
    Cora D. TUCKER, Plaintiff-Appellant, v. D.W. WADDELL, both individually and in his official capacity as a police officer for the City of Durham, North Carolina; Terry Mangum, both individually and in his official capacity as a police officer for the City of Durham, North Carolina; George B. Hare, both individually and in his official capacity as a police officer for the City of Durham, North Carolina; City of Durham, North Carolina, Defendants-Appellees.
    No. 95-2080.
    United States Court of Appeals, Fourth Circuit.
    Argued March 5, 1996.
    Decided May 20, 1996.
    
      ARGUED: Mark Alexander Charns, Durham, North Carolina; Thomas Franklin Lof-lin, III, Durham, North Carolina, for Appellant. Reginald B. Gillespie, Jr., Faison & Fletcher, Durham, North Carolina, for Ap-pellees. ON BRIEF: Ann F. Loflin, Durham, North Carolina; William G. Goldston, Durham, North Carolina, for Appellant. Keith D. Bums, Faison & Fletcher, Durham, North Carolina, for Appellees.
    Before MURNAGHAN and MOTZ, Circuit Judges, and YOUNG, Senior United States District Judge for the District of Maryland, sitting by designation.
   Vacated and remanded by published opinion. Judge MOTZ wrote the opinion, in which Judge MURNAGHAN and Senior Judge YOUNG joined.

OPINION

DIANA GRIBBON MOTZ, Circuit Judge:

This ease involves alleged violations of Title II of the Electronic Communications Privacy Act of 1986,18 U.S.C. § 2701 et seq., by appellee, the City of Durham, North Carolina, and certain officials in its police department. Appellant, Cora Tucker, sued the City of Durham pursuant to 18 U.S.C. § 2707, which allows a private right of action for persons aggrieved by knowing or intentional violations of the Act. Her complaint alleged that the City, through its police officers, violated 18 U.S.C. § 2703(e) when the officers obtained subscriber information regarding her telephone service from GTE South, Incorporated, through the use of two improper subpoenas.

The district court granted summary judgment to Tucker with regard to the first such subpoena, dated November 8, 1991. The City of Durham initially appealed this order, but subsequently withdrew its appeal; thus, a claim that the November 8 subpoena was proper is not now before us. The district court also found the second subpoena, dated December 11,1991, to be improper. However, the court granted summary judgment to the City on this claim because, since all information obtained pursuant to that subpoena was publicly available, no violation of the Act occurred with respect to that subpoena. Tucker appeals this order, as well as the district court’s denial of her claim for injunc-tive relief with respect to the “fruits” of the November 8, 1991 subpoena. Because we conclude that the complaint did not state a claim upon which relief can be granted, we must vacate the district court’s orders and remand for entry of a judgment of dismissal.

I.

The City of Durham argues that § 2703(c) does not create a cause of action against governmental entities. Of course, in Tucker’s complaint the asserted basis for jurisdiction was § 2707, not § 2703(c). Section 2707 provides in pertinent part:

Except as provided in section 2703(e) [exempting providers of communication services from liability when they disclose information pursuant to court order, subpoena, etc.], any provider of electronic communication service, subscriber, or customer aggrieved by any violation of this chapter in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity which engaged in that violation such relief as may be appropriate.

18 U.S.C. § 2707(a) (1988) (emphasis added). The term “person” refers not only to individuals, including agents and employees of governmental entities, but also to business entities such as partnerships, associations, and corporations. See 18 U.S.C. § 2510(6), incorporated by reference in 18 U.S.C. § 2711 (1994). Thus, the inclusion of the words “or entity” in § 2707 strongly suggests that Congress intended to include governmental entities within the scope of the section; to interpret it otherwise would render that language mere surplusage. See Gustafson v. Alloyd Co., — U.S. -, -, 115 S.Ct. 1061, 1069, 131 L.Ed.2d 1 (1995) (in construing a statute, “the Court will avoid a reading which renders some words altogether redundant”); Crestar Bank v. Neal (In re Kitchin Equip. Co.), 960 F.2d 1242, 1247 (4th Cir.1992) (“It is an axiom of statutory construction that courts are obliged to give effect, if possible, to every word used by the legislature.”)

The legislative history of the Electronic Communications Privacy Act provides further support for the conclusion that § 2707 creates a private cause of action for violations of the Act by “persons and governmental entities”. In summarizing the proposed legislation, the Senate Committee Report indicates that providers, subscribers, or customers aggrieved by violations of the chapter “may recover from any person or entity— including governmental entities — who knowingly or intentionally violated this chapter.” S.Rep. No. 541, 99th Cong., 2d Sess. 43 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3597 (emphasis added). The House Committee Report is equally clear on this issue: “[r]eeovery may be had under [§ 2707] against a person or entity who violated the provisions of this chapter. This includes governmental entities who have violated the provisions of this chapter.” H.R.Rep. No. 647, 99th Cong., 2d Sess. 74 (1986) (emphasis added).

In sum, the plain language of § 2707, particularly when considered in light of its legislative history, compels the holding that the statute authorizes a private cause of action against governmental entities that violate the Electronic Communications Privacy Act.

II.

This holding does not, however, end our inquiry. Persons aggrieved by violations of the Act can only assert a cause of action against the person or entity that “engaged in that violation.” 18 U.S.C. § 2707(a). The only statute which Tucker alleges that the City violated is 18 U.S.C. § 2703(c). Accordingly, in order for Tucker to have a cause of action and a basis for federal jurisdiction in this case, the police department must have “engaged in” a violation of § 2703(e). The language of § 2703(c) does not expressly proscribe any action by governmental entities or their employees. Rather, § 2703(c) only prohibits the actions of providers of electronic communication services and remote computing services:

A provider of electronic communication service or remote computing service shall disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a) or (b) of this section) to a governmental entity only when the governmental entity—
(i) uses an administrative subpoena authorized by a Federal or State statute, or a Federal or State grand jury or trial subpoena;
(ii) obtains a warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant;
(iii) obtains a court order for such disclosure under subsection (d) of this section; or
(iv) has the consent of the subscriber or customer to such disclosure.

18 U.S.C. § 2703(c)(1)(B) (1988) (emphasis added). To be sure, this section discusses different courses of action available to governmental entities wishing to obtain customer information, but only in the context of limiting the circumstances under which providers may disclose such information.

Tucker’s sole support for her argument that § 2703(e) prohibits governmental entities and their employees from obtaining subscriber telephone records is the following statement from a handbook on law enforcement search and investigation techniques: “An officer who obtains a customer’s telephone information by violating this federal law [§ 2703(c) ] is subject to civil damages to the customer of at least $1,000.” Robert L. Farb, Arrest, Search, and Investigation in North Carolina, 2d ed. (Institute of Government, The University of North Carolina at Chapel Hill, 1992), at 86. The author cites no authority for this proposition, and we have found none.

The Electronic Communications Privacy Act was “modeled after the Right to Financial Privacy Act, 12 U.S.C. 3401 et. seq.” S.Rep. No. 541 at 3,1986 U.C.C.A.N. at 3557. Examination of the Right to Financial Privacy Act indicates that Congress there recognized a distinction between limiting disclosure of information and limiting access to information. The Right to Financial Privacy Act, like the Electronic Communications Privacy Act at issue here, contains a section limiting the circumstances under which customer records may be disclosed to governmental authorities (by financial institutions rather than by communications service providers). 12 U.S.C. § 3403 (1994). However, the Right to Financial Privacy Act, unlike the statute involved here, also contains a “companion” section limiting the circumstances under which governmental authorities may obtain access to customer records from the financial institutions. 12 U.S.C. § 3402 (1994). Customers aggrieved by the improper disclosure of their records have a private right of action against the governmental authority that obtained the records and the financial institution that disclosed the records. 12 U.S.C. § 3417(a). Civil actions against governmental authorities for improperly obtaining information allege violations of § 3402, while actions against financial institutions for improper disclosure allege violations of § 3403. Compare Duncan v. Belcher, 813 F.2d 1335 (4th Cir.1987) (action based on § 3402); with Wage v. First Citizen’s Nat’l Bank, 846 F.Supp. 310 (M.D.Pa.) (action based on § 8403), aff'd, 31 F.3d 1175 (3d Cir.1994).

Thus, in enacting the Right to Financial Privacy Act, Congress limited both the disclosure of customer records by financial institutions and the acquisition of such information by governmental entities. It did so by enacting two “companion” sections, one directed at the actions of governmental entities, and the other directed at the actions of financial institutions. Although Congress modeled the statute invoked here, the Electronic Communications Privacy Act, on the Right to Financial Privacy Act and fashioned a similar prohibition against disclosure of customer information held by electronic communications service providers, Congress did not incorporate in the statute relied on in this case any similar bar to acquisition of information by governmental entities. The absence of a “companion” section limiting the access of customer information by governmental entities indicates that Congress did not intend to authorize eivil suits against governmental entities for improperly obtaining customer records.

Furthermore, even within § 2703 itself, the distinction between limiting disclosure and limiting access is apparent. While subsection (c) focuses on the conduct of the service providers, subsections (a) and (b) focus on the conduct of governmental entities. For example, subsection (a) provides:

A governmental entity may require the disclosure by a provider of electronic communication service of the contents of an electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued under the Federal Rules of Criminal Procedure or equivalent State warrant. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of an electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.

18 U.S.C. § 2703(a) (1988) (emphasis added). Subsection (b) is similarly focused on the conduct of the government, describing when and how “[a] governmental entity may require a provider of remote computing service to disclose the contents of an electronic communication.” 18 U.S.C. § 2703(b). The inclusion, within the same section, of two subsections limiting governmental access to information and one subsection limiting provider disclosure of information makes the distinction between the two eminently clear.

A governmental entity that violates the dictates of § 2703(a) or (b) may be held civilly liable for such violation. See Steve Jackson Games, Inc. v. United States Secret Service, 816 F.Supp. 432, 442-43 (W.D.Tex.1993) (holding Secret Service liable under § 2707 for violation of § 2703(b)), aff'd, 36 F.3d 457 (5th Cir.1994); Organizacion JD Ltda. v. United States Dep’t. of Justice, 18 F.3d 91, 94-95 (2d Cir.) (discussing “the government’s possible liability under § 2707(a),” concluding that the government may be held liable if the district court finds that the government did not comply with the requirements of § 2703(a)), cert. denied, — U.S. -, 114 S.Ct. 2679, 129 L.Ed.2d 813 (1994). In contrast, the language of § 2703(c) does not prohibit any governmental conduct, and thus a governmental entity may not violate that subsection by simply accessing information improperly. Consequently, § 2707 does not authorize a private cause of action against the City of Durham or its officers in this case.

III.

Having concluded that the ECPA does not authorize a civil suit against the City for “violating” § 2703(c), we cannot address the merits of this appeal. Thus, we do not reach the question of whether the information obtained by the City, through its police department, was in the public domain. Instead because the complaint failed to state a claim upon which relief can be granted, we vacate the orders of the district court and remand the case for entry of an order of dismissal on that ground.

VACATED AND REMANDED. 
      
      . Tucker sued the police officials in their individual and official capacities. The district court dismissed all claims against the officers in their individual capacities on the theory that 18 U.S.C. § 2703(c)(1)(A) expressly permits disclosure of records to “any person other than a governmental entity,” and thus the officers in their individual capacities could not violate the statute. Tucker noted an appeal of this ruling but did not address it in any way in her appellate briefs or at oral argument. Accordingly, we deem any claim as to liability of the defendants in their individual capacities to have been abandoned. See 11126 Baltimore Blvd., Inc. v. Prince George’s County, 58 F.3d 988, 993 n. 7 (4th Cir.) (issues not briefed or argued are deemed abandoned), cert. denied, - U.S. -, 116 S.Ct. 567, 133 L.Ed.2d 492 (1995). Tucker’s claim against the officers in their official capacities is identical to the claim against the city itself and is so treated in this opinion.
     
      
      . Tucker’s only response is that the City waived this defense when it withdrew its appeal of the district court's grant of summary judgment with respect to the November 8 subpoena. That argument is meritless. First, it is not at all clear that the City's decision to abandon its appeal constituted a waiver of this argument in Tucker's appeal. In any event, the City’s argument is at heart an assertion that the complaint failed to state a claim upon which relief can be granted. If the City is correct, then there is no basis for federal jurisdiction here and lack of subject matter jurisdiction “cannot be waived by the parties.” United States v. Griffin, 303 U.S. 226, 229, 58 S.Ct. 601, 603, 82 L.Ed. 764 (1938); Farouki v. Emirates Bank Int’l, Ltd., 14 F.3d 244, 247 n. 7 (4th Cir.1994); Kenrose Mfg. Co. v. Fred Whitaker Co., 512 F.2d 890, 895 n. 13 (4th Cir.1972).
     
      
      . In contrast, in Brown v. Waddell, 50 F.3d 285 (4th Cir.1995), one of Tucker's co-workers, Jamie B. Brown, asserted that appellee Waddell violated a provision of Title I of the Electronic Communications Privacy Act, 18 U.S.C. § 2511. We held that Brown's allegations that Waddell used "a duplicate or clone, digital display pager” to "intercept numeric transmissions to Brown’s digital display pagers” stated a cause of action under § 2511. However, § 2511, unlike the statute at issue here, prohibits not just "providers” of communications services but “any person” from intentionally violating its provisions. (Brown also alleged a claim under § 2701 but the precise contours of that claim and whether it stated a cause of action were not addressed by the trial or appellate courts. 50 F.3d at 294.)
     
      
      . This section was amended in 1994, but the original version, quoted above, was in effect at the time of the disclosures complained of in this case. The amendment struck out clause (i) in subpart (c)(1)(B), and added new subpart (c)(1)(C), which designated certain information that providers may disclose in response to administrative, trial or grand jury subpoenas. See 18 U.S.C. § 2703(c) (1994). Our analysis here is unchanged by the amendment.
     
      
      . The Right to Financial Privacy Act has undergone some minor amendments since the time when the Electronic Communications Privacy Act was "modeled after” it. See 12 U.S.C. § 3401 et seq. (1994). None of the amendments are relevant for our purposes in this case.
     
      
      . Arguably, it might be possible for a governmental entity to violate § 2703(c) by aiding and abetting or conspiring in the provider's violation. Tucker's complaint, however, does not allege either of these theories, and thus we need not reach these questions here.
     