Wednesday, March 21, 2007

Employees, Employers and the Fourth Amendment

I recently heard from someone whose employer searched his office computer and used the information obtained from it against him in a civil suit.

He asked if this violated the Fourth Amendment. The answer, basically, is “almost certainly not” . . . and I want to try to explain WHY that is the answer.
To do that, I’m going to use a recent decision from the Ninth Circuit Court of Appeals: United States v. Ziegler, 474 F.3d 1184 (9th Cir. 2007).

Here are the facts as the court described them:

"On January 30, 2001, Anthony Cochenour, the owner of Frontline [Processing's] Internet-service provider . . . contacted Special Agent James A. Kennedy, Jr. of the FBI with a tip that a Frontline employee had accessed child-pornographic websites from a workplace computer. Kennedy pursued the report . . . , first contacting Frontline's Internet Technology Administrator, John Softich. One of Softich's duties . . . was to monitor employee use of the workplace computers including their Internet access. He informed Kennedy that the company had in place a firewall, which permitted constant monitoring of the employees' Internet activities. . . .

"Softich confirmed . . . that a Frontline employee had accessed child pornography via the Internet. . . . . Softich further informed Kennedy that, according to the Internet Protocol address and log-in information, the offending sites were accessed from a computer in the office of . . . Ziegler, who had been employed by Frontline as director of operations since August 2000. Softich also informed Kennedy that the IT department had already placed a monitor on Ziegler's computer to record its Internet traffic by copying its cache files.

"Kennedy next interviewed William Schneider, Softich's subordinate . . . Schneider confirmed that the IT department had placed a device in Ziegler's computer that would record his Internet activity. He . . . had `spot checked' Ziegler's cache files and uncovered . . . child pornography. A review of Ziegler's `search engine cache information' also disclosed that he had searched for “things like ‘preteen girls' and ‘underage girls.’ Furthermore, according to Schneider, Frontline owned and routinely monitored all workplace computers. The employees were aware of the IT department's monitoring capabilities. . . .

"According to . . . Softich and Schneider . . . Kennedy instructed them to make a copy of Ziegler's hard drive because he feared it might be tampered with before the FBI could make an arrest. Kennedy, however, denied that he directed the Frontline employees to do anything. . . . [H]is notes say, `IT Dept has backed up JZ's hard drive to protect info.' Kennedy testified that he instructed Softich only to ensure that no one could tamper with the backup copy.Whatever Agent Kennedy's actual instructions, . . . [a]round 10:00 p.m., Softich and Schneider obtained a key to Ziegler's private office . . . , entered Ziegler's office, opened his computer's outer casing, and made two copies of the hard drive.

"Shortly thereafter, Michael Freeman, Frontline's corporate counsel, contacted Kennedy and informed him that Frontline would cooperate fully in the investigation. Freeman indicated that the company would voluntarily turn over Ziegler's computer to the . . . . On February 5, Reavis delivered Ziegler's computer tower (containing the original hard drive) and one of the hard drive copies. . . .. Schneider delivered the second copy sometime later. Forensic examiners at the FBI discovered many images of child pornography."

United States v. Ziegler, supra. Ziegler was indicted for possession of child pornography and moved to suppress the evidence against him.

Ziegler argued that Agent Kennedy violated the Fourth Amendment by “directing” the Frontline employees to search Ziegler’s office and computer. So, Ziegler was claiming that the Frontline employees had become agents of the government, which he had to do to invoke the Fourth Amendment. The Fourth Amendment only protects us from action by the government; if a private citizen decides to search your home or office and takes what she finds there to the police, you are out of luck, as far as the Fourth Amendment goes. You can try suing the private citizen who searched your home or office for trespass or invasion of privacy or some other civil cause of action, but you have absolutely no claim under the Fourth Amendment . . . as long as the person was acting on their own.

This was Ziegler’s argument. He claimed, and the Ninth Circuit agreed, that he had a valid Fourth Amendment expectation of privacy in his office. The court noted, among other things, that the facts his computer was password-protected and his office had a lock on the door established this.

The Ninth Circuit then found that Softich and Schneider were “acting as de facto government agents,” that is, they searched Ziegler’s office because they wanted to help the FBI with its investigation, not for reasons associated with their employment by Frontline. The court also found that the government had encouraged them to do this, so that makes Softich and Schneider government agents and means their conduct has to have complied with the requirements of the Fourth Amendment, i.e., that they search of Ziegler’s office and seizure of data from his computer had to be “reasonable.”

Searches and seizures can be “reasonable” under the Fourth Amendment if (a) they are conducted pursuant to a search warrant (which was not true here) or (b) they are conducted pursuant to a valid exception to the warrant requirement, such as consent. The Ninth Circuit found that Frontline had the authority to consent to the search of Ziegler’s computer.

That authority derived from the fact that Frontline and its employees had common authority over Ziegler’s office and computer. Basically, Frontline had common authority over both because it had a key to the office and had the capacity to access his computer, notwithstanding the password Ziegler used. As the Ninth Circuit explained, while "use of each Frontline computer was subject to an individual log-in, Schneider and other IT-department employees `had complete administrative access to anybody's machine.' The company had also installed a firewall, . . .`a program that monitors Internet traffic ... from within the organization to make sure nobody is visiting any sites that might be unprofessional.' Monitoring was routine, and the IT department reviewed the log created by the firewall `[o]n a regular basis' . . . . Finally, upon their hiring, Frontline employees were apprised of the company's monitoring efforts through training and an employment manual, and they were told that the computers were company-owned and not to be used for activities of a personal nature." United States v. Ziegler, supra.

So Ziegler lost on his motion to suppress and will have to serve time for possessing child pornography.

This, I hope, illustrates why it is so difficult for employees of private companies to invoke the Fourth Amendment when their employer searches their computer. Unless the company has policies which explicitly state that the employee can use the computer for private purposes and that the company will not monitor the employee’s computer activity or otherwise investigate the contents of his or her computer, the company can, as Frontline did, consent to law enforcement’s searching the computer. And if the company itself does so for its own, private purposes, the Fourth Amendment is not implicated because there is no state action – the company is not acting for the state or federal government.

No comments: