Benefits:
Drawbacks:
Is such a database a good idea?
Related "database-matching" issue:
should the government be able to link databases of:
Federal District Court within Pennsylvania, 1996. Case was dismissed after a preliminary hearing (not a trial).
The District Court opinion is at http://cs.luc.edu/pld/ethics/smyth_v_pillsbury.html.
Whatever happened to the CONTRACTUAL issue? Hint: there is a long history of cases upholding "employment at will" doctrine. Judge: Charles Weiner
How would the case have been different if:
Circumstances when you CANNOT just fire someone:
Does OWNERSHIP of the email equipment matter? No!!
Alana Shoars was involved in email training at Epson. She found supervisor Hillseth had been printing and reading employee emails. She objected, and removed some of the printouts from Hillseth's office. She also reported the incident to Epson's general manager. Hillseth then had Shoars fired, allegedly because she had asked for a private email account that was not accessible by Hillseth. Epson had informed employees that email was "private and confidential". California had a law prohibiting tapping of telephone lines. The law may have covered other communications, but that part was dismissed on a technicality: tapping alone didn't constitute eavesdropping, and the eavesdropping issue was never brought up.
Discuss Smyth v Pillsbury:
Contract v Tort: Judge held that corporate eavesdropping is not offensive. Duh. (Could it be offensive IF the company had promised not to??)
Judge says Smyth lost because email was "utilized by entire company" and Smyth's emails were "voluntary".
Were they?
Reasonable expectation of privacy does NOT mean the search is "offensive". Only searches that are "offensive" would allow legal action regarding firing of an "at-will" employee.
Judge: Pillsbury's actions did not "tortuously" invade privacy
unstated by judge: prevention of sexual harassment as
justification. This provides a legitimate "motive" for corporations to
read all employee email.
Arguably, though, the Smyth kind of talk between "buddies", with the self-image projected to fit that context, is EXACTLY what some interpretations of privacy are about. Not all context is "professional".
What if Pillsbury recorded water-cooler or bathroom conversation?
What the heck is a "reasonable expectation of privacy"??? "In the absence of a reasonable expectation of privacy, there can be no violation of the right to privacy."
Could Smyth have sued for DAMAGES, instead of reinstatement?
Footnote to judge's ruling: ["estoppel" is eh-STOP-uhl]
Jurisdiction problems: what if one party to an email lives in a state that grants statutory privacy protections? This problem comes up all the time with phone calls:
Worldcom case: Plaintiffs were Kelly Kearney and Mark Levy;
they worked for a company acquired by Worldcom. Their calls were
recorded in Georgia, but plaintiffs were calling from California, which
forbids recording without notification of ALL parties.
Massachusetts case: jurisdiction depends on where wiretapping
physically took place, not where the speakers were.
How does telephony relate to email?
What is our expectation of privacy?
What about use of, say, a personal gmail account while at work? If employer monitors transactions with gmail.com? If employer obtains email from google directly?
Loyola policy: luc.edu/its/policy_email_general.shtml
(discussed below)
Persistence: email sticks around, although people USE it as if it were like the phone.
Dr Parle Paul, MD, would take home discarded hospital equipment. He would sell it or send it to clinics in Yugoslavia, his homeland. He got permission to take five discarded refrigerators. Unfortunately, he apparently did not have the RIGHT permission.
Oops.
He was fired, and filed suit in state court for reinstatement and for defamation.
A jury trial resulted in a verdict in Paul's favor, both for damages and reinstatement.
Superior court affirmed. The appellate court reversed the reinstatement order.
From the appellate decision:
Equitable estoppel is not an exception to employment at-will. The law does not prohibit firing of an employee for relying on an employer's promise.
Exceptions to the [at-will firing] rule have been recognized in only the most limited curcumstances, where discharges of at-will employees would threaten clear mandates of public policy. [some such: racial/ethnic discrimination, whistleblowing, refusal to commit illegal acts, unionizing, ...]
Look at this another way. Smyth and his lawyers knew that he could be fired for any reason, regardless of Pillsbury's promises to the contrary.
Smyth was asking for application of the TORT of invasion of privacy to be applied. A "tort" is essentially a common-law right that has been breached, as opposed to a contractual right. Tortious invasion of privacy exists, but the standards are high and privacy must be a reasonable exception.
In court cases, you can't add 30% of an argument for equitable estoppel and 70% of an argument for tortious invasion of privacy to get 100% of a case. ONE argument must be 100% sound.
Bottom line, there is "no reasonable expectation of privacy for work email" and they can read it even if they promise not to.
That last part fits in with longstanding law regarding employment-at-will.
The main issue is really the "no reasonable expectation" part, since that blocks civil tort suits. Even if "reasonable expectation" is highly subjective.
Privacy on University electronic mail systems [1997-1998] http://www.luc.edu/its/policy_email_general.shtml
In the section subtitled "Privacy on University electronic mail systems", seven reasons are given why someone else might read your email:
The University community must recognize that electronic communications
are hardly secure and the University cannot guarantee privacy.
The University will not monitor electronic mail messages as a routine matter.
But the University reserves the right to inspect, access, view,
read and/or disclose an individual's computer files and e-mail
that may be stored or archived on University computing networks
or systems, for purposes it deems appropriate. There may arise
situations in which an individual's computer files and e-mail
may be inspected, accessed, viewed, read and/or the contents
may be revealed or disclosed. These situations include but are
not limited to:
Some possible protections (not actually implemented):
Protection against items 5,7: If your email is examined because we believe your account has been compromised, any contents implicating you on other matters and associated with your legitimate use of your account will NOT be held against you (except in cases of ????)
Protection against 1: If your email is examined accidentally or as part of routine system maintenance, any contents implicating you on any matters will not be held against you (exceptions???)
[While these would not be enforceable for staff, they WOULD be for
Legit: 2, 3 [maybe], 4 [but what grounds for suspicion?] Item 6 could be clearer that outside investigations must be part of law enforcement;
Generally, most employer monitoring falls under one of these. Note that the "provider" exception is a specific feature of ECPA; ownership of the hardware does not create a general right of access and in particular ownership of a telephone system does not create a right to eavesdrop.
Phone surveillance in the workplace
Keystroke monitoring
Location monitoring
Do computers empower workers, or shackle them?
While we're on the topic of ECPA, there is:
Title I, covering electronic communications in transit
Title II, the Stored Communications Act.
The latter has much less stringent restrictions.
ECPA amended the Wiretap Act of 1968.
In the case US v Councilman, the government had argued that interception of email as stored on servers temporarily while being routed to their final destination did constitute "interception" for the purposes of the Wiretap Act. The District Court and a 3-judge panel of the Appellate Court ruled that, no, it did not. In 2005 the 1st Circuit court ruled en banc that, yes, it applied to data stored temporarily on disks (filesystems) as well.
Note that the issue here is not government access to electronic communications.
Case is at http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf
Warshak: spammer promoting "Enzyte" for "natural male enhancement" He was a suspect in a fraud case. The gov't got an order from a US Magistrate asking for his email records. The emails were turned over to him.
Eventually Warshak found out about this:
Warshak: get a search warrant!
US: all we need is subpoena (much weaker)
Are subpoena rules for email overly broad?
US argument: users of ISPs don't have a reasonable expectation of privacy.
This is clear for employer-provided email, though there's no reason to suppose loss of privacy extends to the government.
But what about commercial email? Here's an imaginary Yahoo Terms-of-service by Mark Rasch, from securityfocus.com/columnists/456/3 :
Because a customer acknowledges that Yahoo! has unlimited access to her e-mail, and because she consents to Yahoo! disclosing her e-mail in response to legal process, compelled disclosure of e-mail from a Yahoo! account does not violate the Fourth Amendment.
The point here is that because Yahoo has access to your email, the gov't
thinks that all your email should be treated just like any other
commercial records. You have no "expectation of privacy".
Govt' argued that this case was like the 1976 _US v Miller_ case, where bank records were found NOT to be protected
Stored Communications Act, part of ECPA
email stored 180 days or less: gov't needs a warrant
more than 180 days: warrant, subpoena, or court order
See http://www.usdoj.gov/criminal/cybercrime/ECPA2701_2712.htm
§2703 (a): less than 180 days (b): more than 180 days
Warshak was arguing that the gov't should need a warrant for ANY of his email.
District court
Warshak won. (Quote from full 6th circuit decision)
3-judge panel of 6th circuit appellate court: Warshak won, June 2007. The decision was far-reaching, not specific to
the facts at hand. The decision was by a 3-judge panel. From the ruling:
October 2007: 6th circuit agrees to _en banc_ review (whole court)
July 2008: full court ruled that the case was not "ripe": broad question was not ready to be addressed.
The ripeness doctrine serves to "avoid[] . . . premature adjudication" of legal questions and to prevent courts from "entangling themselves in abstract" debates that may turn out differently in different settings.
Conventional wisdom as to why the supreme court is not likely to hear the case: they would have to find that the case was "ripe", and they are much more likely to wait for a case where "ripeness" is more evident. (See Eugene Volokh, volokh.com/posts/1176832897.shtml) Traditionally, the courts consider 4th-amendment cases "after the fact".
Gmail: all gmail is "read" at google. Just not necessarily by people.
All gmail is read at google. Just not necessarily by people. Does this matter?
What could google do with the information it learns about you?
What could the government do, if they had access to any of it?