|Privacy and Workplace Computers|
|Written by Michael P. Stone|
Ziegler was suspected by other employees of accessing child pornography websites on the company’s computers. The company had a "firewall" in place that permitted it to continuously monitor employees’ use of the Internet.
Supervisory employees also suspected Ziegler was accessing the pornographic websites, and installed a device in Ziegler’s computer that recorded his Internet activity. Ziegler’s search engine activities revealed that he had searched for information on "pre-teen girls" and "underage girls."
Cooperating with the FBI, the company made copies of Ziegler’s hard drive and delivered one copy together with the tower containing the original hard drive to the FBI. Company supervisors obtained a key to Ziegler’s private office and entered late one night to accomplish these seizures; obviously, without Ziegler’s knowledge or consent. The hard drive revealed many images of child pornography.
Proceedings In The Trial Court
A federal grand jury indicted Ziegler, whereupon Ziegler’s counsel moved the trial court (U.S. District Court for the District of Montana) to suppress all information and evidence obtained as a result of the search and seizure of Ziegler’s workplace computer. In its findings of fact within the Order denying the motion on the basis that Ziegler "had no reasonable expectation of privacy in the files he accessed on the Internet," the trial court specified that "(FBI) Agent Kennedy contacted...(company employees) and directed them to make a back-up of defendant’s computer files" (emphasis in opinion). The trial court relied on a 4th Circuit case, United States v. Simons, 206 F.3d 392 (4th Cir. 2000) to find Ziegler had no expectation of privacy in its Order denying the motion.
Ziegler argued that the search of his computer was carried out at the behest of Agent Kennedy and violated the Fourth Amendment. The government responded that Ziegler could not have a reasonable expectation of privacy in a computer paid for by the company for use in company business, within an office paid for by the company, and where the company had installed a firewall to monitor employees’ Internet usage. Apparently, this monitoring capability was well known by all employees.
The Ninth Circuit Opinion
Noting that "for most people, their computers are their most private spaces," United States v. Gourdi, 440 F.2d 1065, 1077 (9th Cir 2006) (en banc), the Court said the "validity of that expectation depends entirely on its context." In order to prevail, Ziegler would have to prove (1) that he had a subjective expectation of privacy; and (2) that his expectation of privacy was objectively reasonable.
As to the first element of Ziegler’s burden, the presence of his subjective expectation of privacy is established by the need for his personal password to access his computer, and the lock on the door to his private office.
Turning to the second prong (objective reasonableness) the Court reviewed United States v. Simons upon which the trial court relied. There, the Fourth Circuit held that an employer’s Internet usage policy — which required all employees to use the Internet only for official business, and informed employees that the company would conduct audits, including the use of a firewall —defeated any expectation of privacy in the records of employees’ Internet use.
The Court, as did the trial court below, relied on this reasoning to hold that Ziegler had no reasonable expectation of privacy in his computer, where his employer published an employment manual that was provided to new employees including Ziegler, which established policies prohibiting use of the computers for personal activities, and that explained the company’s program of continuous monitoring through the use of the firewall. Ziegler did not contradict these facts, nor did he assert that he was unaware of the policies.
The Court noted the established rule in many similar cases* which held that the employers’ policies, providing for "official business" only use, monitoring, company access, company ownership and so forth, defeat any reasonable expectation of privacy. So, the rule is that the existence of such policies effectively diminishes employees’ expectations of privacy in the use of the employers’ computers. By resolving this case on these grounds, the Court found it unnecessary to confront the question of whether an "agency relationship" existed between the FBI and the company when the supervisors entered Ziegler’s locked office in cooperation with Agent Kennedy. But did the entry into Ziegler’s locked office violate any expectation of privacy? In footnote 9, the Court distinguished cases which found such an expectation in a locked office on the basis that there was no "general search" of Ziegler’s office, nor entry into a desk or file cabinet "given over to [Ziegler’s] exclusive use, Schowengerdt v. General Dynamics Corp., 823 F.2d 1328, 1335 (9th Cir. 1987), in which Ziegler could have kept private papers or effects." The entry was rather, an "operational reality."
In the typical law enforcement workplace, policies on use of department-owned computers and other electronic information and storage systems are common. These prohibit use for "personal" business or activities, and provide for employer access and monitoring. Employees are often required to acknowledge these policies in writing, signaling their understanding that the employer will access the systems for any legitimate business purpose, including ensuring compliance with the policies.
Hence, in most situations, the employer’s intrusions into computers and electronic systems assigned to employees do not violate the Fourth Amendment. For criminal investigation purposes, law enforcement employers might decide to seek a search warrant in a particular case, but the law is clear that under the circumstances discussed herein, the Fourth Amendment provides no shield against employer access into agency-owned computers and electronic information systems.
Simple adherence to these policies and rules is the best protection against employer intrusions into private affairs, administrative misconduct charges, and occasionally as here, criminal prosecution.
Michael P. Stone, Esq. is a partner in the law firm, Stone Busailah, LLP.
Michael P. Stone is the firm’s founding partner and principal shareholder. He has practiced almost exclusively in police law and litigation for 27 years, following 13 years as a police officer, supervisor and police attorney.