QUON RULING NOT A SIGNIFICANT OBSTACLE TO EMPLOYERS' ACCESSING TEXT MESSAGES

Posted on June 20, 2008 by Philip Gordon

The Los Angeles Times reported on June 19, 2008, that the Ninth Circuit’s decision in Quon v. Arch Wireless Operating Co., “sharply limited the ability of employers to obtain e-mails and text messages sent by employees on company-financed accounts.” And many major news outlets echoed this sentiment: "Court Rules Employee Text Messages Are Private," "SF Court Protects Privacy of Work Communications," "Stop Snooping on Email, Court Tells Some Nosy Bosses." However, the assertion of the LA Times reporter, while literally true, is pure hyperbole when viewed in the context of a real-world workplace.

The Ninth Circuit ruled in Quon that a text-message provider, Arch Wireless, violated the federal Stored Communications Act (the “Act”) by disclosing to the City of Ontario Police Department sexually explicit text messages sent by Sgt. Quon using a City-issued text-message pager, even though the City was the subscriber on the service contract. The Court explained that the Act prohibits providers of an “electronic communication service” — Internet Service Providers (ISPs) and text messages services, for example — from disclosing stored e-mail or text messages without the consent of the sender or recipient. At first blush, this ruling appears to present a dramatic shift in the balance of power between employers and employees in the spy vs. spy world of workplace monitoring.

Not so fast: Employers can easily and lawfully circumvent the Court’s ruling. Employers, for example, can prohibit employees from conducting any company business other than over the corporate network, and they can limit company-issued electronic devices to those, such as a Blackberry, that can be configured to route all communications through the corporate network. Notably, the Ninth Circuit’s decision expressly reaffirmed the well established rule that employers can defeat an employee’s expectation of privacy by distributing a policy unambiguously stating that employees communications using corporate resources will be monitored and are not private.

Of course, many employers in today’s world do provide cell phones with text-message capability. That does not mean that employees now can text with impunity. The Ninth Circuit’s decision addresses only access to the content of text messages stored at the provider. The decision imposes no limit on an employer’s obtaining transactional data, such as number of characters used, number of messages sent, or cost of service.

In any event, employers who think they may want to review their employees’ text messages need only condition payment for the cell phone, or for the service, on the employee’s giving written consent to the provider to disclose text messages to the employer; employees who don’t give consent and wish to keep their text messages private would have to pay for the service out of their own pocket. How many employees will be willing to pay $100 or more monthly to be able to send dirty text messages (especially with gas at $4 per gallon)?

There is yet another solution for employers. The Ninth Circuit’s ruling imposes no restriction on an employer’s review of text messages stored on company-issued cell phones. As long as the employer’s electronic resources policy notifies employees that text messages will be searched, the Ninth Circuit’s ruling actually can be used to defeat any privacy-based claim by an employee based upon such a review. In addition, as computer forensic capabilities improve and cell phone memory chips expand, these types of cell phone examinations could easily become routine.

The case is a cautionary tale on another point. The Ninth Circuit also addressed the question whether the City violated Sgt. Quon’s privacy expectations by reviewing his text messages after receiving them from Arch Wireless. On this point, the court noted (as I mentioned above) that in the normal course, the City’s “Computer Use, Internet and E-Mail Policy” would have defeated Sgt. Quon’s privacy-based claim. However, the police lieutenant responsible for overseeing the City’s text-message program had established an informal policy, communicated orally to Sgt. Quon, that the City would not read an officer’s text messages to determine whether they were personal or business-related so long as the officer paid for any over charges. The Ninth Circuit ruled that Sgt. Quon reasonably relied on this informal policy when he sent personal text messages using his City-issued pager, believing that the messages would remain private. Even though the City is a public employer, this holding is most likely is transferable to the private workplace.

Bottom line #1: Employers first need to evaluate whether reviewing messages stored with a service provider is in the employer’s interest. Corporate culture or potential employee rebellion potentially are significant countervailing factors. If the interest is strong enough, then the employer can execute any of the strategies described above to meet those objectives.

Bottom line #2: Instruct your IT personnel and others responsible for workplace monitoring not to make representations to employees that your business’ electronic resources policy will not be followed. Consider modifying your electronic resources policy to state that it can not be modified except by a written communication by a senior executive.

Tags: , , , , , , , , , ,

Employers' Efforts To Combat Cybersmear Hit The First Amendment Shield

Posted on February 19, 2008 by Philip Gordon

The balance of power has shifted. In the “old days” -- before the Internet explosion -- a disgruntled current or former employee did not have many outlets. She might complain to a spouse, a cadre of sympathetic co-workers or a union representative. But her employer had little fear that her scalding criticism of her direct report, the company’s business strategy or senior management would be front-page news or fodder for radio talk shows.

In today’s world of blogs, personal Web pages, chat rooms, and message boards, that dynamic has been flipped. Employees — and particularly terminated, former employees — are venomously trashing their employers in cyberspace, where anyone who wants to “tell all” can speak freely. Employers have been left desperately searching for the answer to one simple question: “How can I shut that guy up?”

A decision published by the California Court of Appeal earlier this month, Krinsky v. Doe 6, highlights one of the major obstacles to squelching these silicon diatribes, often referred to as “cybersmear.” Who do you shut down? Most current and former employees venting on the Web are cagey enough to hide behind anonymity or veiled identity. In Krinsky, for example, the offending poster dubbed the plaintiff, a departing senior executive, “boobs” and said that he would “reciprocate felatoin [sic] with [her] even though she has fat thighs, a fake medical degree, 'queefs' and ... poor feminine hygiene” but, for obvious reasons, did not take personal responsibility for this juvenile comment.

The Krinsky plaintiff, like other business people on the receiving end of an anonymous or pseudonymous diatribe, are left knocking on the typically sealed door of the Internet Service Provider (ISP) that hosts the server where the post resides. The ISPs, fulfilling assurances of confidentiality in their subscriber agreement or complying with obligations imposed by the Stored Communications Act, typically will disclose the identity of an anonymous or pseudonymous user posting content only in response to a subpoena or court order. The ISP also typically will put its subscriber on notice that a subpoena has been served to give the subscriber an opportunity to ask the issuing court to quash the subpoena.

No matter how obnoxious their posting, current and former employees who speak anonymously or pseudonymously on the Web arrive in court with the upper hand; they are cloaked in the protective garb of the First Amendment. The First Amendment does not protect cybersmearing employees from being terminated (albeit anti-retaliation statutes and other statutes might, depending upon the content of the post). Rather, the First Amendment restricts the power of the judiciary to issue a speech-squelching injunction.

In Krinsky, the Court announced a new test applicable in California (where many Silicon Valley-spawned ISPs happen to be located) for deciding whether a subpoena seeking to uncover the identity of an allegedly libelous poster should be quashed. The defamation plaintiff must (a) show that she tried to notify the anonymous or pseudonymous poster of the subpoena — for example, by posting a notice on the blog where the cybersmear appeared, and (b) establish a prima facie case of defamation.

In most circumstances, Point (b) means the target of the cybersmear must establish that the libelous statement is factual (as opposed to non-actionable opinion) and that the libel damaged the plaintiff, e.g., caused plaintiff to lose her job or damaged a customer relationship. These standards can be difficult to satisfy. In Krinsky, for example, the court held that the cybersmear fell “into the category of crude, satirical hyperbole which, while reflecting the immaturity of the speaker, constitute[s] protected opinion under the First Amendment.” Even if a plaintiff, like Krinsky, is the target of an outright factual lie, she often will find it difficult, if not impossible, to link any economic loss to what most likely is a relatively obscure Internet post.

Krinsky teaches that in most cases the target of cybersmear is better off turning the proverbial other cheek (or finding a padded room in which to vent) than resorting to the court system for relief. Eventually, the scurrilous diatribe will be washed away in the muck of self-expression that fills the Web.

Tags: , , ,