1

ELECTRONIC PRIVACY ISSUES IN THE GOVERNMENT WORKPLACE

Frederick (“Rick”) JoyceChair, Communications Practice GroupVenable LLP, Washington, DC202.344.4653RJoyce@Venable.com

2

One of The American Lawyer’s top 100 law firms. Venable LLP:

Practices in all areas of corporate & business law, complex litigation, intellectual property & government affairs.

Nearly 600 lawyers serving corporata, institutional, nonprofit & individual clients throughout the U.S. & around the world.

Headquartered in Washington DC & offices in Maryland, Virginia, New York & California.

Founded more than a century ago, the firm has enjoyed a long history of steady growth, quality service & sound management.

Venable LLP

3

Our attorneys represent clients in the telecommunications & e-commerce industries, ranging from entrepreneurs & emerging high technology firms, to Fortune 500 companies, large media ownership groups, governmental entities & trade associations.

Our attorneys have a special focus on Wireless, Wireline & Internet broadband services & related legal/regulatory/business issues.

We represent governmental entities on a variety of communications, privacy, Homeland Security & other technology matters.

Venable, LLP – Telecommunications Practice Area

4

Privacy: SPAM, SPIT, SPIM, PHISHING, Pre-Texting - Key issues for employers, consumers and regulators. We assist clients in crafting appropriate privacy & Internet policies & proposals that will help promote appropriate conduct.

Digital Property and Technology:  We counsel clients in developing and enacting legislative and regulatory solutions aimed at preventing piracy & protecting online intellectual property.

Wireless/Mobile Radio Services: Rules and regulations, including telemarketing, record retention and privacy rules enforced by the FTC & the FCC, are constantly evolving; consequently clients turn to Venable to help navigate this ever-changing regulatory maze.

Internet-Related Issues:  Venable is actively involved in representing clients and helping to define the laws that apply to developing Internet-based communications services such as Voice over the Internet Protocol.

Homeland Security: Venable authored chapter of home & security laws & practices on telecommunications & cybersecurity issues in the “Home & Security Deskbook,” published by LexisNexis Matthew Bender.

Communications Issues of Interest to Government Workplace

5

Venable is also well-versed on evolving U.S., Canadian, European, & Asianregulations & policies governing privacy. Our attorneys have been activelyinvolved in creation of the following privacy & information security regimes:

Venable, LLP - Privacy & Data Protection Practice Area

CAN-SPAM Act Children's Online Privacy Protection Act Communications Assistance for Law

Enforcement Act Fair Credit Reporting Act Gramm-Leach-Bliley Act Privacy provisions Gramm-Leach-Bliley Act 501(b) provisions

on security of customer information Telecommunications Act

Health Insurance Portability & Accountability Act USA PATRIOT Act U.S.-EU Safe Harbor Agreement Bank Secrecy Act & Anti-Money Laundering

Rules OFAC compliance Federal Right to Financial Privacy Act IRS Information Disclosure Rules

6

Constitutional Foundation for Electronic Privacy Laws:

First Amendment (freedom of speech; free press; right of the people peaceably to assemble & to petition the government for a redress of grievances)

Fourth Amendment (The right of the people to be secure in their persons, houses, papers, & effects against unreasonable searches & seizures)

Common Law: “Reasonable Expectation of Privacy”

Other Common Law Privacy Rights (invasion of privacy; trespass; anti-defamation laws)

Katz v. United States (U.S. Supreme Court, 1968)

7

Electronic Privacy Laws

Section 705, Communications Act of 1934 (prohibits interception & disclosure of wire or wireless communications)

The Federal Wiretap Act (1968)

The Privacy Act of 1974 (governs use of computerized databases)

Electronic Communications Privacy Act (1986)

Stored Communications Act (1986)

Communications Assistance for Law Enforcement Act (CALEA) (1994)

The Controlling the Assault of Non-Solicited Pornography & Marketing Act of 2003 (CAN-SPAM)

8

Electronic Privacy Laws (continued)

State laws – state wiretapping statutes; state privacy laws

Foreign Intelligence Surveillance Act (FISA)

USA Patriot Act

Telecommunications Consumer Protection Act (Do No Call/Faxes)

Customer Proprietary Network Information (CPNI) (Telecom Act of 1996)

47 USC 230 (Communications Decency Act) (No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.)

9

Public/Government Workplace vs. Private Workplace:

Constitution Only Protects Citizens Against “state” or government action (“l’etat, c’est toi”;1st & 4th Amendment claims apply to you as an employer)

Absent a contract or union agreement, most private employees are “at will” & can be terminated for most any reason absent some law protecting a given action (ie, whistleblowers). First Amendment gives them the right to speak, but, they can suffer consequences for their speech.

Public Employees are Different: Action by Employer of Government Workers is by Definition “Government Action”; govt job is a “benefit.”

Public Employees have Right to Speak About Matters of Public Concern (Pickering v. Board of Education, 391 U.S. 563 (1968) (unless the speech adversely affects efficiency or effectiveness of operations)

10

Electronic Communications Privacy Act of 1986

The statute extended wiretapping protections to cellular telephones, private networks, & intra-company communications while in transit or in

storage. Although the ECPA was designed to address anticipated changes in the communications industry, the drafters evidently did not

contemplate the rise of the Internet as a major communications device or the range of new communications technologies that would rapidly

develop in the ensuing decade. (There’s no mention of the “Internet” in ECPA, no Blogging, no webhosting, etc.)

11

Electronic Communications Privacy Act of 1986 (continued)

Under current federal law, the interception of the contents of wire, oral, & electronic communications is regulated by Title III of the Omnibus Crime Control & Safe Streets Act of 1968, as amended by the Electronic Communications Privacy Act of 1986, (“the Wiretap Act”).

The Wiretap Act defines “interception” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”

“Electronic communication” means “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system.”

12

The Stored Communications Act

Enacted as Title II to ECPA, the Stored Communications Act (“SCA”) makes it unlawful for a provider of an electronic communications service to knowingly divulge the contents of a communication while in electronic storage. It also prohibits a person or entity providing remote computing services from knowingly divulging the contents of any communication that is carried or maintained on that service.

Exemptions: A “service provider” may divulge electronic communications with the lawful consent of the originator or an addressee or intended recipient of the communication. Determining which persons or parties are the “addressee” or “intended recipient” can be difficult, particularly with respect to personal emails sent to or from employees.

Also, a couple of Federal/Circuit Courts have held that the “Service Provider” exemption allows employers to retrieve all messages stored on their own networks. See Fraser v. Nationwide Insurance (2003, 3rd Circ.) & Bohach v. City of Reno (D. Nev 1996). Best practice would be to let your employees know this.

13

Blogs and Potential Legal Liability of Bloggers:

What is it? A web-based log or diary

Liability issues same as anyone making a publication available to the public, same freedom of speech & press protections. Legal liability issues include:

Defamation Intellectual Property (Copyright/Trademark) Trade Secret Right of Publicity Publication of Private Facts Invasion of Privacy/Trespass

14

Blogs and Government Workers:

Balance between right of public employees to discuss matters of public concern v. cannot adversely impact employer’s operations or disclose confidential information (Anderson v. McCotter, 100 F.3rd 723 (10th Cir. 1996)(can’t fire public employee who speaks out against employer on a matter of public concern unless the speech adversely affects “efficiency or effectiveness” of operations)

Use of Government Equipment & Government Time for Personal Blogs Violates Govt Ethics Regulations

5CFR 2635.702: Can’t use public office for private gain 5CFR 2635.703: Can’t use nonpublic information to “further private interests” 5CFR 2635.704: Can’t use govt property for “other than authorized purposes” 5 CFR 2635.705: “employee shall use official time in an honest effort to perform official

duties.”

What is Your Office’s Written Policy re: Electronic Communications (are blogs even addressed?)?

15

Top Reasons for Employee Blogger Termination:

Many offices & employers have “official” blogs (but, see: Blakey v. Continental Airlines, S. Ct of NJ: employer could be liable for harassing/defamatory content postings if it has “reason to know” & elect. bulletin board is “related to the workplace”)

“Violating Company Policies” (Delta stewardess appearing in uniform; poor-mouthing employer or employees)

Divulging trade secrets (US soldier fined & demoted for publishing “classified” info on his blog)

Personal blogging on company time

“Inappropriate” or Libelous Content (“Washingtonienne”; inflammatory or controversial commentary)

16

Electronic Monitoring of Public Employees:

Government employees enjoy some protection from searches under the Fourth Amendment.

O’Connor v. Ortega, the Supreme Court extended Fourth Amendment privacy protection to public workplace (but, whether an employee has a “reasonable expectation of privacy” is a case by case analysis).

“Expectation of privacy” can be affected by office policies & practices.

Government still has the right to perform searches that serve interests in promoting efficient operation of the workforce.

17

Electronic Monitoring of Public Employees:

Government employers can weaken expectations of privacy by informing employees that they do not have an expectation of privacy, or that their desks, computers, & lockers may be searched.

Note: this can also apply to work performed at home, particularly if it involves govt-issued equipment. See: TBG Insurance v. Zieminski (CA Ct of Appeals, Feb 2002) (fired exec accessed porn at office; employer moved to compel access to home computer citing company policy)

18

Other Electronic Services & Devices and Workplace Privacy Issues: Email: Can you monitor employee emails? Courts now generally assume that

emails are monitored; “no reasonable expectation of privacy.” NLRB opinion says you can’t prohibit all non-business use of office emails as they might include union solicitations (Pratt & Whitney), but, reasonable restrictions on personal email/Internet use ok (Associated Press).

Internet Use: Problems related to accessing public files from office vs. “private folders”, etc.

Electronic Bulletin Boards: In Konop v. Hawaiian Airlines, an airline employer used third party access codes to access the Plaintiff's "secured" website, where unfavorable comments about the airline had been posted. Plaintiff had pled a potential violation by the airline of the Stored Communications Act in that the supervisors were not authorized "users" of the employee's secured website without proper authorization.

19

Other Electronic Services & Devices and Workplace Privacy Issues (cont.): Cell phones/Pagers: (Quon v. Arch Wireless Operating Company, Inc; Court

found that the department’s informal policy of occasionally allowing personal use of pagers undercut the formal policy allowing the department to review & monitor all pager messages.)

Location & Monitoring Issues: A “roving bug” occurs when a government agent “with court approval & mobile-phone carrier assistance required by law[,] can exploit mobile phones over the air in such a way that microphones in handsets are activated & nearby conversations picked up by federal investigators.

Office Telephone Use/Monitoring: ECPA prohibits, but, Employers have generally been permitted to rely on one of three exceptions: (a) the business extension or ordinary course of business exception; (b) the consent exception; & (c) the provider exception.

20

Other Electronic Services & Devices and Workplace Privacy Issues (cont.):

Telephone Records: see National Security Agency cases. (CPNI violations).

Office Telephone Use/Monitoring: ECPA prohibits, but, Employers have generally been permitted to rely on one of three exceptions: (a) the business extension or ordinary course of business exception; (b) the consent exception; & (c) the provider exception.

Telephone Records: Hepting v National Security Agency (CPNI violations; FISA; Common Law Privacy)

21

If criminal conduct suspected, a court order may be necessary.

All workplaces ought to have clearly defined internal rules & procedures for handling every form of electronic communications.

Electronic communications policies need to be in writing.

They need to be explained to all employees.

These policies need to be routinely honored & enforced.

They need to be revised whenever new laws, cases, technologies or situations warrant their reconsideration.

What’s An Ethics Officer to Do?

22

Locations

Washington, DC575 7th Street, NWWashington, DC 20004

202.344.4000

New York, NY405 Lexington Avenue, 56th FloorNew York, NY 10174

212.307.5500

Tysons Corner, VA8010 Towers Crescent Drive

Tysons Corner, VA 22182

703.760.1600

Los Angeles, CA2049 Century Park East, Suite 2100Los Angeles, CA 90067

310.229.9900

Baltimore, MDTwo Hopkins Plaza, Suite 1800Baltimore, MD 21201

410.244.7400