The private workplace and the proposed "Notice of Electronic Monitoring Act": Is "notice" enough?

• Author: Watson, Nathan

1. INTRODUCTION

   On July 20, 2000, an interesting mix of federal legislators proposed legislation that would affect monitoring of employee communications and computer usage in the workplace. Representatives Charles Canady (R.-Fla.) and Bob Barr (R.-Ga.) introduced the Notice of Electronic Monitoring Act (NEMA) in the House of Representatives, and Senator Charles E. Schumer (D.-N.Y.) introduced it in the Senate. (1) Had it passed, NEMA would have required employers to notify their employees if they wished to conduct surveillance of their employees' electronic mail ("e-mail") or other electronic communications. (2) The bill would have required the prior notice to include the form of communication that would have been monitored, the means by which monitoring would have taken place, the type of information that would have been obtained, the frequency of monitoring, and the intended use of the obtained information. (3)

   Unfortunately, employer groups succeeded in getting the Judiciary Committee to pull the bill from further consideration. (4) They cited a potential increase in litigation and more work for human resources professionals in complying with NEMA. (5) The bill also languished in the Senate. (6) It is possible, however, that the bill will be reintroduced in both houses of Congress in the near future. (7)

   Hopefully the bill will be reintroduced, because the monitoring of workplace e-mail is an issue that needs to be addressed. Union and employee advocacy groups have complained about electronic monitoring, contending that such practices are an invasion of privacy, cause work-related stress and low morale, and can be used in an unfair manner. (8) And while public employees may be protected to some degree under the Constitution from such invasions of privacy, private employees can not rely on such protection. (9) Private employees must look elsewhere to find protection, such as state law or even the federal wiretapping statute. The effect of these alternatives on electronic monitoring is ambiguous. This ambiguity needs to be addressed now through a clear standard, so employers are able to install policies without fear of litigation. This will also allow employees to know their rights and what is expected of them at the workplace. NEMA, through its notice requirement, sets a clear standard and marks a fine compromise between employer and employee interests.

   This Note argues that NEMA should be adopted, since it would improve the current state of affairs relating to electronic surveillance in the workplace. The Note asserts that NEMA will positively benefit both employers and employees by establishing a "bright line" that takes into consideration both parties' interests. Part II addresses the current state of the law regarding electronic monitoring, with a focus on e-mail. Part III discusses NEMA and addresses the arguments for and against it. Finally, Part IV argues that the current version of NEMA is satisfactory and should be enacted into law.

2. DEVELOPMENT OF THE LAW RELATING TO ELECTRONIC MONITORING

   The advent of the Internet has revolutionized the workplace. In particular, the ability to send e-mail has benefited companies and employees alike. In a poll of more than 1,000 employees conducted by Vault.com, "80 percent said e-mail has replaced `snail mail' [regular mail] for the majority of their business correspondence, 72.5 percent said it has replaced faxing, and 45 percent said it has replaced phone calls." (10) Vault.com estimates that forty million users will send sixty billion e-mail messages per year. (11)

   E-mail is generally speedy and easy to use for those who have access to it. These positive attributes are not without negative side effects, however. Since e-mail is readily available in most workplaces, some employees may use it for matters unrelated to their jobs, such as for sending personal messages. Employers may have several concerns about personal use of their computer resources, including potential liability to other employees or third parties, disclosure of sensitive information, and waste of time and resources. A recent example of this problem is the case of "Brad," an attorney at a prestigious London law firm who gained unwanted Internet notoriety after forwarding an e-mail he had received from his friend Claire which complimented his "sexual prowess." (12) The e-mail, initially sent to four male friends of Brad, ended up being forwarded to computer users around the world. (13)

   Due to incidents such as these, many employers are interested in how employees are using their computers on company time. According to a survey from the American Management Association, forty-five percent of U.S. firms monitor their workers' electronic communications, including e-mail, voice mail, and Internet use. (14) Monitoring software has become more advanced, allowing employers to record every word of an e-mail message or to monitor Internet surfing. (15)

   Of course, monitoring comes at the expense of an employee's privacy. Critics of electronic monitoring claim that it leads to "increased levels of stress, decreased job satisfaction and quality of work life, decreased levels of customer service and poor quality." (16) These criticisms have led to a national debate over whether employer computer surveillance is proper. The current state of the law favors the employer side of the debate. For example, the federal statute regulating wiretapping has been interpreted to cover e-mail, but it is riddled with exceptions that allow electronic monitoring in the private workplace. (17) Most courts have not been sympathetic to employees' claims for invasion of privacy, holding that there is not enough of a privacy interest to justify such claims. Why the federal wiretapping statute and the invasion of privacy claims do not provide protection for employees are discussed below.

   1. Electronic Communications Privacy Act of 1986

      Congress first attempted to deal with new privacy issues resulting from advances in technology with the Electronic Communications Privacy Act of 1986 (ECPA). (18) The ECPA, among other things, amended the Omnibus Crime Control and Safe Streets Act of 1968 "to protect against the unauthorized interception of electronic communications." (19) Congress adopted the ECPA to bring the federal criminal law "in line with technological developments and changes in the structure of the telecommunications industry." (20)

      The ECPA first amended the Act by proscribing the interception of "electronic communication," as well as wire and oral communications. (21) The term "electronic communication" certainly includes e-mail. Even though e-mail is not mentioned in the text of the ECPA, the Act defines "electronic communication" as "any transfer of ... data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photo-optical system that affects interstate or foreign commerce...." (22) This definition would definitely include e-mail. Also, the legislative history of the ECPA indicates that e-mail is covered by the statute. (23)

      Courts are split, however, on what an "interception" means in regard to electronic communications. Some courts have determined that an interception under this provision means only the interception of e-mail in route to the receiver, which can be a span of milliseconds. For example, in Steve Jackson Games, Inc. v. United States Secret Service, (24) the Secret Service seized a computer from the plaintiffs pursuant to a warrant. Plaintiffs used the computer to operate an electronic bulletin board service ("BBS"), from which users could send and receive private e-mail. (25) The court found that, evidently, the Secret Service agents read the private e-mail stored on the BBS. (26) The plaintiffs sued the Secret Service under Title I of the ECPA, claiming that the reading of e-mail sent to a BBS, but not yet retrieved by the recipient, was an interception under the statute. (27) The court found otherwise, holding that interceptions did not apply to electronic communications in electronic storage. (28) Since the e-mail at issue was in electronic storage, the ECPA did not apply. Other courts have also adopted this narrow view of interception under the ECPA. (29)

      In Konop v. Hawaiian Airlines, (30) however, the Ninth Circuit rejected Jackson. In this case, plaintiff Konop was a pilot for defendant Hawaiian Airlines. Plaintiff maintained a Web site criticizing the defendant, which could only be accessed with a username and password provided by plaintiff himself. After the employer accessed the site using the username and password of another pilot, plaintiff sued under the Wiretap Act. The court first noted that "[i]f interception requires that acquisition and transmission occur contemporaneously, then unauthorized downloading of information stored on a web server cannot be interception." (31) Instead of accepting this rule, however, the court rejected the need for simultaneous acquisition and transmission, and held instead that "the Wiretap Act protects electronic communications from interception when stored to the same extent as when in transit." (32)

      Even if e-mail was intercepted under the Wiretap Act, there are several exceptions that might allow an employer to monitor e-mails without authorization. First, section 2511(2)(a)(i) of the ECPA allows a provider of "electronic communication service ... to intercept ... [a] communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service." (33) For example, employers can use this provision to argue that monitoring is necessary to prevent excessive personal use of the system. (34)

      Second, section 2510(5)(a) allows a network provider to intercept an electronic communication on a device furnished to the user by a provider of...