Subject Matter Index All Decisions About Us Statutes Articles Online Resources Help

Home

Martin Samson, author of the Internet Library of Law and Court Decisions

Recent Addition

Designer Skin LLC v. S & L Vitamins, Inc., et al.
Unauthorized internet reseller of plaintiff’s products is not guilty of trademark infringement, and does not cause actionable initial interest confusion, by using plaintiff’s trademarks in meta tags of website at which plaintiff’s and its competitors’ products are sold, and in...

Right of Privacy, Email and Internet Use - Internet Library of Law and Court Decisions - Updated July 29, 2008

Case No. 1-04-CV-032178 (Superior Ct., Ca., March 11, 2005), writ of mandamus granted, court directed to quash subpoena and issue protective order, 139 Cal. App. 4th 1423, 2006 WL 142685 (Cal. App., 6th Dist., May 26, 2006)

Court denies bloggers' motion for a protective order, which sought to quash a subpoena served by plaintiff Apple Computer, Inc. ("Apple") on Nfox, the e-mail service provider for the blog PowerPage.  The subpoena sought materials, including e-mails, that would permit Apple to identify the individual(s) who transmitted trade secret information about an Apple product to PowerPage, which information PowerPage subsequently published on its blog/website.  The Court held that the bloggers were not entitled to such relief under California's 'Shield Law,' as that statute only protects journalists from being found in contempt for failing to produce information, and does not support a motion to quash.  Similarly, such relief could not be grounded on the privilege afforded journalists under the First Amendment, as this privilege cannot be used to prevent the disclosure of information related to criminal activity such as that at issue here, the disclosure of trade secrets.  Because Apple had made a prima facie case that a crime had occurred, it was entitled to the requested discovery.

322 B.R. 247 (Bankr. S.D.N.Y., March 21, 2005)

Court holds that the use of a company's e-mail system by an employee to send personal e-mails to the employee's personal counsel does not, without more, waive any attorney client privilege in such communications.  Whether a waiver had occurred must instead be resolved by examining the employee's subjective and objective expectations that the communications would be confidential.  In analyzing this question, Courts should look for guidance to cases that address an employee's privacy rights in e-mail sent over company e-mail systems, which hinge on the resolution of a similar question -- the reasonableness of an employee's expectation of privacy in such e-mails.  Issues of fact as to the existence and application of company computer usage policies, and whether employees were warned that the Company could inspect e-mails sent over the company's system, prevented the Court from resolving the issue at this time.

The Court further held that any privileges attendant to certain additional e-mails between company employees and their personal counsel had been waived by their voluntary transmission of such e-mails both to counsel representing the company, and to a consultant rendering services to the company.

No. 04-3878, 419 F.3d 845 (8th Cir., August 22, 2005)

The Eighth Circuit, affirming the court below, dismisses invasion of privacy claims brought by an employee of a state university under the Fourth and Fourteenth Amendments arising out of the search of his office computer by University employees.  The University undertook the search in connection with a discovery request in a pending arbitration.  As a result of documents discovered in this search, the University terminated plaintiff.  The Eighth Circuit held that plaintiff's claims failed, both because plaintiff had no reasonable expectation of privacy in his computer in light of the University's computer policy, and because the search was reasonable given its scope and motivation.  The Court reached this result notwithstanding the fact that the University's policy provided that "a user can expect the files and data he … generates to be private information."  Plaintiff's claims were also dismissed because they were advanced against University employees who authorized the search, who, as public officials, possessed a qualified immunity from such claims which plaintiff was unable to overcome.  Plaintiff's claims against these individuals failed because of his inability to submit evidence sufficient to establish that a reasonable official would have believed the search at issue violated plaintiff's Fourth Amendment rights.

C.A. No. 6:06-109-HMH (D.S.C. October 22, 2007)

Granting defendant’s motion for summary judgment, the District Court dismisses defamation, trademark infringement, and invasion of privacy claims brought by plaintiffs against a blogger.  The claims arose out of defendant’s publication of articles on his blog, featuring plaintiff’s trademark, that were critical of plaintiffs’ eBay auction listing business. 

The Court held plaintiff’s trademark dilution claims failed because defendant used the mark in connection with “news reporting and news commentary,” a non-actionable use under the Federal dilution statute.  The Court held plaintiffs’ defamation claims failed because the statements at issue – which purportedly accused plaintiff Schmidt of being a “yes man” ‘who overpromised and underdelivered’ were non-actionable statements of opinion.  Finally, the Court held plaintiffs’ invasion of privacy claims – which were premised on a link on defendant’s blog to another site which contained a picture of plaintiffs – failed.  The Curt rested this holding on its determination both that South Carolina does not recognize a claim for false light invasion of privacy, and that, in any event, the link and article in question did not cast plaintiffs in a false light.  The Court also grounded its rejection of this claim on its holding that the link and corresponding use of the photo did not constitute a viable ‘wrongful appropriation of personalty’ invasion of privacy claim, given that plaintiffs had consented to the use of their photo on the internet site on which it was contained.

95 P.3d 593, Court of App. No. 03CA0074 (Colo. Crt. of App., July 17, 2003), modified and rehearing denied, 2003 Colo. App. Lexis 1651 (Colo. Ct. App., Oct. 23, 2003), writ cert granted Denever Publ. Co. v. Bd. Of County Comm'rs of Arapahoe, 2004 Colo. Lexis 572 (Colo., July 26, 2004), aff'd. in part, reversed in part, remanded by Denever Publ. Co. v. Bd. Of County Comm'rs of Arapahoe, 121 P.3d 190 (Colo., Sept. 12, 2005), rehearing denied by 2005 Colo. Lexis 940 (Colo., Oct. 17, 2005)

Colorado Court of Appeals holds that a governmental official has a limited expectation of privacy in sexually explicit and romantic e mails he sent to a female subordinate via a County’s e mail system.  This expectation of privacy was created, in part, by the County’s e-mail policy.  As a result, the Court remanded for reconsideration so much of the trial court’s decision which directed disclosure of these e-mails pursuant to Colorado’s Open Records Act (“CORA”).  On remand, the trial court was directed to determine the “least intrusive” form of disclosure necessary to serve the “compelling state interests” for which such disclosure was sought.

California Court of Appeals, Second Appellate District, Case No. B068705 (July 26, 1993)

Employer's review of e-mail of a personal and sexual nature sent by employee over company system did not constitute invasion of employee's right of privacy under either the California Constituion or common law where employee signed a form agreeing to restrict use of e-mail to company purposes, and had been notified by other employees that e-mail was reviewed by people other than the intended recipient.

2006 U.S. Dist. LEXIS 36680 (N.D. Ohio June 7, 2006)

Court denies defendant employer's motion for summary judgment, holding issues of fact preclude dismissal of plaintiff employee's invasion of privacy claim.  Plaintiff's claim arises out of the manner in which his employer obtained information about plaintiff's activities on eBay, which information supported employer's conclusion that the employee had stolen its property, which in turn led to the employee's termination.  Issues of fact existed as to whether defendant obtained this information by accessing plaintiff's password-protected eBay account, which, in the absence of an appropriate computer usage policy, could give rise to an invasion of privacy claim.  Notably, however, the Court held that if the employer had a computer usage policy that "advised its employees that their computer activities on the office system were monitored" plaintiff employee would lack a reasonable expectation of privacy in any eBay records he accessed from defendant's computer system and server.

46 F. Supp. 2d 206 (E.D.N.Y., April 23, 1999), aff'd. summary order 205 F.3d 1332 (2d. Cir., 2000)

The court holds that the transmission of two ethnically and racially insensitive jokes over a company's e-mail system, which jokes were not sent directly to the plaintiffs, does not create a hostile work environment, or give rise to a claim under 42 U.S.C. §§ 1981, 1985 or 1986. Said the court: "the case law makes clear that the sending of a single racist e-mail does not create a hostile work environment." In reaching this conclusion, the court relied on Owens v. Morgan Stanley & Co., Inc., 1997 W.L. 403454 (S.D.N.Y. 1997) ("[A]s a matter of law, (the sending of a single racist e-mail), while entirely reprehensible, cannot form the basis for a claim of hostile work environment.")

No. Civ A.3:97-CV-0721-P, 1998 WL 91261 (N.D. Tex., February 23, 1998)

(Pro se plaintiffs charged that they were the subject of race discrimination because they received four jokes sent over defendant WorldCom, Inc.'s ("Defendant") company e-mail system which allegedly contained "racial undertones." The court rejected both plaintiffs' claims that defendant was negligent, as well as plaintiffs' claims that defendant violated Title VII and §§ 1981 and 1983 of the Civil Rights Act of 1964. Defendant's response to the alleged misconduct, which included oral and written reprimands of the employee who sent the offending e-mail, as well as staff meetings at which employees were informed of the company's e-mail policy prohibiting use of the company e-mail for non-business purposes, was reasonable as a matter of law. This prompt remedial action also mandated dismissal of plaintiffs' §1981 claim. Plaintiffs' Title VII and retaliation claims were dismissed because of plaintiffs' failure to file the requisite charge with the appropriate governmental agencies.)

2004 U.S. Dist. Lexis 18010 (D. North Dakota, September 8, 2004)

Court dismisses plaintiffs' claims that Northwest Airlines violated the Electronic Communications Privacy Act ("ECPA") by disclosing personal information about plaintiff passengers to governmental authorities.  The Court grounded its decision on its determination that the ECPA did not apply because Northwest, by virtue of its operation of a web site at which consumers can purchase airline tickets, was not a provider of "electronic communication services" within the meaning of the ECPA.  The Court also dismissed plaintiffs' claims that this disclosure constituted a breach of the parties' agreement, as reflected in the privacy policy Northwest posted on its web site, not to disclose such personal information, finding that the posting of such a policy did not create an enforceable agreement between the parties.

207 F. Supp.2d 914 (W.D. Wis., March 28, 2002)

Court allows plaintiff to proceed with claims advanced against his employer and various fellow employees under the Electronic Communications Privacy Act, the Electronic Communications Storage Act, and Wisconsin's right to privacy statute, Wis. Stat. Section 895.50, as well as a common law defamation claim, arising out of defendants' interception of a telephone call plaintiff placed from his place of employ, and defendants' review of e-mails contained in a personal e-mail account plaintiff maintained with Hot Mail, which account plaintiff accessed from his work place.  There were sharply differing versions of the content of these various communications.  Defendants alleged that during the telephone call, the participants, while masturbating, graphically described homosexual activity between two males.  Plaintiff denied this.  Defendants also alleged that e-mails read from plaintiff's email account evidenced that plaintiff was involved in homosexual activity.  Plaintiff denied that these e-mails had been sent to him.

Defendants' version of the telephone conversation was related to various third parties, which resulted in the termination of plaintiff's employment.  This lawsuit ensued.  The court determined that plaintiff should be permitted to proceed with various claims he asserted. 

The court refused to dismiss plaintiff's claim, advanced under Wisconsin's right of privacy law, section 895.50, arising out of the review of e-mail from plaintiff's personal Hot Mail account.  The court held that issues of fact existed as to whether the review of such e-mail would be highly offensive to a reasonable person, and as to whether a reasonable person could consider such an account to be private, which precluded a grant of summary judgment to defendants.  The court also refused to dismiss the claim plaintiff brought under the Electronic Communications Storage Act arising out of the review of these e-mails.  If such a review took place (as opposed to defendants' having fabricated the e-mails) it would run afoul of the Stored Communications Act.  The court did dismiss the claims plaintiff raised under the Computer Fraud and Abuse Act, holding that plaintiff had not alleged economic damages arising from the review of these e-mails sufficient to state a claim under the Act.

The court also refused to dismiss the claims plaintiff advanced under the Electronic Communications Privacy Act and Wisconsin Privacy Act arising out of the interception of the telephone call described above.  The court refused to dismiss plaintiff's ECPA claim because, depending on what actually occurred, the defendants should have stopped listening to the telephone call when they discovered it was personal in nature.  The court refused to dismiss plaintiff's privacy act claims because plaintiff may have had a reasonable expectation of privacy in the telephone call if his claim that he made the call from a place his employer designated for private personal calls was true.

Lastly, the court refused to dismiss plaintiff's defamation claim, finding that issues of fact precluded it from determining whether defendants' communication of their version of the telephone call to third parties was protected by the common interest privilege possessed by members of religious associations as to communications pertaining to the qualifications of those who work for the organization.  Such privilege may have been lost, given plaintiff's claim that the defendants were lying about what took place during the telephone call.

Civ. Act. No. 00-12143-RWZ, 2002 U.S.Dist. Lexis 8343 (D. Mass., May 7, 2002)

Court dismisses claims of invasion of privacy and violation of the Massachusetts Wiretap Act MGL c 272 §99 arising out of employer's review of e-mail sent and received by company employees.  The e-mail in question was located by the company in both the personal password protected folders the employees maintained on the company's computers, as well as in the personal folders of other company employees who received e-mail from plaintiffs.  The court held that plaintiffs' invasion of privacy claim failed because they had no reasonable expectation of privacy in their personal folders, given the company's existing e-mail usage policy.  In that policy, the company reserved the right to examine all e-mail files.  The court rejected plaintiffs' Massachusetts Wiretap Act claim because the e-mail at issue was not intercepted during transmission, as it was reviewed by the company only after it had been received by the intended recipient.  The court accordingly granted defendant's motion for summary judgment and dismissed plaintiffs' lawsuit.

Case No. 03-4209-RDR (D. Kan., December 23, 2003)

Court grants plaintiff, a former assistant attorney general, a preliminary injunction:  (i) enjoining his former employer, the Kansas Attorney General, from further review and/or dissemination of e-mails contained in 'private' computer files maintained by plaintiff on his employer's computer system, and (ii) directing his former employer to permit plaintiff to access and copy materials contained in these files.  In reaching this result, the Court found that plaintiff had raised serious questions as to whether defendants' review of the e-mails at issue violated his 4th Amendment expectations of privacy in these materials sufficient to warrant the issuance of injunctive relief.  The Court granted such relief notwithstanding the fact that the Attorney General's computer use policy provided, in part, that "There shall be no expectation of privacy in using this [computer] system….".

30 Cal. 4th 1342, 71 P.3d 296, 1 Cal. Rptr. 3d 32, S103781 (Cal. Supreme Ct., June 30, 2003)

By a 4-3 margin, the California Supreme Court holds that the transmission of six e-mails criticizing Intel's employment practices to approximately 35,000 Intel employees over Intel's Intranet, despite Intel's objection, does not constitute an actionable trespass to chattels because the transmission did not cause any injury to Intel's computer systems.  The transmission of these e-mails neither slowed nor otherwise disrupted the functioning of Intel's computer system.  As a result, the California Supreme Court rejected Intel's application for an injunction, enjoining defendant, a former Intel employee, from continuing to send e-mails to Intel employees.  In reaching this result, the Court held that neither the time Intel's employees spent reviewing these unwanted communications, nor the funds Intel expended in attempting to block their continued transmission, constituted the type of injury necessary to sustain a trespass to chattels claim.

This result constituted a reversal of prior decisions by both the California Superior Court and the California Court of Appeals, each of which had enjoined future transmissions by the defendant.  Three justices dissented in two extensive dissents.  Each of the dissenters would have continued the injunction issued by the lower courts on the grounds, inter alia, that a trespass to chattels claim does not require injury to the chattel in question -- rather, such a claim can be established solely by showing an unpermitted and objected to use of the chattel.

382 N.J.Super. 122 (Appellate Division N.J., December 27, 2005)

Reversing the court below, a New Jersey intermediate appellate court holds that an employer has a duty to take "prompt and effective action" to prevent an employee that it had notice was viewing child pornography in the workplace from continuing such criminal activity.  This obligation to act requires the employer to investigate the employee's activities.  It also requires the employer to report the employee's activities to the appropriate governmental authorities and to take effective action to prevent it, which may require the employee's termination.  As a result of this determination, the Court allowed the ex-wife of a former company employee, individually and as guardian for her minor daughter, to proceed with a lawsuit against the employer arising out of the employee's transmission via e-mail from his office computer of three pornographic images of his minor stepdaughter to a child porn site.

2002 U.S. Dist. Lexis 9408 (E.D. Pa., May 29, 2002)

Court dismisses invasion of privacy claims advanced by plaintiff Linda Kelleher, City Clerk of Reading Pennsylvania, arising out of defendants' alleged dissemination to the Press of emails plaintiff sent and/or received from a City of Reading computer.  Kelleher had no reasonable expectation of privacy in the subject emails because the City's computer usage policy expressly advised that the City could access and disclose emails sent from its computer network.

Plaintiff asserted this claim in a lawsuit in which she also claimed that various governmental officials and/or entities harassed her in retaliation for her exercise of her First Amendment right of Free Speech.  This harassment allegedly included providing the Press with information that would discredit her, including an ethics complaint lodged against plaintiff, and a job related one week disciplinary suspension.   Kelleher claimed that such conduct violated her rights under 42 U.S.C. § 1983.  The Court granted defendants' motions for summary judgment and dismissed the complaint, finding, inter alia, that plaintiff had failed to establish either that she had, in fact, engaged in speech which could give rise to such claims, or that the defendants' conduct was motivated by their desire to retaliate against her as a result of the activities she claimed to have engaged in.  It is beyond the scope of the Internet Library to address plaintiff's 1983 claims.  As such, the balance of this article will focus solely on the invasion of privacy claims plaintiff asserted.

Case No. 05-97-00824, 1999 Tex. App. Lexis 4103 (Tex. Crt. of App., May 28, 1999)

Court holds that defendant Microsoft Corporation ("Microsoft") did not invade its former employee's right to privacy under Texas law by reading e-mail the employee stored on a personal office computer in a "personal folder" accessible by use of a password known only to the employee.

Plaintiff was employed by Microsoft Corporation ("Microsoft") which provided him with a personal computer and access to the company's e-mail system to aid him in the performance of his job duties. Access to this e-mail system was gained by use of a network password, which password was known by both plaintiff and his employer. In addition, Microsoft permitted plaintiff to maintain on this PC a "personal folder" in which he could store e-mail he received. Access to this folder was via a second password known only to plaintiff. Plaintiff informed Microsoft that e-mail contained in his "personal folder" would aid him in defending charges of sexual harassment that had been made against him.

The court held that plaintiff's claim failed for two reasons. First, plaintiff had no reasonable expectation of privacy in the e-mail in question because, before reaching plaintiff, this e-mail had traveled through various points in the Microsoft company e-mail system where it was accessible by Microsoft. Second, Microsoft's "interest in preventing inappropriate and unprofessional comments, or even illegal activity, over its e-mail system ... outweigh[ed] McLaren's claimed privacy interest in those communications."

983 F. Supp. 215 (D.D.C., January 26, 1998)

Court issued a preliminary injunction enjoining the Navy from discharging plaintiff because of his sexual orientation. Such discharge, premised on AOL's identification of plaintiff as both the sender of an anonymous e-mail, and as a member described anonymously in AOL's member directory as gay, violated the Navy's "Don't Ask, Don't Tell, Don't Pursue" policy, and was likely aided by a violation of the Electronic Communications Privacy Act.

280 F.3d 741, No. 98 C 3187 (7th Cir., February 6, 2002)

Seventh Circuit affirms dismissal of claims brought by former employee against his employer arising out of employer's seizure of a company lap top used by plaintiff in the course of his employ, and subsequent delivery of that lap top to federal authorities in response to a search warrant. Defendant employer could not be held to have violated plaintiff's Fourth Amendment rights because plaintiff had no reasonable expectation of privacy in the lap top in light of the company's computer use policy, which permitted the company to inspect the lap top at any time. Moreover, as the defendant was neither the state or a public entity, it could not be liable for violating plaintiff's Fourth Amendment rights.

No. C 06-00198 JW (N.D. Ca., October 10, 2007)

Court grants summary judgment motion of defendant St. Paul Mercury Insurance Company (“St. Paul”), and holds St. Paul has no duty to defend or indemnify plaintiff America Online (“AOL”) for losses sustained as a result of its defense and settlement of lawsuits brought against its Netscape subsidiary arising out of Netscape’s collection of information about the internet activities of users of its ‘Smart Download’ software.  Such activities were alleged to constitute violations of both the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.  The Court held that St. Paul had no obligation to indemnify AOL for such losses because the General Liability Policy it issued excluded coverage for ‘personal injury’ arising out of ‘online activities,’ which activities included ‘providing internet access to third parties.’  As interpreted by the Court, this phrase encompassed activities which allowed users to ‘make use of’ the Internet.  As the Smart Download software assisted users in downloading files over the Internet, the conduct at issue was an “online activity’ within the meaning of St. Paul’s insurance policy, and accordingly was excluded from coverage thereunder.

Case No. 5D03-3484, 899 s.2d 1133 (Dist. Crt. App., Fla., February 11, 2005)

Court holds that the unauthorized use of a spyware program to capture screen shots of a husband's online communications violates Florida's Security of Communications Act, modeled after the Federal Wiretap Act, 18 U.S.C. Section 2501, et seq.  An intermediate Florida appellate court accordingly affirms the trial court decision to bar the wife from introducing these screen shots into evidence in her divorce proceeding with her husband.

337 F. Supp. 2d 1195 (N.D.Cal. September 30, 2004)

Court holds that defendants Diebold Incorporated and Diebold Election Systems Inc. (collectively “Diebold”) violated Section 512(f) of the Digital Millennium Copyright Act (“DMCA”) by having outside counsel send DMCA take-down notices to Internet Service Providers (“ISPs”).  These notices demanded that the ISPs disable access to or remove a website containing an archive of emails prepared by Diebold employees in which “some employees acknowledged problems associated with [Diebold’s electronic voting] machines.”  Diebold claimed a copyright in this archive, which had apparently been stolen and posted on the Internet.  The take-down notices also sought to disable a hypertext link to this website, found in an online newspaper article critical of Diebold’s electronic voting machines.  The Court held that because “portions of the email archive are subject to fair use protections,” the notices constituted knowing material misrepresentations that material or activity infringes Diebold’s claimed copyright in the archive in violation of Section 512(f), exposing Diebold to liability for the damages and attorneys’ fees resulting from actions taken by the ISPs in response to these notices.  It has subsequently been reported by the Online Policy Group that Diebold paid $125,000 to plaintiffs and their attorneys in satisfaction of this claim.

329 F.3d 9 (lst Cir., May 9, 2003)

Reversing the decision of the court below, the First Circuit holds that the grant of permission by web site owners to defendant Pharmatrak to operate web tracking software on their web sites does not constitute consent to intercept their communications with site users, because the site owners expressly instructed defendant Pharmatrak not to gather personal information about site users.  As a result, the First Circuit reversed the District Court's decision, which had dismissed claims brought by site users under the Electronic Communications Privacy Act ("ECPA") arising out of defendant Pharmatrak's gathering of information concerning individual site users, and their use of the web site owners' sites, from communications between the users and the sites themselves.  The First Circuit remanded the case for further consideration as to whether defendant Pharmatrak's actions were intentional, a prerequisite to an ECPA claim, in light of the fact that Pharmatrak appeared to have gathered personally identifiable information as to only 232 of the approximately 18.7 million users whose activities it tracked.

Case No. 07-5739 SC (N.D. Ca., March 24, 2008).

Court allows job applicant to proceed with putative class action, arising out the theft of two lap top computers containing personal information, including social security numbers, provided to the Gap by job applicants, including plaintiff.  The Court held that plaintiff had sufficiently alleged that he sustained the requisite injury in fact needed to confer standing to pursue such claims by alleging that he was at increased risk of identity theft as a result of the theft of these lap tops.  Notably, the Court reached this conclusion notwithstanding the fact that plaintiff’s identity had not, as of the filing of the complaint, actually been stolen.

The Court further held that plaintiff had validly pled negligence claims arising out of the theft of the laps tops, by alleging that the Gap had breached its duty to plaintiff to take adequate steps to protect the confidential information he and other job applicants provided.

The Court also held that plaintiff had pled a valid claim under California Civil Code Section 1798.85, which prohibits web site operators from requiring users to supply their social security numbers to access a website unless a password or other authentication device is also required to access the site.  The Court noted, however, that such a claim would fail if the job applicant was only required to provide his social security number to submit his job application, and not to access a website.

The Court did dismiss so much of plaintiff’s complaint which asserted claims for bailment, violations of California Business and Professions Code Section 17200, which prohibits unfair competition, and invasion of privacy, arising out of the theft of the lap tops at issue.

17 Misc. 3d 934 (Sup. Crt. NY Co., October 17, 2007)

Court holds that communications between plaintiff and his counsel, sent from and to  plaintiff over his employer’s email system, were not protected from disclosure by the attorney client privilege because these communications were not made in confidence.  In reaching this result, the Court relied, in large part, on the email policy that governed the use of this company email system.  This policy advised all employees that the company email system should not be used for personal purposes, and that employees had no personal privacy right in email sent over the company email system, which the employer could access and disclose at any time. 

Notably, the Court reached this result notwithstanding the fact that New York’s Civil Practice Law and Rules (“CPLR”) section 4548 provides that “no communication privileged under this article shall lose its privileged character for the sole reason that it is communicated by electronic means, or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication.”  (Emphasis added).  The Court held that it is the presence of the employer’s computer use policy, and not the fact that the material was transmitted over the company’s email system, that rendered the communication non-privileged.

The Court further held that plaintiff waived any work product privilege attendant to his communications with counsel by transmitting them over a company email system, as they were subject to the email policy recited above, which permitted the company to examine and disclose such communications at any time.  By such actions, the court held that plaintiff was so careless with these materials that he waived any work product privilege attendant thereto and could not claim their disclosure was inadvertent.

As a result, the Court denied plaintiff’s motion for a protective order, which sought to compel his employer to return these communications with counsel to plaintiff.

Case No. C06-1412RSM (W.D. Wash., September 20, 2007)

The Court granted in part and denied in part an employer’s motion to compel production and inspection of the hard drive of a laptop the company furnished to an employee.  The Court held that the company could inspect the contents of the laptop, and any emails sent by the employee over the company email system, because the company had in place a policy that advised its employees that they had no expectations of privacy therein.  However, the Court held that the attorney client and marital communications privilege protected from disclosure “any web-based generated emails, or materials created by Sims[,] to communicate with his counsel or his wife.”  Said the Court:

[T]o the extent that the laptop contains web-based emails sent and received by plaintiff Sims and any other material prepared by plaintiff Sims to communicate with his counsel, the Court agrees with plaintiff that such information is protected under the attorney-client privilege and the marital communications privilege.  Notwithstanding defendant Lakeside’s policy in its employee manual, public policy dictates that such communications shall be protected to preserve the sanctity of communications made in confidence.

741 N.Y.S.2d 100 (N.Y. App. Div., 2d Dep’t, April 15, 2002)

A New York intermediate appellate court affirms the dismissal of plaintiffs' action, and holds that defendant's act of allegedly selling personal information about plaintiffs, including their names, addresses and telephone numbers, to third party vendors in violation of defendant's promise not to divulge such information does not give rise to claims under either New York General Business Law §394 or Civil Rights Law Sections 50 and 51, or to a claim for breach of contract or unjust enrichment.  No claim arises under Gen. Bus. Law §349 because plaintiffs have not alleged that they suffered the requisite actual injury necessary to sustain such a claim as a result of Chase's sale of such personal information.  This burden was not met by plaintiffs' allegations that the sale of such information led to their receipt of unwanted solicitations by third party vendors.  Similarly, no claim for breach of contract was stated, because plaintiffs failed to allege the requisite injury needed to sustain such a claim.  This holding was premised on the court's determination that any emotional distress plaintiffs' sustained as a result of receiving unwanted solicitations is not actionable on a breach of contract theory.  Lastly, the court dismissed plaintiffs' unjust enrichment claim, which claim was based on the commissions paid to Chase on sale transaction completed by plaintiffs.  The court dismissed this claim because plaintiffs always received precisely that which they bargained for in these transactions.

914 F. Supp. 97 (E.D. Pa., 1996)

(Court upholds employer's termination of at-will employee based on review of intercepted e-mail transmitted over company system. In reaching this conclusion, the court held that such review is not a violation of employee's right of privacy, even assuming employer promised not to intercept the e-mail or to terminate an employee based on a review of its contents, because employee has no reasonable expectation of privacy in messages sent over company e-mail)

Case No. 1D06-5798 (Crt. App., Fla., December 26, 2007)

Court grants defendant’s motion to suppress both evidence of defendant’s computer usage obtained via a warrantless search of his office computer, as well as subsequent incriminating statements concerning such usage made in his interrogation by law enforcement officials.  The evidence at issue indicated defendant, a pastor, was engaged in viewing child pornography.  The Court held that the government’s search violated defendant’s rights under the Fourth Amendment.

In reaching this result, the Court held that Young had a reasonable expectation of privacy in his office computer.  The court rested this determination on the fact that:
(i) the church did not have a computer usage policy, and did not regularly monitor the use of the computer,
(ii) the Pastor was the only regular user of the computer at issue, which, owned by his employer, was located in defendant’s private, locked office, to which only he and a church administrator had a key,
(iii) no one was allowed to enter the pastor’s office or use the pastor’s computer without his consent, and
(iv) the Pastor’s computer was not networked to other computers. 

Notably, the court held that the pastor had such a reasonable expectation of privacy despite the fact that he understood the computer could be accessed by the Church Administrator to perform maintenance work.

The Court further held that law enforcement’s search of the computer was not authorized by either an individual having actual or apparent authority to do so.   Law enforcement officials were authorized to search the Pastor’s computer by a church official, who, in turn, had been authorized to grant such permission by the Pastor’s supervisor.  The Court held that these individuals did not have actual authority to grant such a search, given the absence of a computer usage policy, and the fact that they themselves did not regularly use the machine.  For the same reason – the fact that they did not regularly use or access the computer at issue – the court held they lacked apparent authority to authorize the search.  As such, the Court affirmed the lower’s court decision to suppress the evidence of defendant’s computer usage obtained via the search of his computer.

As evidence from this search was used during the subsequent interrogation of defendant, the Court held that incriminating admissions made by the Pastor during this interrogation were also suppressed under the Fourth Amendment, under the ‘fruit of the poisonous tree’ doctrine.

2004 U.S. Dist. Lexis 18863 (D. Or. , Sept. 15, 2004)

The Magistrate Judge recommended the dismissal of plaintiff employee's invasion of privacy claims, which arose out of his employer's review of both e-mails he had received and stored in a personal, non-password protected, folder on a company computer, as well as a list of websites the employee visited from his office computer.  The Court held that employee had no reasonable expectation of privacy in the materials searched because the Company had explicit policies advising its employees that Company computer equipment could be monitored for any legitimate business purpose, including ascertaining whether the Company computer had been improperly used for personal reasons or to send offensive emails, as was allegedly the case here.

This claim arose in the context of a lawsuit arising out of the employee's termination for cause for "spending an inordinate amount of time on the internet during work hours" and downloading and storing on his office computer "sexually inappropriate material," which evidently consisted of nude pictures and sexually explicit jokes.  The employee claimed that his termination for cause was motivated by a desire to deny him severance benefits in violation of 29 U.S.C. §1140 of ERISA.  The Court held that issues of fact precluded an award of summary judgment dismissing this claim.  The Court did not dismiss claims plaintiff asserted arising out of the Company's alleged wrongful denial of benefits, and failure to notify him of how to apply for such severance benefits.  Such claims were dismissed, respectively, because of the employee's failure to appropriately exhaust available administrative remedies, and his failure to file a claim for such benefits in the proper manner.  As these later claims are beyond the scope of the Internet Library they will not be addressed below.  Instead, our analysis will focus solely on the dismissal of plaintiff's invasion of privacy claim.

373 F.3d 197 (1st Cir., June 29, 2004), reversed 418 F.3d 67 (1st Cir. 2005)

Affirming the court below, the First Circuit, by a 2-1 vote, holds that defendant's alleged involvement in a scheme in which e-mails were copied while in transit to, but before their receipt by, their intended recipients, was not a violation of the Wiretap Act, 18 U.S.C. §§ 2510 et seq. and accordingly dismisses an indictment charging defendant with conspiring to violate the Wiretap Act.  In reaching this result, the Court held that the Wiretap Act does not apply to the interception of e-mails in storage.  Because the e-mails at issue were in temporary storage when intercepted, no violation of the Wiretap Act occurred.

In a vigorous dissent, Circuit Judge Lipez warned that the majority's holding would effectively eliminate all protection for e-mail under the Wiretap Act, as all e-mail, when in transit, is stored in either the hard drives or RAM of the various computers involved in its delivery.  As such, e-mail recipients would be relegated to the lesser protections provided by the Stored Communications Act, 18 U.S.C. §§ 2701 et seq., which, among other things, provides certain exceptions for "conduct authorized by the person or entity providing a wire or electronic communications service …", and lowers the showing law enforcement officials must make to access such stored communications.  Judge Lipez accordingly would reverse the court below, and hold that the Wiretap Act applies to the unauthorized interception of e-mail while such e-mail is being transmitted, whether then in storage or not.

281 F.3d 1130 (10th Cir., February 22, 2002), cert. denied, 537 U.S. 845 (2002)

10th Circuit holds that a University professor has no reasonable expectation of privacy in an office computer supplied for his use by the University which employed him.  This result was mandated by the University's computer policy, which provides both that the University may inspect such computers at any time to ensure their appropriate use, and that the University is the owner of everything stored in such computers.  As a result, the court held that the seizure of these images did not violate defendant's Fourth Amendment rights, given his lack of a reasonable expectation of privacy in this computer.  The 10th Circuit accordingly affirmed the denial of defendant's motion to suppress the introduction of child pornography found in files defendant attempted to delete from his computer hard drive and upheld defendant's agreement to plead guilty to violating 18 U.S.C. §2252(a)(5)(b) based on his possession of child pornography.

474 F.3d 1184 (9th Cir., January 30, 2007)

Ninth Circuit holds that an employee has a reasonable expectation of privacy in his private office, because it is locked and not shared with others.  This reasonable expectation of privacy extends to the contents of his office, including the employee’s company computer, located therein.

As a result, the Court holds that the Fourth Amendment protects both the office and computer from warrantless searches by the Government unless it obtains valid consent from either the defendant himself or one with common authority over the items searched, or proceeds on the authorization of one with apparent authority to give such valid consent.

Here, the Ninth Circuit holds that the Government obtained valid consent from one with common authority over the items searched, when it received such consent from the employee’s employer.  The employer had common authority over the employee’s office computer because it had a policy of, and regularly did, monitor employees’ computer usage of company machines, a policy of which its employees were made aware.

The Court accordingly denied defendant’s motion to suppress evidence found by the Government during its warrantless search of defendant’s office computer.  As a result, pursuant to a plea agreement, defendant was convicted of the receipt of obscene material based, in part, on evidence obtained during this search.  The evidence obtained during this search, and by the company earlier, showed that defendant had viewed and had possession of child pornography.

206 F. 3d 392 (4th Cir., February 28, 2000)

Fourth Circuit holds that various warrantless searches of the defendant employee's computer did not violate his Fourth Amendment protections against unreasonable governmental search and seizures. The Fourth Circuit remanded for reconsideration that portion of the lower court's determination that upheld a search of the defendant employee's office and computer pursuant to a warrant where the searching officials, contrary to its terms, failed to leave the warrant for the employee after completing their search.

No. 2:97-CR-84C, 1998 U.S. Dist. Lexis 8719 (D. Utah, June 3, 1998)

Transmission of e-mail via AOL from defendant, a Utah resident, to AOL facilities in Virginia and back to the victim, another Utah resident, was a transmission in interstate commerce sufficient to support a violation of 18 U.S.C. §875, which prohibits the transmission of threats in interstate commerce.

No. 06-3094 (10th Cir., April 25, 2007)

Affirming the decision of the District Court below, the Tenth Circuit, by a 2-1 margin, holds that the defendant’s ninety-one year old father had apparent authority to consent to the government’s warrantless search of defendant’s password protected computer.  The computer was located in defendant’s bedroom in his father’s house.  The Court reached this result notwithstanding the fact that defendant’s father neither used the computer, nor knew the password thereto.  As a result, the Tenth Circuit affirmed the denial of defendant’s motion to suppress the evidence of child pornography found during the resulting search, and affirmed defendant’s conviction for violation of 18 U.S.C. Section 2252(a)(4)(B), which prohibits the possession of materials depicting minors engaged in explicit sexual conduct.

The Tenth Circuit holds that an individual with apparent (but not actual) authority can give valid consent for a warrantless governmental search of another’s computer.  An individual has such apparent authority when, examining the totality of the circumstances, the facts available to the officers at the time they commenced their search would lead a reasonable officer to believe that that individual had authority to consent to such a search based on that individual’s relationship to the object searched.

There was a strong dissent by Judge McKay, who would have held, under the circumstances, that the officers had a duty to inquire as to whether the computer was password protected and, if so, whether the party consenting to the search knew the password or had access to the computer in question.  As the government neither made such inquiry, nor knew the password in question, the dissent would hold that defendant’s father did not have apparent authority to consent to the alleged search.

151 F. Supp. 2d 82 (D. Maine, June 25, 2001)

Court denies defendant's motion to suppress both pornographic images obtained from the hard drives of two University computers located in a computer lab that defendant used, and logs pertaining to the usage of such computers.  In so doing, the court rejected  defendant's claim that he had a reasonable expectation of privacy in such hard drives, holding that "there is no generic expectation of privacy for shared usage of computers at large."  As defendant did not advance any evidence to support his claimed expectation of privacy, the court denied defendant's motion to suppress.

Crim No. 02-13-B-S (D. Maine, May 10, 2002)

Magistrate Judge issues report, recommending denial of so much of defendant's motion to suppress which sought to prevent use of various pornographic images found in the recycle bin of a University computer, in a personal computer maintained by defendant at his home, and in a computer used by defendant at his place of employ.  In so holding, the Magistrate Judge determined that defendant did not have a reasonable expectation of privacy in either the University or office computers, so that their searches did not violate the Fourth Amendment.  The court further held that the search of defendant's home computer was made pursuant to a validly issued search warrant.

No. 82S04-0008-CV-477 (Sup. Crt. Ind., October 1, 2001)

The Supreme Court of Indiana affirmed in part and reversed in part the decisions of the courts below. The Indiana Supreme Court affirmed those portions of the lower courts' decisions that held that Dr. Felsher had violated the privacy rights of three University of Evansville employees by, inter alia, creating e-mail accounts and web sites containing their last name, first initial, and the letters UE (an abbreviation for University of Evansville), sending e-mail from such accounts nominating the employees for various positions at other institutions, and referring the reader of such e-mail to the web sites defendant created which contained materials critical of the three employees. The Supreme Court affirmed that portion of the decisions below which held that such conduct violated the individual defendants' privacy rights, and enjoined defendant from engaging in such conduct in the future. The Supreme Court reversed those portions of the decisions below which held that Felsher, by his acts, had also violated the privacy rights of the University of Evansville on the grounds that a corporation does not possess a right to privacy. The court held that the University may be able to obtain redress for any misuse of its name by asserting claims under other theories, such as unfair competition, which had not yet been plead.

82 Ohio St. 3d 37, No. 97-797 (Ohio Supreme Court, May 20, 1998)

E-mail sent by corrections officers over correction facilities' e-mail system which allegedly contained racial slurs is not "public record" subject to disclosure under Ohio Public Record Act R.C. 149.43. The court reached this conclusion because the e-mail "was never used to conduct the business of the public office...".

Quick Hits

David Egilman v. Keller & Heckman, LLP, et al.
Civ. Act. No. 04-00876 (HHK) (D.D.C., November 10, 2005)

The Court holds that the unauthorized use of a password to access a website does not constitute a violation of the Digital Millennium Copyright Act, 17 U.S.C. Section 1201, et seq.  The DMCA provides that “no person shall circumvent a technological measure that effectively controls access to a work protected [by Title 17, the section of the US Code governing copyright].”  Under the DMCA, “circumventing a technological measure” “means to descramble a scrambled work, to decrypt a decrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.”  Section 1201(a)(3)(A).   Because circumvention, under the DMCA, requires an act such as descrambling, decrypting, deactivating or impairing a protective technological measure, the unauthorized use of a password does not qualify.  “[T]he court concludes that using a username/password combination as intended – by entering a valid username and password, albeit without authorization – does not constitute circumvention under the DMCA.”  In reaching this result, the Court found persuasive the decision of the District Court in I.M.S. Inquiry Mgmt. Sys. Ltd. v. Berkshire Info. Sys. Inc., 307 F. Supp. 2d 521 (S.D.N.Y. 2004).  The Court accordingly granted defendants’ motion to dismiss DMCA claims brought by plaintiff arising out of defendants’ alleged unauthorized use of a password to access plaintiff’s password protected site, and thereby to obtain and review the contents thereof.

The Court did not reach the question of whether such conduct violated the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, because plaintiff’s claim that it did was held to be time-barred by the applicable statute of limitations.  Nor did the Court reach the question of whether, by so using the password to access plaintiff’s site, defendants committed an actionable tort under state law – such as trespass – because the Court, on the dismissal of plaintiff’s Federal claims, declined to exercise pendent jurisdiction over plaintiff’s state law claims, which were accordingly dismissed without prejudice.

This dispute arose out of a prior lawsuit in which plaintiff served as an expert witness in a case in which the defendant law firms represented the defendant in that suit.  In that case, the court had issued a gag order, prohibiting the parties and their experts from publicly discussing the case.  Apparently, plaintiff, in violation of the court’s order, posted material about the case on his password protected website.  In his complaint, plaintiff alleged that defendants, without authorization, used the site’s password to obtain access.  Defendants then presented materials from the site to the judge, who issued sanctions against plaintiff – including striking the plaintiff’s expert trial testimony and instructing the jury to disregard it - for violating his gag order.  This suit sought redress for this alleged misconduct.

Download PDF of Court Decision

TBG Ins. Services Corp. v. Robert Zieminski
96 Cal. App. 4th 443 (Cal. Ct. App. 2002)

A computer usage policy that warns the employee of the company’s right to inspect computers provided to him for business use, has been held sufficient to entitle the company to inspect the contents of a company computer used by the employee in his home over the employee’s objections.  Said the Court: 

[Company’s] advance notice to [Employee] (the company’s policy statement) gave [employee] the opportunity to consent to or reject the very thing that he now complains about, and that notice, combined with his written consent to the policy, defeats [the] claim that he had a reasonable expectation of privacy.

Pursuant to this policy, employee “consented to have his computer “use monitored by authorized company personnel” on an ‘as needed’ basis and agreed that communications transmitted by computer were not private.”) id. at 446

Download PDF of Court Decision

Louis E. Thyroff v. Nationwide Mutual Insurance Company, et al.
USCOA2 No. 41, (N.Y. Crt. App., March 22, 2007)

The New York Court of Appeals extends New York’s common law tort of conversion to “intangible electronic records.”  Prior to the High Court’s decision, in the state of New York, the common law tort of conversion was limited to the conversion  of tangible personal property, or intangible personal property that had ‘merged’ into a tangible object, such as a stock certificate.  Finding that it was time for the tort of conversion to evolve to “keep pace with contemporary realities of widespread computer use,” the Court held that it extended to intangible electronic records stored on a company computer system.  Said the Court:


Computers and digital information are ubiquitous and pervade all aspects of business, financial and personal communication activities.  … We cannot conceive of any reason in law or logic why this process of virtual creation should be treated any differently form production by pen on paper or quill on parchment.  A document stored on a computer hard drive has the same value as a paper document kept in a file cabinet. … “It would be a curious jurisprudence that turned on the existence of a paper document rather than an electronic one.  Torching a company’s file room would then be conversion while hacking into its mainframe and deleting its data would not.” … It generally is not the physical nature of a document that determines its worth, it is the information memorialized in the document that has intrinsic value. … In the absence of a significant difference in the value of information, the protections of the law should apply equally to both forms – physical and virtual.

In light of these considerations, we believe that the tort of conversion must keep pace with the contemporary realities of widespread computer use.  We therefore answer the certified question in the affirmative and hold that the type of data that Nationwide allegedly took possession of – electronic records that were stored on a computer and were indistinguishable from printed documents – are subject to a claim of conversion in New York.

As a result of this decision, the plaintiff, formerly an insurance agent for defendant Nationwide Mutual Insurance, was allowed to pursue a conversion claim arising from defendant’s decision to deny plaintiff access to electronic personal and business records he stored on the company’s computer system.  Plaintiff used Nationwide’s computer system throughout the course of his business relationship with Nationwide.   

Download PDF of Court Decision

Disclaimer  |  Attorney Advertising
© Copyright 1997-2024 Martin H. Samson All Rights Reserved
Printer Friendly