CYBER LAW & CYBER-TORTS –
THE AMERICAN EXPERIENCE
Dear Lex B,
RE: BOSS FROM HELL
I work for a very obnoxious boss. Our company uses the Internet a lot for its correspondence. Recently I found that my good for nothing ###%%@@@ boss has been using software to access and read the staff’s personal e-mail and intimate messages. I was frequently on line with a dashing Mat Salleh from London. We exchanged e-mails and even talked about marriage. But after 2 weeks ago my e mail friend turned nasty while I was online with him and called me names. I was very shocked and hurt. It was only later that I found out my boss from hell had assumed my identity and started chatting with my boyfriend. He made a lot of negative comments including poking fun at my boyfriend’s anatomy and prowess. No wonder my boyfriend was mad with me and now refuses to communicate with me even though I have explained to him the whole story of what my boss did. I am so angry and heart broken. I have resigned from my job and thinking of flying to London to patch up with my guy. But I want my revenge in Court against my boss. When I confronted my boss he said he did this to ‘protect me’ and stop me from underperforming in my job. His allegations are totally baseless and I never heard such crap in my life.
SLEEPLESS IN SIPITANG
TRADITIONAL DEFINITON OF TORTS
A tort is a wrong. It can be a spoken wrong or an act or a non action (carelessness) that is wrong, with injury inflicted on a person or property. The typical remedy for torts is that the defendant pays the plaintiff for the injuries inflicted due to the tort. A typical tort case involves 2 parts: the plaintiff must show that he or she has been the victim of a civil wrong and secondly, the plaintiff has the requirement to show what his or her damages are. Tort law casts a broad shadow, encompassing a wide variety of personal harms.
Generally however torts involve an unwelcome intrusion on some personal right such as the right of privacy of person or property, the right to expect a reasonable standard of care from professionals, the right to a safe and non hostile work environment, the right to one’s reputation in the eyes of the public. Injury from such intrusions can be physical, psychological or economic.
TORT AND TECHNOLOGY - THE NEW FACE OF TORT
According to David Baumer and JC Poindexter, both of the North Carolina State University, the recent explosive growth of electronic interconnectedness and e-commerce have created a large volume new potential tort exposures. With increasing dependence on electronic links for the conduct of communications and business transactions, the impact of even a brief server shutdown can be very substantial. Injury (whether economic or otherwise) invites litigation, and new applications of tort law are now in the making. Commerce, even down to decision making, is now heavily dependent on software. If software fails to live up to the user’s expectations, there may be injury and hence a desire for recovery of injury in tort.
Our new technologies have created new and novel methods of storing and communicating important information and at the same time creating new ways of intruding on the privacy of such information – hence on the rights of individuals – which will invite new types of tort claims.
Cyber Privacy in the US
Historically it is said that Americans have a high regard for privacy. It is argued that one of the critical factors igniting the Revolution against England was the lack of respect for the privacy of the Colonials shown by authorities answering to the King of England.
Nevertheless while the American Constitution provides protection against governmental intrusions, it does not provide protection against privacy intrusions by private entities such as in the situation outlined above.
Privacy per se, is not constitutionally protected except in a few state constitutions. Nevertheless despite such lack, the Courts in the United States have developed and worked with a concept that has been labeled “reasonable expectation of privacy”. The Courts have used this concept when evaluating whether behavior by private entities is tortuous.
Workplace Privacy
One of the battlegrounds where invasions of privacy have taken place is the workplace. New advances in technology have given employers abilities to monitor employee performance and to snoop in other areas which employees consider ‘private’. Some employers have no qualms in using these capabilities to the extent of abusing them. There have been abuses when employers have used their monitoring abilities to view members of the opposite sex in situations where the employees (invariably female) had a reasonable expectation of privacy. Cameras are also common at many work sites, allowing the monitoring of physical activities. Software has been developed that tracks where employees travel on the Internet and is able to report to employers whether the employee has been visiting “adult” sites on the job. Workers have lost their jobs or have been reprimanded as a result of on-the-job Internet cruising.
Bill McLaren, Jr. v. Microsoft Corporation
Court of Appeals of Texas, Dallas - 1999
McLaren was an employee of Microsoft Corporation. In December 1996, Microsoft suspended McLaren’s employment pending an investigation into accusations of sexual harassment and “inventory questions”. McLaren requested access to his electronic mail to disprove the allegations against him. According to McLaren, he was told he could access his e-mail only by requesting it through company officials and telling them the location of a particular message. By memorandum. McLaren requested that no one tamper with his Microsoft office workstation or his e-mail. McLaren’s employment was terminated on December 11, 1996.
Following the termination of his employment, McLaren filed suit against the company alleging as his sole cause of action a claim for invasion of privacy. In support of his claim, McLaren alleged that Microsoft had invaded his privacy by “breaking into” some or all of the personal folders maintained on his office computer and releasing the contents of the folders to third parties. According to McLaren, the personal folders were part of a computer application created by Microsoft in which e-mail messages could be stored. Access to the e-mail system was obtained through a network password. Access to personal folders could be additionally restricted by “personal store” password created by the individual user. McLaren created and used a personal store password to restrict access to his personal folders.
McLaren conceded in his petition that it was possible for Microsoft to “decrypt” his personal store password. McLaren alleged, however, that “by allowing him to have a personal store password for his personal folders, McLaren manifested and Microsoft recognized an expectation that the personal folders would be free from intrusion and interference.” McLaren characterized Microsoft’s decrypting or otherwise “breaking in” to his personal folders as an intentional, unjustified, and unlawful invasion of privacy.
THE RULING OF JUSTICE ROACH
“ At issue in this case is whether McLaren’s petition states a cause of action under the recognized tort of intrusion upon the plaintiff’s seclusion or solitude or into his private affairs. There are two elements to this cause of action: (1) an intentional intrusion, physically or otherwise, upon another’s solitude, seclusion, or private affairs or concerns, which (2) would be highly offensive to a reasonable person. When assessing the offensive nature of the invasion, courts further require the intrusion to be unreasonable, unjustified, or unwarranted. This type of invasion of privacy is generally associated with either a physical invasion of a person’s property or eavesdropping on another’s conversation with the aid of wiretaps, microphones, or spying.
In his petition and on appeal, McLaren contends the fact that the
e-mail messages were stored under a private password with Microsoft’s consent gave rise to “a legitimate expectation of privacy in the contents of the files.”
Trotti – E-mail folders vs Personal Lockers
In Trotti, the court considered the privacy interest of an employee in a locker provided by the employer to store personal effects during work hours. The court began its analysis by recognizing that the locker was the employer’s property and, when unlocked, was subject to legitimate, reasonable searches by the employer. The court further reasoned:
“This would also be true where the employee used a lock provided by [the employer], because in retaining the lock’s combination or master key, it could be inferred that [the employer] manifested an interest both in maintaining control over the locker and in conducting legitimate, reasonable searches.”
But, the court concluded, when, as in Trotti, an employee buys and uses his own lock on the locker, with the employer’s knowledge, the fact finder is justified in concluding that the “employee manifested, and the employer recognized, an expectation that the locker and its contents would be free from intrusion and interference.”
‘Only the technology is different’
McLaren urges that the locker in Trotti is akin to the e-mail messages in this case. “only the technology is different.” We disagree. First, the locker in Trotti was provided to the employee for the specific purpose of storing personal belongings, not work items. In contrast, McLaren’s workstation was provided to him by Microsoft so that he can perform the functions of his job. In connection with that purpose and as alleged in McLaren’s petition, part of his workstation included a company-owned computer that gave McLaren the ability to send and receive e-mail messages contained on the company computer were not McLaren’s personal property, but were merely an inherent part of the office environment.
Further, the nature of a locker and an e-mail storage system are different. The locker in Trotti was a discrete, physical place where the employee, separate and apart from other employees, could store her tangible, personal belongings. The storage system for e-mail messages is not so discrete. As asserted by McLaren in his petition, e-mail was delivered to the server-based “inbox” and was stored there to read. McLaren could leave his e-mail on the server or he could move the message to a different location. According to McLaren, his practice was to store his e-mail messages in “personal folders”. Even so, any e-mail messages stored in McLaren’s personal folders were first transmitted over the network and were at some point accessible by a third-party. Given these circumstances, we cannot conclude that McLaren, even by creating a personal password, manifested-and Microsoft recognized-a reasonable expectation of privacy in the contents of e-mail messages such that Microsoft was precluded from reviewing the messages.
Even if we were to conclude that McLaren alleged facts in his petition which, if found to be true, would establish some reasonable expectation of privacy in the contents of his e-mail messages sent over the company e-mail system, our result would be the same. We would nevertheless conclude that, from the facts alleged in the petition, a reasonable person would not consider Microsoft’s interception of these communications to be a highly offensive invasion. As set forth in McLaren’s petition, at the time Microsoft accessed his e-mail messages, McLaren was on suspension pending an investigation into accusations of sexual harassment and “inventory questions” and had notified Microsoft that some of the e-mails were relevant to the investigation. Accordingly, the company’s interest in preventing inappropriate and unprofessional comments, or even illegal activity, over its e-mail system would outweigh McLaren’s claimed privacy interest in those communications. We overrule the second point of error.We affirm the trial court’s judgment.”
LEX BORNEO POSERS
1. Was the judge’s thinking out of date and behind times when he said that there is a difference between a locker and an e-mail storage system because one is physical and tangible while the other exists virtually, and therefore it would be wrong to break into someone’s locker but not into his email account?
2. The judge said that there were 2 conflicting interests. The first was Microsoft had to act to preserve the safety of the work environment and prevent illegal activities. The second was the worker’s right to privacy. Why did the judge favor the first interest over the second? Do you agree? What if for the sake of security the employer installs close circuit television (cctv) in the toilets of the workplace. Or they bug your handphones electronically or intercept your calls all in the name of security? Can such action be justified on the part of the employer?
3. Does that sound unfair and unjust to you? Think again. If you work in an office where one of your colleagues uses the office e-mail and server system to set up and detonate a bomb in the office would you be applauding the management if the plot was intercepted and thwarted by electronic spying undertaken by the company’s security boys. Or would you be sulking in one corner about abuse of privacy?
4. In the mind of the judge he justified Microsoft’s action because Mclaren was suspected to be involved in electronic sexual harassment and theft of inventory. But what if Mclaren was a model employee. Could Microsoft’s actions then be justified? Could an employer use mere suspicion to justify interference with your privacy? What is the level of suspicion required before the company is justified in taking action to break open the Inbox of the suspected employee? Would the office I.T. nerd always be the prime suspect while the self confessed I.T. office ignoramus be always above suspicion? Did Justice Roach get the right result but his method of reasoning is in error?
5. You might think it’s OK for the employer to check your e-mail if the employer goes through the desktop computer assigned to you? However would you feel the same if the Employer goes through the contents of your own laptop which you use both for the needs of the office and your own personal use (this is becoming the trend as more people use their own laptop in favour of immobile desktop computers)? Is such ‘intrusion’ permissible? Did the judge in Mclaren’s case do enough to distinguish between property rights in the hardware (the workstation) which belonged to Microsoft and the application (the e-mail) which belonged to McLaren. Was he computer savvy enough to understand the distinction? Do judges have to be fully qualified in I.T. before trying disputes centred around information technology?
6. Can you feel the ‘heat’ of this discussion? Send us your ‘hot’ and ‘passionate’ views to marceljude@msn.com or sms to 0128030778
