In a move that some may erroneously interpret as a sea change in workplace privacy law, the Ninth Circuit Court of Appeals recently concluded in Quon v. Arch Wireless Operating Company1 that an employer may not read employee text messages sent to and from an employer-provided alphanumeric pager.
To those familiar with workplace privacy law, this holding may seem unusual, but the result was in fact predictable based on the unique circumstances of the case. Nevertheless, the case is important and clarifies that: (1) an employer’s technology policy may not be enforceable if its practices and assurances do not conform to the policy, and (2) a “subscriber” of text messaging services — including an employer — cannot obtain a transcript of a text message from a service provider unless the “addressee” or “intended recipient” of the message consents.
The case arose when a city employer (Ontario, California) reviewed SMS text messages sent and received by employee Jeff Quon on a city-issued alphanumeric pager. Quon, a sergeant in the police department and member of the city’s SWAT team, sued service provider Arch Wireless and the City alleging that Arch violated the Stored Communications Act (SCA)2 by providing the City with transcripts of his text messages and that the City violated his privacy by reading the messages.
Arch Wireless provided the City with alphanumeric pagers, which the City gave to various employees, including Quon. A service contract between Arch Wireless and the City allotted each pager 25,000 characters per month and required the City to pay “overage” charges for any additional characters used by the employee during the month.
In the realm of workplace privacy, enforceable technology policies often make the difference between permissible monitoring and protected privacy. In this case, the City had no formal written policy with regard to text messaging and pager use, but it did have a general “Computer Use, Internet, and E-Mail Policy.” Under this general computer use policy, all computer, email and network use was restricted to official city business and using the systems for personal matters was considered a significant violation of the policy. City employees also signed an acknowledgement that computer and email use would be monitored, recorded and reviewed; therefore, employees should not have any expectation of privacy with regard to their computer use.
The police lieutenant in charge of billing and monitoring police department pager use told employees that this written computer use policy applied to pager use and text messaging.3 Nevertheless, the lieutenant also assured employees that, notwithstanding the application of this policy to pagers, the City had an informal policy of not auditing or reviewing an employee’s text messages if the employee reimbursed the City for any overage charges.
Quon exceeded his 25,000-character-per-month allotment on several occasions and always reimbursed the City for the overage charge. Consistent with its informal policy, the City did not audit Quon’s usage because of his timely reimbursements.
Then, without warning or notice of any change in the informal policy, the lieutenant complained that he was “tired of being a bill collector with guys going over the allotted amount of characters on their text pagers.”4 In response, the police chief ordered the lieutenant to obtain the transcripts from Arch Wireless and audit Quon’s use.
Arch provided the City with the transcripts, concluding that the City was entitled to them as the account holder. The City’s audit and subsequent internal affairs investigation revealed that Quon exceeded his text message allotment by more than 15,000 characters and many of the messages “were personal in nature and sexually explicit.”5
In the resulting lawsuit brought by Quon (and others), the trial court dismissed Quon’s claims against Arch Wireless and granted several summary judgment motions in favor of the City (denying others). On appeal, the Ninth Circuit first considered Quon’s claim against Arch Wireless and concluded that Arch violated the SCA. The court held that as a provider of pager and text-messaging services, Arch was an “electronic communications service” (ECS) and not a “remote computing service” (RCS).
An ECS is “any service which provides to users thereof the ability to send or receive wire or electronic communications.”6 In contrast, an RCS provides the public with “computer storage or processing services by means of an electronic communications system.”7 The distinction between ECS and RCS is significant under the SCA because a “subscriber” (e.g., the City) can consent to the release of electronic messages stored by an RCS. In contrast, only an “addressee or intended recipient” of a message can consent to its release from an ECS. Because Arch Wireless was an ECS, it violated the SCA when it provided transcripts without the consent of the “addressee or intended recipient.”
Next, the court considered Quon’s constitutional claims and noted that the California constitution provides no greater privacy protection to employees than the U.S. Constitution.8 The court therefore limited its analysis to the Fourth Amendment, stating that “the extent to which the Fourth Amendment provides protection for the contents of electronic communications in the Internet age is an open question.”9
In general, courts engage in a two-part inquiry to determine if a government employee’s privacy in the workplace is protected.10 First, the employee must have a reasonable expectation of privacy. Then, if there is a reasonable expectation of privacy, the employer’s search must not be unreasonable under the circumstances.11 A search is not unreasonable under the circumstances if it is “justified at its inception” and reasonably related in scope to its purpose.12
In this case, the court concluded that the employees had “a reasonable expectation of privacy in their text messages stored on the service provider’s network” and the employer’s review of the text messages was unreasonable because there were less intrusive ways to determine if Quon’s text messages were personal in nature (in fact, Quon admitted they were personal in nature by voluntarily paying overage charges to protect his privacy).
The court explained the well-established rule that an employee’s expectation of privacy can be reduced by office policies and the reasonableness of that expectation is determined on a case-by-case basis. It then concluded that text messages were akin to email, which the court likened to letters in the Forrester13 case earlier this year.14 Accordingly, the privacy interest in a text message is similar to the privacy interest in a sealed letter — information used to address the message is not private, but the content of the message is.
As explained above, an employer can reduce or eliminate an employee’s expectation of privacy in workplace technology by drafting an effective policy that limits personal use and gives notice of monitoring. As a practical matter, this means employees may have little or no privacy in workplace technology because an employer may simply give notice that monitoring will occur from time to time. In this case, however, the court held that because of the City’s informal policy that it would not audit pager use if the employee paid any overage charges, the employees had a reasonable expectation of privacy in their text messages as a matter of law.
At the end of the day, the Quon case is both: (1) a helpful reminder that an employer’s technology policy may substantially limit an employee’s expectation of privacy, but only if the employer’s practices and assurances conform to the policy, and (2) a clarification that an employer cannot obtain a transcript of a text message from a service provider — even if the employer is the “subscriber” — unless the “addressee” or “intended recipient” of the message consents.
Danford D. Grant is a shareholder at Stafford Frey Cooper, P.C. His practice focuses on privacy and information technology law, including workplace privacy. He can be contacted at dgrant@staffordfrey.com.
1 Quon v. Arch Wireless Operating Co., 2008 WL 2440559 (9th Cir. June 18, 2008).
2 18 U.S.C. §§ 2701-2711.
3 Notably, employee text messages on pagers generally do not pass through an employer’s network like emails, webmail or instant messages.
4 Quon, 2008 WL 2440559 at *3.
5 Id. at *4.
6 18 U.S.C. § 2510(15).
7 18 U.S.C. § 2711(2).
8 The privacy provisions of the California constitution do, however, apply to private employers, so in that sense the protection is greater. It did not matter in this case, of course, because the defendant was a public employer.
9 Quon, 2008 WL 2440559 at *10.
10 O’Connor v. Ortega, 480 U.S. 709, 715, 725–26, 107 S.Ct. 1492 (1987).
11 Id.
12 Id. at 726.
13 United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008).
14 Quon, 2008 WL 2440559 at *11.
Go Back