Slashdot Mirror
NJ Court Upholds Privacy of Personal Emails At Work
chiguy sends word of a ruling from the New Jersey Supreme Court which found that a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer. This ruling is likely to set precedent for other workplace privacy cases around the country.
"'The court has recognized the very legitimate and real concerns with regards to privacy. This gives some guidance to employers in terms of how explicit (e-mail) policies need to be,' [attorney Marvin Goldstein] said. The ruling stems from a harassment and discrimination lawsuit Marina Stengart of Bergen County filed three years ago against Loving Care of Ridgefield Park. Stengart, then the executive director of nursing, sent her attorney eight e-mails from her company-loaned laptop about her issues with her superiors. Stengart used her Yahoo e-mail account. 'Under all of the circumstances, we find that Stengart could reasonably expect that e-mails she exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private,' Chief Justice Stuart Rabner wrote in the decision, which upholds an appeals court’s ruling last year."
I guess they weren't giving her enough loving care.
a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer.
I agree with the general principle - if someone doesn't use the company account there should be a reasonable expectation of privacy for a personal webmail account. However she still may be violating company policy about using work assets for personal affairs. The computer is owned by the company and they have every right to reprimand her for making the emails regardless of the content.
The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company. Unless the company accessed her email account at Yahoo using this data, there doesn't seem to be an issue to me. Unfortunately, the article is sparse on the details. Only an idiot would think, in these times, that the things they do on their company PC or laptop would not be accisible by the company. Just because they issue you a system doesn't make that system yours - its theirs, including all its contents.
Interesting, but I'm not going to get too worked up about it without reading the actual ruling. Attorney / Client communication is the one of the most privileged under the law. Unless the court wrote the opinion in such a way as to explicitly broaden the scope of "privileged information from personal email accounts", this is likely to be interpreted narrowly (or, at least, an argument can be made that the decision should be narrow).
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
How does this mesh with the other ruling that says that you have no expectation of privacy if your email is stored on a third-party server?
In an era where privacy is slowly being eroded online, it's good to see a judge take a stand and at least draw the line somewhere.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
This isn't a shock. Even if the employee implicitly granted access to his employer you would still then have to deal with the employer gaining access to a service without authentication from its actual owner (e.g. Google, Yahoo!, Hotmail).
Or to put it another way:
Google Mail grants Bob Smith one mailbox.
Bob Smith grants (implicitly) his employer's use of his one mailbox
However Google Mail never granted Bob Smith's employers any access rights (so thus they're unlawfully accessing Google's services)
So EVEN IF the employee did give their employer access it is still illegal and still "hacking."
Networks and proxies and firewalls oh my.
A person has no reason to expect anonymity on a computer or network that is not their own. Any key tracking software cannot differentiate between personal e-mail and work. Further, any firewall will not be able to differentiate either.
And what happens when a person uses personal e-mail addresses for work related happenings?
These sorts of nonsensical babblings are what happens when antediluvian luddites make important and lasting decisions in regards to technology they are in no way capable of comprehending - let alone understanding.
Instead, the court should have asked: if Stengart had left a written letter to her attorney in her desk when she left Loving Care, could Loving Care have used that letter in preperation for court cases?
But no. These ignorant technophobes said, "If there is a password, you should expect privacy." Moronic. Perfectly Moronic.
Hoist Number One and Number Six.
But if what she did was wrong "regardless of the content", why did the employer have to read them?
They didn't. That was just stupid on their part - at least according to the judge. Unless they didn't have their usage policies written out (also stupid) they could have fired her, without reading the content, for violating corporate policy on acceptable use of company assets.
A person has no reason to expect anonymity on a computer or network that is not their own.
That's rather like saying you have no reason to expect privacy because you rent an apartment instead of owning a house. You send letters through the postal service which is a network you don't own either but you still have an expectation of privacy in many cases. I'm not sure the logic of your argument is on solid footing there.
I agree that she was probably naive in assuming that the company couldn't read her correspondence. Many people assume email is much more private than it actually is. Ignorant but probably nothing worse.
While I might not like that google reads all my email, at least I can be sure that it gets from their servers to my computer without being read by snoopers.
(Obviously endpoint security is questionable, especially using a company laptop.)
IANAL, but don't I give consent to monitoring when prompted by nearly any government computer system (and any private corporations who do something similar)? If I don't want to be monitored, I don't use that system...seems simple enough.
"ruling from the New Jersey Supreme Court ... is likely to set precedent for other workplace privacy cases around the country."
No, it's likely (100% likely, in fact!) to set precedent for other workplace privacy cases in New Jersey. For the rest of the country, it sets nothing, even if it might be useful for other courts dealing with similar problems.
Unless, of course, poster is just being ridiculous optimistic and think that the logic of this ruling is so impressive that all other judges will simply bow in awe and follow it. To which the only response is: d'awwwwww.
Finally my home state shows some common sense. Though this is a state supreme court, not federal, so I don't know how much precedet it will be.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
As long as the job is getting done, the so called time lost is irrelevant.
Possibly though we don't really know enough about the situation to say for certain.
Why these people believe that the companies rights are so superior to the individual is rather pathetic.
It has nothing to do with "superior" rights. Most employment in the US is "at will" meaning you can leave any time you like for any reason and the company can fire you any time they like for any reason. It doesn't even have to be a good reason with certain notable exceptions (mostly discrimination against a protected class of peoples). This lady probably violated a company policy and it's entirely reasonable that the company could elect to fire her for doing so. That doesn't mean the company has carte-blanche to do whatever they want to her. The extent of their powers is basically to fire her and possibly seek restitution for any damages they might have incurred by her actions (apparently none in this case).
Especially since the Constitution was really set up to protect the individuals right to privacy, that the government seems so willing to defer that right because a business is involved is very scary.
First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.
Second, I can switch employers if I find a particular one odious or intrusive. It is MUCH harder to switch governments even in a voting democracy. That's why we need more protections from the government than from corporations in most circumstances and that starts with the Constitution. Regulating corporations is much easier than regulating governments.
The company did have their usage policies written out and the court noted that they explicitly said "occasional personal use is permitted."
So she didn't violate the company's acceptable use policy.
If the company policy had said that personal use is never permitted, the court might well have ruled differently.
It's communication between an individual and their attorney. That's legally protected six ways from Sunday far beyond normal communication. I'm pretty sure that is the thing that saved her.
It's absolutely dumb to be sending and receiving personal mail on work computers. Doubly so if you're communicating with a lawyer, discussing the possibility of filing a lawsuit against your company. I've seen some seriously dumb email usage in my day. Like using a company account to communicate with a mistress. That's my current favorite. :P I'm pretty sure I won't be allowed to filter out "my widdle pookie-wookie" if our email ever gets subpoenaed. In fact, there's a better chance of a subpoena requesting that phrase than excluding it.
Flawed analogy. When you send your postal mail, you contracted with the postal service that they won't open your letter.
All analogies are flawed. Doesn't mean they are useless. To address your criticism however, you missed the point of my analogy which is that just because you don't own a network does not mean you have no expectation of privacy at any time. It's just not that simple.
Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.
That's a FAR different thing from saying the corporations have a right to monitor anything they want without limitation. Companies generally don't have a right to install a camera to watch me take a crap. It violates the principle of reasonableness. There are limits to how intrusive monitoring can get. This ruling says that this company violated one of those limits.
Is this tied close to something unique in NJ law or will this likely have broader influence with other state supreme courts?
First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.
The fourth and ninth amendments taken together. See also the fourteenth.
$ make available
If she left a sealed, stamped letter to her lawyer I would expect them NOT to open it. If she talked to her lawyer and the company overheard the conversation, I would expect their knowledge gained to be like unto "fruit of the poisoned tree", and disallowed. There is a big difference between what you CAN do and what you are ALLOWED to do. People who do what isn't ALLOWED because they realize they CAN, in a country under the rule of law, should expect to be punished when they are caught.
When I read the Constitution I found this section called the Fourth Amendment. This is what is said:
Amendment 4 - Search and Seizure.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
I think reading private, off-site, email that is completely separate from work with a password you found cached in work equipment is a violation the "security" of the person in the story. I find that "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" and privacy regarding a person's home and private correspondence to be synonymous. The article mentions no potato but it does say a thing or to about potato. (The words "potato" and "potato" should be treated as phonetically different in the previous sentence and may alternately, at your pleasure, both be replaced in whole by the two words "tomato" and "tomato")
For instance, if you leave a spare house key in your desk drawer (which is using work equipment for personal use again) can management take it an go looking through your underwear drawer?
...These policies are rules made by busy bodies that feel a need to insert their nose into someone's business. That it involves "Company property" is just the excuse. ...
Company buys laptop -- $700.00
Company pays for Bandwidth(per employee per hour) -- $5.00
The cost to clean up a virus infection because an employee can not resist clicking on the latest shiny thing -- $200.00
"Busy Bodies" get up in arms about how the companies equipment and bandwidth are being misused. -- Priceless.
For doing your work during work time there is the supplied company equipment, for everything else there's your own damn laptop with a wireless modem or cell phone during your break.
That's quite a penumbra.
Can't forget the tenth. If it's not spelled out in the Constitution, the Federal government doesn't have it. Since there is no Amendment saying the government can poke its nose into your business, you still have your privacy with which you were born.
God invented whiskey so the Irish would not rule the world.
Here is something new that nobody has talked about. The company didn't monitor her private emails. Instead, here emails were left on here computer by her.
So technically, the information was saved in the company's asset and although it may not be ethical, I don't see how accessing the files could be seen as illegal. Anything inside the company's computer legally belong to the company.
After all, a company can get sued because an ex-employee installed his personal software on a computer, software for which the company didn't pay a license. That means that the courts already decided that the company owns and is responsible for any data in their computers.
In that case, it is still the company's asset she was using. The cache files kind of belong to the company when she didn't erased them.
The topic isn't the federal government doing something, so that's irrelevant.
legalities and ethical issues aside...
when, the fuck, are people going to learn to use encryption for important stuff. I mean, seriously, it's not *that* hard.
My ism, it's full of beliefs.
Since Federal law always trumps state law, you're wrong. A State can no more restrict my freedom of speech any more than the Feds could.
I got excited when I glanced and read Supreme Court... I'm thinking NO WAY - they actually did the right thing?!?!?! Then realized it was just the New Jersey Supreme Court.
If this get appealed I'm prepared for it to be overturned by the U.S. Supreme Court. They're not one's to let personal privacy get in the way of well... anything.
-[d]-
One man's flamebait is another man's satire.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
Read the 4th amendment. I am protected against unreasonable searches; how does that not explicitly protect privacy?
Just because the searching is with the eyes doesn't make it less of a search than a search with the hands.
First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.
Second, I can switch employers if I find a particular one odious or intrusive. It is MUCH harder to switch governments even in a voting democracy. That's why we need more protections from the government than from corporations in most circumstances and that starts with the Constitution. Regulating corporations is much easier than regulating governments.
I am constantly amazed that Americans say things like this. the rights the constitution lists are the starting point, every right not mentioned is the realm of the states and the people respectively, and the NJ Supreme Court just ruled the a persons right to privacy in this case trumps a corporations right to read an individuals personal email even if that email was accessed from a work asset.
In any case that isn't my point. The only reason to refer to the Constitution to see if you have a right, is to make sure it hasn't been given to the government instead.
Always remember you have rights because you are a person , not because the constitution says so.
The most important reason to block employee access to personal web mail is that it greatly reduces the risk of bringing malicious code into the enterprise and allowing dissemination of confidential documents. An individual that accesses their personal email account through a web browser typically bypasses all of the expensive security measures that most larger companies put into place around their email systems. This would include spam and executable/zip/pdf filtering, virus scanning at the Exchange server and scanning for HIPPA/SOX related documents being transferred without encryption or against company policy. As most security people know, desktop AV is just about useless these days in stopping the Trojans that are infecting machines right under Symantec and McAfee's nose.
Companies will just block access non-corporate e-mail websites. Which they should really do anyways since it allows employees to bypass all of the security filters on their e-mail system, creating a big security risk for the corporate LAN.
As we all know, encryption means probably never having to say you're sorry.
Except maybe to the NSA.
deleting the extra space after periods so i can stay relevant, yeah.
To my knowledge, At Will is the default employment contract in 48 states in the US. It can, however, be surrendered and replaced with another contract. Companies do this routinely by accident and that is part of the reason wrongful termination cases are still won in the land of At Will.
Ah, but the corporation can.
Employer who violated an employees privacy:
"Loving Care"
"Loving care", indeed.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Well... here's to judicial activism! Here, here!
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
You may not believe, for whatever reason, that this clause in the 4th Amendment has no bearing on the subject of privacy, but you'll find some argument from scholars of constitutional law. I realize that the Constitution was written as a framework for government and the Bill of Rights was clearly constructed to serve as a set of limitations on the extent of power granted to that government, however it's reasonable to assert that the powers granted said government and deriving from the the consent of the governed also limit the citizenry, itself, (as well as their artificial equivalent).
After all, one of the most commonly acknowledged functions of government is protection, from a continuum the extends from foreign powers to one's individual neighbors. Would you argue that your neighbors have more inherent right to invade your security than your government or that they should legitimately be allowed such freedom to do so without reasonable justification? I hope not.
Have you actually read the first amendment? It says that Congress shall not... it says nothing about states rights. The SCOTUS decided some time back that it would be unconcionable for states to restrict some rights and hence the first amendment applies to states also. Other amendments provided the rationale for this decision.
Why is this distinction important? Well, what about gun rights? the SCOTUS has not yet decided if gun rights can be restricted at the state level. It's not so clear that all the rights enumerated in the bill of rights cannot be restricted by the states.
The real "Libtards" are the Libertarians!
Guess where they found her emails ..... in the browser's cache files.
Always remember you have rights because you are a person , not because the constitution says so.
Ideally true but not in reality. If what you were saying was true then why do dictatorships exist? After all I "have rights because I am a person". It's a nice dream but it's not reality.
If the law isn't written in such a way as to afford you a right, you don't have it. The Declaration of Independence declared all men are created equal, yet few would argue that was actually true under the law for most of the history of the US. The basis of US law is the Constitution so ultimately any discussion of US law will start there.
I am protected against unreasonable searches; how does that not explicitly protect privacy?
If it was so obvious, why did it take until 1967 for the Supreme Court to interpret the law to include a "reasonable expectation of privacy"? Fact is that the 4th amendment could be interpreted a number of ways other than how it has been.
Are the last three words in the title quote really necessary? Oh, right, Natal. And Courier. And Phone 7. Where can I get these?
Not all federal laws automatically apply to the States. Even the Bill of Rights has selective incorporation, although most of the provisions have been determined to be "fundamental" rights. Some, such as the 2nd amendment, are still under litigation. Parts of the 5th, 7th, and 8th amendments are still not incorporated to the States.
Besides, this is between a private ER-EE relationship, not between a citizen of the several States, or the United States. You can happily give up your own right to free speech through contract (see non-disclosure agreements), and baring normal contractual defenses (duress, mistake, fraud, etc.); many courts have upheld this.
What about breach of attorney client privilege?
IIRC the conversations were with her lawyer.
You pay the postal service to deliver your letter and to respect the privacy of its content, with the correct postage stamp and a correct recipient address on the envelope.
If you don't put a stamp, most likely your mail is returned to you, if you put a return address on the back of the envelope.
If it's missing, Royal Mail employees have the right to open the envelope and read the letter to infer from the content what your address is.
Failing that, the letter gets destroyed.
They must notify you that the letter was opened for such purpose.
If you fail to put a valid destination address, Royal Mail employees have the right to open the envelope and read the letter to infer from the content the most likely recipient.
Failing that, the letter gets destroyed.
They must notify the recipient that the letter was opened for such purpose.
As the plaintiff was using company hardware and resources, not paying for any, she can't expect the same level of privacy as in snail mail communication where you respecting the rules (correct stamp and address) creates a contract between you and Royal Mail.
Moreover, she was carrying on personal activities during work time, and this is not welcome anywhere, regardless of the type of activities. Nobody in his right mind would think to use a trolley jack, a creeper and other tools from the garage they work for, to do an engine oil and filter change, the parts taken from that same garage stock, in their own private car without explicit permission, and not to get - at least - a slap on the wrists, a disciplinary or even a dismissal.
Doing your private business during working hours is likely to theft, in my opinion. Why is using a company PC, company's power, the desk, the chair, the 'net connectivity, any different from the trolley jack, engine oil and tools from the garage?
Lastly, she was in touch with a lawyer because she was planning to sue the company she was working for, so I would expect the two parties to be already at odds. Therefore, I think she was already on the radar.
She has been at least very naïve using that same company property to carry on such activities. You can't expect you communication to remain private when your behaviour at work raises sufficient questions about your loyalty to the company you are paid to work for.
If the company could demonstrate that the employee communications were under surveillance because of suspicious behaviour, they could have got away with it.
That's my take from this side of the pond, IANAL.
Please read the 14th amendment. SCOTUS didn't do anything.
$ make available
Given the amount of information processing power on a PC, and the fact that the SOE and entire configuration was supplied by the company, it's more like asking a company-loyal personal assistant or supplied temp/secretary to take dictation of a letter slagging off the company. There's a fairly good chance that they're going to grass on the person dictating the letter.
Whether or not there are legal rulings one way or the other, it's just DUMB to use company-issued resources for personal activities, particularly if those activities are going to cause problems for the company.
If someone absolutely must access personal email at work, wouldn't it be a hell of a lot smarter to either use a personal laptop with a WiFi link to the nearest hotspot out the window, or set up a encrypted tunnel to a home machine and make sure no logs or caches were stored on the work box? Or even just obtain a standard smartphone or PDA which can send and receive email?
1. The fucking amendment in question says that the things not enumerated are reserved to the States, so you are not only wrong but retarded.
2. What does the first amendment have to do with this?
3. This isn't a state government action either.
Why is this distinction important? Well, what about gun rights? the SCOTUS has not yet decided if gun rights can be restricted at the state level. It's not so clear that all the rights enumerated in the bill of rights cannot be restricted by the states.
It's great that you understand that the 1st spells out Congress. But the 2nd doesn't - we can't attribute this to minor oversight.
Then there's also State interference with the General Government's power to call forth the militia.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Did you happen to read the 14th amendment as well?
Did you know there are federal wiretap laws which DO apply to everyone, such that you can't record my phone call to someone else, period? Remember, that's also that whole pesky "this is the supreme law of the land thing," which pretty clearly states what happens when Fed and State laws collide.