Ethics Week 6 - Feb 23
Corboy Room 206
Read Baase Chapter 3
Privacy
From whom?
AOL leak
RFID
SCOTUS cases
databases
search histories
theories of privacy
Privacy
Google Buzz
Google Buzz is google's new social-networking site. When it was first
introduced, your top gmail/gchat contacts were made public as
"friends". For many, the issue isn't so much that yet another
social-networking site made a privacy-related goof, but that it was google,
which has so much private information already. Google has the entire
email history for many people, and the entire search history for many
others. The Google Buzz incident can be interpreted as an indication
that, despite having so much personal information, Google is "clueless"
about privacy. At the very least, Google used personal data without authorization.
For many people, though, the biggest issue isn't privacy per se, but
the fact that their "google profile" overnight became their buzz page,
without so much as notification.
See http://www.nytimes.com/2010/02/15/technology/internet/15google.html.
Or http://searchengineland.com/how-google-buzz-hijacks-your-google-profile-36693.
Pennsylvania school laptops
In the Lower Merion school district in Ardmore PA, school-owned laptops
were sent home with students. School officials have now been accused of
spying on students by turning on the laptops' cameras remotely, while
the laptops were in the students' homes.
The school's position is that remote camera activation was only done
when the laptop was reported lost or stolen, as part of the Prey software package.
However, the AP article on the incident states the following:
The Robbinses said they learned of the alleged webcam images when Lindy
Matsko, an assistant principal at Harriton High School, told their son
that school officials thought he had engaged in improper behavior at
home. The behavior was not specified in the suit.
"(Matsko) cited as evidence a photograph from the webcam embedded in
minor plaintiff's personal laptop issued by the school district," the
suit states.
It is not clear that Matsko actually showed the student the photo, or
even that she had the photo. It is at least plausible that the
reference to "improper behavior" involved doing something unauthorized
with the computer.
Note that public schools are part of the government, and, as such, must
abide by the Fourth Amendment. (Loyola, as a private institution, is
not so bound, though there are also several Federal statutes that
appear to apply.)
Students and parents do sign an Acceptable Use policy. However, a
signature is required for the student to be issued a laptop. Also,
students are minors, and it appears to be the case that parents are not authorized to sign away the rights of minors.
AOL search leak, 2006
Baase p 48: search-query data: Google case, AOL leak.
In August
2006, AOL leaked 20,000,000 queries from ~650,000 people. MANY of the
people involved could be individually identified, because they:
- searched for their own name
- searched for their car, town, neighborhood, etc
Many people searched for medical issues.
Wikipedia: "AOL_search_data_scandal"
Thelma Arnold
Mirror site: http://gregsadetsky.com/aol-data/
An article:
http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data
Google strongly resisted releasing "anonymized" search data to the government.
What would make search data sufficiently anonymous?
Question: Is it ethical to use the actual AOL data in research? What guidelines should be in place?
Are there other ways to get legitimate search data for sociological research?
Where is google-search-history stored on your computer?
What constitutes "consent" to a privacy policy?
Are these binding? (Probably yes, legally, though that is still being debated)
Have we in any way consented to having our search data released?
Event data recorders in automobiles
Who owns the data? Should you know it is there?
What if it's explained on page 286 of the owners manual?
Should it be possible to use it AGAINST you?
See wikipedia: "Event_data_recorder"
Caller ID
When it first came out in the early 1990's, Caller ID was widely seen as a privacy intrusion.
That is, it took away your "right" to call someone anonymously.
Actually, that is a plausible right if you're calling a commercial
enterprise; if you don't want them calling you back, you should be able
to refuse to give them your number.
Within a decade, Caller ID was widely seen as a privacy boost: you
could control who could interrupt you. This is privacy in sense #2
above; the original issue was privacy in sense #1.
Caller ID never caught on with stores; it did catch on with ordinary people.
Is there any right to phone someone anonymously? What if you're trying to give the police a tip? What if you're a parole officer?
RFID
This makes a lot of sense for inventory management. But suppose the
tags are not deactivated when you leave. Then anyone with a portable
scanner can identify all the tagged items you have with you:
- electronics
- eyeglasses
- clothing
- passport
- ???
You might carry such broadcasting tags because you didn't know about
them. But you might carry them even if you did, if that was the only
(or most convenient) way to be sure of being able to return things.
Personalization
We understand that all sorts of online purchasing information is
collected about us in order for the stores to sell to us again.
Whenever I go to amazon.com, I am greeted with book suggestions based
on past purchases. But at what point does this information cross the
line to become "personalized pitches"?
What if the seller has determined that we are in the category
"price-sensitive shopper", and they then call/mail/email us with
pitches that offer us the "best price" or "best value"? (See the box on
Baase, p 78, for a related example.)
Political parties do this kind of personalization all the time: they
tailor their pre-election canvassing to bring up what they believe are
the hot-button issues for you personally.
SCOTUS cases on privacy -- Baase pp 69ff
1928: Olmstead v United States: 4th amendment does NOT apply to wiretaps
1967: Katz v United States
4th amendment does too apply to wiretaps! Privacy may still exist in a public area.
Katz was using a pay phone; the FBI had a microphone just outside the
phone booth. To the appellate court, the fact that the microphone did
not intrude into the phone booth was significant in finding for the
FBI, but the supreme court reversed.
Doctrine of "reasonable expectation of privacy" (REoP) replaced the doctrine of "physical intrusion"
Problem with REoP: as technology marches on, isn't our reasonable
expectation diminished? And does this then give the government more
license to spy?
1976: US v Miller
information we share with others (eg our bank) is NOT private.
Government can ask the bank, and get this information, without a
warrant. (However, the bank could in those days refuse.)
1979: Smith v Maryland
Reduction of REoP by the police is not SUPPOSED
to diminish our 4th-amendment rights. However, in that case the supreme
court ruled that "pen registers" to record who you were calling did NOT
violate the 4th amendment.
http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=CASE&court=US&vol=442&page=735
Application of the Fourth Amendment depends on whether the person
invoking its protection can claim a "legitimate expectation of privacy"
that has been invaded by government action. This inquiry normally
embraces two questions: first, whether the individual has exhibited an
actual (subjective) expectation of privacy; and second, whether his
expectation is one that society is prepared to recognize as
"reasonable."
First, we doubt that people in general entertain any actual expectation
of privacy in the numbers they dial. All telephone users realize that
they must "convey" phone numbers to the telephone company, since it is
through telephone company switching equipment that their calls are
completed. All subscribers realize, moreover, that the phone company
has facilities for making permanent records of the numbers they dial....
If you want to keep a number private, don't call it!
Note the crucial issue that the defendant voluntarily shared the number with the phone company!
Justices Stewart & Brennan dissented
The telephone conversation itself must be electronically transmitted by
telephone company equipment, and may be recorded or overheard by the
use of other company equipment. Yet we have squarely held that the user of even a public telephone is
entitled "to assume that the words he utters into the mouthpiece will
not be broadcast to the world." Katz v. United States
What do you think of this distinction? Is there a difference
between sharing your phone number with the phone company and sharing
your actual conversation with them?
2001: Kyllo v United States
Thermal imaging of your house IS a 4th-amendment search! This is a very
important case in terms of how evolution in technology affects what is
a REoP
http://www.law.cornell.edu/supct/html/99-8508.ZS.html
Held: Where, as here, the Government uses a device that is not
in general public use, to explore details of a private home that would
previously have been unknowable without physical intrusion, the
surveillance is a Fourth Amendment “search,” and is presumptively unreasonable without a warrant.
How long into the future will this hold? Could it be that part of the
issue was that the general public was not very aware of the possibility
of thermal imaging? If thermal imaging were to come into not only general public awareness but also general public use (eg by equipping cellphones with IR cameras), would the situation change?
I believe there was a trial-level civil case in which a judge ruled
that eavesdropping on someone else's phone call made on an
old-fashioned cordless phone (remember those?) was not an invasion of
privacy because no one had a "reasonable expectation of privacy" when
using a cordless phone because "everyone" knew that it was easy to
listen in to someone else's call simply by playing with the channel
button. However, I cannot find this case.
Video surveillance -- Baase p 72
This is a big issue in Chicago, where there are both "obvious" and "hidden" cameras.
2001 Super Bowl: Tampa police used facial-recognition software on all 100,000 fans. It didn't work terribly well.
London: heavy camera use to:
- charge tolls for driving into central london during rush hour
- enforce youth curfews
London in 2005:
- report indicating cameras had little effect on crime
- (after the report) cameras helped identify subway bombers
What about the rate of false positives?
Should the London cameras be used to track lesser crimes, such as pickpocketing?
Facebook/MySpace:
When did Facebook stop being "closed", ie access was limited to your "network"?
Did anyone care?
Facebook, MySpace, google, deja news, and dating
deja.com (now run by google)
Facebook mini-feeds, Baase p 55
Allowed active notification to your friends whenever you change your page. Why is this a privacy issue?
I note that lots of people have left these enabled.
Whatever one says about Facebook as a source of privacy lost, it is pretty clear to everyone that posting material to Facebook is under our control. Thus, if privacy really is all about controlling who knows what about us, then Facebook can't really be said to violate our privacy.
Look at the websites. Are these sites bad? (ChoicePoint is now LexisNexis.com/risk (for Risk Solutions)
What if you are hiring a youth worker?
ChoicePoint sells to government agencies data that those agencies are
often not allowed to collect directly. Is this appropriate?
ChoicePoint might argue that it is similar to a credit bureau, though
exempt from the rules of the Fair Credit Act because they don't
actually deal with credit information.
Baase p 60: "At least 35 government agencies are or were clients of
ChoicePoint". Some of the data collected (again from Baase):
- credit
data
- divorce, bankruptcy, and other legal records
- criminal records
- employment history
- education
- liens
- deeds
- home purchases
- insurance
claims
- driving records
- professional licenses.
From the Acxiom website (http://www.acxiom.com/products_and_services/background_screening/faq/Pages/FAQs.aspx)
Must I supply applicants’ dates of birth?
Date of birth is critical to the criminal record search process. The
majority of courts use date of birth as a primary identifier, but
please note that a handful actually require this piece of information
to process requests. However, Acxiom offers alternative options to
customers who are unable to supply this information. Our toll-free
Applicant Date of Birth Line allows applicants to call and register
date of birth information via a touchtone answering system. Acxiom then
retrieves this information for use in the search process, subsequently
reporting “match” or “non-match” record results to the customer while
never divulging the specifics of the date of birth. Additionally, date
of birth information may be confidentially submitted via a specially
dedicated URL (www.acxiomdob.com) that forwards applicants to an
internal 128-bit SSL encrypted website where they are prompted to enter
the needed information.
Why is this an issue?
Baase
p 61: case study on federal DB on all US college students. The database
would list all courses taken, with grades; it would also include loan
and scholarship records.
Good example of a fairly common situation: creation of a new database containing confidential information.
Benefits:
- tracking graduation records
- tracking how programs & funding affect student performance
Drawbacks:
- cradle-to-grave tracking of behavior issues, sometimes unsubstantiated
- potential availability to employers, etc
- identity theft
- errors
Is such a database a good idea?
What if in 2012 a law is passed giving prospective employers access
to the data, if the job applicant signs a consent form? What do you
think would happen if you refused to sign?
Related "database-matching" issue:
should the government be able to link databases of:
- men receiving student aid
- men registered with the selective service (draft)?
Joe the Plumber
aka Samuel Joseph Wurzelbacher
He went to an Obama rally and asked a serious question about Obama's
tax plan (in which he apparently confused income with profit). Obama
made his "spread the wealth" remark in response. After this was in the
press, McCain ran with it, and referred to him multiple times in the
debate, as a symbol of middle-america and small businesses.
One reporter (in a print newspaper column I failed to save) argued that Wurzelbacher should have no
expectation of privacy. At what point does this become true? Is it true
of Obama? Was it true for Palin, or McCain? Wurzelbacher did try to
capitalize on his sudden fame, and some might argue that in doing so he
lost his expectation of privacy. But suppose he had tried to remain a
private citizen?
Allegations about him:
- no license (but he wasn't a contractor; he might need a journeyman's license; this is unclear)
- back taxes: $1,182 to Ohio
- child
support: Helen Jones-Kelly: director of Ohio Dept of Job & Family
Services, authorized a check on Wurzelbacher's child-support
payments.
Julie McConnell, of the Toledo Police Dept, was charged also.
Apparently neither case went anywhere, but Jones-Kelly later
resigned.
- divorce records: 2006 income was $40K
- voter records: he's registered, but his last name was misspelled "Worzelbacher"
- related
to Robert Wurzelbacher (not!), son-in-law of Charles Keating &
convicted of Savings & Loan fraud; RW served 40 months in prison
Lucas county clerk of courts: http://apps.co.lucas.oh.us/onlinedockets/Default.aspx
Search for "Wurzelbacher".
Is the availability of this kind of search appropriate?
See also Baase, §2.3.5, on Public Records. Her examples include:
- records on everyone who gave more than $100 to a political candidate
- records on flight plans of executive aircraft, as a way of tracking the position of the CEO
- judges financial-disclosure forms. Formerly, you had to show your
ID to get access; now it's online. These forms show where judges'
family members work and go to school.
What of the above is legitimate to talk about for a private citizen?
At what point did Wurzelbacher stop being a private citizen?
Wurzelbacher asked Obama a financial question. Does this make W's
income and taxes fair game? What about his child-support records?
Aw, to hell with facts: see http://www.slate.com/id/2202480
Search records and computer forensics
In 2002, Justin Barber was found shot four times on a beach in Florida.
None of his injuries were serious. His wife April, however, had been
shot dead. Barber described the event as an attempted robbery.
There were some other factors though:
- Barber had recently taken out a large life-insurance policy on his wife
- Barber was having an affair
- Barber was heavily in debt
- April Barber's family was sure Justin did it
Police searched Barber's computer for evidence of past google searches. They apparently did not
contact google directly. Barber had searched for information on gunshot
wounds, specifically to the chest, and under what circumstances they
were less serious. Barber was convicted.
More at: http://news.cnet.com/8301-13578_3-10150669-38.html
Case of Lee Harbert:
Harbert's vehicle struck and killed Gurdeep Kaur in 2005. Harbert fled
the scene. When arrested later, his defense was that he thought he had
hit a deer. But his on-computer searches were for
"auto glass reporting requirements to law enforcement"
"auto glass, Las Vegas" (the crime was in California)
"auto theft"
He also searched for information on the accident itself. Harbert too was convicted.
more at http://news.cnet.com/8301-13578_3-10143275-38.html
Case of Wendi Mae Davidson
Police found her husband's body in a pond at the ranch where Davidson
boarded her horse. Police found the ranch itself by attaching a GPS
recorder to her car. Davidson also used an online search engine to search for the phrase
"decomposition of a body in water".
More at http://news.cnet.com/Police-Blotter-Murderer-nabbed-via-tracking,-Web-search/2100-7348_3-6234678.html
How do such cases relate to the AOL search-data leak, and Thelma Arnold?
While none of those individuals was charged with anything, some of
their searches (particularly those related to violent pornography) are
rather disturbing.
Where is google-search-history stored on your computer?
Theories of Privacy
Is it obsolete?
See Baase, p 92. Is it true that "young people of today" are not as concerned about privacy?
WHY?
Warren and Brandeis, 1890
(Louis Brandeis later became a supreme-court justice.) They argue for
the prinicple of "inviolate personality" that gives everyone specific
rights regarding their personal information. Their primary concern was
apparently newspaper gossip columns. Their argument was that repeating
"private" information about someone violated a fundamental right.
Baase, p 106.
Problems arise here because Warren and Brandeis were not able to
formulate precisely what was meant by an "inviolate personality", or to
explain at what point your rights to your inviolate personality give
way to the Public's Right To Know. For government officials, for
example, the right of the voters to know what they are really like
might be very important.
Another issue is that WB seemed most concerned with publication
of data that violated our privacy. What if it is just made available to
a selected few? Employers? People on some committee at our church?
Car-rental agencies? People with some self-defined Need To Know, such
as our annoying neighbors? This is not normally understood to be
publication.
Thomson, 1975
Judith Jarvis Thomson argued against the WB position, claiming that
every time a privacy right is violated, there is in fact some other,
more concrete, right being violated. Hence, we do not need special
privacy rules. One of her examples is the Magazine Scenario: if you
don't want people to read it, you can keep it private. If they break
into your house, they have broken the law. If someone interrogates you
violently and thus obtains private information, the real issue is the
violence and not the privacy invasion. If a company reveals information
about you in a way that is contrary to their own privacy policy that
you accepted, they are violating your contractual rights. A less-clear
example is the Shower Scenario: she argues that if someone peeps at you
while you shower, they have violated your "right to your person". Is
this just a WB-style privacy right, or is the "right to your person"
more concrete and limited?
Others have tried to find examples where your right to privacy was
violated, but no other rights were. What if someone reads your email?
Are there other rights involved besides your right to privacy?
Transactions
On pp 108-109, Baase describes a scenario involving Joe, Maria, and
some potatoes. Joe buys the potatoes from Maria; Maria sells the
potatoes to Joe. Who owns the information about the transaction? Either
party might want the
information kept private; does the other party then have an obligation
to keep it so? Or does the privacy-concerned party have to add that
into the contract up-front, so that if Joe wants it private then he
might have to pay more, or if Maria wants it private then she might
have to charge less?
Who is the transaction about?
In the real world, sellers are often large corporations. When we as
individuals buy things, the balance of power is skewed in favor of the
larger seller. Does this change things?
Property Rights to Personal Information
Do we have such rights? What about "negative" information, such as
- tenant payment information or activism
- driving records
- credit information
One immediate issue is the transactions one: is a tenant's late-payment history their
property, or the landlord's? Judge Richard Posner argued that personal
information that is not "expensive" in the economic sense should
receive more protection.
Theories of Privacy
Free-market privacy
[Baase 114] The argument here is that our information is something we
have a right to sell. We are informed consumers, and if we want to sign
up for a Dominick's Preferred Card, we have a right to. Similarly, we
have the ability not to share our personal information with websites
that do not have good privacy policies, and Baase has argued that many
websites have as a result of this become very interested in their
privacy policies [Baase p 77, p 104].
Or is it just that companies don't want the bad publicity that comes
with a bad privacy policy plus
an incident?
This approach to privacy means that we just accept that we can't get the
lowest prices and privacy, or
we can't get certain websites without
advertising, or certain jobs without
waiving our rights to certain private information.
In terms of protection of our personal data in the hands of
corporations, this approach suggests that businesses will protect our
data because they don't want the liability that comes with accidental
release. Specific regulations are not necessary.
Our right to privacy here is the negative
right, or liberty, not to share our personal information.
Question: is it wrong to offer poor people the option of selling away
their fundamental rights? We do not, for example, allow poor people to
sell their kidneys, and we do not allow them to let their children go
to work at age 14. We do not allow workers covered by Social Security
to take the money and invest it privately.
But we do allow better-off consumers to "sell" some of their privacy in
exchange for lower grocery prices; why should worse-off consumers be
denied this? Or should everyone
be denied this?
Consumer protection and privacy
[Baase 115] The alternative approach is that we need lots of government
regulations to protect ourselves, because we just can't keep track of
all the implications of revealing each data item about us. There should
be rules against keeping certain data, even
with our consent, because society can't be sure such consent is
freely given.
A central idea of regulations is that we are denied
the right to do certain things (eg sell some of our private
information), on the theory that most people will not understand the
full scope of the transaction, and there is no practical way of
separating those who don't from those who do.
Large corporations with our data have an unequal share of the power. We
need fundamental positive rights that say others have an
obligation to us not to do certain things with our data (like share it).
This approach is likely to lead to an "opt-in" requirement for use of private data, rather than an
"opt-out".
Are we hiding something?
Well, are we? If we do not consent to surveillance of everything we're
doing, are we hiding something? The obvious answer is "yes", but are we
hiding something that our neighbors or
the government have a right to know?
Workplace privacy of email
One fairly basic principle the courts have used is whether or not
one has a "reasonable expectation of privacy".
However, this doesn't always mean quite what it seems.
Smyth v Pillsbury, 1996
Summary: Michael Smyth worked for Pillsbury, which had a privacy policy
governing emails that said Pillsbury would NOT
use emails against employees, and that emails "would remain
confidential and privileged". Specifically, Pillsbury promised that
e-mail communications could not be use against its employees as grounds
for termination or reprimand.
Smyth and his boss exchanged emails in which marketing employees
were discussed in an unflattering light. The phrase "kill the
backstabbing bastards" appeared.
Smyth and his boss got fired, based on the contents of their emails to
each other.
Smyth sued for wrongful termination. He
lost.
Federal District Court within Pennsylvania, 1996. Case was dismissed
after a preliminary hearing (not a trial).
The District Court opinion is at http://cs.luc.edu/pld/ethics/smyth_v_pillsbury.html.
Whatever happened to the CONTRACTUAL issue?
Hint: there is a long history of cases upholding "employment at
will" doctrine.
Judge: Charles Weiner
How would the case have been different if:
- pillsbury had an email policy allowing such access?
- pillsbury had no policy at all?
What are employers' interests in email exchange?
Were the emails read out-of-context?
(that is, were Smyth and his boss just being aggressive
and competitive?)
Circumstances when you CANNOT just fire someone:
- contractual or union protections
- firing for refusal to do illegal acts
- firing for racial, ethnic, & religious discrimination
(civil rights act)
- firing for age discrimination
- whistleblower protection
- Americans with Disabilities Act protections
Does OWNERSHIP of the email equipment matter? No!!
- ownership of a phone
- ownership of stationery
- ownership of an apartment building
Bourke v. Nissan:
California
similar case: Bourke worked for Nissan; email was reviewed, it was
highly personal,
she got low evaluation. The email probably but not definitively
contributed.
Shoars v. Epson: California
Alana Shoars was involved in email training at Epson. She found
supervisor Hillseth had been printing and reading employee emails. She
objected, and removed some of the printouts from Hillseth's office. She
also reported the incident to Epson's general manager. Hillseth then
had Shoars fired, allegedly because she had asked for a private email
account that was not accessible by Hillseth. Epson had informed
employees that email was "private and confidential". California had a
law prohibiting tapping of telephone lines. The law may have covered
other communications, but that part was dismissed on a technicality:
tapping alone didn't constitute eavesdropping, and the eavesdropping
issue was never brought up.
Discuss Smyth v Pillsbury:
Contract v Tort:
Judge held that corporate eavesdropping is not offensive. Duh.
(Could it be offensive because the company had promised not to??)
Judge says Smyth lost because email was "utilized by entire
company"
and Smyth's emails were "voluntary".
Were they? What does this have to do with anything? The use of the
word "voluntary" is in contrast to mandatory urinalysis cases.
From the decision:
we do not find a reasonable expectation of privacy in e-mail
communications voluntarily made by an employee to his supervisor over
the company e-mail system notwithstanding any assurances that such
communications would not be intercepted by management.
...
even if we found that an employee had a reasonable expectation of
privacy in the contents of his e-mail communications over the company
e-mail system, we do not find that a reasonable person would consider
the defendant's interception of these communications to be a substantial
and highly offensive invasion of his privacy.
"Reasonable expectation of privacy" does not mean the search is
"offensive".
Only searches that are "offensive" would allow legal action
regarding
firing of an "at-will" employee.
Judge: Pillsbury's actions did not "tortiously" (that is, in violation of some tort, or general non-contractual duty) invade privacy.
unstated by judge: prevention of sexual harassment as
justification. This provides a legitimate "motive" for corporations to
read all employee email. The judge did state
Moreover, the company's interest in preventing inappropriate and
unprofessional comments or even illegal activity over its e-mail system
outweighs any privacy interest the employee may have in those comments.
Arguably, though, the Smyth kind of talk between "buddies", with
the
self-image projected to fit that context, is EXACTLY what some
interpretations
of privacy are about. Not all context is "professional".
What if Pillsbury recorded spoken water-cooler or bathroom
conversation?
What the heck is a
"reasonable expectation of privacy"???
"In the absence of a reasonable expectation of privacy,
there can be no violation of the right to privacy."
Could Smyth have sued for DAMAGES, instead of reinstatement? Could Smyth have sued for contractual obligations?
Footnote to judge's ruling: ["estoppel" is eh-STOP-uhl]
FN2. Although plaintiff does not
affirmatively allege so in his Complaint ...
the allegations in the Complaint might suggest that plaintiff is
alleging
an exception to the at-will employment rule based on estoppel,
i.e. that
defendant repeatedly assured plaintiff and others that it would
not intercept
e-mail communications and reprimand or terminate based on the
contents thereof
and plaintiff relied on these assurances to his detriment when
he made the
"inappropriate and unprofessional" e-mail communications in
October 1994.
The law of Pennsylvania is clear, however, that an employer may
not be estopped
from firing an employee based upon a promise, even when reliance is demonstrated.
[emphasis by pld] Paul v. Lankenau Hospital, 524 Pa. 90, 569
A.2d 346 (1990).
Jurisdiction problems: what if one party to an email lives in a
state
that grants statutory privacy protections? This problem comes up
all
the time with phone calls:
Worldcom case: Plaintiffs were Kelly Kearney and Mark Levy;
they worked for a company acquired by Worldcom. Their calls were
recorded in Georgia, but plaintiffs were calling from California, which
forbids recording without notification of ALL parties.
Massachusetts case: jurisdiction depends on where wiretapping
physically took place, not where the speakers were.
How does telephony relate to email?
What is our
expectation of privacy?
What about use of, say, a personal gmail account while at work?
If employer monitors transactions with gmail.com?
If employer obtains email from google directly?
Loyola policy: luc.edu/its/policy_email_general.shtml
(discussed below)
Persistence: email sticks around, although people USE it as if it
were like the phone.
Paul v Lankenau Hospital
524 Pa. 90, 93, 569 A.2d 346,348 (1990)
(PA court Atlantic Reporter
reference 2nd Series, vol 569
Starts page 346, actual reference on page 348)
Dr Parle Paul, MD, would take home discarded hospital equipment.
He would sell it or send it to clinics in Yugoslavia, his homeland.
He got permission to take five discarded refrigerators.
Unfortunately, he apparently did not have the RIGHT permission.
Oops.
He was fired, and filed suit in state court for reinstatement and for
defamation.
A jury trial resulted in a verdict in Paul's favor, both for damages and
reinstatement.
Superior court affirmed. The appellate court reversed the reinstatement
order.
From the appellate decision:
Equitable estoppel is not an exception to employment at-will.
The law does not prohibit firing of an employee for relying on
an employer's promise.
Exceptions to the [at-will firing] rule have been recognized
in only the most limited curcumstances, where discharges of
at-will employees would threaten clear mandates of public policy. [some
such: racial/ethnic discrimination, whistleblowing,
refusal to commit illegal acts, unionizing, ...]
Look at this another way. Smyth and his lawyers knew that he could
be fired for any reason, regardless of Pillsbury's promises to the
contrary.
Smyth was asking for application of the TORT of invasion of privacy
to be applied. A "tort" is essentially a common-law right that has
been breached, as opposed to a contractual right.
Tortious invasion of privacy exists, but the standards
are high and privacy must be a reasonable exception.
In court cases, you can't add 30% of an argument for equitable estoppel
and 70% of an argument for tortious invasion of privacy
to get 100% of a case.
ONE argument must be 100% sound.
Who decides when we have a "reasonable
expectation of privacy"?
If most people think email privacy is easy to breach, does it lose
protection? Is this case about the judge not "getting it" that email
privacy is not about "whoever
owns the equipment can do what they want"? Is email any easier to spy on
than the phone?
Review of Smyth v Pillsbury:
Bottom line, there is "no reasonable expectation of privacy for work
email"
and they can read it even if they promise not to.
That last part fits in with longstanding law regarding
employment-at-will.
The main issue is really the "no reasonable expectation" part,
since that blocks civil tort suits. Even if "reasonable expectation"
is highly subjective.