Monitoring Internet use at work
By Kenneth A. Wittenberg & Jill Schneider
Technology continues to revolutionize the workplace, with the Internet and e-mail becoming commonplace office tools. During the past year, federal judges became front-line participants in the debate over computer privacy rights when their own computers and their own staff were electronically monitored. The resulting controversy may change employment law.
In a deliberately public dispute, federal judges have advocated for privacy rights in the workplace for judiciary employees which, under existing caselaw, are not available to the public. Led by Judge Alex Kozinski of the U.S. Court of Appeals for the 9th Circuit, the judges disabled a computer monitoring system in May 2001 to protest an administrative program designed to track the online activities of court employees. However, no court rulings thus far have echoed the passion for non-judicial employees that the judges professed for their own staffs.
The hullabaloo began last year when Leonidas Ralph Mecham, the director for the Administrative Office of the U.S. Courts, the Washington, D.C., bureaucratic office which manages the judicial branch, reportedly received complaints from judges about the poor response time on the Internet. The Administrative Office reports to the Judicial Conference of the United States Courts, a 27-judge policymaking body for the courts, led by Chief Justice William H. Rehnquist.
After investigating, Mecham concluded that between three to seven percent of the judiciary's browser traffic involved 'streaming media' audio and video downloads, which use significant amounts of bandwidth and slow down online services. Mecham's solution to the discovery was to activate filters which were programmed to record downloads of MPEG movie files and MP3 music files. The reports of the downloads were forwarded to Mecham's deputy, Clarence Lee, for review. If Lee found the files to be 'inappropriate,' he would identify the files, and the computers from which they were downloaded, to the chief judge of the relevant circuit. No one disputes the reported information was embarrassing at times - the sophomorically graphic website names alone were offensive. It is also undisputed that some of the downloaded movies were distinctly 'adult.' The notification letters urged the judges to identify the computer user and recommended disciplinary action for the offending employee.
Federal judges, particularly from the 9th Circuit, were not pleased. They viewed the matter as bureaucratic tattletaling at its worst. Judge Kozinski wondered 'how many judicial employees lost their jobs or were otherwise sanctioned or humiliated' as a consequence of the Administrative Office's heavy-handed practices. (Judge Kozinski's reaction was consistent with his views stated in his review of Jeffrey Rosen's book The Unwanted Gaze a year earlier, where he recognized 'the uneasy feeling most of us have that our privacy is slipping away in ways we don't fully recognize.')
Certainly, the Administrative Office did not aid its
cause or convert any judges with its subtlety. When Mary Schroeder,
Chief Judge of the 9th Circuit, was in Washington, D.C., the Administrative
Office's deputy Lee notified the Washington hotel manager he was
sending a 'high-priority, confidential' message by courier
for her. 'Imagine my surprise to discover that use of the Internet
to download music or movies had risen to the ranks of a national
security issue,' Judge Schroeder complained.
In the manner of judges who are used to issuing orders, the 9th Circuit judges collectively asked Mecham to discontinue the monitoring. The judges expressed their concern about 'the propriety, and even the legality' of monitoring Internet use by court employees without their consent. Less high-minded, but probably more realistically, the judges also confessed to a reticence regarding the 'inevitable' use of recording and monitoring information in any Senate confirmation process over judicial appointments. Just in case the judicial misgivings were not taken seriously, the Judicial Council of the 9th Circuit staged a public revolt against the computer monitoring and temporarily pulled the plug on the software for the courts within its administrative control, including courts in the 8thh, 9th and 10th circuits.
Following the shut down of the computer software, Judge Kozinski detailed his objections to the monitoring program in several memoranda to the Administrative Office. In what could be interpreted as either blunt advice or an ominous threat, Judge Kozinski noted that federal judges 'may have a duty to notify our staff all over the country that their rights had been violated and civil remedies might be available to them' and that 'some thought ought to be given to hiring a private lawyer for [Administrative Office deputy] Mr. Lee.' Prompted by both the protest and the rhetoric, the Judicial Conference's executive committee halted the computer monitoring in the remaining circuits.
Now it was Administrative Office director Mecham's turn to be displeased. He demanded his authority to monitor employee communications be reinstated without delay, and suggested there were numerous attempts by unauthorized users to access the judiciary's network on the days the software was disabled. He also alleged the shutdown might have compromised the security of the 10th Circuit's website shortly before Oklahoma City federal building bomber Timothy McVeigh was scheduled to be executed. His claims of security violations struck some as a modern day version of crying wolf. The technical staff for the Colorado district court determined that the 10th Circuit's website had not been jeopardized. Judge Schroeder noted that the 9th Circuit's technical personnel had monitored computer activity during the week the software was disabled and found no evidence the electronic firewall had been breached.
Nevertheless, director Mecham pursued his cause. He justified the need for the computer monitoring by indicating to U.S. District Judge Edwin Nelson of Alabama, the head of the U.S. Judicial Conference's technology panel, that much of the downloading involved adult-oriented sites. He also persuaded the Committee on Automation and Technology to recommend the full Judicial Conference support the monitoring program. Mecham's failure to admit defeat on the monitoring issue prompted Judge Kozinski to observe, 'Hell hath no fury like a bureaucrat unturfed.'
The July 27, 2001 proposal presented by the Committee on Automation and Technology was hardly a compromise. The committee recommended that all judicial employees be notified of the monitoring program with a banner notice on every computer screen that Internet use may be 'viewed and recorded, that the employee's use of the system constitutes consent to such viewing and recording, and that uses inconsistent with applicable use policy may result in disciplinary action.' Further, the policy statement that preceded this warning baldly stated, 'Executive Branch employees do not have a right, nor should they have an expectation, of privacy while using any Government office equipment at any time, including accessing the Internet, using E-mail.'
Predictably, the recommendation brought out additional howls of protest. The Federal Judges Association, which represents approximately 85 percent of the nation's 1,800 federal judges, adopted a resolution opposing the proposed policy. Chief Judge Edith Jones of the 5th Circuit, a jurist not known for her liberal leanings, criticized the policy as 'the equivalent of sanctioning wiretapping of telephones or searches of office files to prevent unauthorized use of government property.'
Judge Kozinski continued to lead the campaign against computer monitoring. The dispute was widely covered by the media, assisted by Judge Kozinski's appearance on CNN's 'Greenfield at Large' and an open letter to federal judges published in The Wall Street Journal. In his editorial page letter, Judge Kozinski likened the proposed banner notice to the sign posted by the U.S. Bureau of Prisons next to telephones used by inmates. Judge Kozinski decried the policy which he described as treating judicial employees as if they lived in a 'gulag.'
In the end, it was director Mecham who blinked. In a letter to Judge Nelson on Sept. 6, 2001, Mecham requested the portion of the model information technology policy dedicated to privacy expectations be 'reconsidered.' He conceded that many judges had expressed 'great concern' over the statement that employees should have no expectation of privacy in the use of government equipment, a concern that director Mecham claimed to share. He concluded by characterizing the controversy as a result of 'for the most part … widespread misunderstanding and, indeed, worry among judges.' Considering the barrage of criticism he and his office had received during the preceding four months, Mecham's description of the controversy as a 'misunderstanding' was an understatement.
Missing from the vitriolic verbage and public protest surrounding the issue was any acknowledgement that non-judicial employers routinely exercise the same practices without sanction by the federal courts. A survey of 435 large U.S. companies in July 2001 by the American Management Association indicates that three-quarters of the businesses electronically monitor employees in some fashion, with approximately 60 percent of the businesses watching Internet connections. The University of Denver's Privacy Foundation estimates that one in three employees who use the Internet at work have their online browsing monitored.
The judicial indignation is jarring because neither legislation nor caselaw provides support for their position, despite Judge Schroeder's admonition to director Mecham that his office's use of the monitoring software might be a violation of the Electronics Communications Privacy Act of 1986. That act, 18 U.S.C. § 2701 et seq., forbids only the unauthorized access to electronic communications. The 2001 9th Circuit case referenced by Judge Shroeder, Konop v. Hawaiian Airlines, Inc., merely held that an employer was not authorized to access an employee's website under false pretenses. The pro se plaintiff in Konop maintained a website where he posted criticisms of his employer. Access to the website was controlled by providing user names to certain employees, but not to the management of Hawaiian Airlines or to union representatives. A Hawaiian Airlines vice president used the names of two Hawaiian pilots to access the site on numerous occasions, with the permission of the pilots. The plaintiff sued, alleging state law tort claims and labor and wiretap claims. The 9th Circuit reversed the district court's grant of summary judgment, ruling that the plaintiff had raised triable issues of fact over whether the vice president had the appropriate consent to visit the restricted website. Under existing caselaw, an employee has the burden to prove that his or her employer's access was 'unauthorized.'
In fact, legal authority allows an employer to monitor
an employee's e-mail and Internet use as long as notification is
provided. One federal district court, in the 1996 case of Smyth
v. The Pillsbury Company, found that an employee had no reasonable
expectation of privacy in e-mail, despite his employer's repeated
assurances that such communications would remain confidential and
The policy statement proposed by the Committee on Automation and Technology was intended to resolve any potential notice/consent issue. It did not. The judges were just as unhappy with the open statement that employees should have no expectation of privacy while using government property. The proposed policy, however, did no more than what many employers routinely believe is necessary, provide notice of a monitoring policy to extract consent from the employees. While courts are unwilling to infer a broad consent to computer monitoring, no court has decided that consent to monitoring cannot be freely given if it comes as a condition of employment. Thus, if principles of stare decisis are employed, an employee who feels his privacy rights have been violated is likely to find no recourse in the federal courts if notice of a computer monitoring policy is given.
The very public controversy prompted numerous non-judicial employees to detect a whiff of hypocrisy in the judges' position. They were not alone. Employers also perceive a discordance between the rhetoric and the rulings. Judge Kozinski is willing to acknowledge an employer's deep pockets provide a powerful incentive to protect civil rights in the workplace. When e-mail and the Internet are used by employees to harass and/or intimidate, it is the employer who is held responsible. As he noted in his review of Rosen's book, 'the architects of our sexual harassment jurisprudence meant for employers to police the work environment to keep it free of sexual banter and dirty jokes.' Yet he is unwilling to acknowledge that computer monitoring has a place in the 'police' work required of employers. It is little wonder that a distinct case of cyber-schizophrenia is developing in the workplace.
No one denies the software shutdown and the ensuing controversy was good theatre - more than one commentator evoked the image of black-robed justices, wrenching computer cords out of the wall as if they were throwing tea into the Boston Harbor. Yet the discussion remains academic. Perhaps symbolically, the Smyth case, typically referred to as 'oft-cited' and the 'leading authority' by commentators, has actually been cited by only three cases. It has been referenced, however, in 71 law reviews and periodicals, another example that the righteous anger expressed on this issue continues to be more theoretical than practical.
The controversy did reawaken congressional interest
in the issue. Following the rejection of the computer privacy proposal
by the Judicial Conference, Sen. Charles Schumer of New York and
Rep. Robert Barr of Georgia expressed an intent to re-introduce
the Notice of Electronic Monitoring Act. The bill, first introduced
in the 1999 congressional session, addresses the initial concerns
of Judge Kozinski and his judicial peers by requiring employers
to give clear and conspicuous notice before monitoring. The notice
must describe the form of computer use being monitored, the method
of monitoring, the information obtained and how the information
is to be stored, used and disclosed.
Whether the legislators' interest in computer monitoring survives the new order of privacy priorities created by the Sept. 11 attack remains to be seen. We will also be anxious to see whether this brand of 'judicial activism' will translate into federal caselaw that will proscribe private employers from electronically monitoring employees.
ABOUT THE AUTHOR
Kenneth Wittenberg has recently started his own law firm in Portland, specializing in complex commercial litigation and white collar criminal defense. Jill Schneider is an attorney practicing in Portland.
© 2002 Kenneth Wittenberg & Jill Schneider.