Privacy Rights of Employees Using Workplace Computers In California

Send to PrinterSend to Printer

Copyright © 2000-2014
Privacy Rights Clearinghouse
Posted January 1, 2000

By John S. Caragozian and Donald E. Warner Jr.
Attorneys at Law
1900 Avenue of the Stars, Suite 1750
Los Angeles, California 90067
Telephone:  (310) 843-9338
FAX:  (310) 843-0438


Employers and employees are concerned about computers in the workplace.  Employers worry that employees waste time, such as by chatting or shopping on-line. [1]   Employers worry too that employees create liability by viewing and circulating pornographic, racist, or other improper material.

 Employees worry about their privacy.  Software, like Specter, SurfWatch, Eblaster, Telemate, Message Inspector, Silent Watch, Websense, Little Brother, and WinWhatWhere, allows the computer owner to monitor computer use. [2]   Some software allows the owner to check users' e-mail and Web destinations; some also allows viewing of entire e-mail messages, Web images, and word processing documents.  Moreover, most of this software can be installed without alerting the computer user. [3]

 The press has reported that employees have no privacy rights whatsoever when using their employers' computers and that employers can spy at will. [4]

 Actually, employees as well as employers may have rights.  However, ascertaining these rights and identifying the as-yet unresolved questions requires a careful reading of statutes, case law, and other authorities, much of which is out-dated and thin.


 A.     Title III:  Basic Prohibitions

 Title III of the Omnibus Crime Control And Safe Streets Act Of 1968 ("Title III") originally addressed the interception of "wire communications" (i.e., telephone calls). [5]   With the growth of computer communications, Congress amended Title III by Title I of the Electronic Communications Privacy Act Of 1986 ("ECPA"). [6]   Title III now defines an "electronic communication" as:

any transfer of signs, signals, writing, images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo-electric or photo-optical system that affects interstate . . . commerce, but does not include . . . any wire . . . communication . . . . [7]  

Under Title III, it generally is illegal for any "person" to "internationally intercept[]" the "contents" of any "wire . . . or electronic communication" and to disclose or use any illegally intercepted communication. [8]   Unfortunately, neither Title III nor the case law usefully distinguishes "content" from non-content in the workplace. [9]   For example, no authority specifies whether the addresses of Web sites visited by individuals are "content" and, accordingly, whether monitoring Web addresses only is illegal. [10]

B. Title III: Consequences And Remedies

A Title III violation is a felony, punishable by five years' imprisonment. [11]

Also, an aggrieved "person" has a private right of action for, inter alia, (i) the greater of actual or statutory damages (which, in turn, are "the greater of $100 . . . for each day of violation or $10,000"), (ii) punitive damages, and (iii) attorneys' fees. [12]

Title III has an exclusionary rule for illegally intercepted "wire communications," [13] but not for illegally intercepted "electronic communications." [14]   Indeed, it appears that courts are barred from excluding evidence obtained through illegally intercepted electronic communications. [15]

 C.     Title III:  Application

Plainly read, Title III's definition of "electronic communication" includes e-mail and Internet use.  The legislative history and case law are in accord. [16]

However, the Title III definition contains a major hole:  "electronic communications" do not include such communications in electronic storage. [17]   In Steve Jackson Games, Inc. v. United States Secret Service, [18] plaintiff Steve Jackson Games, Inc. ("SJGI") had an electronic bulletin board which "offered customers the ability to send and receive private E-mail.  Private E-mail was stored . . . temporarily until the addressees 'called' . . . (using their computers and modems) and read their mail."  Defendant United States Secret Service read "162 items of unread, private E-mail." [19]

SJGI sued.  The District Court entered judgment for the Secret Service on SJGI's Title III claims, because the e-mail was not acquired by the Secret Service "contemporaneous with the transmission of these communications." [20]

The Fifth Circuit Court Of Appeals affirmed:  "[U]nlike the definition of 'wire communication,' the definition of 'electronic communication' does not include electronic storage of such communications." [21]

Likewise, in Bohach v. City of Reno, [22] the city's police department had an "Alphapage" system.  A police officer could communicate with another officer by typing on a keyboard connected to a computer.  The police chief had "warned all users" that "every message is logged on the network."  However, the chief had not warned officers that messages were automatically stored, and it was "unclear" what officers understood. [23]

The city retrieved old, stored messages for use in an internal affairs proceeding.  Citing Title III, two officers moved to enjoin such use.  The District Court denied the motion:

[A]ll messages are recorded and stored not because anyone is "tapping" the system, but simply because that's how the system works.  It is an integral part of the technology . . . .  E-mail messages are, by definition, stored in a routing computer.

*     *     *

An electronic communication may be put into electronic storage, but the storage is not itself part of the communication.  The statutes therefore distinguish the "interception" of an electronic communication at the time of transmission from the retrieval of such a communication after it has been put into "electronic storage." [24]

 That Title III does not prohibit access to or use of stored electronic communications probably minimizes (or even eliminates) Title III's effect on employees' e-mail.  Most standard e-mail programs automatically store all incoming and outgoing e-mail. [25]   If the employer obtains e-mail via such storage instead of via separate surveillance software, then--per Steve Jackson Games and Bohach--no Title III liability is triggered. [26]

(By contrast, Title III treats stored voicemails as "wire communications." [27]   Thus, stored voicemails may not be intercepted any more than live telephone calls, and illegally intercepted voicemails are to be excluded from evidence. [28] )

 D.     Title III:  Exceptions

Title III has numerous exceptions.  In the workplace, two are most often cited.  The first exception is "consent" (or, more properly, "one-party consent"):  "a party to the communication" may intercept and may give "prior consent" to intercept, even when the other party is unaware of the interception. [29]   This one-party consent need not be express and may be implied from "surrounding circumstances," including knowledge of the interception. [30]

 The second exception, which is often termed the "ordinary course of business" exception, allows the use of:

 any telephone or telegraph instrument, equipment, or facility, or any component thereof, (i) furnished to the . . . user by a provider of wire or electronic communication service in the ordinary course of its business . . . or (ii) being used by a provider of wire or electronic service in the ordinary course of its business. [31]

 These two exceptions have been narrowed by case law.  While the following cases illustrate employers' interception of telephone calls, the holdings should also apply to electronic communications (subject to the "content" and "storage" issues discussed above).

In Watkins v. L. M. Berry & Co., [32] defendant Berry Co. employed plaintiff Carmie Watkins to sell advertising by telephone from Berry Co.'s office.  Berry Co. had "an established policy, of which all employees are informed, of monitoring all solicitation calls as part of its regular training program."  Employees were "permitted to make personal calls," but were not told whether those calls would be monitored.  A friend telephoned Ms. Watkins at work about a new job, and Berry Co. monitored the call. [33]

Ms. Watkins sued.  The District Court granted summary judgment for Berry & Co., finding both implied consent and a business interest in the monitoring.

The Court Of Appeals reversed. 

[Consent] is not to be cavalierly implied.  Title III expresses a strong purpose to protect individual privacy by strictly limiting the occasion on which interception may lawfully take place . . . .  [K]nowledge of the capability of monitoring alone cannot be considered implied consent. [34]

As for the "ordinary course of business" exception, the Court stated: 

It is not enough for Berry Co. to claim that its general policy is justifiable as part of the ordinary course of business.  We have no doubt that it is.  The question before us, rather, is whether the interception of this call was in the ordinary course of business.

 *     *     *

"[I]n the ordinary course of business" cannot be expanded to mean anything that interests a company.

 *     *     *

We hold that a personal call may not be intercepted in the ordinary course of business . . . except to the extent necessary to guard against unauthorized use of the telephone or to determine whether a call is personal or not.  In other words, a personal call may be intercepted in the ordinary course of business to determine its nature but never its contents. [35]

Similarly, in Deal v. Spears, [36] plaintiff Sibbie Deal was employed in a store owned by defendants Newell and Juanita Spears.  The Spearses asked Ms. Deal "to cut down on her use of the [store] phone for personal calls, and the Spearses told her they might resort to monitoring calls . . . ."  Later, the store was burglarized.  "The Spearses believed it was an inside job and suspected . . . Deal . . . ." 

The Spearses then installed a tape recorder for calls in the store, "with no indication to the parties using the phone that their conversation was being recorded."  Over seven weeks, the Spearses taped twenty-two hours of Ms. Deal's calls, including "sexually provocative" conversations with a non-employee. [37]

Ms. Deal sued.  The Spearses' defenses included "consent" and "ordinary course of business."  At trial, the District Court rejected the defenses and awarded $40,000 in statutory damages plus attorneys' fees.

The Eighth Circuit affirmed.  As for consent: 

The Spearses did not inform Deal that they were monitoring the phone, but only told her they might do so in order to cut down on personal calls.  Moreover, . . .  the couple anticipated Deal would not suspect that they were intercepting her calls, since they hoped to catch her making an admission about the burglary . . . . [38]

As for "ordinary course of business":

[T]he Spearses had a legitimate business reason for listening in:  they suspected Deal's involvement in a burglary . . . and hoped she would incriminate herself. . . .  Moreover, Deal was abusing her privileges by using the phone for numerous personal calls . . . when there were customers in the store.  The Spearses might legitimately have monitored Deal's calls to the extent necessary to determine that the calls were personal and made or received in violation of store policy.

But, the Spearses recorded twenty-two hours of calls, and . . . listened to all of them . . . .  Granted, Deal might have mentioned the burglary at any time during the conversations, but we do not believe that the Spearses' suspicions justified the extent of the intrusion. . . .


[T]he scope of the interception in this case takes us well beyond the boundaries of the ordinary course of business. [39]

In United States v. McLaren, [40] AT&T gave one of its employees, defendant William McLaren, a cellular telephone for business and personal use.  After AT&T's cellular customers were victimized by cloning, AT&T suspected Mr. McLaren.  "[A]cting on that suspicion, AT&T began intercepting and recording all calls to or from Mr. McLaren's cellular telephone during regular business hours each day as late as 7:30 p.m." [41]   Mr. McLaren then was indicted for his role in the cloning.

Mr. McLaren moved to suppress under Title III's exclusionary rule.  The District Court partially granted the motion, suppressing the personal calls (but not suppressing the business calls):

[T]here must be some substantial nexus between the use of the telephone instrument to be monitored and the specific fraudulent activity being investigated.  Only by . . . that nexus could [AT&T] demonstrate as required by the statute, that such monitoring was "necessary" . . . . [42]

Finally, in Arias v. Mutual Central Alarm Service, Inc., [43] defendant Mutual provided "central station alarm services, that is, it monitors the burglar and fire alarms of its customers and notifies the police [or] fire department . . . ."  To comply with "industry-wide practice," Mutual installed a tape recorder for all calls to and from its central office. [44]  

[S]uch recording is recommended or even mandated by various standard-setting and regulatory bodies . . .  Underwriters Laboratories, Inc. . . . recommends the use of telephone recording equipment . . . [A] leading underwriter of burglary risks regards as "essential" the recording of all telephone communications between the central station, the customer and the police [and] fire department . . . [T]he Central Station Alarm Association states in its standards document that "all telecommunications shall be recorded . . .," and the . . . City Fire Department requires . . . automatic recording equipment on all lines used to communicate with the Fire Department. [45]

Plaintiffs were employees in Mutual's central office, unknowingly had all of their calls recorded, and sued under Title III.  The District Court granted summary judgment for Mutual.

The Second Circuit affirmed, finding that the nature of the alarm business made the "normal course of business" exception applicable to unannounced, blanket recording of all calls to and from Mutual's central station.

[A]larm companies are the repositories of extremely sensitive security information, including information that could facilitate access to their customers' premises.  Further, . . . accurate recording of such calls may assist the company, its customers and the police and fire departments.  "Complete records of calls made to and from central stations therefore are important tools for their operators to ensure that their personnel are not divulging sensitive customer information, that events are reported quickly to emergency services, . . . that customer claims regarding events are verifiable," and that the police and other authorities may rely on these records in conducting any investigations [46]   

Taken together, Watkins, Deal, McLaren, and Arias have three general lessons.  First, employer ownership of the communications equipment alone is not carte blanche to intercept employees' communications. 

Second, the "ordinary course of business" exception often requires an employer (as the equipment's owner) to prove (a) it had a particular reason for intercepting particular communications, and (b) it took reasonable steps to intercept nothing more.  In other words, this exception does not always allow blanket interception, especially of employees' personal communications. [47]

Third, implied consent must be based upon employees' clear, prior knowledge that their communications will be intercepted. [48]   Knowledge that communications can be or might be intercepted is likely insufficient.

E.     Other Federal Law

Two other sources of federal law--the United States Constitution and labor-management laws, especially the National Labor Relations Act ("NLRA") [49] --have limited application to interception of electronic communications.  A detailed discussion of these sources is beyond the scope of these materials, but they may be critical in some workplaces.

Briefly, the United States Constitution's First, Fourth, and Fourteenth Amendments give government employees rights and remedies vis-a-vis their employers which private sector employees do not have. [50]   Thus, for example, federal, State, and local employers generally must respect their employees' free speech rights (under the First Amendment) [51] and generally must refrain from unreasonable searches of and seizures from their employees (under the Fourth Amendment). [52]

The NLRA applies in an organized or organizing workplace.  For example, a collective bargaining agreement ("CBA") could limit an employer's right to intercept employees' communications (or at least could create a duty to bargain), even if Title III or State law otherwise would permit the interception.  Similarly, the NLRA might limit an employer's right to intercept employees' communications if that interception would hamper "the right to self-organization" or otherwise affect "concerted activities." [53]


A.     Privacy Act:  Basic Prohibitions

California's Privacy Act is in the Penal Code. [54] Under section 631, the anti-wiretapping law, anyone who

. . . willfully and without the consent of all parties . . . reads or attempts . . . to learn the contents or meaning of any . . . communication . . . in transit . . . over any wire, line, or cable or is being sent from, or received at any place within this state . . . is punishable by . . . imprisonment . . . [55]

Under section 632, the broader anti-eavesdropping/anti-recording law,

Every person who, intentionally and without the consent of all parties . . ., by means of any . . . recording device eavesdrops upon or records [a] confidential communication . . . [including ones] carried on . . . by means of a telegraph, telephone, or other device . . . shall be punished by . . . imprisonment . . . . [56]  

A section 632 "confidential communication," in turn, is one "carried on in circumstances as may reasonably indicate that any party to the communication desires that it be confined to the parties thereto . . . ." [57]   This "test of confidentiality is objective." [58]   For instance, a citizen's telephone conversation "with a public employee, concerning public business . . ." may not‑-as a matter of law--be "confidential." [59]   Finally, as with Title III, "consent" may be implied from the parties' prior knowledge of the recording. [60]

Presumably, section 631's and section 632's texts encompass e‑mail and Internet use, though no appellate court has yet decided the issue.

B.     Privacy Act:  Remedies

Any "person" aggrieved by a Privacy Act violation has a private right of action for, inter alia, the greater of $5,000 or three times actual damages. [61]   In one case, plaintiffs were awarded full statutory damages for each of forty-four face-to-face and telephone conversations secretly recorded by one party to the conversations. [62]   Also, statutory damages may be awarded even absent any actual injury and absent any disclosure of the recording. [63]

The Privacy Act further provides for the exclusion "in any judicial, administrative, . . . or other proceeding" of evidence obtained "in violation" of sections 631 or 632. [64]

C.     Privacy Act:  Application

Section 632 has been applied beyond aural communications.  In People v. Gibbons, [65] defendant Michael Gibbons invited a woman to his home and then--without the woman's knowledge--videotaped sexual activity between them.

In affirming Mr. Gibbons' section 632 criminal conviction, the Court of Appeal held that the Privacy Act's purpose is to protect Californians against "new devices and techniques" regarding technology in "the entire privacy area." [66]   The Court further held that a "communication" refers ". . . broadly to the exchange of thoughts, messages, or information by any means." [67]   Therefore, ". . . a video recorder is an instrument which, if used in the manner proscribed under section 632, is a recording device for purposes of the [P]rivacy [A]ct." [68]

As noted above, no reported cases have directly addressed the Privacy Act's applicability to computer use.  Gibbons broadly interpreted section 632 and extended it to new technology. 

With regard to e-mail sent through an employer's network, though, two out-of-State, federal cases suggest that employees should know that all such e-mails are automatically stored and accessible to the employer. [69]   Perhaps under these cases, employees ought not to expect privacy of such e-mail.  Without a privacy expectation, e-mail transmitted through the employee's network probably does not qualify as a section 632 "confidential communication."  Conversely, if an employer fosters a privacy expectation (say, by expressly allowing personal e-mail to be sent and received), then perhaps an employee's use of a workplace computer could be a "confidential communication."

D.     Common Law Invasion Of Privacy

Even if an employee cannot prove a Privacy Act violation, the employer still might be liable for common law invasion of privacy.  In Sanders v. American Broadcasting Cos., [70] defendant ABC sent a reporter under cover to work at a company providing psychic readings by telephone.  The reporter used a hidden videocamera and microphone to record plaintiff and co-worker Mark Sanders' conversations with customers. 

Mr. Sanders sued for violation of the Privacy Act and for common law invasion of privacy.  The jury found no Privacy Act violation:  co-workers could overhear each other's conversations, so no section 632 "confidential communication" occurred.

The California Supreme Court, however, expressly rejected an "all-or-nothing" approach to common law invasion of privacy.  A reasonable "expectation of limited privacy" is cognizable:

[P]rivacy, for purposes of intrusion tort, is not a binary, all-or-nothing characteristic.  There are degrees and nuances to societal recognition of our expectations of privacy:  the fact the privacy one expects in a given setting is not complete or absolute does not render the expectation unreasonable as a matter of law. [71]

Accordingly, Mr. Sanders still might be able to recover damages under his common law cause of action:

[I]n the workplace, as elsewhere, the reasonableness of a person's expectation of visual and aural privacy depends not only on who might have been able to observe the subject interaction, but on the identity of the claimed intruder and the means of intrusion. [72]

To be sure, employees have lower expectations of workplace privacy vis-a-vis employers than vis-a-vis reporters (or other outsiders), and Sanders does not necessarily apply to employers' intrusions. [73]   Nonetheless, with Sanders' express refusal to adopt per se rules and implication that common law invasion would be adjudicated case by case, the question remains unanswered as to whether California employees have actionable common law rights against their employers for surreptitious monitoring of computer use. [74]   Of course, an employee's knowledge that his or her e-mail will be monitored by the employer might show a lack of a reasonable expectation of even limited privacy in workplace e-mail. [75]

E.     Federal Pre-emption

California's Privacy Act provides employees with certain protections which exceed federal Title III's protections.  For example--

--the Privacy Act prohibits recording of communications unless "all parties" consent; Title III only requires one party's consent. [76]

--the Privacy Act prohibits recording of communications without reference to an employer's ordinary course of business; Title III expressly excepts such communications from its prohibitions. [77]

--the Privacy Act excludes evidence gathered in violation of it; Title III does not exclude illegally intercepted electronic communications. [78]

Generally, California's greater protections are not pre-empted by Title III. [79]

However, federal Labor Management Relations Act section 301 [80] pre-empts some judicial actions brought by employees covered by a CBA.  In Cramer v. Consolidated Freightways, Inc., [81] plaintiff employees were covered by a CBA with defendant employer Consolidated.  The CBA generally prohibited the use of videocameras "to discipline or discharge an employee," excepting "theft . . . or dishonesty." [82]

Consolidated secretly installed videocameras and microphones in bathrooms at its Mira Loma, California, terminal.  Upon learning of the cameras and microphones, employees sued in State courts for violations of the Privacy Act (including section 632) and common law invasion of privacy.  Consolidated removed under section 301 and then moved for dismissal.  The District Court granted the motion.

The Ninth Circuit affirmed, relying on Allis-Chalmers Corp. v. Lueck, [83] in which the United States Supreme Court ruled:

[S]tate law rights and obligations that . . . can be waived or altered by agreement of private parties, are pre-empted by those agreements. 

*     *     *

[W]hen resolution of a state-law claim is substantially dependent upon analysis of the terms of an agreement made between the parties in a labor contract, that claim must either be treated as a § 301 claim . . . or dismissed as pre-empted by federal labor-contract law. [84]

The Ninth Circuit noted that all actionable privacy claims in California depend upon "an expectation of privacy." [85]   Plaintiffs' expectation, in turn, required an analysis of the CBA. [86]   Accordingly, section 301 mandated removal and dismissal of plaintiffs' judicial claims. [87]

In sum, if a CBA bears on privacy expectations for e-mail, Internet, or other computer use, then Cramer bars judicial recourse and requires a grievance proceeding (presumably including arbitration).

F.     Proposed Change To State Law

In 1999 and 2000, State Senator Debra Bowen (D-Redondo Beach) proposed bills which would have changed California law.  Governor Gray Davis vetoed both years' bills.  With Senator Bowen likely to continue to press for such legislation, it is useful to examine the most recent vetoed bill, SB 1822.  It would have added a section 1198.6 to the Labor Code:

(a)(1) An employer [including public entities] may not secretly monitor the electronic mail or other computer records generated by an employee.

(2) "[S]ecretly monitor" means to inspect, review, or retain electronic mail or other computer records in a manner that does not comply with the policies and practices that are disclosed to the employee . . . .

Under proposed subsection (b), the employer was to "prepare and distribute to all employees, by hard copy or  electronic notice, . . . the employer's . . . monitoring policies and practices. . . ."  Each employee was then to acknowledge, in writing or electronically, delivery and understanding of the policies; if an employee refused, the employer could have signed a verification of delivery. [88]

Some employers might have objected to SB 1822.  It (i) would have applied to all employers, regardless of the number of employees; (ii) would have required preparation and distribution of a monitoring policy, even where the only "secret monitoring," as defined, is from the built‑in storage of a standard, off-the-shelf e-mail program (in other words, even where the employer never installed separate surveillance software); and (iii) was not restricted to confidential or personal communications.

Some employees might also have objected to SB 1822.  It lacked an exclusionary rule, an express private right of action, [89] and statutory damages.


Currently, any surreptitious interception of employees' computer communications might expose the employer to liability under California law and, possibly, under Title III.  The likelihood of employers' Title III exposure increases with blanket interception of personal communications via special software (i.e., not out of automatic storage).

Most employers (i.e., private, non-unionized, and non-unionizing employers) can best reduce litigation under both Title III and California law by obtaining employees' consent.  Such consent should include:

(a)     clear notice (whether by a surveillance software's warning feature or otherwise) to employees that all e-mail, Internet use, and other computer communications will be intercepted and used, thereby implying consent. [90]

(b)     alternatively, express consent by employees to interception and use (for example, by adding such consent to the employment manual signed by employees).

(c)     in either event and as an extra precaution, warning all recipients of outgoing e-mail of the employer's monitoring and use (because California Penal Code section 632 lacks the one-party consent exception).

While, these steps may produce employee complaints, they also may have the important effect of preventing much e-mail and Internet abuse.   


The authors would like to thank several people who commented on prior drafts of these materials: State Senator Debra Bowen and her staff; James R. Farrand, Esq. of Arnold & Porter; Ms. Beth Givens of the Privacy Rights Clearinghouse; Jeremy Gruber, Esq. of the National Workrights Institute; and Kristen J. Moyer, Esq. of Sunkist Growers, Inc.  Also, the authors presented a version of these materials at the State Bar of California's Labor And Employment Law Section annual meeting on October 28, 2000.  However, all views and any errors in these materials are solely the authors'.


[1] .    Recent estimates find nearly a third of employees' on-line time is non-business, with ninety percent of employees using their employers' computers to visit "recreational sites."  See K. Naughton, "CyberSlacking," Newsweek, Nov. 29, 1999, at 63.

[2] .    Per the American Management Association, more than half of large businesses have electronically monitored employees' computer use.  See J. Rosen, "Fall Of Private Man," New Republic, Jun. 12, 2000, at 22.  As for small businesses, the Windows version of Specter sells for $49.95; it was originally designed for home use (and, particularly, for parents to monitor children), but now its main customers include "distrustful bosses."  P. Lewis, "Spy Software Puts Home PC's Under Surveillance," N.Y. Times, Jun. 22, 2000, at D1, col. 1 (nat'l ed.).

[3] .      "[M]ost of this software can easily be configured so that computer users won't know they're under observation."  M. Richtel, "Software To Watch Over You," N.Y. Times, Jul. 4, 1999, § 6 (magazine), at 12.  See also L. Guernsey, "The Web:  New Ticket To A Pink Slip," N.Y. Times, Dec. 16, 1999, at D1, col. 5 (nat'l. ed.) ("[C]ompanies can now record and view everything a person does on a computer, from typing a word-processing document to opening an image file.  One new product, called Specter, surreptitiously takes digital snapshots of whatever appears on the screen. . . .").

[4] .    E.g., K. Naughton, supra note 1, at 65 ("'It may be unfair for a boss to fire you for a five minute Web-site visit, but it's not illegal,' says Lewis Maltby, workplace rights chief for the American Civil Liberties Union.  'If you filed a lawsuit, you wouldn't have a prayer.'"); "Boss May Lurk As You Surf The Web," L.A. Times, Aug. 9, 1999, at E3, col. 1 ("'[T]here's absolutely no protection when it comes to electronic communications on computers,' says Jeremy Gruber, an attorney with the American Civil Liberties Union . . . .  Employees at private-sector companies, Gruber says, can riffle through your e-mail, computer files and Web-browsing history at will . . . .").

[5] .    18 U.S.C. §§ 2510-22.  Title III defines a "wire communication as "any aural transfer made . . . by the aid of wire, cable, or other like connection . . . and such term includes any electronic storage of such communication."  18 U.S.C. § 2510(1).  Among the problems to be addressed by Title III were "employer-labor espionage" and the revelation of "[l]abor and management plans."  S. Rep. No. 1097, reprinted in U.S. Code Cong. & Admin. News 1968, 90th Cong., 2d Sess., at 2154. 

[6] .    See generally S. Rep. No. 99-541, reprinted in U.S. Code Cong. & Admin. News 1986, 99th Cong. 2d Sess., at 3555 (ECPA expanded Title III "in light of dramatic changes in new computer and telecommunications technologies.").  However, Title III, as amended by ECPA,  has been criticized as "famous (if not infamous) for its lack of clarity," and even this criticism "might have put the matter too mildly."  United States v. Smith, 155 F.3d 1051, 1055 (9th Cir. 1998) (citation omitted).

[7] .    18 U.S.C. § 2510(12).  "Interstate commerce" under Title III is so broadly construed that using a telephone for a local call "is indisputably an instrumentality of interstate . . . commerce."  E.g., Peavy v. Harman, 37 F.Supp.2d 495, 519 (N.D. Tex. 1999) (citations omitted).

[8] .    18 U.S.C. § 2511(l).  See 18 U.S.C. §§ 2510(4) (defining "intercept" as the "acquisition of the contents of any wire (or) electronic . . . communication through the use of any electronic, mechanical, or other device . . ."); 2510(6) (defining "person" as "any employee, or agent of the United States or any State or political subdivision thereof, and any individual, partnership, association . . . or corporation."); § 2510(8) (defining "contents" as "any information concerning the substance, purport, or meaning of [the] communication").  The general "intent" required under Title III merely requires that the defendant "desires the consequences of his act . . . "; the defendant need not know that the act was illegal or a violation of law.  E.g., Peavy v. Harman, supra note 7, 37 F.Supp.2d at 510, 514.  Title III also prohibits possession of "any electronic, mechanical or other device . . . primarily useful for the purpose of the surreptitious interception of . . . electronic communications . . . ."  18 U.S.C. § 2512(1)(b). 

[9] .    Under ECPA Title II, "a provider of electronic communication service . . . may disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications . . . ) to any person other than a governmental entity."  18 U.S.C. § 2703(c).  Presumably, an employer providing computers with e-mail and Internet access is "a provider," see Bohach v. City of Reno, 932 F.Supp. 1232, 1236 (D. Nev. 1996); 18 U.S.C. §§ 2710(14), 2711(l), but neither ECPA Title II nor case law has specified whether an employee is a "subscriber" or customer."  Courts have ruled that an Internet Service Provider ("ISP") may lawfully disclose some personal  information about customers.  See, e.g., United States v. Hambrick, 55 F.Supp.2d 504, 507, 508 (W.D. Va. 1999), aff'd per curiam, 2000 U.S. App. LEXIS 5570 (4th Cir. 2000) (ISP's are "free to turn stored data and transactional records over to nongovernmental entities. . . .  ECPA does not create a reasonable expectation of privacy in that information."  Specifically, the ISP may disclose stored information when the customer "knowingly revealed his name, address, credit card number, and telephone number to [the ISP] . . . [The ISP's] employees had ready access to those records in the normal course of [the ISP's] business . . . ."  [Citation omitted.]);  In re Application of United States, 36 F.Supp.2d 430, 432 (D. Mass. 1999) (distinguishing "contents" from "related" records, "i.e., personal information of subscribers, user activity logs, billing records and so on." [Citation omitted.]).  Cf. United States v. Kennedy, 81 F.Supp.2d 1103, 1110 (D. Kan. 2000) (an individual has no "Fourth Amendment privacy interest" in "subscriber information" such as his name, address, telephone number, and log‑on time and date which he "knowingly revealed" to his ISP).

[10] .      Certainly, an employee could argue that, under the broad definition of "contents" in 18 U.S.C. § 2510(8), supra note 8, the name of a Web address alone may be "contents" and therefore protected from interception by Title III if the Web address suggests the "contents" of the employee's communication.  Cf. McVeigh v. Cohen, 983 F.Supp. 215, 220 (D.D.C. 1998) ("In these days of 'big brother,' where through technology and otherwise, the privacy interests of individuals from all walks of life are being ignored or marginalized, it is imperative that statutes explicitly protecting these rights be strictly observed.").

[11] .   18 U.S.C. §§ 2511(4)(a), 2512(1).

[12] .   18 U.S.C. § 2520(b), (c)(2).  See 18 U.S.C. § 2510(6), supra note 8.  Title III has a two-year limitation on civil actions, commencing from a plaintiff's "first . . . reasonable opportunity to discover the violation."  18 U.S.C. § 2520(e). 

[13] .   18 U.S.C. § 2515. 

[14] .   E.g., United States v. Meriwether, 917 F.2d 955, 960 (6th Cir. 1990) ("The ECPA does not provide an independent statutory remedy of suppression for interceptions of electronic communications." [Citations omitted.]).

[15] .   See 18 U.S.C. § 2518(10)(C) ("The remedies and sanctions described in [Title III] with respect to the interception of electronic communications are the only judicial remedies and sanctions for non-constitutional violations of [Title III] involving such communications.").  See also S. Rep. No. 99-541, supra note 6, at 3577 ("The purpose of [section 2518(10)(C)] is to underscore that [ECPA] does not apply the statutory exclusionary rule contained in Title III . . . to the interception of electronic communications.").  But cf. McVeigh v. Cohen, supra note 10 (holding that, under ECPA Title II--which, like Title III, has no exclusionary rule for illegally obtained electronic communications and has the same "only judicial remedies" language--"it is elementary that information obtained improperly can be suppressed where an individual's rights have been violated.").

[16] .   S. Rep. No. 99-541, supra note 6, at 3557  ("[E]lectronic communication . . . also includes electronic mail [and] digitized transmissions . . . .").  See also United States v. Mullins, 992 F.2d 1472 (9th Cir.), cert. denied, 509 U.S. 905, 113 S.Ct. 2997, 125 L.Ed.2d 691 (1993) (applying Title III to SABRE, the computerized travel reservations system); Wesley College v. Pitts, 974 F.Supp 375, 378, 381-84 (D. Del. 1997), aff'd 172 F.3d 861 (3rd Cir. 1998) (applying Title III to a college's e-mail network).

[17] .   Title III defines "electronic storage" as "(A) any temporary, intermediate storage of a wire of electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication." 18 U.S.C. §2510(17).

[18] .   36 F.3d 457 (5th Cir. 1994), aff'g 816 F.Supp. 432 (W.D. Tex. 1993).

[19] .   36 F.3d at 458-59.

[20] .   Id. at 459-60.

[21] .   Id. at 461 (emphasis in original).  Compare id. at 461-62 ("Congress' use of the word 'transfer' in the definition of 'electronic communication' and its omission in that definition of the phrase 'any electronic storage of such communication' (part of the definition of 'wire communication') reflects that Congress did not intend for 'intercept' to apply to 'electronic communications' when those communications are in 'electronic storage.'"  [Footnote omitted.]) with 18 U.S.C. § 2510(1), supra note 5.

[22] .   Supra note 9.

[23] .   See 932 F.Supp. at 1234 & n.2, 1235.

[24] .   Id. at 1234, 1235-36.  See also United States v. Reyes, 922 F.Supp. 818, 837 (S.D.N.Y. 1996) (retrieving telephone numbers from pagers' memories is not a Title III violation).

[25] .   E.g., E. Tittel & M. Robbins, E-Mail Essentials, at 7 (1994).

[26] .   ECPA's Title II prohibits anyone from accessing "without authorization" electronic communications "in electronic storage."  18 U.S.C. § 2701(a).  However, this Title II prohibition excepts ". . . conduct authorized--[¶](1) by the person or entity providing a wire or electronic communications service . . . ."  18 U.S.C. § 2701(c).  Thus, an employer, as the "provider of the `service,'" may access its own electronic storage, and "neither it nor its employees can be liable under § 2701."  Bohach v. City of Reno, supra note 9, at 1236.  See also Smyth v. Pillsbury, 914 F.Supp. 97, 101 (E.D. Pa. 1996) (omitting any mention of Title III and finding no violation of Pennsylvania common law where a defendant employer "intercepts" an e-mail sent over an in-house network from a plaintiff employee to his supervisor).

[27] .   See United States v. Smith, supra note 6, 155 F.3d at 1059.

[28] .   See id. at 1056-59 & n.10.

[29] .   See 18 U.S.C. § 2511(2)(d).  See, e.g., United States v. Axselle, 604 F.2d 1330, 1338 (10th Cir. 1979).

[30] .   E.g., United States v. Amen, 831 F.2d 373, 378 (2d Cir. 1987) cert. denied, 485 U.S. 1021, 108 S.Ct. 1573, 99 L.Ed.2d 889 (1988); Griggs-Ryan v. Smith, 904 F.2d 112, 117 (1st Cir. 1990).

[31] .   U.S.C. § 2510(5)(a).  Whether surveillance software is a "telegraph or telephone instrument, equipment, or facility" under section 2510(5)(a) has not been adjudicated.  Courts have even disagreed whether a tape recorder constitutes such "equipment . . . ."  E.g., Arias v. Mutual Central Alarm Service, Inc., 202 F.3d 553, 557 n.3 (2d Cir. 2000), aff'g 182 F.R.D. 407 (S.D.N.Y. 1998), and cases cited therein.  However, a separate, but somewhat analogous, section of Title III omits the "telegraph or telephone instrument . . ." language:  under 18 U.S.C. § 2511(2)(a)(i), "a provider of wire or electronic communication service" is permitted ". . . to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service . . . ."  See, e.g., United States v. Mullins, supra note 16, 992 F.2d at 1478 (holding this section 2511(2)(a)(i) applicable to American Airlines' monitoring of communications over SABRE, its then-owned computerized travel reservations network). 

[32] .   704 F.2d 577 (11th Cir. 1983).


Sign In!