The Perils of Hitting the “Send” Button at the Workplace

While our thoughts and fantasies remain protected from seizure, electronically sending messages containing those thoughts and fantasies while at the workplace is not always protected from seizure by the Fourth Amendment.

Earlier this month, a federal district court in Manhattan overturned the conviction of a former New York City police officer, who had been convicted in 2013 of plotting to kidnap, torture, kill, and eat women.  Judge Gardephe found that although Gilberto Valle had used the Internet to research various ways to abduct, subdue, and cook potential victims, and had entered into agreements with other men to kidnap women, Valle’s Internet communications were merely fantasy role plays, with no genuine agreements to harm women.  Judge Gardephe did, however, uphold Valle’s conviction for illegally gaining access to the law enforcement database. Valle had accessed the database while riding in a patrol car with his supervising sergeant, compiling dossiers on women that included information on their birthdates, height, weight, and addresses. Valle was terminated by the NYPD upon his conviction.

While the Valle case is extreme in regard to his particular fantasies, it reveals the difficult role that courts must play in balancing the need to protect an individual’s right to self-expression, even at the workplace, with the legitimate needs of employers, and how that balance changes over time. 

In 2010, the United States Supreme Court took on this weighty responsibility.  In City of Ontario v. Quon,130 S.Ct.  2619 (2010), the Court had to decide whether a City violated the Fourth Amendment when it reviewed the text messages of a police officer who was using a pager issued by the City.  When the City issued the pagers, it imposed a monthly character limit and announced that the City retained the right to monitor all network activity, including emails.  The City subsequently issued a memo that specifically included text messages as subject to monitoring.  When police officer Quon repeatedly exceeded his monthly limit, the City requested transcripts of his text messages for a two-month period to determine if the existing character limit was too low. Quon’s Lieutenant reviewed the messages, and discovered that many of them were not work related, and some were sexually explicit.

The Court held the City did not violate the police officer’s Fourth Amendment rights.  The Court applied the two-part approach it had formerly adopted in O’Conner v. Ortega, 480 U.S. 709 (1987), assessing first whether the employee had a reasonable expectation of privacy considering the “operational realities of the workplace,” and second whether the employer’s search was reasonable under the circumstances.  The Court side-stepped the first prong when it assumed without deciding that the employee had a reasonable expectation of privacy in the text messages he sent on the City-issued pager.  The Court noted that, “rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior.” The Court in Quon recognized that cell phones are essentially becoming appendages of our humanity: “Cell phone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self-identification,” such that individuals do have a reasonable expectation of privacy in those communications.  The Court thought it preferable to decide the case on narrower grounds, since “a broad holding concerning employees’ privacy expectations vis-a-vis employer-provided technological equipment might have implications for future cases that cannot be predicted.”

Proceeding to the second prong of the inquiry, the Court in Quon stated that while warrantless searches are per se unreasonable under the Fourth Amendment, there are certain exceptions to that rule.  The “special needs” of the workplace are one such exception.  What is the workplace? In O’Connor, the Court said the workplace “includes those areas and items of the workplace that are related to work and are generally within the employer’s control.” An employer’s warrantless search is reasonable when it is conducted for a “noninvestigatory, work-related purpose,” or for the “investigation of work-related misconduct,” it is “justified at its inception,” and if “measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of ‘the circumstances giving rise to the search.’”

In Quon, the Court found the search was reasonable from its inception because the search was ordered to determine whether the character limit on the City’s contract with the wireless provider was sufficient to meet the City’s needs.  Furthermore, the Court reasoned, because the City reviewed only two month’s worth of text messages–as opposed to all the months in which the police officer had exceeded the character limit– the search was not excessively intrusive.

While the Court kept its analysis in Quon narrow, it seems that the Court nonetheless has given employers a rather broad brush with which to conduct searches of employee’s emails and text messages on employer-provided electronic devices.  An employer could quite easily devise a reason from the inception for a search that would constitute a “noninvestigatory, work-related purpose,” or an investigation of work-related misconduct. As the line between our personal and professional lives becomes more and more blurred (teleworking from home, for example, is quite common), it does not seem reasonable that employers should be able to lawfully seize the personal electronic communications of employees made on employer-provided devices under such opaque guises as “noninvestigatory work-related purposes.”

More troublesome than potential abuses by employers of the ease of establishing a reasonable search, though, is the very issue the Quon court consciously avoided: the parameters of the expectation of privacy employees may have in their electronic communications in the workplace.  Looking at the following cases, it appears that courts are drawing a fine line that deserves attention:
    *    Pure Power Boot Camp v.  Warrior Fitness Boot Camp, 587 F.  Supp.  2d 548 (2008): An employer violated the Stored Communications Act, 18 U.S.C. § 2701 (SCA), when it used on-site work computers to access three personal email accounts belonging to a former employee.  A person violates the SCA if he accesses an electronic communication service, or obtains an electronic communication while it is still in electronic storage, without authorization.

Courts have routinely held that employees have no reasonable expectation or privacy in their workplace computers, when the employer has a policy which clearly informs employees that company computers cannot be used for personal emails, and that they will be monitored. In this case, though, the former employee had not stored any of the emails on his employer’s computers, nor were they sent from or received on the company’s email system or computer. The employer accessed his emails from third-party communication service providers using on-site work computers and utilizing the automatically-saved passwords to gain access.  The Court found the former employee had a reasonable expectation that his personal email accounts, stored on third-party computer systems, and protected by passwords, would be private.

    *    Sitton v.  Print Direction, Inc.,718 S.E.2d 532 (Ga.  Ct.  App.  2011): An employer did not invade the privacy of its employee Sitton when the employer reviewed Sitton’s  emails on his personal laptop which Sitton used in the workplace.  Sitton had connected his personal laptop to the company’s system network, and used his personal laptop for work-related purposes.  When Sitton’s employer discovered he was also using the laptop to compete with the company, the employer entered his office, moved the computer’s mouse, clicked on emails which appeared on the screen, and printed certain of those emails.  These emails were not on the same email address as Sitton’s work email address.

    *    Shefts v. Petrakis, 2012 WL 4049509 (D.  Ill.  Sept.  13, 2012): The employer, Access2Go, owned and provided its employees with an electronic communication system comprised of computers, servers, email accounts, and software, including an email server.  The employee Shefts had an email account provided by Access2Go, and his emails were stored on the company’s server.  Shefts sent six emails from his Access2Go email account to his personal  Yahoo!  email account, some of which his employer discovered contained confidential documents concerning Access2Go’s business.  The court found that Access2Go did not have the power to authorize anyone to access Shefts’s Yahoo! emails, since Access2Go was not the provider of that email service.

Sifting through this technological morass, it seems that whether an employee has a reasonable expectation of privacy in his or her emails depends on whether the employee utilizes his employer’s network system (Sitton: no expectation of privacy where the employer’s network system was used); whether the emails are stored on an email service provided by the employer or a third-party (Shefts: no expectation of privacy where emails are stored on an email service provided by the employer; and Shefts and Pure Power Boot Camp: expectation of privacy where emails were stored on third-party e-mail systems). 

In Quon, the Court assumed without deciding that Quon had a reasonable expectation of privacy in the text messages sent on the pager provided to him by the City.  The Court emphasized a distinction between emails and text messages: “An email sent on a City computer was transmitted through the City’s own data servers, but a text message sent on one of the City’s pagers was transmitted using wireless radio frequencies from an individual pager to a receiving station owned by the [wireless service provider]…[The text message] was routed through [the wireless service provider’s] computer network…The message did not pass through computers owned by the City.”

In Valle, the database he used to get the information on women was the Department’s, and the court sustained his conviction on that charge.

The upshot? If an email or text communication originates from, is received by, or in any way relies upon an employer’s proprietary system, all the employer has to show in order to lawfully seize that communication is a noninvestigatory work-related purpose–a very low bar–or an investigation into work-related misconduct.  Unless you’re an electronic communications guru who is able to follow the routing of electronic communications, it’s probably safer to confine  those misogynistic, cannibalistic fantasies to your home computer or personal cell phone.  We are indeed living in a Brave New World.

By Valerie Chastain