Electronic Communications and Employee Privacy — The Ninth Circuit Decision in Quon

July 10, 2008

In a widely reported decision, Quon v. Arch Wireless Operating and Co., the U.S. Ninth Circuit Court of Appeals recently addressed issues of importance to employers concerning privacy and electronic communications. It held that a company that contracts with an employer to provide text messaging services to the employer’s employees, violates the federal Stored Communications Act (SCA) when it provides the stored text of messages to the employer. It also held, in the particular factual context presented, that the public employer violated the privacy rights of its employee and of the recipients of his messages under the Fourth Amendment and under Article I, Section 1 of the California Constitution. 

The City of Ontario contracted with Arch Wireless for pagers that supported text messaging. It issued these pagers to Police Department employees including plaintiff Jeff Quon. Arch Wireless handled the transmission of electronic messages from one user to another and stored those communications. The communications were not sent to the City’s computer system. The City paid for up to 25,000 characters per pager per month and advised employees that they were responsible for paying for any overages. The Police Department had a general “Computer Usage, Internet and E-mail Policy” stating that "use of City-owned computers and all associated equipment, software, programs, networks, Internet, e-mail and other systems . . ." was restricted to City business. It provided that "[u]sers should have no expectation of privacy or confidentiality when using these resources." At a meeting, it was made clear that the policy applied to pagers. However, the lieutenant responsible for overseeing the City’s text-message program stated that the City would not read an officer’s text messages, so long as the officer paid for any overages. Quon was allowed to pay the overages three to four times without review of the messages. The lieutenant then became tired of being a “bill collector,” and the Chief of Police ordered transcripts of the text messages to determine if the 25,000 characters were sufficient for work-related business. Arch Wireless turned over the transcripts. Many of Quon’s messages were personal in nature, and some were sexually explicit. Quon and his correspondents sued Arch Wireless for violating the SCA and the City and department officials for violating his Fourth Amendment and California constitutional privacy rights. 

The Ninth Circuit held that Arch Wireless was an "electronic communication service" (ECS) under the SCA; as such, it violated the SCA, part of the Electronics Communication Privacy Act (ECPA), when it disclosed the content of the text messages to the subscriber — the City — without requisite permission "of the originator or an addressee or intended recipient" of the communication as required by the SCA.

The Ninth Circuit then addressed the constitutional claims for invasion of privacy, finding that Quon had a reasonable expectation of privacy in his text messages as the result of the lieutenant’s statements that the messages would not be audited if overages were paid. Importantly, however, the Court did acknowledge that had “operational reality” not differed from the policy, Quon’s expectation of privacy might not have been reasonable. Further, if Quon had permitted the City to view the messages, the recipients would not have had a reasonable expectation of privacy. Finally, the court concluded that the scope of the search was unreasonable, especially since it was noninvestigatory, and that the City’s objectives could have been met without reviewing the personal content. 

Implications for Employers 

Quon serves as a powerful reminder that employers wishing to access employee’s electronic communications need to verify: 

• that the access does not violate the ECPA or other applicable statutes. According to Quon, if the communications are on the server of a third party ECS (as opposed to the employer’s own server), absent the requisite consents, access should not be permitted. 

• that the employee (and recipients of employee communications) do not have a reasonable expectation of privacy, such that access implicates constitutional claims. (While the Fourth Amendment does not protect against purely private conduct, Article I, Section 1 of the California Constitution does apply to private as well as government conduct.) Not only should an employer have a clear policy that electronic communications are not private, care must be taken to ensure that the policy is not undermined by the "operational reality" of assurances of privacy. Communications such as text messaging through third party providers should explicitly be included, if utilized, assuming required consents are obtained. Consider whether the policy should provide that no one other than a senior designated official has the authority to change the terms of the policy.