As we know, the Fourth Amendment protects people, not
places. [Katz at 351].
Although it is often true that “for most people, their computers
are their most private spaces,” the validity of that expectation depends entirely
on its context. [Gourde at 1077] [cf. Ortega at 715].
In that vein, a criminal defendant may invoke the protections
of the Fourth Amendment only if he can show that he
had a legitimate expectation of privacy in the place searched
or the item seized. [Maryland at 740] This expectation is established where the claimant can
show: (1) a subjective expectation of privacy; and (2) an
objectively reasonable expectation of privacy. [Shryock at 978] It is the defendant's burden to prove both elements [Caymen at 1199].
Privacy in the Workplace
The threshold question then is whether the defendant had a
legitimate expectation of privacy in his workplace computer and the files stored therein. The defendant's expectation of privacy in his workplace computer
must also have been objectively reasonable.
Internet Use Policies
In United States v. Simons, the case upon which the district
court relied, the Fourth Circuit reasoned that an employer’s
Internet-usage policy—which required that employees
use the Internet only for official business and informed
employees that the employer would “conduct electronic audits
to ensure compliance,” including the use of a firewall—
defeated any expectation of privacy in “the record or fruits of
[one’s] Internet use.” 206 F.3d at 395, 398.
Other courts have scrutinized searches of workplace
computers in both the public and private context, and they
have consistently held that an employer’s policy of routine
monitoring is among the factors that may preclude an objectively
reasonable expectation of privacy. [Biby at 850] [Thorn at 683] [Avengine at 1133]
[Muick at 743] [Wasson at 905] [Compare Long (expectation of privacy in email found)].
To warrant Fourth Amendment protection, an expectation
of privacy must “be one that society is prepared to recognize
as ‘reasonable.’ ” [Katz at 361]. Accordingly, we note that at least one court has
examined the reasonableness of an expectation of privacy in
a workplace computer from the standpoint of “community
norms.” In TBG Ins. Services Corp. v. Superior Court, 117
Cal. Rptr. 2d 155, 96 Cal. App. 4th 443 (Cal. Ct. App. 2002),
the California Court of Appeal stated:
We are concerned in this case with the “community
norm” within 21st Century computer-dependent
businesses. In 2001, the 700,000 member American
Management Association (AMA) reported that more
than three-quarters of this country’s major firms
monitor, record, and review employee communications
and activities on the job, including their telephone calls, e-mails, Internet connections, and computer files. Companies that engage in these practices
do so for several reasons, including legal compliance
(in regulated industries, such as
telemarketing, to show compliance, and in other
industries to satisfy “due diligence” requirements), legal liability (because employees unwittingly exposed to offensive material on a colleague’s computer
may sue the employer for allowing a hostile
workplace environment), performance review, productivity
measures, and security concerns (protection
of trade secrets and other confidential information).
. . . . For these reasons, the use of computers in the
employment context carries with it social norms that
effectively diminish the employee’s reasonable
expectation of privacy with regard to his use of his
employer’s computers.
Id. at 161-62, 96 Cal. App. 4th at 451-52. The court, like the
others cited above, held that workplace policies, including the
employer’s entitlement to monitor usage on an “as needed” basis, defeated a claim to a reasonable expectation of privacy in the computer. Id. at 163-64, 96 Cal. App. 4th at 452-54.
Surely, some lament the general lack of privacy in the modern
workplace. [Finkin] But in applying
the Fourth Amendment we take societal expectations as they
are, not as they could or (some think) should be. [Silva at 1055].
Social norms suggest that employees are not entitled to privacy in
the use of workplace computers, which belong to their
employers and pose significant dangers in terms of diminished
productivity and even employer liability. Thus, in the
ordinary case, a workplace computer simply “do[es] not provide
the setting for those intimate activities that the [Fourth] Amendment is intended to shelter from government interference
or surveillance.” [Oliver at 179] [Muick at 743]. Employer monitoring
is largely an assumed practice, and thus we think a disseminated
computer-use policy is entirely sufficient to defeat any
expectation that an employee might nonetheless harbor.
