2 Va. J.L. & Tech. 4 (Fall 1997) <http://vjolt.student.virginia.edu>
1522-1687 / © 1997 Virginia Journal of Law and Technology Association

VIRGINIA JOURNAL of LAW and TECHNOLOGY

UNIVERSITY OF VIRGINIA

FALL 1997

2 VA. J.L. & TECH. 4

Windows Nine-to-Five: Smyth v. Pillsbury and the Scope of an Employee’s Right of Privacy in Employer Communications

by Rod Dixon[*]


    Summary

  1. By any measure, the impact of computer communications technology on the workplace is difficult to exaggerate. Recent and rapid proliferation of desktop computers has led to an enormous increase in both the amount and importance of electronic communication.[1] Estimates are that employees will send over 60 billion electronic messages per year by the year 2000 through electronic-mail systems.[2] Notwithstanding the impressive advancements in computer communications, rather than solving all of our communication problems, this technology has created many new problems and, in some instances, increased the severity of old ones. Due to the pervasiveness of computer technology in the workplace, serious questions have arisen concerning whether this technology presumptively may limit an employee’s right of privacy.[3]
  2. Nearly twenty-five percent of the messages sent by American workers are subject to some type of electronic monitoring[4] by an employer.[5] Although most employers who monitor electronic communications[6] never warn employees about monitoring, many of these employers have come to rely upon electronic monitoring as their 9-to-5 window into an employee’s workspace.[7]
  3. The most recent federal court to address squarely whether an employer’s monitoring of an employee’s e-mail communications improperly intrudes upon an employee’s right of privacy was the United States District Court for the Eastern District of Pennsylvania in Smyth v. Pillsbury Co.[8] Smyth is significant because it is the first federal decision to hold that a private sector at-will employee has no right of privacy in the contents of his or her e-mail when the it is sent over an employer’s e-mail system.[9] What follows is an examination of the novel question considered in Smyth: the extent to which an employee may rely upon common law protection to safeguard his or her privacy in workplace electronic communications.
  4. Whether the discharge or discipline of an employee on the basis of an intercepted e-mail message interferes with an employee’s right of privacy, like other issues concerning the right of privacy, essentially depends on societal notions about the degree of personal autonomy an individual should have when he or she is in the workplace or is using an employer’s equipment. Even where an employee’s conduct may fall outside our current understanding of an employee’s right of privacy, the law pertaining to privacy should inform and remind us that the invasive nature of high technology supports the notion that vigilant protection of an employee’s right of privacy would be more illusory than real if the scope of the right of privacy does not encompass basic notions that personal autonomy does not become less important simply because the individual enters a workspace.
  5. The determination in Smyth that employees should have no expectation of privacy in the contents of their e-mail communications in an employer’s network, is clearly erroneous. Although the holding of Smyth is sweeping, it is doubtful that its application should be. The Smyth holding is based on several fundamentally flawed interpretations of privacy law and mistaken findings about computer communications technology. Smyth’s determinations stripped all e-mail communication, a fortiori, of privacy protection without regard to the technology used to transmit e-mail or the employee’s subjective expectations of privacy.[10]
  6. First, the court erred by confusing notions of solitude with those of privacy and singularly focusing on whether a company e-mail system could be thought of as objectively secure or private, rather than also considering whether the employee subjectively believed that his e-mail communications would not be intercepted. Further, the court relied upon a conceptual distinction in privacy law that is on a collision course with technology.[11] Computer communications technology has led to a convergence of telephonic or common-carrier communications and data-driven digital communications.[12] The result is that current privacy law distinctions between common-carrier communications and e-mail communications do not reflect the fact that these communications media essentially have converged. The law is unworkable in its present form because it lags far behind the technological advances already made. While this may not be a novel occurrence, since legal jurisprudence – perhaps for good reason – often trails far behind innovations in modern technology and its impact upon the law, this fact alone should render doubtful the application of Smyth to future e-mail privacy cases.
  7. Although some courts’ ill-defined and vague references to the right of privacy have exacerbated the inconsistent level of protections that the right actually provides, there is no practical or logical reason supporting the current bifurcation of worker privacy rights regarding telephone or common-carrier communications and e-mail or computer communications. This is most evident in the failure of the Smyth decision to consider the relevant application of privacy law doctrine in workplace common-carrier communications. In this respect, the court should have recognized that an employee’s right of privacy in computer communications should be at least co-extensive with his privacy rights in common carrier communications. Although the Smyth court implicitly could have rejected drawing an analogy from common carrier communications and, instead, maintained the law’s distinction between e-mail and telephone communications, an understanding of computer technology demonstrates that the distinction is a useless remnant when analyzing contemporary workplace privacy issues. In this regard, an employer’s ability to monitor computer communications should be limited, at the very least, by the restrictions already sanctioned by the law of privacy regarding workplace common-carrier communications.[13]

    I. Introduction

  8. On January 18, 1996, the United States District Court for the Eastern District of Pennsylvania issued the Smyth memorandum opinion concluding that an at-will employee does not have a reasonable expectation of privacy in the contents of his e-mail communications sent through his employer’s e-mail system under Pennsylvania’s common-law cause of action for wrongful discharge.[14] In addition, the court held that an employer’s interest in preventing inappropriate comments or illegal activity from being transmitted over its e-mail system far outweighs any privacy interest an employee may have in his e-mail comments.[15] The court reached its conclusions as a result of a wrongful discharge action filed by Michael Smyth against his employer, the Pillsbury Company (Pillsbury), a food product manufacturer. The court agreed with Pillsbury that Smyth’s claim of wrongful discharge should be dismissed for failure to state a claim upon which relief can be granted, pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure.[16]
  9. Smyth claimed that he was wrongfully discharged from his position as regional operations manager when Pillsbury discharged him for sending inappropriate e-mail communications to his supervisor. In October 1994, Smyth received e-mail communications sent from his supervisor’s computer at Pillsbury to Smyth’s home computer. The two employees exchanged e-mail communications concerning recent developments involving Pillsbury’s sales management staff. Smyth’s e-mail communications contained sarcastic and critical comments.[17]
  10. One of Smyth’s messages contained what Pillsbury termed threatening language. In it, Smyth stated that he would "kill the backstabbing bastards."[18] Another message referred to a planned company holiday party as the "Jim Jones Koolaid affair."[19] Unknown to Smyth, Pillsbury intercepted his e-mail communications.[20] On January 17, 1995, Pillsbury notified Smyth that it was terminating his employment effective February 1, 1995, for transmitting what it deemed to be inappropriate and unprofessional comments sent over its e-mail communications system in October 1994.[21] In support of its action, Pillsbury claimed that each time an employee logged onto its system, the employee received a message stating that employee e-mail communications were not secure, and that management reserved the right to view any e-mail communication at any time.[22] Smyth did not directly dispute Pillsbury’s contention; he asserted that Pillsbury repeatedly had informed its employees that their e-mail communications would remain confidential and would not be used as a basis for reprimand or dismissal.[23]
  11. The court rejected Smyth’s arguments. In granting Pillsbury’s Rule 12(b)(6) motion, the court stated that the right of privacy did not extend to the contents of e-mail communications, despite the fact that employees were entitled to a right of privacy on the basis of the public policy favoring privacy rights emanating from tort law under Pennsylvania state law.[24] According to the court, company e-mail does not have privacy protection because e-mail necessarily is public in the manner in which messages travel over an employer’s network.[25] In addition, the court determined that employers have a legitimate need to monitor e-mail communications to safeguard the company-owned computer network and manage worker productivity.[26] This interest, according to the court, may override an employee’s interest in privacy, even if an employer makes assurances that e-mail communications are confidential.[27]

    II. The Source of an Employee’s Right of Privacy in the Workplace

  12. Defining what constitutes an employee’s right of privacy has proven to be no easy task for courts or legislatures.[28] Furthermore, the assurance of a right of privacy in the workplace largely appears to depend upon the extent to which an employer may exercise its legitimate interest in maintaining control over the workplace without running afoul of an increasing bundle of employee rights. In part, this has been difficult to determine because federal constitutional right of privacy jurisprudence has influenced heavily state and federal court interpretations of privacy rights in the workplace, regardless of whether the employee worked in the public or private sector or whether the source of the employee’s right of privacy emanated from sources other than the Federal Constitution.[29]
  13. Today, the notion that the scope of an employee’s right of privacy, regardless of the source of the right, is limited by the employee’s reasonable expectation of privacy is accepted as a threshold principle in evaluating workplace privacy issues, notwithstanding the fact that this principle derives from constitutional law.[30] Evaluating whether an employee’s expectation of privacy is reasonable in order to determine whether the privacy right exists has its genesis in the Fourth Amendment of the United States Constitution.[31] Fourth Amendment search and seizure doctrine generally protects an expectation of privacy that society is prepared to consider reasonable.[32] In analyzing the reasonableness of the search, courts often balance the need to search or intrude against the invasion of privacy resulting from the intrusion.[33] In the context of the workplace, courts have been halting and languid in finding invalid intrusions of an employee’s privacy.[34] Courts often determine that employers have a strong interest in monitoring employee activity for the purposes of assuring the quality and quantity of work product, and for protecting against theft, fraud, or other illegal activity.[35] Although limitations on the government’s ability to intrude on the constitutional right of privacy for individuals have been recognized concerning family matters, setting limitations on an employer’s invasion of an individual’s right of privacy in the workplace has proven to be particularly troublesome for the courts.[36] Even where such delineation has been accomplished, courts often have made widely divergent interpretations of when an employee’s right of privacy may be circumscribed by his or her consent to workplace monitoring.[37]
  14. Notwithstanding the fact that federal constitutional case law has had a major impact in shaping workplace privacy, surprisingly there is no federal statute squarely on point which protects an employee’s privacy interests in his computer or electronic communications transmitted within a computer network owned or operated by his employer.[38] To the extent that courts have attempted to invoke the protections of a federal statute, courts have relied almost exclusively upon the Electronic Communications Privacy Act of 1986 (ECPA).[39] Under the ECPA, private individuals and organizations may be prosecuted for unauthorized interception of electronic communications.[40] The ECPA, however, does not directly address privacy protections of employees, in relation to their employers, who communicate by e-mail.[41]
  15. Perhaps this is so because Congress passed the ECPA, not specifically to address privacy concerns, but, instead, to close loopholes in Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (Title III).[42] The ECPA appears to focus on third party interception. This focus may provide some proof that Congress enacted the ECPA because it was principally addressing the problem of a company’s stealing valuable electronic information from its competitors. Yet, nothing in the legislative history of the ECPA clearly suggests that Congress did not intend the ECPA to cover a private employer’s monitoring of an employee’s e-mail transmissions.
  16. In stark contrast to the lack of federal statutory employee e-mail privacy protection, the bulwark for employee privacy protection has become state common law.[43] Virtually all states have adopted some form of a common law tort of invasion of privacy.[44] The form most relevant to e-mail interception is the "unreasonable intrusion upon the seclusion of another" tort. This tort holds that "one who intentionally intrudes, physically or otherwise, upon the seclusion of another…is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person."[45]
  17. As suggested supra, the elements of the tort are similar to the standards used in determining a Fourth Amendment search and seizure or constitutional privacy claim. For behavior to be actionable, the employee must prove that his employer committed a highly offensive intentional intrusion into a private matter.[46] Finally, in determining the offensiveness of an intrusion, courts examine the degree of intrusion, the context, and circumstances surrounding the intrusion, as well as the intruder’s motives and objectives and the expectations of those whose privacy is invaded.[47]
  18. Recently, some state courts have also interpreted their respective state constitutions and statutes to provide employees with privacy protection and in some instances have found broader privacy protections in state constitutions than the Federal Constitution.[48]

    III. Evaluating the Smyth Right of Privacy

  19. The Smyth court concluded that the plaintiff could prove no set of facts in support of his wrongful discharge claims that would entitle him to relief.[49] After acknowledging that Pennsylvania employment law is governed by the at-will employment law doctrine, the court noted that where the discharge of an at-will employee threatens or violates a clear mandate of public policy, the employer may be subject to a cause of action for wrongful discharge.[50] In Smyth, the employee claimed, inter alia, that his discharge violated Pennsylvania public policy because, in that state, employers were precluded from dismissing employees when the dismissal was based on actions by the employer which violated an employee’s right of privacy.[51] In Pennsylvania, the public policy exception to the at-will employment law doctrine must be based on a clear mandate of public policy.[52] In this context, the Pennsylvania Court of Appeals has found such a mandate embodied in the state’s common law cause of action for tortious invasion of privacy; namely, the tort of intrusion upon seclusion.[53]
  20. Applying the Restatement (Second) of Torts definition of the tort of intrusion upon seclusion to the circumstances surrounding Smyth, the court determined that Smyth could not have had a reasonable expectation of privacy in his e-mail communications. According to the court:

    [U]nlike urinalysis and personal property searches, we do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurances that such communications would not be intercepted by management. Once plaintiff communicated the alleged unprofessional comments to a second person (his supervisor) over an e-mail system which was apparently utilized by the entire company, any reasonable expectation of privacy was lost.[54]

  21. Perhaps anticipating that its holding relied upon a rather elusive and tenuous determination concerning when an employee may loose his reasonable expectation of privacy when using an employer’s e-mail system, the court went a step further and held that an employer’s interception of an employee’s e-mail was not a highly offensive or substantially intrusive invasion of the employee’s right of privacy.[55] More importantly, the court swept away any need to undertake an actual balancing of an employee’s interest against his or her employer’s since the court summarily held that an employer’s interest in "preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments."[56]
  22. The court’s determinations in Smyth are flawed for several reasons. First, the court improperly focused its analysis of whether Smyth maintained any expectation of privacy in his e-mail communications on the fact that Pillsbury’s e-mail system was "utilized by the entire company."[57] According to the court, at the very moment Smyth sent his e-mail communication through the wires of the company e-mail system, any expectation of privacy was lost by the mere nature of the system.[58] In this respect, the court seemed to have confused the concept of privacy with that of solitude. The long standing distinction between "privacy" and "solitude" has been accorded significance in privacy law, even in the context of tort actions, to ensure that the right of privacy does not become a right reduced to a measurement of the physical surroundings of the alleged privacy invasion.[59] Courts have wisely eschewed the adoption of a bright line test to measure the contours of a right which protects personal autonomy and is held so fundamental to individuals.[60] Contrary to Smyth, the fact that a company’s communication system is used widely by multiple users should not thereby transform the contents of any message sent through that system as statements devoid of any expectation of privacy. Indeed, the fact that others have access to the location[61] or physical entity for which privacy protection is being sought has never, in itself, justified a determination that a privacy interest does not exist.[62] There is no reason to believe that Smyth’s expectation of privacy should fade away or otherwise be affected by the simple fact that the e-mail system is used by all company employees or by the fact that Pillsbury has the right to make lawful interceptions of an employee’s e-mail communication.
  23. An employee enjoys an expectation of privacy in the drawers or files within his or her office, notwithstanding the fact that his supervisor or coworkers may enter the workspace.[63] Similarly, Smyth’s use of his employer’s e-mail system could not remove his subjective expectation of privacy in the contents of his e-mail messages simply because other employees have access to the computer network. In this regard, the court did note that Pillsbury informed its employees that e-mail messages were confidential, but did not find the employer’s statements indicia of Smyth’s expectation of privacy.[64]
  24. Undoubtedly, had the court properly distinguished between privacy and solitude, it would not have found that Pillsbury’s e-mail system, itself, stripped Smyth’s e-mail messages of any privacy protection. In this respect, the court’s analysis would have advanced forward to determine whether Smyth’s expectation of privacy in the contents of his e-mail messages was reasonable.
  25. As it stands, Smyth’s determinations stripped all e-mail communication, a fortiori, of privacy protection without regard to the technology used or the employee’s subjective expectations of privacy. In this context, Smyth so egregiously departed from current doctrine on the law of privacy that the decision may be validly distinguished and limited to its peculiar findings. Although not directly on point, O’Connor v. Ortega supports the proposition that the contours of employee privacy are not precisely shaped by the degree of solitude the employee finds himself working in.[65]
  26. In Ortega, Dr. Ortega was employed as a psychiatrist at a state hospital.[66] He became subject to an investigation regarding various improprieties including his alleged mismanagement of the hospital’s residency program.[67] During the investigation, hospital employees entered and searched Ortega’s locked office, where numerous items were seized from his desk and files.[68] Subsequently, Ortega was fired and he sued the hospital, complaining that the search violated his Fourth Amendment rights.[69] The district court granted summary judgment for the hospital, and the Ninth Circuit affirmed summary judgment on Ortega’s state claims, but reversed the district court’s grant of summary judgment on Ortega’s Fourth Amendment claims.[70] On appeal, the Court found that Ortega had a reasonable expectation of privacy in his desk and file cabinets located inside his office.[71] Justice Scalia’s dissent noted that the concepts of privacy and solitude, while similar, are analytically distinct.[72] Justice Scalia acknowledged that there is a distinction between a determination concerning whether an employee maintained a subjective expectation of privacy and whether the physical location of an employee’s desk or other so-called private matter warrants an expectation of solitude. The latter goes to the employee’s understandings about his employer’s practical capability to intrude upon his privacy while the former goes to an employee’s expectations concerning his employer’s lawful ability to intrude upon his privacy.[73]
  27. Smyth is also flawed because the decision is not in step with the decisions of other courts regarding the proper focus of inquiry in determining an employee’s subjective expectation of privacy in the workplace. For example, in Walker v. Darby,[74] the Eleventh Circuit recognized that an employee’s expectation of privacy is not solely dependent upon whether the work-space was objectively secure from communication interception, but also depends upon whether the employee subjectively believed that interception would not occur.[75] Regarding e-mail communications, this could be demonstrated by the employee’s use of encryption technology or the employer’s statements concerning confidentiality. In Smyth, the court recognized that Pillsbury had sent notices to employees informing them that their use of company e-mail was considered confidential, but inexplicably gave no weight to this fact in its determination that Smyth had no subjective expectation of privacy.[76] In Walker, the plaintiff who was a letter carrier for the United States Post Office in Florence, Alabama believed that his Caucasian supervisors were trying to terminate him for race-motivated reasons.[77] Someone warned Walker that his supervisors were monitoring his conversations at his workstation. Walker then noticed two objects that looked like intercoms affixed to his workstation.[78] Walker sued his supervisors for illegal interception of his conversations and invasion of privacy.[79]
  28. The Eleventh Circuit held in favor of Walker based on two key factors. First, the district court believed that a plaintiff could raise an issue of material fact regarding "actual interception" only where he could prove specific contents of a particular conversation were intercepted.[80] The Eleventh Circuit disagreed and held that "actual interception" may be proved without direct evidence, because a successful wiretap depends on the perpetrator’s ability to conceal the tap.[81] Second, the Walker court found that questions regarding Walker’s expectation of privacy were part of the same inquiry. Walker needed a subjective expectation that his conversations would not be intercepted; which is distinguished from determining whether Walker had a reasonable expectation of privacy in his workplace area.[82] This distinction was critical to Walker’s case.[83]
  29. More troubling, the Smyth court also misunderstood the fundamental nature of the communications technology involved. Today, the nature and prevalence of computer communications requires courts to consider analogous communications media when determining the contours of an employee’s right to privacy. In this respect, courts must recognize that employer limitations on the electronic monitoring of telephone or common-carrier communications in the workplace should also guide an analyses of the permissibility of similar electronic monitoring regarding computer communications.
  30. Computer communications incorporate several communications media into one desktop box, which permits computer users to access a range of choices on how to communicate with others.[84] E-mail communication is only one, albeit important method of computer communication. Already, desktop computers have replaced answering machines, facsimile machines, and broadcast devices such as television sets and radios. An employee may use his employer’s computer network connection to access the Internet;[85] to fax documents, receive voice mail, record voice mail messages, make phone calls; and to participate in video-conferencing.[86]
  31. Paradoxically, the privacy protection afforded postal mail and voice-mail far outstrips that currently afforded e-mail.[87] Moreover, unlike postal mail, e-mail reaches its intended recipient almost instantaneously and may be more secure than postal mail by adopting encryption technology, which could effectively lock-out the eyes of anyone gaining access to the e-mail message except the intended recipient. Further, the anachronistic distinction between the protections afforded employees in their telephone communications versus those afforded employees in their computer communications is no longer legitimate.[88] Advances in communications technology has fueled the convergence of traditional telephonic communication with computer communications.[89]
  32. Recent advancements in computer technology has led to the development and use of Universal Messaging Systems, which allow individuals to send e-mail communications or voice mail communications over the company’s computer network depending on the employee’s preference.[90] Messages sent as e-mail communications also can be transformed by the receiver into a voice mail message or vice-versa.[91] But, what happens when an e-mail message is retrieved as a voice mail message, and the employer intercepts the voice mail message?[92] Which level of privacy protection should the message be afforded, that common carrier or e-mail? Consider the reverse situation. An employee sends a voice message via telephone, which is retrieved as a computer communication or email message. Should his her expectation of privacy be diminished when that message is intercepted by his or her employer? To these questions, there are no easy answers. Indeed, courts should not have to answer these questions, but yet the current state of privacy law would make such inquiries more than just relevant.
  33. Without debate, the widespread use of computer communications technology makes it nearly impossible to determine whether a communication should be categorized as a telephone message and, therefore given heightened privacy protection, or as an e-mail message, which under Smyth, would be entitled to no privacy protection at all.[93] This conundrum illustrates why workplace privacy jurisprudence must abandon the archaic distinction between computer communications and traditional telephonic communications. To fail to do so, not only would appear to be obnoxious to the protection of a fundamental right, but inevitably would be unworkable as communications media continue to converge and other technological advances, such as secure or encrypted e-mail transmissions, become commonplace. Although the Smyth court cannot be faulted for being ill-equipped to assess the present state of computer communications, or for that matter, for not considering issues that the parties may have failed to make known to it, the court’s sweeping holding was clearly inappropriate in light of the rapidly developing communications technology.
  34. In addition, the significant transformation of electronic communications that the Internet is bringing about will further alter the subjective expectation of privacy employees will have concerning their e-mail communications. The Internet is an open system. Employers provide their employees with access to the Internet by connecting the company’s local area network (or LAN) directly to the Internet. This enables employees to send e-mail communications originating on their personal computer (desktop PC), onto a system of networks not owned or controlled by the employer. With access to the Internet, an employee may send computer communications to a co-worker, client or anyone in the world. This form of computer communications may, if done through use of a computer modem, for example, bypass an employer’s e-mail and LAN system entirely. More importantly, once an employer connects his LAN system to the Internet, the bright line distinctions between what occurs on a corporate network from what occurs on the Internet become very faint.[94]
  35. Most, if not all, employers connect their local networks to the Internet through a TCP/IP network. TCP/IP network protocols ultimately put an employer’s private communications network on an on-ramp onto the very public Internet. When employers grant employees access to the Internet, they permit their employees to participate in a vast and very public communications forum. This form of communications access opens doors to the Internet that cannot be shut or monitored once the TCP/IP connection is made. Every node of a TCP/IP network becomes a door into or out of the employer’s computer system.[95] In this respect, the lines blur between what computer communication actually occurs on the employer’s private network or on the public Internet. As noted infra, this fact provides a significant impediment to an employer’s argument that e-mail interception is necessary to monitor activity occurring on the employer’s private communications network, since a great deal of communications activity may be occurring on the public Internet. Most importantly, computer communications that travel across the Internet may heighten an employee’s subjective expectation of e-mail privacy and may form the basis for why an employee’s expectation of privacy is objectively reasonable. Unquestionably, employers have significantly less control over communications that travel from a desktop PC to the Internet than over the company’s computer network.
  36. Notwithstanding the fact that Pillsbury used an e-mail system that functioned on the company’s own network, many employers use e-mail systems that function on both a proprietary LAN system and the Internet. Employees are free to send e-mail using an in-house e-mail system or directly through the Internet. While the choice of how an e-mail is sent does not directly affect how the receiver reads the e-mail, it may have the anomalous effect of influencing the degree of privacy an employee is entitled to under the court’s analysis. E-mail communications that travel across the Internet through gateway protocols either bypass the employer’s network entirely or use the employer’s Internet connection to avoid the company’s e-mail system. It is in this sense also that the e-mail communication is more like a message transported over a common carrier, which would, of course, under present workplace privacy law, afford an employee greater privacy protection in the content of those e-mail transmissions.
  37. Internet e-mail, like most computer transmissions over the Internet, rely on a transmission protocol called "packet switching." Packet switching simply means that each e-mail message is transmitted to the receiver through small packets or discrete digital units. In essence, each e-mail message is shredded by the Internet while the message is traveling. Once the message reaches its destination, a computer server for example, the digital packets are reassembled into the original e-mail message.[96] Not surprisingly, interception of Internet e-mail while the message is in transmission is possible, but not easy. Furthermore, the use of encryption devices could be an employee’s clearest indication that there is a subjective expectation of privacy in the contents of his or her e-mail.[97]
  38. E-mail can also be accessed using an Internet protocol called "Telnet." Telnet is a communications protocol that enables computer users to connect directly with other networks that may or may not be part of the Internet.[98] When accessing e-mail in this manner, the employee may actually be connecting to a network not owned or operated by the employer. For example, an employee may be a member of a commercial online computer service such as America Online or Compuserve. If he accesses his e-mail on one of these services using Telnet, the employer’s obvious justification for snooping or monitoring this e-mail is that the employee used the employer’s equipment to connect to the other network, but this justification may not be sufficient to overcome an employee’s expectation of privacy. More importantly, if an employer intercepts the e-mail message in the manner claimed by the defendant in Pillsbury, the employer may not be able to determine, without the employee’s cooperation, whether the e-mail message was accessed using the company’s network or using Telnet – a determination that essentially must be made immediately to accord the appropriate degree of privacy protection to the message contents under current privacy law jurisprudence.[99]
  39. Normally, an employee creates an individual password to access the employee’s own messages. Such a password undoubtedly encourages a subjective belief among employees that their e-mail messages are private, given that employees are often unaware that their employer retains the ability to override the password and access their e-mail. It is thus understandable that most of the litigation concerning privacy expectations has concerned whether the expectation is objectively reasonable, since employees have easily demonstrated subjective privacy expectations. This emphasis, however, will become less significant in the future because employers who seek to alter the objective reasonableness of subjective expectations by modifying the extrinsic factors of the work environment will soon recognize that technology has obviated the fact that e-mail users will routinely lock-out individuals from deciphering, decoding, decrypting, or otherwise reading an e-mail that is not intended to be read by anyone other than the sender and receiver.[100]
  40. At bottom, an employer would have to justify its interest in e-mail interception as resulting from the fact that the employee used the employer’s equipment to send or receive the e-mail communication.[101] That is, the employer’s justification would be based on the fact that it owns the desktop computer that was used to access the e-mail message even though the e-mail message could have been protected by a password unknown to the employer, encrypted in a manner that the employer could not defeat the encryption, or that the e-mail message, itself, resided on a computer server, not owned by the employer.

    IV. Conclusion

  41. The preeminent case evaluating the interest of an employee versus those of his employer when the employer monitors an employee’s electronic communication is Watkins v. L.M. Berry & Co., which balanced those interests by examining the degree to which an employee may have consented to the monitoring when the employer has a carefully defined monitoring policy.[102] In Watkins, the employer informed its employees that it would monitor their business telephone calls but would monitor their personal calls only to the extent necessary to determine whether a particular call was business or personal.[103]
  42. The Eleventh Circuit held that this disclosure constituted employee consent only to the monitoring of business calls and not to the monitoring of the full content of personal calls. The court was clearly concerned that any notion that the employee maintained a right of privacy, in this instance, on the basis of statutory protection, would be thwarted if "consent could routinely be implied from the circumstances."[104] In this respect, the court concluded that an employee’s knowledge of his employer’s capability of monitoring electronic communications, without more, cannot be considered an implied consent by the employee to permit employer monitoring of all telephone calls regardless of whether the telephone call was personal or business related.[105]
  43. Although Watkins represents strong support for placing limits on an employer’s ability to lawfully monitor telephone calls, the case also demonstrates that employers are not without significant freedom to determine in what cases an employee’s computer communications can be intercepted.[106] Even under a regime of privacy protection more significant than what was countenanced by Smyth, an employer can safeguard its computer network or e-mail system from improper conduct by employees. Employers may escape wrongful discharge liability for intruding upon a worker’s privacy if the employer establishes a comprehensive monitoring policy and abides by the policy’s limits. Under a Watkins-like scenario, an employee’s use of his employer’s e-mail network could constitute consent to employer interception of work-related messages and even personal messages to the extent the interception of personal e-mail messages is needed to determine whether the messages are personal or business in character. In this regard, an employer who publishes such a Watkins-like e-mail policy must ensure that the scope of e-mail monitoring match the legitimate business interest justifying the invasion of the employee’s right of privacy.
  44. Although courts have often failed to balance the distinct interests of employees and employers in terms of workplace efficiency or productivity, a proper balancing of interests may, in fact, weigh more favorably in upholding or safeguarding the employee’s privacy interests. It may be highly likely that increased employee privacy could result in a more efficient workplace. Increased employee privacy sends a positive message from the employer to the employee. That message implicitly states that the employer trusts the employee to be responsible for his or her time and productivity. Such a message fortifies the working relationship between employers and employees and imputes personal dignity into the workplace. Arguably, an employer who monitors the workplace from nine-to-five and who is privy to all intra-company communications may create a workplace filled with distrust. Undeniably, an employee who does not trust his employer has much less of an incentive to be efficient, resourceful, and productive.
  45. Ultimately, the court’s view in Smyth of workplace efficiency unfortunately may cast the employee as the employer’s adversary. This view of the workplace is improper because it portrays the employee as almost incapable of managing his or her given responsibilities. Without debate, companies that find the need to monitor an employee’s every move also view the workplace as a battleground of competing interests, but it is quite possible that successful companies do not treat employees as enemies. Instead, these companies provide their employees with both personal and professional incentives to perform productively. Courts should attempt to balance the interests of employees and employers in light of the principles underlying the fundamental right at issue; namely, principles of personal autonomy, individual respect, and mutual trust.[107] In this regard, the scope of an employee’s right of privacy would encompass some level of protection concerning the content of his e-mail messages.
  46. The determination in Smyth, that under Pennsylvania common law employees have no expectation of privacy in the contents of their e-mail communications when such travels along an employer’s network, clearly was erroneous. Smyth’s determinations stripped all e-mail communication a fortiori of privacy protection without regard to the technology used or the employee’s subjective expectations of privacy. This holding was based on several fundamentally flawed interpretations of privacy law and mistaken findings about computer communications technology. The court erred by confusing notions of solitude with those of privacy and singularly focusing on whether a company e-mail system could be thought of as objectively secure or private, rather than also considering whether the employee subjectively believed that his e-mail communications would not be intercepted. In this regard, the court significantly departed from prevailing workplace privacy jurisprudence when it determined that the Pillsbury company was without limitations in its ability to intercept employee e-mail.
  47. In addition, the court relied upon a conceptual distinction in privacy law that is on a collision course with technology. Computer communications technology has led to a convergence of telephonic or common-carrier communications and data-driven digital communications. The result is that current privacy law distinctions between common-carrier communications and e-mail communications do not reflect the fact that these communications media have converged. The law is unworkable in its present form because it lags far behind the technological advances already made. This fact, alone, should render doubtful the application of Smyth to future e-mail privacy cases. The Smyth court also misapplied its privacy analysis by focusing upon the issue of solitude in communications, rather than following the presently evolving privacy doctrine, which primarily emphasizes an analysis of whether an employee expects his communication to be intercepted.
  48. Given the impact that communications technology has had upon the workplace, a significant evolution in the law of employee privacy is required. An employee’s right of privacy in computer communications should be at least co-extensive with his privacy rights in common carrier communications. There is no practical or logical reason supporting the courts current bifurcation of worker privacy rights regarding phone communications and e-mail or computer communications. Indeed, the trend in communications technology is leading to the convergence of these two communications media. In this regard, an employer’s ability to monitor computer communications, as is already true of common carrier communications, should be limited by an employee’s reasonable expectation of privacy in the contents of his computer communications.
  49. More importantly, privacy rights hinge on important notions of human dignity.[108] The law must advance and evolve with technology to ensure the continued vitality of an employee’s right of privacy. Indeed, the Smyth decision serves to remind us that the scales need to be re-calibrated to better protect employee privacy. Privacy law requires courts to balance the interests of employees against those of the employer. To this end, effective judicial balancing ferrets out the legitimate interests of the parties when the balance is done to reflect the appropriate backdrop of the interests of the parties.
  50. When a court decides that an employer’s interest legitimately supports burdening an employee’s right of privacy, then the court should carefully circumscribe the permissible instances where electronic monitoring could occur in order to safeguard employees from possible abuses of surveillance technology. While courts need not be experts in computer technology, judicial opinion must reflect a fundamental understanding of the technology involved, if employees are to be left with more than the remnants of the right of privacy in their computer communications.[109]


Footnotes