Recently, in United States v. Ziegler, a panel of the U.S. Court of Appeals for the Ninth Circuit concluded that under the Fourth Amendment, a private sector employee has no reasonable expectation of privacy in his computer if the employerās computer administrator has access to that computer.
Orin Kerr has a lengthy and insightful analysis here. He contends that there is a difference between the expectations of privacy between government and private sector employees: ā[T]he Court makes its (unpersuasive) analogy to a decision that rested on the framework of government employee rights, apparently applying the low-protection government framework to what used to be the higher-protection private-sector framework. The end-result: the relatively high level of protection that private sector employees have in their computer hard drives are dropped to the low level of protection that government employees have. Not good.ā
Orin bases his argument that the Ziegler decision is problematic on the ground that private sector employees enjoy greater Fourth Amendment protections than public sector employees.
The problem I see in Ziegler is that it employs a very silly notion of reasonable expectation of privacy that contravenes the Supreme Courtās holding in OāConnor v. Ortega, perhaps the leading opinion on the issue of workplace Fourth Amendment rights.
In OāConnor, the Court held:
Because the reasonableness of an expectation of privacy, as well as the appropriate standard for a search, is understood to differ according to context, it is essential first to delineate the boundaries of the workplace context. The workplace includes those areas and items that are related to work and are generally within the employerās control. At a hospital, for example, the hallways, cafeteria, offices, desks, and file cabinets, among other areas, are all part of the workplace. These areas remain part of the workplace context even if the employee has placed personal items in them, such as a photograph placed in a desk or a letter posted on an employee bulletin board.
Not everything that passes through the confines of the business address can be considered part of the workplace context, however. An employee may bring closed luggage to the office prior to leaving on a trip, or a handbag or briefcase each workday. While whatever expectation of privacy the employee has in the existence and the outward appearance of the luggage is affected by its presence in the workplace, the employeeās expectation of privacy in the contents of the luggage is not affected in the same way. The appropriate standard for a workplace search does not necessarily apply to a piece of closed personal luggage, a handbag or a briefcase that happens to be within the employerās business address.
Within the workplace context, this Court has recognized that employees may have a reasonable expectation of privacy against intrusions by police. See Mancusi v. DeForte, 392 U.S. 364 (1968). As with the expectation of privacy in oneās home, such an expectation in oneās place of work is ābased upon societal expectations that have deep roots in the history of the Amendment.ā Thus, in Mancusi v. DeForte, supra, the Court held that a union employee who shared an office with other union employees had a privacy interest in the office sufficient to challenge successfully the warrantless search of that office. . . .
Individuals do not lose Fourth Amendment rights merely because they work for the government instead of a private employer. The operational realities of the workplace, however, may make some employeesā expectations of privacy unreasonable when an intrusion is by a supervisor rather than a law enforcement official. Public employeesā expectations of privacy in their offices, desks, and file cabinets, like similar expectations of employees in the private sector, may be reduced by virtue of actual office practices and procedures, or by legitimate regulation. Indeed, in Mancusi itself, the Court suggested that the union employee did not have a reasonable expectation of privacy against his union supervisors. The employeeās expectation of privacy must be assessed in the context of the employment relation. An office is seldom a private enclave free from entry by supervisors, other employees, and business and personal invitees. Instead, in many cases offices are continually entered by fellow employees and other visitors during the workday for conferences, consultations, and other work related visits. Simply put, it is the nature of government offices that others such as fellow employees, supervisors, consensual visitors, and the general public may have frequent access to an individualās office. We agree with Justice SCALIA that ā[c]onstitutional protection against unreasonable searches by the government does not disappear merely because the government has the right to make reasonable intrusions in its capacity as employer,ā but some government offices may be so open to fellow employees or the public that no expectation of privacy is reasonable. Given the great variety of work environments in the public sector, the question whether an employee has a reasonable expectation of privacy must be addressed on a case by case basis.
In this excerpt from OāConnor, the following principles are established:
1. The fact that employers have access to an employeeās office or things within the employeeās office does not extinguish a reasonable expectation of privacy. The Court noted that: āAn office is seldom a private enclave free from entry by supervisors, other employees, and business and personal invitees.ā The Court therefore distinguished between situations where the employer has access (where the employee has a reasonable expectation of privacy) and situations where the office is widely open to other employees and the public (where the employee has no reasonable expectation of privacy. Take a look again at this quote:
We agree with Justice SCALIA that ā[c]onstitutional protection against unreasonable searches by the government does not disappear merely because the government has the right to make reasonable intrusions in its capacity as employer,ā but some government offices may be so open to fellow employees or the public that no expectation of privacy is reasonable.
2. The Court was very explicit in distinguishing between employer access to employee records/office spaces and police access: āWithin the workplace context, this Court has recognized that employees may have a reasonable expectation of privacy against intrusions by police.ā The Court quoted from Mancusi v. DeForte, 392 U.S. 364 (1968): āDeForte would have been entitled to expect that he would not be disturbed except by personal or business invitees, and that records would not be taken except with his permission or that of his union superiors.ā In other words, a person still has a reasonable expectation of privacy even when her employer has access to her records, documents, and office space. In other words, the Court is recognizing that employees can reasonably expect workplace spaces and documents to be private as against the police but not as against their employers.
Nevertheless, in Ziegler the panel stated: āEmployer monitoring is largely an assumed practice, and thus we think a disseminated computer-use policy is entirely sufficient to defeat any expectation that an employee might nonetheless harbor.ā In other words, the court concludes that because an employer has access to computers, an employee has no reasonable expectation of privacy ā as against both the employer and the police.
Not so. As OāConnor makes clear, the employee might have no reasonable expectation of privacy as against his employer, but that does not mean he has no reasonable expectation of privacy as against the police. Because the employer in Ziegler conducted the search pursuant to instructions by an FBI agent, the search is attributable to the FBI. This is a relatively settled doctrine in the law, and the Zieglercourt seems to accept this. But the court in Ziegler unfortunately does not seem to have read and understood the Supreme Courtās decision in OāConnor and it proceeds to undermine and contravene a large portion of it.
Hopefully, the 9th Circuit will revisit the case en banc and follow the Supreme Courtās decisions as it is supposed to do.
Originally Posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* LinkedIn Influencer blog
* Twitter
* Newsletter
