, and even foreign-agent registration scrutiny if the disclosed material is deployed in political advocacy or influence operations [6] [1].
5. Practical takeaways and where major legal disputes arise
In practice, the most litigated and consequential issues are whether access was authorized (criminal inquiry under §2701), whether consent covered the disclosure or subsequent use (TCPA and state consumer rules), and whether the content’s use implicates other statutory regimes like anti-spam or even FARA when foreign-directed advocacy is involved [1] [3] [6]. Compliance guides stress documented express consent for messaging and to retain records showing authorization for access and dissemination; regulators and private plaintiffs both rely on such documentary proof to prove or defend against claims [5] [4]. The legal landscape is layered and fact-specific: unauthorized access alone can be a federal crime, and republication or commercial use of texts compounds civil and regulatory exposure across multiple statutes [2] [3].