Tuesday, May 18, 2010

.

Expectation of privacy?

A few weeks ago, the U.S. Supreme Court heard arguments in a privacy-rights case: a police officer had a pager issued to him by the police department. He used the pager for official business, but he also used it for personal messages — some very personal. Wisdom would advise against that, but being unwise is often not against company policy.

In this case, though, the department decided to audit the use of the pagers, to determine whether they had chosen the correct payment plan for the number of work-related messages used. They got a dump of the messages.

The officer sued, claiming a privacy breach — he did not want his hot-sex messages to be read by his bosses, if you can imagine that. The Ninth Circuit Court of Appeals agreed that the department, which owned and provided the pagers, violated his privacy by reading his messages. He had, they held, an expectation of privacy in the use of the pager.

Normally, you do not have an expectation of privacy if you use company equipment for personal messages or activities. Not, as we say, on company time or furniture. In this case, though, a boss, a lieutenant, said that as long as they paid for their personal messages, the messages would not be read, and it’s that statement that turned it for the Ninth Circuit Court.

The New York Times agrees, in an editorial about the case.

The Ninth Circuit was correct. Sergeant Quon had a reasonable expectation that his messages were private. Under the Fourth Amendment, the city had a duty to seek less-intrusive methods of searching, and as the court noted, those methods were available. The City of Ontario could have had Sergeant Quon and others request the transcripts and allowed them to redact anything personal.

The Supreme Court should affirm the appellate court’s well-reasoned decision. If it rules for the city, it should do so in a narrow way, closely tied to the specific facts of this case.

Courts across the country have been unclear about what privacy rights apply to e-mail and texting, which are fast eclipsing postal mail and conventional telephones. The Supreme Court should make clear that the Fourth Amendment’s robust privacy protections apply just as robustly to 21st-century communication.

I agree with the Times in its final paragraph: searches of our personal effects, which are controlled by the Fourth Amendment, must also include searches of our electronic media, files, and messages. This is absolutely clear. We must be secure in our electronics, as well as being secure in our persons, houses, papers, and effects.

I’m less comfortable agreeing with the two previous paragraphs. The Ninth Circuit Court is probably right in this case, but only because “the lieutenant was speaking for the department” when he said that the employees’ messages would not be read. He established an expectation of privacy that would not normally be there in the case of employees using company equipment.

While it’s certainly true that the department could have used less-intrusive methods that could have accommodated the employees’ privacy, and while a kind employer might choose to do so, they should be under no obligation in that regard. If the courts give employees free rein to use company resources for personal purposes, and hold employers liable for privacy leaks, then employers will have good reason to lock down their equipment and use technology to prevent such use. And there be dragons; that serves no one well.

The better answer is to allow employers and employees to strike a happy medium, wherein employees can make personal use of company equipment, but must do it with circumspection, realizing that what they do on equipment they do not own is not completely private — that the privacy serves at the pleasure of the employer. With that, they can all find a reasonable middle ground.

To alter the Times’ penultimate paragraph, I can agree that the Supreme Court should affirm the appellate court’s decision, but that it should do so, ruling against the city, only in a narrow way, closely tied to the specific facts of this case. The general situation should be that employees not have an expectation of privacy when using their employers’ computers, networks, and other 21st-century technology.

1 comment:

Brent said...

http://dilbert.com/fast/2010-05-06