|Electronic Monitoring in the Workplace: Common Law & Federal Statutory Protection
“.numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the housetops.’ ”
–Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193, 195 (1890).
Little protection currently exists for the privacy interests of employees. Constitutional protection against unreasonable searches and eizures only applies to public employees. This memorandum seeks to examine what protection, if any, the common law or the Electronic Communications Privacy Act [ECPA] offers to private employees who are subject to e-mail monitoring, video surveillance and telephone surveillance in the workplace.
Does the common law or the ECPA protect employees who are subject to electronic monitoring in the workplace?
Generally no. Most courts and commentators examine common law protection in terms of “intrusion on seclusion,” one of the four generally recognized invasion of privacy torts. However, those states that recognize this tort do not extend its protection to employees in the workplace beyond the most egregious of invasions. The ECPA permits disclosure of the contents of stored electronic communications for business purposes and as interpreted by the courts does not prohibit employers from accessing and divulging the contents of employee e-mail. What protection the ECPA does offer is more to be found in the area of telephone, rather than e-mail, monitoring.
I. Invasion of privacy: Tort of Intrusion on Seclusion
Employees seeking to redress an invasion of their privacy by electronic monitoring in the workplace utilize the tort of intrusion on seclusion. Most jurisdictions recognize that the right of privacy may be invaded by four distinct invasion of privacy torts: unreasonable intrusion on the seclusion of another; appropriation of the other’s name or likeness; unreasonable publicity given to the other’s private life; or publicity that unreasonably places the other in a false light before the public. See Restatement (Second) of Torts 652A (1977). Most jurisdictions follow Dean Prosser’s description of intrusion on seclusion as written in the Restatement:
One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.
Restatement (Second) of Torts 652B (1977). See generally W. Page Keeton et al., Prosser and Keeton on the Law of Torts 117, at 850-51 (5th ed. 1984); Dean W. L. Prosser, Privacy, 48 Cal. L. Rev. 383 (1960). Intrusion on seclusion is the type of invasion of privacy tort claim that is the most applicable for plaintiffs seeking to challenge employer monitoring and surveillance in the workplace, as it is associated with either: a physical intrusion into a place in which the plaintiff has secluded herself; the use of the defendant’s senses, with or without mechanical aids, (e.g., wiretaps, microphones, or just plain spying,) to oversee or overhear the plaintiff’s private affairs; or some other form of investigation or examination into the plaintiff’s private concerns, as by opening her private and personal mail. See Restatement (Second) of Torts 652B cmt. b (1977); Elizabeth Wilborn, Revisiting the Public/Private Distinction: Employee Monitoring in the Workplace, 32 Ga. L. Rev. 825, 844 (Spring 1998).
This tort is applicable to employees subject to electronic monitoring not only because of the type of intrusion that it punishes, but additionally because of the motivating sense of justice behind its legal recognition. Intrusion on seclusion is the common law recognition that an intrusion into a private matter may, in itself and without more, be offensive. See Medical Lab. Management Consultants v. ABC, 30 F. Supp. 2d 1182, 1191 (D. Ariz 1998) (noting that “‘[t]he basis of the tort [of intrusion] is not publication or publicity. Rather the core of this tort is the offensive prying into the private domain of another.’” (citing Russell v. ABC, 1995 U.S. Dist LEXIS 7528, 1995 WL 330920, at *8 (N.D. Ill.))). Unlike the other three invasion of privacy torts, intrusion on seclusion does not require publicity for a plaintiff to state a cause of action. See Restatement (Second) of Torts 652B cmt. a (1977) (stating that intrusion on seclusion “does not depend upon any publicity given to the person whose interest is invaded or to his affairs”). The tort of intrusion on seclusion is thus perhaps the most straightforward present-day articulation of what Warren and Brandeis, utilizing a phrase coined by Judge Cooley in their seminal article, The Right to Privacy, called “the right to be let alone.” Warren & Brandeis, supra, at 203. Cf. Shulman v. Group W Prods., Inc., 955 P.2d 469 (Cal. 1998) (stating that “[i]t is in the intrusion cases that invasion of privacy is most clearly seen as an affront to individual dignity.”) However, a review of the caselaw quickly reveals that as applied to electronic monitoring in the workplace, few employees successfully assert that so-called right.
Courts rarely find for employees who assert that their employers have invaded their privacy through electronic monitoring. Surveying intrusion on seclusion claims brought by employees, one court recently noted that:
when courts have considered claims in the workplace, they have generally found for the plaintiffs only if the challenged intrusions involved information or activities of a highly intimate nature.. Where the intrusions have merely involved unwanted access to data or activities related to the workplace, however, claims of intrusion have failed.
Medical Lab., 30 F. Supp. 2d at 1188 (citations omitted). In the past twenty years, employees have tried to invoke the protection of this tort as employers have made greater intrusions on the privacy of employees in various new contexts such as drug testing, polygraph testing, photographing, videotaping, telephone monitoring and e-mail monitoring. See Laurie Lee, Watch Your Email! Employee E-mail Monitoring and Privacy Law in the Age of the “Electronic Sweatshop”, 28 J. Marshall L. Rev. 139, 162 (Fall, 1994). To succeed on a claim of intrusion on seclusion in the majority of jurisdictions, a plaintiff usually bears the burden of proving: (a) that there was an intrusion; (b) that such intrusion was intentional; (c) that the plaintiff had an objectively reasonable expectation of privacy into the matter intruded upon; and (d) that the intrusion was highly offensive to a reasonable person. See Harkey v. Abate, 346 N.W.2d 74, 76 (Mich. Ct. App. 1983) (stating that a “necessary element of this type of invasion of privacy is, of course, that there be an `intrusion’”); Oliver v. WFAA-TV, Inc., 37 F. Supp. 495 (N.D. Tex. 1998) (finding that defendant’s subjective belief as to the legality of eavesdropping with a police scanner was irrelevant to the satisfaction of the element of intent and that “plaintiffs need only prove that the [defendants] desired the consequences of their actions or reasonably believed that such consequences were likely to result therefrom”); Medical Lab., 30 F. Supp. 2d at 1188 (D. Ariz. 1998) (stating that a plaintiff can “recover only if he had an objectively reasonable expectation of seclusion or solitude in the place, conversation, or data source” and that “the intrusion must be found to be highly offensive to a reasonable person”) (citations omitted). However, even if an employee succeeds in proving all these elements, she may still lose if the court finds that the employer-defendant had legitimate business reasons for engaging in the intrusion that outweighed the employee’s privacy interest. See Smyth v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa. 1996) (holding that “the company’s interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments.”) This memo seeks to further examine each element of the tort of intrusion on seclusion, revealing how difficult it is for an employee to succeed on an intrusion claim in all but the most egregious circumstances.
A. The First Hurdle: Defining Intrusion
Many employees lose on their intrusion on seclusion claims because the courts find that no actual intrusion has taken place. “The intrusion element requires a positive act by the defendant, other than publication, that encroaches on the plaintiff’s seclusion.” Reuber v. Food Chemical News, Inc., 925 F.2d 703, 718-19 (4th Cir.), cert. denied, 501 U.S. 1212 (1991). What this “positive act” consists of varies significantly from case to case. The only discernable rule one might extract is that courts find that the employer’s actions do not rise to the requisite level of intrusion unless they have filmed or videotaped employees in a state of undress. See Doe v. B.P.S. Guard Servs., Inc., 945 F.2d 1422 (8th Cir. 1991) (holding security-guard firm liable for invasion of privacy occurring when guards videotaped models while they were changing clothes in dressing area at fashion show); Speer v. Department of Rehabilitation & Correction, 646 N.E.2d 273 (Ohio Ct. Cl. 1994) (holding that monitoring of employees in area within work place generally considered private, such as restroom, would constitute actionable invasion of privacy). In these “bathroom” cases, even when the plaintiffs have been unable to prove that they were actually observed, the mere recording by video has been enough to constitute an invasion of privacy. See Harkey, 346 N.W.2d at 76 (Mich. Ct. App. 1983) (finding that the installation of hidden viewing devices alone constitutes an interference of privacy and that absence of proof that the devices were utilized, though relevant to the question of damages, is not fatal to the plaintiff’s case). No such bright-line rule protection exists for employees in e-mail or telephone monitoring cases.
The difficulty of determining what constitutes an intrusion outside of the bathroom scenarios is readily apparent in one e-mail monitoring case in which the court did deny an employer’s demand for summary judgment on the employee’s invasion of privacy claims. See Restuccia v. Burk Technology, Inc., No. 95-2125, 1996 Mass. Super. LEXIS 367 (Mass. Super. August 13, 1996). In Restuccia, the employer provided a computer system complete with e-mail, which the employees were allowed to use for personal messages though excessive chatting was prohibited, and the employees all had their own personal passwords which they were reminded to change periodically. See id. at *2. The employees were not told that their computer files, including their e-mail messages, were automatically saved onto back-up files to which supervisors had access using overriding supervisory passwords. See id. One of two employees who had been given raises at their performance reviews protested a fixed break-time policy at a staff meeting. See id. The employer was displeased, but had no intention of terminating the employee at that time. See id. That evening, the employer, using his supervisory password, read the employees’ e-mail messages, which included nicknames for the employer and references to the employer’s extra-marital affair with another employee. See id. at *3. The employer fired the employees, claiming that the reason for the termination was the excessive quantity of e-mail, not the content of the messages. See id. The court found the creation and utilization of the automatic back-up system lawful under the state wiretap act. See id. at *6. However, the court determined that the actual act of reading the employees’ e-mail messages went to the heart of the employees’ invasion of privacy claims and therefore refused to award the employer-defendant summary judgment on those claims. See id. at *9.
Restuccia does not, however, stand for the proposition that courts will always determine that reading e-mails or listening to telephone conversations might constitute an invasion of privacy. Reading or listening to private communications may be a necessary part of the invasion, as courts have consistently determined, at least in the context of telephone monitoring, that the mere recording of a telephone conversation, without proof that the conversation had actually been listened to, is not enough to establish a cause of action for invasion of privacy. See Marks v. Bell Tel. Co., 331 A.2d 424, 431 (Pa. 1975); LeCrone v. Ohio Bell Tel. Co., 201 N.E.2d 533 (Ohio Ct. App. 1963). However, reading or listening to private communications without participating in the actual recording of such communications does not rise to the level of intrusion on seclusion.
Consider one case in which an employer received by mail an audiocassette along with a letter explaining that the tape had several private phone conversations of two co-employees surreptitiously recorded on it revealing that they were having a “love affair.” See Fields v. Atchison, Topeka, and Santa Fe Ry. Co., 985 F. Supp. 1308, 1310 (D. Kan. 1997). The employer then listened to the tape, discussed the contents of tape with his supervisor, and played it for the company’s attorney. See id. The employer and his supervisor agreed that they should confirm that the voice was that of plaintiff-employee Fields, and then fire him. See id. After playing the tape for him, the plaintiff admitted that it was his voice, and the employer fired him. See id. The court awarded summary judgment to the defendants on the intrusion claims, holding that the defendants “neither intercepted the private communication nor solicited copies of any private communications-they did nothing but listen to the tapes.” Id. at 1312.
In another case, a man who suspected his wife and another man of having an affair recorded incriminating telephone conversations between his wife and the other man. See Beard v. Akzona, 517 F. Supp. 128, 132 (E.D. Tenn. 1981). All three were employees of the same company; the employer learned of these taped conversations, requested copies of the tape, listened to them, and subsequently fired the plaintiff-wife and her boyfriend. See id. The Beard court found no invasion of the plaintiff’s privacy and entered a judgment notwithstanding the verdict in favor of the defendant:
The record is devoid of any proof that the defendant in this case, Akzona, Inc., at any time itself intentionally intruded upon the plaintiff’s solitude or seclusion, or that it ordered or authorized any such intrusion by any employee or agent acting in that capacity. Plaintiff’s claim of intrusion cannot, therefore, support the jury’s verdict.
Id. In neither Fields nor Beard did the employer listen to the private communications accidentally; rather, the employers in both cases knew of the suspected contents of those tapes, voluntarily listened to them, and subsequently fired the employees. Yet the courts, relying on a formalist feasance/non-feasance line, still held that the employees had no cause of action for intrusion on seclusion because of the supposed passivity of the employers’ intrusion.
E-mail presents a new twist to the definition of intrusion, as some courts ignore all the rhetorical comparisons between “reading” and “recording” and hold that by definition, e-mail may not be intruded upon. A recent, unpublished opinion of the Court of Appeals of Texas found that an e-mail system is not “a discrete, physical place, where the employee, separate and apart from other employees, could store her tangible personal belongings,” and thus in its very “nature” could not be intruded upon. See McLaren v. Microsoft Corp., No. 05-97-00824-CV, 1999 Tex. App. LEXIS 4103 at *11 (Tex. App. May 28, 1999). In McLaren, an employee claimed intrusion on seclusion when his employer opened his e-mails that were stored over the company’s e-mail system in his personal folder and protected with his personal password. See id. at *9-10. The court determined that because the e-mails had passed unencrypted over the network before they were stored in McLaren’s personal folder and thus had, at some point, been available to third parties over the network, whether McLaren stored them in a personal folder or not was irrelevant. See id. at *12.
Thus the court concluded that as the e-mails theoretically could have been read while in transit, the defendant was not liable for reading them after they were sealed and available to the employer only by opening protected data files. See id. The court relied on the logic of the United States District Court for the District of Nevada, which found that with electronic mail:
all messages are recorded and stored not because anyone is `tapping’ the system, but simply because that’s how the system works.. [Electronic mail systems] store messages in a central computer until they are retrieved by, or sent to, the intended recipient. e-mail messages are, by definition, stored in a routing computer.
Bohach v. City of Reno, 932 F. Supp. 1232, 1234 (D. Nev. 1996). Many employees do not understand that technology does allow employers to observe their e-mail. See id. at 1234 n.2 (“many employees remain unaware that. the central computer routing the messages stores the transmission in unencrypted plain text files, available to the service provider whether that be a third party common carrier or the employer itself” (quoting Larry Gantt, An Affront to Human Dignity: Electronic Mail Monitoring in the Private Sector Workplace, 8 Harv. J.L. & Tech. 345, 349 (1995))). Indeed, employers providing computers and Internet access may set up a firewall “through which all Internet access flows and is registered; the firewall collects data and may be searched as a database.” United States v. Simons, 206 F.3d 392, 396 n.1 (4th Cir. 2000). Thus courts, by not recognizing that reading an employee’s e-mail might constitute an “intrusion,” are refusing to consider the common-law privacy interests people may have in their e-mails.
B. The Second Hurdle: Proving that the Intrusion was Intentional
To succeed on a claim of intrusion on seclusion, a plaintiff must prove that the intrusion was intentional. Where a defendant-employer attempted to escape liability when it surreptitiously videotaped plaintiffs-employees receiving medical treatment in the nurse manager’s office by claiming that it had only installed the camera to catch a thief, not to see the employees in a state of undress, the court held that the requisite intent was present both because the employer ought to have know that medical exams were taking place in the workplace and because the employer continued to videotape even after those who viewed the tapes realized that medical treatment was taking place. See Acuff v. IBP, Inc., 77 F. Supp. 2d 914, 923-24 (C.D. Ill. 1999). Some jurisdictions have noted that an unintentional intrusion, or one which was thought to be legitimate by the intruding party, may destroy cause of action for intrusion on seclusion. See Mayes v. Lin Television of Texas, Inc., No. 3:96-CV-0396-X, 1998 U.S. Dist. LEXIS 15088, at *12-13 (N.D. Tex. September 23, 1998) (holding that there was no invasion of privacy by a television station that intentionally listened to an audio cassette which the station did not know had been illegally obtained); In re State Police Litigation, 888 F. Supp. 1235 (D. Conn. 1995) (holding that state police officials who believed that they had legal authority to listen to recorded telephone conversations at state police barracks could not have intended to violate callers’ privacy); Marks, 331 A.2d at 424 (holding that the tort of invasion of privacy was not committed in the absence of an intentional overhearing of a private conversation by an unauthorized party). As applied to electronic monitoring in the workplace, one commentator has suggested that this factor would be defeated in the context of unintentional access to an e-mail message by a system administrator performing system maintenance. See Lee, supra, at 163.
C. The Third Hurdle: What is an Objectively Reasonable Expectation of Privacy?
The most hotly contested element across those jurisdictions recognizing intrusion on seclusion is determining what constitutes a plaintiff’s privacy interest. Regardless of the method of intrusion used, a plaintiff can recover “only if he had an objectively reasonable expectation of seclusion or solitude in the place, conversation, or data source.” Shulman, 955 P.2d at 469. First, there is generally no expectation of privacy in public or in the workplace. Second, courts are again utilizing narrow reasoning when discussing an objectively reasonable expectation of privacy in e-mail, using “voluntariness” of e-mail communications and property-based notions of ownership of computer systems to negate employees’ privacy interests in their e-mail communications.
i. No expectation of privacy in public
Courts rarely find that there is objectively reasonable expectation of privacy in public, no matter how seemingly private the public space may seem to the plaintiff. Where an employer hired a private investigator using high technology surveillance equipment, including night-vision infrared high-powered scoping devices, to videotape his employee while he was in his car in a parking lot at a wedding reception and while he was entering and leaving his home, the court found that such surveillance was lawful because the employee-plaintiff did not allege intrusion into any private place. See Salazar v. Golden State Warriors, No. C-99-4825 CRB, 2000 U.S. Dist LEXIS 2366, at *2, 5-6 (N.D. Cal. March 3, 2000) (noting that a public place cannot be distinguished from a private place based on the amount of traffic or light). See also Fayard v. Guardsmark, Inc., No. 89-0108, 1989 U.S. Dist. LEXIS 14211, at *7 (E.D. La. November 29, 1989) (holding that the “defendant alleges that the only surveillance that took place, was of activities in the public view,” which is not enough to support a cause of action).
ii. No Expectation of Privacy in the Workplace
Courts are generally not receptive to employees’ claims that their work environments contain sufficiently private spaces for an intrusion on seclusion to occur. See Marrs v. Marriott Corp., 830 F. Supp. 274, 283 (D. Md. 1992) (holding that where an employee was videotaped picking a lock on a desk drawer, the employee had no reasonable expectation of privacy in an “open office”); People for the Ethical Treatment of Animals v. Bobby Berosini, Ltd., 895 P.2d 1269, 1282 (Nev. 1995) (stating that “there is, generally speaking, a reduced objective expectation of privacy in the workplace”); Cox v. Hatch, 761 P.2d 556, 563 (Utah 1988) (finding no reasonable expectation of privacy in a “common workplace”). Thus where an employer had advised all employees that the telephones were for business purposes only and that the telephones would be monitored, “[t]he plaintiffs cannot reasonably claim any offensive intrusion by the monitoring or recording of their business calls at the work place.” Ali v. Douglas Cable Communications, 929 F. Supp. 1362, 1382 (D. Kan. 1996); see also Jackson v. Nationwide Credit, Inc., 426 S.E.2d 630 (Ga. Ct. App. 1992) (refusing to find actionable invasion of privacy based on employer’s action of monitoring telephone calls of its employees by use of speaker phone, when employer had advised employees that its telephones were for business use only).
iii. Voluntariness will Defeat an Employee’s Expectation of Privacy
Some employees have tried to overcome the basic premise that there is no objectively reasonable expectation of privacy in the workplace by proving that their employers themselves have actively carved out pockets of privacy for the employees, leading them to believe that they had expectations of privacy in their communications. However, where an employer had repeatedly assured its employees that all e-mail communications would remain confidential and privileged and that e-mail communications could not be intercepted and used by the employer against its employees as grounds for termination or reprimand, the employer was still not held liable for invasion of privacy when it intercepted the employee-plaintiff’s e-mail messages and terminated the employee-plaintiff for transmitting what it deemed to be “inappropriate and unprofessional comments over defendant’s e-mail system.” Smyth, 914 F. Supp. at 98-99. The court held that, although the employee had been told that the e-mails could not be intercepted or used against the employee, the employee exhibited no expectation of privacy in the message because the employee had voluntarily made an e-mail communication to his supervisor. See id. at 101. Other jurisdictions have similarly determined that an employee’s voluntary communication about a matter will negate any expectation of privacy in that matter. See Rudas v. Nationwide Mut. Ins. Co., No. 96-5987, 1997 U.S. Dist. LEXIS 169, at *15 (E.D. Pa. 1997); Pouncy v. Vulcan Materials Co., 920 F. Supp. 1566, 1584-85 (N.D. Ala. 1996). However, the Supreme Court of California recently held that:
in an office or other workplace to which the general public does not have unfettered access, employees may enjoy a limited, but legitimate, expectation that their conversations and other interactions will not be secretly videotaped by undercover television reporters, even though those conversations may not have been completely private from the participants’ coworkers.
Sanders v. American Broadcasting Co., Inc., 978 P.2d 67, 69 (Cal. 1999). Thus a voluntary communication within the workplace will not establish a cause of action vis-…-vis the employer because of the reduced expectation of privacy in the workplace, yet it may still succeed when involved in a tort claim against a non-employer/employee party who invaded the workplace environment.
iv. Ownership of Computer or E-mail System May Defeat Expectation of Privacy
Courts are heavily dependant on property-based concepts of ownership of computers or computer systems when determining an employee’s privacy interest in her e-mails. In McLaren, the plaintiff argued that “‘by allowing [him] to have a personal store password for his personal folders, [he] manifested and [Microsoft] recognized an expectation that the personal folders would be free from intrusion and interference.’” 1999 Tex. App. LEXIS at *3. In two earlier Texas cases, the court had recognized that where an employer provides a locker for an employee and the employee uses her own lock on that locker, the employee has manifested and the employer has recognized a reasonable expectation of privacy in the contents of the locker, despite the fact that the locker itself is owned by the employer. See Dawson v. State, 868 S.W.2d 363 (Tex. App. 1993, pet. ref’d); K-Mart Corp. v. Trotti, 677 S.W.2d 632 (Tex. App. 1984, writ ref’d n.r.e.). However, the court asserted that McLaren, “even by creating a personal password,” did not manifest “a reasonable expectation of privacy in the contents of the e-mail messages such that Microsoft was precluded from reviewing the messages.” McLaren, 1999 Tex. App. LEXIS at *12.
The court distinguished an employee’s e-mail storage system protected with a personal password from an employee’s locker with a personal lock on it by stating that while a locker was provided to an employee for the strict purpose of storing personal belongings, McLaren’s computer, which gave him the ability to send and receive e-mail messages, was part of McLaren’s “workstation. provided to him by Microsoft so that he could perform the functions of his job.” Id. at *11. Thus, the court reasoned, “the e-mail messages contained on the company computer were not McLaren’s personal property, but were merely an inherent part of the office environment.” Id. Therefore, the court found that McLaren had no reasonable expectation of privacy in his e-mails. See id. at *12.
However, it is not always the case that the actually computer used to send e-mails must be owned by the employer and/or have been given to the employee for work purposes. For instance, the Smyth court had found that the employee had no reasonable expectation of privacy in his e-mail messages even though the e-mails were sent from his home computer. See 914 F. Supp. at 99. Ignoring the fact that the e-mails had originated on the plaintiff’s home computer, the Smyth court emphasized that the e-mails had been sent over the defendant’s e-mail communication system, maintained by the defendant in order to promote internal corporate communications between its employees. See id. at 98-99.
D. The Final Hurdle: Highly Offensive to a Reasonable Person / Balancing Test
Finally, most jurisdictions end their analysis of an intrusion on seclusion claim in an employment context with an evaluation of whether or not the intrusion would be highly offensive to a reasonable person, which most courts read as requiring a balancing test between the employer’s interest in intruding and the employee’s privacy interest. See Borse v. Piece Goods Shop, Inc. 963 F.2d 611 (3rd Cir. 1992) (noting that “determining whether an alleged invasion of privacy is substantial and highly offensive to the reasonable person necessitates the use of a balancing test.”) Using a balancing test, the McLaren court stated that even if it had found that McLaren had a reasonable expectation of privacy in his e-mails, such a privacy interest would be outweighed by Microsoft’s “interest in preventing inappropriate and unprofessional comments, or even illegal activity, over its e-mail system.” 1999 Tex. App. at *12. Unfortunately, the court refrained from writing what such comments or activity might be; the opinion only states that in “December 1996, Microsoft suspended McLaren’s employment pending an investigation into accusations of sexual harassment and `inventory questions.’” Id. at *1. His request for access to his e-mail in order to disprove the allegations was denied; on December 11, 1996, he was fired. See id. at *1-2. Despite this obfuscation as to the contents of the e-mails in question and the facts alleged in the accusations and regardless of the seemingly speedy time frame during which the events took place, the court nevertheless concluded that “a reasonable person would not consider Microsoft’s interception of these communications to be a highly offensive invasion,” because at the time of the interception, McLaren was on suspension pending an investigation and had notified Microsoft that some of the e-mails were relevant to the investigation. Id. at *12.
The court in Smyth also engaged in a balancing test, noting that even if it were willing to recognize a privacy interest in e-mail communications, (which it was not,) such an interest could not rise to the level where a “reasonable person would consider the defendant’s interception of these communications to be a substantial and highly offensive invasion of his privacy.” 914 F. Supp. at 101. The defendant in Smyth had alleged that the e-mails “concerned sales management and contained threats to `kill the backstabbing bastards’ and referred to the planned Holiday party as the `Jim Jones Koolaid affair.’” Id. at 99 n.1. The court declared that:
[o]nce plaintiff communicated the alleged unprofessional comments to a second person (his supervisor) over an e-mail system which was apparently utilized by the entire company, any reasonable expectation of privacy was lost.. [T]he company’s interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee might have in those comments.
Id. at 101. Thus, in both McLaren and Smyth, the courts first determined if the employee had a reasonable expectation of privacy in his email and concluded that he did not. Despite having already made that determination, the courts still chose to consider the interests of the employer “in preventing inappropriate and unprofessional comments, or even illegal activity, over its e-mail system,” concluding that the employers’ interests were stronger, on balance, than the employees’ would-be privacy interests. McLaren, 1999 Tex. App. LEXIS at *13 (citing Smyth, 914 F. Supp. at 101).
Similarly, in a telephone monitoring case, the court found that “the employer’s asserted interest in recording the phone calls must be balanced against the degree of intrusion resulting from the employer’s methods to obtain the information.” Ali, 929 F. Supp. at 1383 (citations omitted). The Ali court asserted that there was no claim for intrusion on the employees’ seclusion where the employer assessed plaintiffs’ work performance by monitoring the business calls, which were a large part of the plaintiffs’ work responsibilities. See id. at 1382; see also Thomas v. General Elec. Co., 207 F. Supp. 792 (W.D. Ky. 1962) (holding that use of closed circuit surveillance devises, ostensibly for purpose of evaluating employee efficiency, has sufficient business justification to rebut any claim).
A collective bargaining agreement may impute employer interests regarding electronic surveillance, negating the need for discovery of specific legitimate business interests of the employer. Thus, where an employer had installed a video camera to record who entered and exited the women’s locker room, but did not record the inside of the locker room, Judge Easterbrook, writing for the court, held that privacy in the workplace is an ordinary subject of bargaining and despite a collective bargaining agreement that did not mention or authorize surveillance, the agreement dealt with the subject “by implication.” In re Amoco Petroleum Additives Co., 964 F.2d 706, 709-10 (7th Cir. 1992). Judge Easterbrook wrote that “[w]hat expectations of privacy in the workplace are objectively reasonable depends on powers and duties specified in the collective bargaining agreement,” thereby negating any possibly court-imposed right to privacy. Id. at 710.
II. Other potential torts
Alternatively, an employee might claim that the employer’s conduct constitutes the tort of intentional infliction of emotional distress. However, this may be more difficult for an employee to prove; for this cause of action the employer’s conduct must be intentional or reckless, extreme and outrageous, and must cause severe emotional distress. See Harris v. Jones, 380 A.2d 611 (Md. 1977); see also Restatement (Second) of Torts 46 (1965); Kaminski v. United Parcel Service, 501 N.Y.S.2d 871, 873 (App. Div. 1986) (holding that for cause of action under intentional infliction of emotional distress, conduct must be extreme in degree, outrageous in character, atrocious and utterly intolerable in a civilized community). One jurisdiction already imposes this higher standard of “extreme and outrageous” conduct, usually associated with intentional infliction of emotional distress, to the tort of intrusion on seclusion. See Godbehere v. Phoenix Newspapers, Inc. 783 P.2d 781, 785 (Ariz. 1989) (noting that “[a]lthough most jurisdictions that recognize a cause of action for invasion of privacy have adopted the Restatement standard of `highly offensive to a reasonable person’ or a similar standard,. Arizona courts. have imposed a stricter standard.”) (citations omitted). An employee may also wish to investigate trespass and assault as alternative grounds of possible civil liability. See 62A Am. Jur. 2d Privacy 52 (1999).
III. Electronic Communications Privacy Act [ECPA]
Drafted to amend the technologically outdated Title III of the Omnibus Crime Control and Safe Streets Act of 1968 [Title III], the ECPA’s goal was to respond to unforeseen privacy issues emerging from new communication technologies by adding protection from interception of “electronic communications” wherever the act had previously prohibited the aural interception of wire and oral communications. See 18 U.S.C. 2510-20 (1994); see also Briggs v. American Air Filter Co., 630 F.2d 414, 415 (5th Cir. 1980) (criticizing Title III by stating that “[w]e wish we had planted a powerful electronic bug in a congressional antechamber to garner every clue concerning Title III, for we are once again faced with the troublesome task of an interstitial interpretation of an amorphous Congressional enactment”); United States v. Gregg, 629 F. Supp. 958, 961-62 (W.D. Mo. 1986) (prompting the ECPA amendments because the court found that Title III did not apply to the interception of telex communications, as telex interceptions did not involve “aural acquisition” of defendant’s communications), aff’d, 829 F.2d 1430 (8th Cir. Mo. 1987), and cert. denied, 486 U.S. 1022 (1988); S. Rep. No. 99-541, at 1-2 (1986); Anne L. Lehman, E-Mail in the Workplace: Question of Privacy, Property or Principle?, 5 CommLaw Conspectus 99, 101 (Winter 1997); Alexander I. Rodriguez, All Bark, No Byte: Employee E-mail Privacy Rights in the Private Sector Workplace, 47 Emory L.J. 1439, 1448 (Fall 1998). Under the ECPA, liability may be imposed against any individual who “intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication.” 18 U.S.C. 2511(1)(a) (1994). “‘[E]lectronic communication’ means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce” and is distinct from wire and oral communication. 18 U.S.C. 2510(12) (1994). The ECPA does not specifically mention e-mail; however, the legislative history specifies that the term electronic communications “also includes electronic mail, digitized transmissions, and video teleconferences.” S. Rep. No. 99-541, at 14 (1986). Thus some courts and commentators suggest that an examination of legislative history shows that the Act was meant to protect private employee e-mail transmissions from employer monitoring. See Oliver v. WFAA-TV, Inc., 37 F. Supp. 2d 495, 506 (N.D. Tex. 1998) (stating that the “legislative history clearly indicates that Congress intended a broad ban on the use of electronic surveillance to adequately protect privacy interests”); Lehman, supra, at 102; Rodriguez, supra, at 1450 n.66 (citing Steven B. Winters, Do Not Fold, Spindle or Mutilate: An Examination of Workplace Privacy in Electronic Mail, 1 S. Cal. Interdisciplinary L.J. 85, 119 (1992)). However, the statutory language suggests otherwise; among other exceptions, the Act specifically allows an employer who provides:
electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service.
18 U.S.C. 2511(2)(a)(i) (1994). Thus the ECPA allows all network providers, under certain conditions, to monitor employee communications. See Thomas R. Greenberg, E-Mail and Voice Mail: Employee Privacy and the Federal Wiretap Statute, 44 Am. U. L. Rev. 219, 234-35 (1994) (noting that while the ECPA extended protection to many forms of communication that previously lacked a legal shield, its many provisions provide “employers with broad authority to monitor employee communications”).
A. Defining what constitutes liability under the ECPA
There are two main elements to a finding of liability under the ECPA. First, there must be an affirmative attempt by the defendant to intercept, or persuade another to intercept, an electronic [or wire or oral] communication. See Wesley College v. Pitts, 974 F. Supp. 375, 381 (D. Del. 1997). Second, there must be the use or disclosure of the contents of the electronic communication while knowing or having reason to know of an illegal interception. See id. at 383.
Much discussion by courts has been devoted to the analysis of “intercept.” Looking at a computer screen to read an e-mail has not been held adequate to constitute an intercept. See id. More to the point, a computer screen is not, according to one jurisdiction, “an electronic, mechanical, or other device” used to acquire the contents of any electronic, mechanical or other device. Id. Rather, a computer is “just the medium for the information, not an intermediary employed by [the defendant] to receive that information.” Id. Similarly, there was no intercept when an agent acquired the contents of a pager by pressing the digital display button and visually observed the telephone numbers that had been left. See United States v. Meriweather, 917 F.2d 955, 960 (6th Cir. 1990).
The Court of Appeals for the Fifth Circuit, while acknowledging that e-mail may be intercepted, narrowly defined how an interception of e-mail may occur. See Steve Jackson Games, Inc. v. United States Secret Service, 36 F.3d 457, 461 (5th Cir. 1994). In a case before that court, the Secret Service had seized a computer that ran the plaintiff’s e-mail system. See id. at 459. The Secret Service read and deleted the 162 unopened, unread e-mails on the system. See id. The court held that the seizure did not constitute an “intercept,” interpreting the e-mails as being in “electronic storage” and therefore part of “wire communication” rather than “electronic communication.” See id. at 462. The court read the statutory language to mean that wire communication may only be intercepted “aurally.” Prior to its amendment, the Act:
defined “intercept” as the “aural acquisition” of the contents of wire or oral communications through the use of a device. 18 U.S.C. 2510 (4) (1968). The ECPA amended this definition to include the “aural or other acquisition of the contents of… wire, electronic, or oral communications….” 18 U.S.C. 2510(4) (1986) (emphasis added for new terms). The significance of the addition of the words “or other” in the 1986 amendment to the definition of “intercept” becomes clear when the definitions of “aural” and “electronic communication” are examined; electronic communications (which include the non-voice portions of wire communications), as defined by the Act, cannot be acquired aurally.
Id. at 461. Thus the court chose to apply the “other” acquisition besides “aural” only to electronic communication, but not to wire communications, or specifically, stored e-mails that had not yet been read by their intended recipients.
Courts have thus narrowly interpreted how an intercept can occur. The Steve Jackson court held that an e-mail stored on a bulletin board services’ computer was an “electronic transmission” no longer in transmission and therefore could not be intercepted despite not having yet been read by the intended recipient. Id. at 460. Similarly, a federal district court held that for an “intercept” to occur, EPCA requires the acquisition of “electronic communication” data to be simultaneous with the original transmission of the data. United States v. Reyes, 922 F. Supp. 818 (S.D.N.Y. 1996).
B. Exceptions to Title III most relevant in the employment context
Several exceptions to the statute are of particular relevance in the workplace setting. The ECPA prohibits interceptions of wire, oral and electronic communications and defines such an intercept as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” 18 U.S.C. 2510(4) (1994). Devises which are “furnished to the subscriber or user. in the ordinary course of its business or. used in the ordinary course of its business” are specifically eliminated from the definition of “electronic, mechanical, or other device[s].” 18 U.S.C. 2510(5) (1994). This is generally referred to as the “business-use” exemption. See Wilborn, supra, at 840-41.
Additionally, the “prior consent” exemption makes it not unlawful “to intercept a wire, oral, or electronic communication. where one of the parties to the communication has given prior consent to such interception..” 18 U.S.C. 2511(2)(d).
The third significant exemption to ECPA in the employment context is the “switchboard operator and provider” exception:
It shall not be unlawful. for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.
18 U.S.C. 2511(2)(a)(i). Thus the clause recognizes two exceptions, one for switchboard operators and a second for employees of public providers of wire communications service. See Berry v. Funk, 146 F.3d 1003, 1010 (D.C. Cir. 1998). The first exception recognizes that switchboard operators, when connecting calls, may inevitably overhear a small part of the call in order to make sure that the call is placed. See id. However, a switchboard operator “is never authorized simply to monitor calls.” Id. One might note, however, that a provider of communications service may be obliged to monitor calls considerably beyond the incidental overhearing by a switchboard operator. See id.
Whatever defenses/exceptions an employer attempts to use under the ECPA, most jurisdictions inevitably examine the content of the communications. Consider the case of a husband and wife who owned and operated a package store and lived in an adjacent mobile home. See Deal v. Spears, 980 F.2d 1153, 1155 (8th Cir. 1992). They installed a recording device on the store’s extension phone in their mobile home, because the store had been robbed earlier and they suspected that it was an inside job. See id. They recorded twenty-two hours of their employees’ phone conversations and listened to all of the conversations indiscriminately, regardless of the nature of the calls or the content of the conversations. See id. at 1156. None of the conversations revealed anything about the burglary, but the employers did record conversations of one of the employees which revealed that she was having an extramarital affair and that she had sold her boyfriend a keg of beer at cost, in violation of store policy. See id. The same employee had generally made or received many phone calls while at work, so that even before buying the recorder, the employers had asked her to cut down on her use of the phone and had told her that they might resort to monitoring the calls or installing a pay phone in order to curtail the abuse. See id. at 1155-56. After listening to the recorded conversations, the husband-employer played a few seconds of the incriminating tape to the employee when she next reported to work and then fired her. See id. at 1156.
The employers raised several defenses to the court’s finding of civil liability under Title III. First, they argued that the employee’s prior consent might be implied both because the employer had mentioned that he might be forced to monitor calls and because the extension telephone in the employers’ home gave actual notice that the calls might be overheard, resulting in the employee’s implied consent to interception. See id. at 1156-57. The court rejected such arguments, pointing out, first, that the employers did not actually inform the employee that they were monitoring calls, only that they might do so, and second, that the employers did not want the employee to suspect that the calls were being intercepted, “since they hoped to catch her making an admission about the burglary, an outcome they would not expect if she knew her calls were being recorded.” Id. at 1157. The court also noted that “consent under Title III is not to be cavalierly implied.” Id. (citing Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983)).
The employers in Deal also attempted to raise the business use exemption. See 980 F.2d at 1157. But the court rejected this argument as well, stating that although the employers might legitimately have monitored the employee’s calls to the extent necessary to determine if the calls were personal and made or received in violation of store, “the scope of the interception in this case takes us well beyond the boundaries of the ordinary course of business.” Id. at 1158. The court held that recording twenty-two hours of calls and listening to all of them without regard to their relation to the employers’ business interest did not justify the extent of the intrusion. See id.
In Watkins, the employer-defendant had an established policy, of which all sales representative employees were informed, of monitoring solicitation calls as part of its training program. See 704 F. Supp. at 579. Personal calls were permitted, and employees were told that personal calls would not be monitored except to the extent necessary to determine whether a particular call is of a personal or business nature. See id. During her lunch hour, the employee-plaintiff received a personal call in the office from a friend, during which the friend asked about an employment interview Watkins had had with another company the evening before. See id. The call was monitored and the employee was fired. See id. The court rejected the employer’s defense that there was consent, stating that “knowledge of the capability of monitoring alone cannot be considered implied consent.” Id. at 581 (citations omitted). The court further held that the employee consented to neither an interception of this particular call nor to policy of general monitoring; the court instead determined that the employee only consented to a monitoring of sales calls, including the inadvertent interception of a personal call, but only for as long as necessary to determine the nature of the call. See id.
However much Watkins appears to have been decided in favor of the employee, not all courts have so construed similar fact patterns. In a case where an ex-employee claimed that her employer intercepted her phone conversations in violation of the statute, the court found that all employees had advanced notice that a monitoring device would be installed in the telephones, for the purpose of allowing supervisory personnel to monitor business calls and thereby give training and instruction to employees as to how to deal with the public, and that no employees had protested the installation. See James v. Newspaper Agency Corp., 591 F.2d 579, 581 (10th Cir. 1979). However, the court determined that this fact pattern did not come under the prior consent exemption, but that that “the present case comes squarely within the exception provided in 18 U.S.C. 2510(5)(a),” the business-use exemption, and therefore affirmed summary judgment granted to the employer. Id.
An employee trying to state a claim for relief under Title III might thus be well-advised to be quite specific in her allegations of the monitoring of specific conversations and the time that they took place. Some jurisdictions have chosen to follow the general principle that any call whose subject is business, if monitored, is necessarily done in the ordinary course of business even if not authorized by a company monitoring policy and not known to employees. See Epps v. St. Mary’s Hospital, 802 F.2d 412, 416-17 (11th Cir. 1986). Other jurisdictions follow a stricter analysis “that if covert monitoring is to take place it must itself `be justified by a valid business purpose.’” Berry, 146 F.3d at 1009 (citing Sanders v. Robert Bosch Corp., 38 F.3d 736, 741 (4th Cir. 1994). In either case, however, the end result is usually the same: the court will inevitably examine the content of the call and then discuss its criteria in a more or less strict fashion. Thus in Epps, where an employee overheard a co-employee’s phone call, and after fifteen minutes, decided to go to another room where, using an extension phone, she could record the call, the court used a loose standard as to what constituted a “business” call and held for the employer, as the call involved “scurrilous remarks about supervisory employees in their capacities as supervisors.” 802 F.2d at 417.
When assessing a claim of invasion of privacy brought by an employee who was subjected to electronic monitoring in the workplace, most state courts follow the Restatement and examine whether or not the plaintiff had an objectively reasonable expectation of privacy in the matter intruded upon. If so, the court will then examine if the employer-defendant had a legitimate business reason for the invasion that overrides the employee’s privacy interest. In the vast majority of such invasion of privacy cases, courts have ruled in favor of employer-defendants, finding a reduced expectation of privacy in the workplace and that an employer’s business interests outweigh an employee’s privacy interest. Courts have upheld claims of invasion of privacy only where the employer’s monitoring has been physically invasive and has had no legitimate business purpose, such as conducting video surveillance inside of a bathroom or locker room in the workplace. Otherwise, state common law tort claims concerning electronic monitoring in the workplace virtually always fail. Similarly, when assessing a claim under ECPA, an employee’s privacy interest in any electronic communications will fail when construed alongside any legitimate business purpose of her employe.