In June 2008, in Quon v Arch Wireless, the 9th circuit court of appeals ruled that the 4th Amendment and federal law (the Stored Communications Act) protected personal (sexually explicit) text messages sent by police officers on a police department pager. Earlier this week the Supreme Court agreed to hear the department's appeal (City of Ontario v. Quon.) The Court declined an appeal from the wireless service provider held liable under the SCA, which means that it will focus on a public employer's liability under 4th amendment privacy guarantees, not the statutory liability of service providers.
The Quon case has garnered a lot of attention from free speech and privacy advocates, but the 4th Amendment holding is based on an odd set of facts that could prove limiting. Like many employers, the Ontario Police Department explicitly reserved the right to monitor all employee communications; Sargeant Quon and his co-plaintiff (Sargeant Trujillo) acknowledged their understanding of this policy, in writing. But they relied on contrary, informal assurances that their messages would not be audited if they paid for any overages. Department practices reflected this informal policy, and it was central to the 9th Circuit's ruling: The Court held that the department's "operational realities" offered the officers a reasonable expectation of privacy in their personal messages, under the 4th Amendment.
In other words, Quon does not hold that the 4th Amendment categorically restricts the power of public employers to monitor all employee communications; it holds that the 4th Amendment, combined with an employer's actual practices, may restrict its monitoring power. If the practices of the Ontario Police Department had been consistent with its formal policy reserving the right to monitor all communications, the officers would probably not have enjoyed constitutionally protected expectations of privacy.
If this principle offers fairly narrow protections to public employees, it offers none to private employees, whose bosses aren't bound by the 4th Amendment. They need statutory protection, which privacy and employee rights groups have long advocated. The ACLU outlines model workplace privacy statutes, applying to drug testing, "life styles discrimination," and electronic monitoring. The model monitoring statute does not deny employers the right to engage in surveillance but prohibits them from "obtain(ing) data that is not relevant to work performance" and requires not just general notification of electronic monitoring policies but particular reminders: "prior to monitoring, employers must provide a visual or aural signal to employees and any customers." In addition, the ACLU's policy guide asserts that employers should not "deliberately ... review the content of employees' personal communications" absent "substantial evidence (of) misconduct." ACLU policy stresses that "All employees have a reasonable expectation of privacy in their personal property and personal communications while at work."
How feasible is such reform? You might measure likely employer opposition to these proposed regulations by the ACLU's own previous efforts not to abide by them. In November 2005, ACLU management presented employees with a set of "technology use rules" (dated September 2005) making clear that employees had virtually no expectation of privacy in their personal communications within the ACLU: "Personnel should not assume that their use of the ACLU System is private," the rules declared. "System administrators have access to all communications or files on the ACLU System, even if encrypted or password protected." Pursuant to the new rules, managers reserved broad discretion to conduct surveillance: "The ACLU reserves its right to monitor, access, retrieve, read, disclose, and delete any material on the ACLU system, whether by legal process or business necessity, or to protect the security or capacity of the ACLU System." Contrary to ACLU policy, these rules did not require any "visual or aural signal to employees ... prior to monitoring" and did not limit substantive review of personal communications to cases of suspected misconduct.
Not surprisingly, the new rules proved controversial, and management soon withdrew the demand that employees acknowledge them -- after some distraught employees leaked the rules to the New York Times (along with a very broad new confidentiality agreement) and sent an extraordinary anonymous letter of protest to the ACLU board. But the episode was instructive. If a civil liberties group is tempted to reserve management's right to conduct virtually unchecked surveillance of employees, we should probably not expect businesses and not for profits whose missions do not include protecting individual rights to value employee privacy over their perceived business necessities or managerial prerogatives.
Should we expect employees to press hard for privacy protections? That's a more interesting question, given our increasingly voyeuristic, exhibitionist, hyper-security conscious culture and the ubiquitous surveillance with which younger generations have been reared. Still, as the gate-crashing Salahis demonstrated, even exhibitionists have much to hide; in fact, exhibitionists who promote false images of themselves, as many seem to do, may have much more to hide than the rest of us. Or so we can hope: people who seek exposure while striving (however futilely) to control it may merely offend our sensibilities; it's the people who resign themselves to exposure, assuring themselves that only frauds or terrorists have something hide, who threaten our freedom.
This article available online at: