Mailer Daemon: unable to deliver message judicial confusion in the domain of e-mail monitoring in the private workplace.

• Author: Ebert, Rebecca
• Position: Report

1. INTRODUCTION

   American employees have long been deluded as to the depth of privacy protection in the United States. The common perception is that privacy is a fundamental right. (1) The truth is that the right to be let alone is a modern invention: an 1890 Harvard Law Review article initiated the modern day torts of privacy. (2) The privacy tort of intrusion upon seclusion was often relied upon as a common law basis of protection for wronged private employees in the pre-technological boom era. (3) Despite the growing awareness of the need for privacy protection in this country, close to 78% of employers are practicing intrusive electronic monitoring techniques. (4) Employee privacy protections in the workplace under intrusion upon seclusion are being narrowed by the almost complete rejection of plaintiff claims against private employers for monitoring electronic communications. (5) The rules for private employees and those for public employees have developed independently of one another. (6) Based upon which sector the employee works in, the laws are different, the protections are different and the judicial standards are different. Courts were able to keep this relatively clear in the past (when electronic communications were harder to monitor), but with the introduction of e-mail, virtually unrestrained e-mail monitoring and the numerous civil cases that have developed from that monitoring, many judges seem to be confused as to which standard to apply. (7) Of the cases reviewed in this paper, no court applied the correct standard by which to find an intrusion upon seclusion in the private workplace. (8) The courts in these cases looked at the invasion under the light of whether or not there existed a reasonable expectation of privacy, the test for the Fourth Amendment, available only for invasions by the state, not invasions by a private employer. (9) The correct test, whether the intrusion is highly offensive to the reasonable person, would possibly render a very different result. (10) Judicial confusion is leaving employees (who have brought suit in civil court under the common law) with virtually no protection against employers who monitor their electronic communications. (11) Courts are decreasing the amount of protection available to American employees because electronic communications are so prevalent and easily scrutinized. Courts are concluding that ease of access should somehow translate into an employee having no reasonable expectation of privacy. (12) Intrusion upon seclusion must be reexamined and possibly reapplied to reflect the impact of Internet access and e-mail use in the workplace. (13)

   Part II first reviews the private/public employee privacy protection dichotomy. It then reviews the Federal statutory provision regarding interception of electronic communications and the Fourth Amendment protections for public employees. Part II further explores the history and charts the growth of the common law right to privacy and the tort of intrusion upon seclusion and examines the tort's application across other workplace-related intrusions. It also briefly chronicles the rise of advanced network technology in business, up to current day standards. Part II will show that the Fourth

   Amendment legal standard of a reasonable expectation to privacy is being applied to private cases. Part III attempts to analogize e-mail to phones and traditional postal mail to prove that e-mail requires a different level of scrutiny in invasion of privacy cases. Further, Part III considers the high level of judicial confusion involved in decisions on e-mail intrusion upon seclusion cases. Part III takes into consideration the ever-changing workplace and proposes an appropriate common law model by which to adjudicate intrusion cases in the workplace and what the elemental test should reflect. This paper concludes that, in an invasion of privacy context, more protection of e-mail and other types of electronic communication is necessary to advance the level of privacy protection in the private workplace.

2. BACKGROUND

   1. The Public/Private Dichotomy

      The extent of privacy protection in the workplace afforded to an employee depends upon whether or not they work for the government or in the private sector. (14) State action is required before a citizen can invoke a constitutional right, which operates primarily to protect citizens from the government. (15) The actions of a governmental employer may be defined as "state actions." (16) Private employer actions rarely constitute state action because the behavior of private citizens and corporations is not generally controlled by the Constitution. (17) Because of the private/public distinction, public employees may utilize federal statutory and federal and state constitutional rights, where private employees are essentially afforded only common law protection and only limited state and federal statutory protection. (18)

   2. Federal Statutory Protections for Private and Public Employees

      The statutory backdrop for protection of electronic communications is set forth in the Electronic Communications Privacy Act of 1986 ("ECPA"). (19) The EPCA was an amendment to Title III of the Crime Control and Safe Streets Act of 1968, commonly referred to as the Federal Wiretap Act. (20) The ECPA was enacted to update the protection of citizens' civil liberties to recognize the impact of developing technologies. (21) The EPCA makes illegal the interception of both oral and electronic communications. (22)

      The EPCA offers employers three methods of exemption from the employee protection offered by the Act: prior consent, business use, and system provider. (23) The prior consent exemption provides that interception of electronic communication is allowed when one party to the communication has given prior consent. (24) The business use exemption requires that the interception be made in the "ordinary course of business." (25) The system provider exemption is available to employers who provide their own company e-mail system. (26) The ECPA has been proved to provide some protection for public sector employees against employer intrusions, specifically when the monitoring invades into an employee's private life. (27) For the private employee, these exemptions essentially cancel out any possible federal protection for private employees from invasions of privacy by their employers.

      In McVeigh v. Cohen, (28) America Online ("AOL") provided the United States Navy with subscriber information about Senior Chief Timothy McVeigh (no relation to the Oklahoma bombing defendant), an AOL user. (29) The AOL account was McVeigh's private account. (30) The Navy used the information about McVeigh to fire him under "Don't Ask, Don't Tell" after he had sent an e-mail to a crew member's wife regarding a toy-drive she was running for a children's charity. (31) McVeigh had used the alias name "boysrch" in his e-mail, prompting the woman to look it up in the AOL directory and report it; the information eventually reached the Judge Advocate General's (JAG) office. (32)

      The JAG investigator contacted AOL and, without identifying himself as a representative of the government, requested the subscriber information that identified McVeigh as the holder of the e-mail alias "boysrch." (33) Citing harm to McVeigh and the public interest in privacy, the court issued an injunction permitting McVeigh to remain in active service. (34) McVeigh is an important case because it provides a limit to employer monitoring of electronic communications by the Federal government. If this were a case between a private employer and their employee, however, the ECPA would be virtually useless due to the many exemptions provided to private employers. (35) The ECPA was a successful tool for the employee in McVeigh in part because of the patently discriminatory and invasive behavior of the Navy officers involved. (36)

      Moreover, the ECPA is not always successful against government employers. (37) In Bohach v. City of Reno, two police officers tried to stop an investigation into the contents of electronic messages sent between them on the police department's pager system. (38) The Bohach court found, because a department computer stored the messages for any period of time, regardless of whether it was temporary, intermediate or incidental to an impending electronic transmission, it was an electronic storage. (39) The court further held that " an 'electronic communication,' by definition, cannot be 'intercepted' when it is in 'electronic storage,' because only 'communications' can be 'intercepted.'" (40) Furthermore, the Bohach court found that the police department, as system provider, was free to access stored electronic messages as it pleased because of the service provider exception to the ECPA. (41) The Bohach decision is an example of when the ECPA protections fail government employees. More often than not, the ECPA is effective device for public employees to use to redress an employer invasion into their electronic communications. (42) The ECPA is just one of the ways that public sector employees may seek protection and redress from invasions of privacy committed by their employers. (43) Public sector employees may also seek protection under the Fourth Amendment. (44)

   3. Fourth Amendment Protections for Public Employees

      Like many private employers, the Federal Government has established a goal of providing e-mail access to every federal agency and promotes e-mail as a preferred method of conducting business. (45) Public employees have some redress in the ECPA, (46) but the Fourth Amendment also protects them from unlawful search and seizure. (47)

      In order to invoke the Fourth Amendment, an employee must have a "reasonable expectation of privacy" in the subject of the search or seizure to invoke the Constitution's protections. (48) The reasonable expectation of privacy test has two elements: "first that a person [has] exhibited an actual...