Supreme Court Rules on the Privacy of Text Messages

Sort of.

The Supreme Court issued its ruling in Ontario v. Quon regarding a police chief reviewing the content of a police officer’s text messages with consent or a warrant. Many commenters hoped that the Court would issue a broad statement on an employee’s privacy rights in this age of cloud computing and web 2.0.

The Court chose to rule on very narrow grounds and not address the electronic privacy issue:

“A broad holding concerning employees’ privacy expectations vis-à-vis employer-provided technological equipment might have implications for future cases that cannot be predicted. It is preferable to dispose of this case on narrower grounds.”

The Justices were hesitant to jump into the battle about electronic privacy:

“The Court must proceed with care when considering the whole concept of privacy expectations in communications made on electronic equipment owned by a government employer. The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.

Prudence counsels caution before the facts in the instant case are used to establish far-reaching premises that define the existence, and extent, of privacy expectations enjoyed by employees when using employer-provided communication devices. Rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior.”

Instead, the Justices looked narrowly as the special situation of the government as an employer.  Since its the government, the Fourth Amendment’s protection against warrantless searches comes into play. (This is not applicable for a private employer.)  The standard  is that

“when conducted for a “non-investigatory, work-related purpos[e]”or for the “investigatio[n] of work-related misconduct,” a government employer’s warrantless search is reasonable if it is “‘justified at its inception’” and if “‘the measures adopted are reasonably related to the objectives of thesearch and not excessively intrusive in light of’” the circumstances giving rise to the search.”

Even if a government employee could assume some level of privacy in their messages, it would not have been reasonable for them to conclude that his messages were in all circumstances immune from scrutiny by the government employer.

Sources:

Quon Roundup on Employee Computer Privacy

Lots of discussion about the Quon case focused on the lack of technology expertise by the Justices on the Supreme Court. Actually, most people labeled them as Luddites. DC Dicta even claims that Chief Justice Roberts writes his opinions in long hand with pen and paper.

This issue that I am hoping to see addressed is how a stated policy on the use of a company’s hardware and network can be enforced in light of an employee’s expectations of privacy.

I doubt that issue will be addressed directly. The Quon case involves a government employee so the discussion of the issue will likely focus on the Fourth Amendment protection. These protections are largely irrelevant for private employees.

Even if the Justices avoid the Fourth Amendment issues, they may decide the case under the Stored Communications Act. That’s a rather boring and technical law. It’s also largely irrelevant to the use of a company’s hardware and network. Although it may provide some insight for the use of cloud computing and web 2.0 site.

The United States Government, through the arguments of Neal K. Katyal, Deputy Solicitor General, seemed to ask the Court to adopt a bright-line rule that a company can trump the reasonableness of any employee’s expectation of privacy by issuing a policy that employees have no privacy in communications when using the company-provided hardware or network.

The Justices seemed fairly skeptical of that kind of bright-line rule in their questions of Mr. Katyal.

The problem is that tightly crafting laws to specifically address the use of particular communication technologies will fail. In the current environment, the technological advances in communications is moving much faster than the cogs of  bureaucracy in crafting regulations. The Supreme Court (well, at least Justice Alito) recognized that the expectations of privacy with new communication are in flux.

“There isn’t a well-established understanding about what is private and what isn’t private. It’s a little different from putting garbage out in front of your house, which has happened for a long time.”

The ruling in the case is expected sometime June at the end of the Supreme Court’s term. It’s certainly something for compliance professionals to keep an eye on.

Sources:

Image of P2000 Pager.JPG is by Kevster

Supreme Court to Hear Case on Employer Access to Worker Messages

supreme court

How much privacy do workers have when they send text messages from company accounts?

Users of text-messaging services “have a reasonable expectation of privacy” regarding messages stored on the service provider’s network, 9th Circuit Judge Kim Wardlaw said in Quon v. Arch Wireless Operating Company, Inc., 529 F.3d 892 (9th Cir. 2008).

In that case the court found that a police department had violated the Fourth Amendment and state constitutional rights of employees and the people they exchanged text messages with, when they reviewed “personal” text messages created on devices owned and issued by the police department. It also found that the text messaging provider, Arch Wireless, violated the Stored Communications Act (SCA), 18 U.S.C. §§2701-2711, by providing transcripts of these messages to the employer.

Supreme Court

The U.S. Supreme Court agreed to hear an appeal of the case: City of Ontario, California, et al., Petitioners v. Jeff Quon, et al. (08-1332). The Justices could add some new law to the ability of companies to monitor and access their employees’ use of a company’s computer system.

Limitations

Although it sounds interesting, the case has some limitations that will likely make the decision underwhelming. The employees at issue are government employees, so the Constitution is implicated. You don’t have this issue with private employees. Second, the governmental employer accessed the information from the third party provider of the text-messaging system. The information was not on the government’s computer system itself. Third, the governmental employer did not have a clear policy on the use of the equipment and whether the messages were private or accessible by the government employer.

Background

The case originated when police officers claimed thier rights were violated when messages on department devices were read by their chief. Quon and the other officers had signed a statement declaring “users should have no expectation of privacy or confidentiality” when using devices furnished by the city. But shortly after text pagers were distributed, the officers were told by a supervisor they could use them to send messages, as long as they paid for messages that exceeded the monthly limit. It was understood that some of these messages would be personal and unrelated to police work. When the police chief learned that some officers were regularly exceeding the monthly limit, he asked for an audit and read the messages.

After Quon and the other officers learned their messages had been read, they sued. They lost in the Los Angeles Federal District Court, but won in front of the 9th Circuit.

References:

Policies for Private Use of Company Computer Systems and Mobile Devices

edward_angell_logoMark E. Schreiber and Barbara A. Lee published an article on the New Liabilities and Policies for Incidental Private Use of Company Electronic Systems and PDAs.

The discussion in the article comes from the decision in Quon v. Arch Wireless Operating Company, Inc., 529 F.3d 892 (9th Cir. 2008). In that case the court found that a police department had violated the Fourth Amendment and state constitutional rights of employees and the people they exchanged text messages with, when they reviewed “personal” text messages created on devices owned and issued by the police department. It also found that the text messaging provider, Arch Wireless, violated the Stored Communications Act (SCA), 18 U.S.C. §§2701-2711, by providing transcripts of these messages to the employer.

The authors point out that the decision in Quon deals with constitutional questions involving government employees.  The same positions may not be true for non-government employees.  But there are still lessons to be learned:

  • Policies regarding employee use of email, internet access, and mobile devices should be clear that employees have no expectation of privacy
  • Policies should make it clear that employees can expect their use of computer systems and devices, including personal use and messages, to be subject to monitoring and access by the employer with or without notice.
  • Carefully draft service agreements to comply in advance with the SCA and other wiretap type statutes with “consent” language.
  • Update subpoena and document response policies and protocols to comply with the SCA and,  if the company operates internationally, foreign laws.