Printable View   Bookmark and Share       sign in

 

Quon v. Arch Wireless

(9th Cir., June 18, 2008, No. 07-55282)
____F.3d____ [2008 WL 2440559]

Summary of Holding: A wireless services provider was held liable for disclosing text messages to the City of Ontario. The text messages were generated on City owned pager devices.

Advice Summary: The Court appears to draw a distinction between messages which are stored on an employer's server, versus a server owned by a third party provider. Employers should carefully consider their email and internet policies to clarify that employers have the right to inspect all email and electronic messages on employer-owned systems, and that employees have no expectation of privacy in electronic messaging sent through an employer-owned system.

Discussion: The Ninth Circuit Court of Appeals opinion in Quon v. Arch Wireless places a burden on employers, and particularly upon law enforcement agencies, in their investigations of employees and attempts to obtain the content of text messages and possibly e-mails without the employee's consent.

The City of Ontario contracted with Arch Wireless for wireless text-messaging services. The City distributed two-way alphanumeric pagers to some of its employees, including Sergeants Quon and Trujillo of the Ontario Police Department. While the City had no official policy specifically related to text-messaging by use of the pagers, it did have a general "Computer Usage, Internet and E-mail Policy" (Policy) which applied to all employees. The Policy in part provided that "[a]ccess to all sites on the Internet is recorded and will be periodically reviewed by the City" and that the City reserved the right to monitor and log all network activity including e-mail and Internet use, with or without notice. Users should have no expectation of privacy or confidentiality when using these resources." The Policy further provided that internet usage and e-mails are not confidential, that the information derived from usage is considered City property and that technology and communication systems "should not be used for personal or confidential communications."

Prior to the acquisition of the pagers, both Quon and Trujillo had signed acknowledgments indicating they had "read and fully understand" the City's Policy. Following distribution of the pagers, Quon attended a meeting in April, 2002 at which time, Lieutenant Steve Duke informed the attendees that "pager messages were considered e-mail" and under the City's Policy, such messages could be audited. Employees were also informed that if they exceeded the monthly character limit set by the provider, that they would be responsible for paying the resulting additional (overage) charges. Sergeant Quon used his pager to send both business and personal messages and he frequently exceeded his monthly limit. There is some disagreement as to the specific communication between Lt. Duke and Sergeant Quon regarding the City's right to audit text messages, however, Quon contends that he was told that the City would not audit the messages if Quon reimbursed the City for the cost of the additional charge. Quon paid those fees several months in a row, and at some point, the Department decided that it wanted to audit officers' messages. The City requested that the text provider, Arch Wireless, deliver the contents of officers' text messages, and Arch Wireless printed out copies of the messages and delivered them to the City, including Quon's personal messages and those of other plaintiffs. Quon and his correspondents sued Arch Wireless for violating the Stored Communications Act (SCA), and the City for violating the Fourth Amendment.

The Ninth Circuit held that Arch Wireless violated the SCA when it disclosed the contents of the text messages to the subscriber, the City, without the permission of the users. One of the issues before the Ninth Circuit was whether Arch Wireless is an Electronic Communications Service (ECS) or a Remote Computing Service (RCS). The SCA prevents ECS providers from divulging communications of users without the users' consent whereas RCS providers may disclose communications to the subscriber (i.e. the City) with or without the users' consent. While an ECS may not disclose the contents of communications without either a probable cause warrant obtained by law enforcement or consent from the "addressee or intended recipient," messages held by an RCS receive less privacy protection. The Ninth Circuit relied on its earlier decision in Theofel v. Farey Jones, 359 F.3d 1066 (9th Cir. 2004) in order to determine whether Arch Wireless should be considered an ECS or an RCS. In Theofel, the Court had determined that where a provider stores communications as a backup following delivery to the users, then those communications are considered "electronic storage" under the SCA and subject to greater ECS privacy protection. Alternatively, if it is simply storing the communications for its client, it may be considered an RCS, and may be disclosed without user consent. The Ninth Circuit determined that given Arch Wireless' practice of keeping permanent copies of the text messages, that the messages would continue to receive greater ECS privacy protection.

The Ninth Circuit also decided that the text messages are protected under the Fourth Amendment and the California Constitution, citing the Supreme Court's decision O'Connor v. Ortega, 480 U.S. 706 (1987), whereby the Court held that while searches and seizures "of the private property of their employees . . . are subject to the restraints of the Fourth Amendment .. . .the operational realities of the workplace . . . may make some employees' expectations of privacy unreasonable." (Id. at pp. 715, 717). The Ninth Circuit relied on its own decision in United States v. Forrester, 512 F.3d 500 (9th Cir. 2008) and analogized that text messages, and presumably e-mails are similar to letters or packages or telephone communications, whereby there is no reasonable expectation of privacy as to the identity of the sender or recipient, or the external writings on an envelope, or the telephone numbers called to or from; however, in all cases, we determined that there was reasonable expectation of privacy with regard to the subject matter of the communications.

The Ninth Circuit acknowledged that the where there is informed consent of the employer's policy and right to access communications, then Quon and co-plaintiffs would not have a tenable position (Schowengerdt v. General Dynamics Corp., 823 F.2d 1328 (9th Cir. 1987)). However, it distinguished the facts in this case by pointing to the "operational reality" of the Ontario Police Department, whereby employees' text messages would not be audited if the overage charges were reimbursed. The Ninth Circuit also rejected appellees argument that the possibility of disclosure of the text messages subject to a California Public Records Act request should have negated the plaintiffs' expectation of privacy.

The Court, in its "reasonableness" analysis under the Fourth Amendment concluded that the Ontario Police Department's access to the messages were subject to the Fourth Amendment because it is a government employer. Where possible, government employers are required to use less intrusive means in order to achieve the government's legitimate purposes.

While the Ninth Circuit's decision appears to lead to greater scrutiny of government employers' monitoring of their employees' communications, the decision must be considered within the context of a government agency which communicated an ambiguous or conflicting policy to its employees, thereby allowing employees to claim a reasonable expectation of privacy. The lessons to be learned from this decision is that: all policies regarding privacy expectations and employer rights to monitor communications should be clearly articulated in writing; all employees subject to the policy should be provided with copies, and asked to sign acknowledgment of their agreement to the employers' policy; and finally, that supervisors and other employees must be trained so as not to provide conflicting messages or a false sense of security to their employees with respect to the confidentiality of such communications.