Judge's gavel on table in office
Listen to this post

When companies receive their first 2703(d) order from law enforcement, their response is usually a mix of confusion and terror. In the ever-evolving landscape of digital communications, understanding the legal mechanisms that govern data access is crucial. One such mechanism is the 2703(d) order, a powerful tool that law enforcement is using more and more as digital evidence becomes more robust and complex. This post examines the nature of a 2703(d) order and considers its implications for organizations, privacy officers, compliance professionals, and defense counsel.

What is a 2703(d) Order?

The Electronic Communications Privacy Act, enacted in 1986, was designed to address the growing prevalence of digital communications, with an ideal of balancing individuals’ rights to privacy with the need for law enforcement to obtain otherwise private digital information in certain circumstances. Part of the Electronic Communications Privacy Act was codified at 18 U.S.C. §2703(d), and allows government authorities to obtain a variety of digital records with a court order. Specifically, 2703(d) orders require a company to reveal to the government information like a particular user’s subscriber information, account logs, IP addresses, session timestamps, and other non-communication information.

These orders are very different from a search warrant. The government needs a search warrant to obtain someone’s communications (like emails), and search warrants require facts showing that it is probable that the communications contain evidence of a crime. But 2703(d) orders are easier for the government to get. They require only “reasonable grounds to believe” that the requested records are “relevant and material” to an ongoing criminal investigation, which is a lower threshold than the “probable cause” standard necessary for a search warrant.

It is common for law enforcement to first obtain a 2703(d) order to discover the extent of their target’s use of a particular platform, and then obtain a search warrant for records the government previously did not know existed. This can be a powerful tool when 2703(d) orders are served on large tech companies with many discrete applications, as 2703(d) orders can require those companies to turn over information on every account a user has across the company’s platforms.

The Evolution of Data Retention

The application of the Electronic Communications Privacy Act has presented challenges for courts as technology has evolved. At the time of its passage, internet usage and service offerings were limited, and providers seldom stored large volumes of data long-term. Today, data retention is common, resulting in increased issuance of 2703(d) orders and potential follow-up warrants based on aggregated metadata.

What Data is Reachable?

Section 2703(d) orders grant law enforcement access to non-content records and basic subscriber information, including names, addresses, credit card details, system logs, and IP addresses. For large companies with multiple applications for use, 2703(d) orders can also require the company to reveal linked accounts across platforms. Some 2703(d) orders can also show non-communication information relating to emails, such as a list of a user’s emails, including the email addresses of others involved in the email, and the date and time each email was sent.

2703(d) orders can also require companies to turn over metadata like creation dates and file sizes, plus identifying information like creator identity and IP addresses. This data allows law enforcement to piece together a puzzle until there is enough evidence to establish probable cause. Courts have upheld the use of 2703(d) orders to obtain such metadata, applying the third-party doctrine to justify these disclosures. 

Court Challenges to 2703(d) Orders

For the most part, when companies and individuals have sued to challenge 2703(d) orders, courts have upheld the use of 2703(d) orders primarily because the ordered production is intended to capture things other than communications, under the theory that communications have different protections under the Constitution than non-communications. However, courts have ruled certain uses of 2703(d) orders unconstitutional for specific types of data, such as cell site location information and unopened emails, due to constitutional privacy rights. These types of data typically require a warrant.

But in general, courts have signaled approval of 2703(d) orders for far-reaching types of information. For instance, a Virginia district court upheld a 2703(d) order to reach a social media application’s “records of user activity . . . including the date [and] time” and “non-content information associated with the contents of any communication . . . [including] IP addresses” for multiple users.[1] Using IP addresses to track locations was distinguished from beeper tracking devices by this court because IP addresses are shared with all internet routers when a user accesses any website or internet based app. On the other hand, tracking a beeper allowed the government to monitor inside a private residence, which was not otherwise open for visual surveillance.[2] This line of reasoning suggests that once information is entered into or transmitted by a computer, it becomes vulnerable to government surveillance because it is knowingly shared with service providers and network routers. As a result, courts frequently apply the third-party doctrine—an exception to the reasonable expectation of privacy—to permit such access.

When companies receive their first 2703(d) order, or they receive a 2703(d) order that seeks more information than their policies allow, consultation with legal counsel is important to ensure that the planned production does not cross users’ constitutional lines.

Looking Ahead

In today’s world, non-content data can be incredibly revealing. Technological advancements mean that aggregate metadata can now infer relationships, predict personal circumstances, and identify patterns of movement or interest, all of which could expose individuals to harassment or even theft and physical harm. With significant technological advances, individuals’ growing online presence, and incentives to retain data, private internet companies and app providers may retain extensive data and monitor users during both online and offline periods, all of which can be subject to 2703(d) orders.

The growing collection of such information is a rich source for law enforcement to invade, allowing them to paint a picture of probable cause. Given the lower standard required to obtain a 2703(d) order and the vast amount of data and information it can provide to law enforcement, the demand and reliance on electronic service providers is increasing and will continue to do so.

What This Means for Companies, Defense Lawyers, and Compliance Teams

The scenario where law enforcement starts with a simple 2703(d) order and escalates to full-scale content searches is no longer hypothetical—it’s happening now across investigations involving fraud, cybercrime, financial misconduct, and corporate wrongdoing.

Key questions organizations should be asking include:

  • Have we established clear protocols to protect sensitive business data while complying with a 2703(d) order?
  • Are we fully aware of our legal responsibilities regarding notifying users or subscribers when their information is disclosed, and do we know when such notification is prohibited?
  • Do we understand how employees’ use of personal devices, accounts, and third-party applications may fall within the scope of the 2703(d) order or inadvertently expand the investigation?
  • Are our policies and monitoring mechanisms robust enough to anticipate that seemingly limited metadata disclosures can serve as a gateway to more extensive data seizures or content requests?

Bottom Line

A 2703(d) order often serves as the DOJ’s initial entry point—allowing investigators to gather enough fragments of information to build a case for probable cause and broaden the range of data they can obtain. For corporate counsel, defense attorneys, and compliance professionals, it is crucial to recognize how a seemingly limited 2703(d) order can quickly escalate into a comprehensive warrant-based search of your organization’s digital environment.

[1]  In re Application of the United States of America for an Order Pursuant to 18 U.S.C. § 2703(d), 830 F.Supp2d 114, 121-22, 130-31, 153 (E.D. Va. 2011).

[2] Id. At 132.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jonathan Porter Jonathan Porter

Jonathan uses his years of experience as a federal prosecutor to guide clients through the challenges associated with government investigations and regulatory compliance.

Jonathan brings to clients a thorough working knowledge of how the U.S. government targets and pursues criminal and civil investigations,

Jonathan uses his years of experience as a federal prosecutor to guide clients through the challenges associated with government investigations and regulatory compliance.

Jonathan brings to clients a thorough working knowledge of how the U.S. government targets and pursues criminal and civil investigations, particularly those involving the healthcare industry. He is a former Assistant U.S. Attorney for the Southern District of Georgia, and in that capacity, he brought charges against numerous individuals and companies under federal law, including criminal charges of health care fraud, wire fraud, and violation of the Anti-Kickback Statute, and civil complaints alleging violations of the False Claims Act.

At the Department of Justice, Jonathan was a key member of multiple international health care fraud takedowns, in which Jonathan charged dozens of doctors, nurses, and other licensed medical professionals, along with marketers and health care executives for alleged participation in healthcare fraud schemes involving billions of dollars in false billings. In total, these charges resulted in more than 30 guilty pleas plus a conviction in the nation’s first trial of a medical professional charged as part of Operation Brace Yourself, which Jonathan first-chaired. Jonathan also was active in dozens of civil investigations brought under the False Claims Act. Jonathan resolved tens of millions of dollars in civil settlements and judgments for False Claims Act violations.

Jonathan also advises clients on a range of regulatory issues, along with the development and implementation of corporate compliance programs. He uses his unique perspective as a former AUSA, providing a prosecutor’s eye for detail in helping clients understand how DOJ and other agencies view compliance, particularly in light of the changing standards for compliance as outlined in the DOJ’s Evaluation of Corporate Compliance Programs (ECCP) and implemented in the Department’s white-collar crime enforcement initiative.

Read more about Jonathan PorterJonathan's Linkedin Profile
Show more Show less
Photo of Cara Arnold Cara Arnold

With a background at the DOJ, Cara defends healthcare clients in commercial litigation, fraud allegations, and white collar matters. Cara focuses her practice on hospitals, health systems, and other healthcare organizations. She concentrates primarily on litigation, fraud and abuse claims, and False Claims

With a background at the DOJ, Cara defends healthcare clients in commercial litigation, fraud allegations, and white collar matters. Cara focuses her practice on hospitals, health systems, and other healthcare organizations. She concentrates primarily on litigation, fraud and abuse claims, and False Claims Act violations, and she guides clients through both internal and government investigations. In addition, she also counsels organizations on compliance with a wide array of healthcare regulations, helping them prevent future litigation. After cutting her teeth on healthcare fraud at the DOJ, Cara loves working directly with these organizations and is fascinated by their complexity. With regulations changing rapidly, she understands the monumentally difficult task large health systems face in regulatory compliance, and she provides clients with the legal guidance they need to remain focused on their mission.

Read more about Cara Arnold
Show more Show less
Photo of Kathryn Horvatits Kathryn Horvatits

Kathryn focuses on healthcare regulatory law, leveraging a unique blend of military and medical experience. Kathryn previously served as an emergency action controller and aerospace medical technician in the U.S. Air Force, roles that honed her ability to handle complex, high-pressure situations. Her

Kathryn focuses on healthcare regulatory law, leveraging a unique blend of military and medical experience. Kathryn previously served as an emergency action controller and aerospace medical technician in the U.S. Air Force, roles that honed her ability to handle complex, high-pressure situations. Her interest in law grew out of her military service: she had enjoyed delving into Air Force regulations and using them to argue for and against policy decisions, which naturally led her to the legal field.

Read more about Kathryn Horvatits
Show more Show less
Related Posts
US Department of Justice Sign
DOJ’s Revised Corporate Enforcement Policy in Action
October 24, 2025
US Department of Justice Sign
Voluntary Disclosure Leads to FCPA Declination
October 1, 2025
Making payments , writing the check
PPP Loan Fraud Civil Enforcement through the False Claims Act
September 23, 2025