October 4, 2011
This is the sixth part in a series on the current state of federal cyberlaw and privacy protections.
Click here for the post on the court ruling requiring a warrant for cell-phone location data.
Click here for the post on the SCA’s protections against civil discovery orders.
Click here for the post on the SCA and the Fourth Amendment.
Click here for the post on protections against the government tracking cell phone locations in real-time.
Click here for the post on the SCA’s applicability to employers.
Last week’s post discussed the exte
Specifically, it concluded that any employee communications that are stored on servers owned or paid for by the employer are essentially open to the employer.nt to which employers have access to employee emails and other data.
While that should come as no surprise, what may shock some is the amount and type of data stored.
If any emails, for example, were sent or received using either an employer-owned or employer-paid server (i.e. personal emails sent via an employer-furnished mobile device), that data can be viewed by the employer (including supposedly confidential emails to or from attorneys).
Emails aren’t all.
Any websites visited, including any Facebook communications (wall postings, photos, private messages, etc): if it passed through such a server, your employer can view it.
In regards to mobile devices, the scope extends beyond internet usage.
Although wiretapping laws bar wireless providers from actually recording phone conversations, providers do keep track of the numbers that phone calls are made to or received from, along with the duration.
Moreover, cellular providers regularly keep track of a phone’s location via cell tower locations, and they retain this information for indefinite periods of time.
A phone’s location is tracked every time data is sent, even if no phone call was made or text message was sent (it happens quite a bit, and is surprisingly accurate).
Wireless providers are also able to track a phone’s location (within 30 meters) in real-time by sending a signal to the phone telling it to transmit back its location via GPS.
Just because the government can’t get that data without a warrant, does that mean your employer also can’t?
Since the cell-phone would act as a tracking device under those circumstances, it’s unlikely an employer could convince a court that it’s legal.
Of course, such a case has never arisen, nor are we likely to see one anytime soon.
An employer wouldn’t normally bother with tracking any of its employees’ current locations, but a wireless provider wouldn’t notify the phone’s user if the employer decided to get real-time tracking information.
So we know that it isn’t a good idea to use any electronic employer resources for any personal reasons (and it’s probably a good idea to turn off any mobile devices when you are going somewhere your employer wouldn’t approve).
But what about employer-owned data stored on personal devices, rather than servers?
More specifically, what if employer-owned data exists on an employee’s personal computer or smartphone (i.e. stored emails from work accounts).
While that information does technically belong to the employer, it has no legal right to freely access anything on an employee’s private computer, and an employer’s doing such would constitute a criminal offense of computer hacking under federal law.
The employer, as the information’s owner, still has a theoretical right to it.
Practically, though, the legal mechanisms to recover any information are far too burdensome for the employer to utilize except in the cases of particularly valuable information.
Taken altogether, this leaves us with a somewhat peculiar rule.
Employer information on personal computers is largely private, but personal information on employer computers is anything but.