In a unanimous ruling by a three-judge panel on June 18, 2008, the Ninth Circuit Court of Appeals in Quon v. Arch Wireless Operating Co., Inc. et al., 2008 U.S. App. LEXIS 12766, held: (1) that a third party vendor provided an electronic communication service to the subscriber/employer and that it violated the Stored Communications Act (SCA) when it turned over text-messaging transcripts to its subscriber, who was not an addressee or intended recipient of the messages; and (2) that an employer’s search of the text-messaging transcripts violated the Fourth Amendment because employees have a reasonable expectation of privacy in those messages.

Facts — A police sergeant (employee) filed a lawsuit against the city, the police department (employer) and the city’s provider of wireless text messaging services for violations of the SCA and the Fourth Amendment prohibition against unreasonable search and seizure. The employer had a computer usage, internet and e-mail policy that entitled it to monitor all network activity without notice and stated that users had no expectation of privacy or confidentiality and that use of computers for personal benefit was a violation of the policy. The employee signed an acknowledgment of the policy and attended a meeting in which it was stated that the policy applied to the use of pagers. The employee was issued a pager by his employer, which was governed by the policy. He used the pager for both work and personal messages, including sexually explicit messages to his wife. He exceeded the department’s informal policy limiting use of the pagers to 25,000 characters. The “operational reality” was that the department would not audit their employees’ pagers as long as the employees agreed to pay for any overages. The employee paid the overages on the three to four occasions he exceeded the character limit. The police chief ordered that the transcripts of the employee’s text messages be obtained and reviewed to determine whether the pagers were being used for purely work purposes. The provider, Arch Wireless, produced the transcripts to its subscriber, the employer.

The Decision — The Ninth Circuit held that the provider provided a service that enabled the employee to send or receive electronic communications under the plain meaning of the SCA and therefore violated the SCA. The court ruled against the police department, stating that its informal policy of requesting a check for any overages created an expectation of privacy in the text messages. The search of the text messages was unreasonable in scope and therefore in violation of the Fourth Amendment because there were a host of simple ways to verify the efficacy of the 25,000 limit without intruding on the employee’s constitutional rights.

Practical Impact — This is the first time a federal appellate court has provided Fourth Amendment protection to electronic messages. The ruling gives government workers Fourth Amendment protection against searches of text and e-mail messages by their employers. Government employer subscribers will now have to obtain a warrant, court order or consent before their outside vendors will permit access to email and text messages. The SCA portion of the decision may encourage employers to maintain archived email and text messages on their own internal servers, rather than hiring third-party vendors, so they can control access to them. The decision should also remind employers that they should implement strong internet and computer usage policies. However, even if they have strong policies that allow monitoring of all network activity without notice, that expressly state that users have no expectation of privacy or confidentiality and that use of computers for personal benefit violates the policy, they need to to regularly monitor employee email and text messages. The Quon case makes it clear that an employer’s statement that it has the right to monitor is not sufficient if, in practice, employees are lead to believe they have an expectation of privacy in their personal communications. In addition, the opinion highlights the need for employers to thoroughly train supervisors who are responsible for ensuring employee compliance with computer and internet policies and to evaluate their performance of these duties on a regular basis to avoid a custom or “operational reality” which supersedes the written policies.