By: L. David Russell
Los Angeles Daily Journal (December 16, 2011)
The recent explosion in the popularity of smartphones with their seemingly infinite applications, blazing speed, and ceaseless connectivity has revolutionized the way we communicate and connect with the world. Today, we not only use smartphones to call and text our family and friends, but to check our business emails, access social media websites like Twitter and Facebook, surf the Internet, watch movies, listen to music, manage our schedules (both work and personal), play games, take photographs, and shoot videos. And as the recent unveiling of the iPhone 4S featuring virtual assistant Siri demonstrates, consumers continue to embrace the newest available technology; four million units were sold in just three days.
Combining these separate facets of our lives onto a single device raises serious legal concerns. With their many uses and features, smartphones create and store a substantial amount of personal data. At the same time, courts have struggled with how to square decades-old privacy case law with this rapidly-evolving and paradigm- changing technology. This struggle has only intensified as companies increasingly issue smartphones and other electronic equipment to their employees, blurring the distinction between public and private. Critically, when employees use employer-issued smart- phones to manage all aspects of their lives not only their work-related affairs do they have reasonable expectations of privacy over their phones and content?
In the past, mobile phones had limited capabilities and therefore could store only a limited amount of data, e.g., telephone call logs and text messages. In contrast, smartphone users can now install countless numbers of “apps” and in the process create and store new types of data. Moreover, smartphones can collect information even when users are not actively “using” their phones. Perhaps most notably as we learned earlier this year iPhone users’ locations were being tracked and recorded by their devices. In addition, it was recently disclosed that the Carrier IQ diagnostic software installed on most smartphones can record and re-transmit a wealth of data, including web searches, keystrokes, texts, and location.
The availability of this data has already caused ripples in judicial proceedings. For instance, the new iPhone app “Find My Friends” discloses a user’s location in real time to approved friends. One week after the app’s launch, a man on the MacRumors.com chat forum claimed that he discovered his wife’s infidelity by surreptitiously activating this app on her phone. The commenter added that he planned to use still “screen-capture” shots of his wife’s location on the Find My Friends app in divorce proceedings. And as we saw in the Michael Jackson manslaughter trial, among the evidence the prosecutors presented against Conrad Murray were emails and conversations extracted from Murray’s iPhone.
With parties pushing the envelope, courts have done their best to address the legality of searching and admitting data culled from smartphones. In California, courts have examined this issue in the context of the Fourth Amendment and privacy protections under state law. While the outcomes have varied, courts have consistently emphasized the importance of employer-issued policies regarding electronic equipment they issue to employees. In fact, many courts have determined that employers can effectively strip their employees of any expectation of privacy in their employer-issued electronic equipment by issuing and communicating a policy that permits employer access to the equipment.
For instance, in City of Ontario v. Quan, the Central District of California and the 9th U.S. Circuit Court of Appeals determined that a police officer had a reasonable expectation of privacy in messages sent and received on a pager issued by the police department. 130 S. Ct. 2619, 2626-27 (2010). Critically, while the police department maintained a formal policy giving it the right to audit pager messages, the department also informed officers that messages would not be audited if the officers paid for all overage charges. Reviewing this decision, the U.S. Supreme Court punted on whether the police officers held a reasonable expectation of privacy in the pager messages. Instead, the Court mooted the issue by finding that the search was reasonable, making the search lawful even if the officers had a reasonable expectation of privacy in the messages. The Court reasoned that the new technology at issue justified refraining from setting the parameters, perhaps prematurely, on an individual’s reasonable expectation of privacy in personal data culled from employer-issued equipment, when a more narrow holding was sufficient. “The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.”
While reluctant to issue a broader hold- ing, the Court nonetheless offered guidance on the policy concerns that may ultimately dictate the evolution of this country’s privacy laws. Critically, the Court mused that the pervasiveness of cell phones may make “them to be essential means or necessary instruments for self-expression, even self- identification” which may “strengthen the case for an expectation of privacy.” On the other hand, the low price of these devices might enable “employees who need cell phones or similar devices for personal matters [to] purchase and pay for their own.” At least one district court has used Quan’s limited holding as support for its explicit de- termination that “[a] person has a reasonable expectation of privacy in his or her personal cell phone, including call records and text messages.” United States v. Davis, 787 F. Supp. 2d 1165, 1170 (D. Or. 2011).
Courts interpreting California law have been reluctant to find that employees have reasonable expectations of privacy in employer-issued equipment. Indeed, in one recent case, the Northern District of California noted that “[c]ourts generally refuse to find a reasonable expectation of privacy [under California law] in an employee’s use of an employer’s computers.” Gauntlett v. Ill. Union Ins. Co., 2011 U.S. Dist. LEXIS 126230, at *25 (N.D. Cal. Nov. 1, 2011).
For instance, in TBG Ins. Servs. Corp. v. Superior Court, 96 Cal. App. 4th 443 (2002), a former employee argued that he should not be compelled to produce a computer provided by his former employer for use at home. While “assum[ing] the existence of an abstract privacy interest in [the] financial and other personal information” stored on the computer, the court declined to find “a reasonable expectation of privacy in the circumstances.” In making this finding, the court emphasized that the employer gave ad- vance notice to the employee by maintaining a policy, signed by the employee, stating that the “communications transmitted by Company systems [were] not considered private” and were subject to monitoring by authorized personnel. The acknowledgement of this monitoring constituted the employee’s “voluntar[y] waive[r]” of “whatever right of privacy he might otherwise have had[.]” Likewise, in Sporer v. UAL Corp., 2009 U.S. Dist. LEXIS 76852 (N.D. Cal. Aug. 27, 2009), the court found that an employee had no reasonable expectation of privacy in work email. In Sporer, the employer had a formal policy of monitoring its employee’s computer use which was disclosed and agreed to by its employees. The state appellate court recently came to a similar conclusion in Holmes v. Petrovich Dev. Co., 191 Cal. App. 4th 1047 (2011), determining that a similar employer policy stripped away any reasonable expectation of privacy in a work email account.
In sum, much like the technology it is supposed to regulate, the law on privacy is still evolving and has yet to mature. But for now, employers seeking to draw clear boundaries should consider implementing and communicating policies that explicitly give them access to data on work-related equipment, including smartphones. Like- wise, employees enjoying the perks of their new work phones should be aware of any company policies relating to their rights to those phones, lest they later be surprised that private and perhaps embarrassing (or, even worse, incriminating) information stored on their phones may be forcibly unveiled to their employers.
—By L. David Russell, William Pao, and J.D. Weiss former attorneys at Jenner & Block LLP