FIRST ARRIVING NETWORK
First Arriving Network
Powered by the First Arriving Network,Reaching 1M+ First Responders Worldwide

Long Awaited Text Messaging Privacy Decision: City of Ontario v. Quon

Today the US Supreme Court handed down a long awaited decision in the case of City of Ontario v. Quon, addressing an employee’s right to privacy in electronic messages. While the case involved a police officer, the decision has important ramifications for all public employees, including firefighters.

Sergeant Jeff Quon was a SWAT officer for the City of Ontario Police Department. He was issued an Arch Wireless two way pager by the department, capable of sending and receiving text messages. The City had a written policy addressing use of the department computer system and emails that reserved “the right to monitor and log all network activity including e-mail and Internet use, with or without notice. Users should have no expectation of privacy or confidentiality when using these resources.” However, the policy did not mention pagers or text messages.

Quon was told that the pagers and text messages would be treated like emails under the policy, and that police officers could use up to the monthly allotment of characters for messaging purposes. When Quon went over his monthly allotment, Lt. Duke, the officer responsible for the pagers informed him that he needed to pay the overage or else the department would have to examine the text messages to determine if they were work related or personal. Lt. Duke told Quon that as long as he paid the overages, no one would look at the messages. Quon paid the overage.

When the overages continued in subsequent months, Lt. Duke complained to the chief who ordered an investigation to determine whether the monthly allocation was adequate. As part of the investigation, Arch Wireless provided the department with copies of the text messages. At that point it became apparent that Quon had been sending sexually explicit messages to female coworkers, including his wife (a police officer) and another employee (dispatcher) with whom he was romantically involved. An internal affairs investigation was then initiated.

In the mean time, Quon, his wife and the female coworker sued Arch Wireless and the City of Ontario alleging that their privacy rights had been violated. The district court dismissed Arch Wireless from the suit, but concluded that Quon had a reasonable expectation of privacy in his text messages. The Ninth Circuit Court of Appeals agreed, finding that Lt. Duke’s statement that the Department would not review the text messages provided Quon voluntarily paid any overage charges, created a reasonable expectation of privacy.

The US Supreme Court disagreed. Recognizing the importance of the case, as well as the challenge posed by emerging technologies – the Court said:

The Court must proceed with care when considering the whole concept of privacy expectations in communications made on electronic equipment owned by a government employer. The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear. See, e.g., Olmstead v. United States, 277 U. S. 438 (1928), overruled by Katz v. United States, 389 U. S. 347, 353 (1967). In Katz, the Court relied on its own knowledge and experience to conclude that there is a reasonable expectation of privacy in a telephone booth. See id., at 360–361 (Harlan, J., concurring). It is not so clear that courts at present are on so sure a ground. Prudence counsels caution before the facts in the instant case are used to establish far-reaching premises that define the existence, and extent, of privacy expectations enjoyed by employees when using employer-provided communication devices.  Rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior… At present, it is uncertain how workplace norms, and the law’s treatment of them, will evolve…

 Cell phone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self identification. That might strengthen the case for an expectation of privacy. On the other hand, the ubiquity of those devices has made them generally affordable, so one could counter that employees who need cell phones or similar devices for personal matters can purchase and pay for their own. And employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.

A broad holding concerning employees’ privacy expectations vis-à-vis employer-provided technological equipment might have implications for future cases that cannot be predicted. It is preferable to dispose of this case on narrower grounds. For present purposes we assume several propositions arguendo: First, Quon had a reasonable expectation of privacy in the text messages sent on the pager provided to him by the City; second, petitioners’ review of the transcript constituted a search within the meaning of the Fourth Amendment; and third, the principles applicable to a government employer’s search of an employee’s physical office apply with at least the same force when the employer intrudes on the employee’s privacy in the electronic sphere.

The Court went on to hold:

Under the approach of the O’Connor plurality, when conducted for a “non investigatory, work-related purpos[e]”or for the “investigatio[n] of work-related misconduct,” a government employer’s warrantless search is reasonable if it is “‘justified at its inception’” and if “‘the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of’” the circumstances giving rise to the search. 480 U. S., at 725– 726. The search here satisfied the standard of the O’Connor plurality and was reasonable under that approach.

The search was justified at its inception because there were “reasonable grounds for suspecting that the search [was] necessary for a non investigatory work-related purpose.” Id., at 726. As a jury found, Chief Scharf ordered the search in order to determine whether the character limit on the City’s contract with Arch Wireless was sufficient to meet the City’s needs. This was, as the Ninth Circuit noted, a “legitimate work-related rationale.” 529 F. 3d, at 908. The City and OPD had a legitimate interest in ensuring that employees were not being forced to pay out of their own pockets for work-related expenses, or on the other hand that the City was not paying for extensive personal communications.

As for the scope of the search, reviewing the transcripts was reasonable because it was an efficient and expedient way to determine whether Quon’s overages were the result of work-related messaging or personal use. The review was also not “‘excessively intrusive.’” O’Connor, supra, at 726 (plurality opinion). Although Quon had gone over his monthly allotment a number of times, OPD requested transcripts for only the months of August and September 2002. While it may have been reasonable as well for OPD to review transcripts of all the months in which Quon exceeded his allowance, it was certainly reasonable for OPD to review messages for just two months in order to obtain a large enough sample to decide whether the character limits were efficacious. And it is worth noting that during his internal affairs investigation, McMahon redacted all messages Quon sent while off duty, a measure which reduced the intrusiveness of any further review of the transcripts.

Furthermore, and again on the assumption that Quon had a reasonable expectation of privacy in the contents of his messages, the extent of an expectation is relevant to assessing whether the search was too intrusive. See Von Raab, supra, at 671; cf. Vernonia School Dist. 47J v. Acton, 515 U. S. 646, 654–657 (1995). Even if he could assume some level of privacy would inhere in his messages, it would not have been reasonable for Quon to conclude that his messages were in all circumstances immune from scrutiny. Quon was told that his messages were subject to auditing. As a law enforcement officer, he would or should have known that his actions were likely to come under legal scrutiny, and that this might entail an analysis of his on-the-job communications. Under the circumstances, a reasonable employee would be aware that sound management principles might require the audit of messages to determine whether the pager was being appropriately used. Given that the City issued the pagers to Quon and other SWAT Team members in order to help them more quickly respond to crises—and given that Quon had received no assurances of privacy—Quon could have anticipated that it might be necessary for the City to audit pager messages to assess the SWAT Team’s performance in particular emergency situations.

From OPD’s perspective, the fact that Quon likely had only a limited privacy expectation, with boundaries that we need not here explore, lessened the risk that the review would intrude on highly private details of Quon’s life. OPD’s audit of messages on Quon’s employer-provided pager was not nearly as intrusive as a search of his personal e-mail account or pager, or a wiretap on his home phone line, would have been. That the search did reveal intimate details of Quon’s life does not make it unreasonable, for under the circumstances a reasonable employer would not expect that such a review would intrude on such matters. The search was permissible in its scope.

Thus, the Court concluded that Sergeant Quon’s 4th Amendment privacy rights were not violated by the department’s actions.

How does the decision impact fire departments? All fire and emergency service organizations should have a comprehensive written policy that addresses computer and email usage, as well as voice messaging, digital messaging, text messaging, and various other forms of electronic data. This case could just as easily have involved a stored voicemail on a department issued cellphone, a voice message on an office answering system, or a text message sent via a mobile data terminal on a piece of fire apparatus. The policy should specify the extent to which an employee can expect his/her privacy to be respected when using any of these mediums, or in the alternative, clearly state that the department reserves the right to examine, copy, forward, store, save and share with third parties any and all such information.

Another important consideration is the purpose of the search. In Quon, the search was conducted for a legitimate, non-investigatory business related purpose, namely: to determine whether the monthly pager messaging allotment was adequate. Had the search been conducted for purposes of finding criminal activity by the employee, or even for internal disciplinary purposes, the analysis of the court would have been different.

Here is a copy of the decision. Download Ontario v Quon SCT

Comments - Add Yours

  • John K. Murphy

    This issue of the right of privacy or the right of no privacy is a major issue with users and employers. There was a recent conference in San Jose (CA) that takes up social-networks ‘bill of rights’
    Two decades after the first Conference on Computers, Freedom and Privacy, a group of privacy advocates, computer scientists and others hopes to wrap up a four-day conference here with what organizers hope will be a milestone for the social Web — a “bill of rights” for social-network users.
    Two decades after the first Conference on Computers, Freedom and Privacy, a group of privacy advocates, computer scientists and others hopes to wrap up a four-day conference here with what organizers hope will be a milestone for the social Web — a “bill of rights” for social-network users.
    Amid a string of privacy snarls this spring by Facebook, Google, AT&T and others, and the phenomenal adoption of online social networks not just by the most computer-savvy but by the rest of society, privacy advocates say it is time to set out a basic set of common principles that consumers could expect social websites to honor.
    “Everybody agrees the value of a social network is its users,” said Jon Pincus, chief technology officer of Qworky, a Seattle company that makes meeting software for small businesses, and co-chairman of the 20th CFP conference, which is sponsored by the Association for Computing Machinery. “How do we declare our rights, the minimum that we expect, in a way that sets expectations with site operators and provides a context for discussions about legislation?”
    One possible answer to that rhetorical question is the proposed social-network bill of rights, which Pincus said grew out of the furor involving Facebook privacy-policy changes in April, and efforts by a number of tech journalists and pundits in recent months and years to delineate a set of rules to govern online social networks.
    Unfortunately, “none of these have really gone anywhere, so it’s a great chance to build on that and also bring in an international focus,” Pincus said.
    The conference at San Jose State University was attended by representatives from more than a dozen countries.
    With political dissidents and citizen journalists in other countries using social services like Facebook, Twitter and YouTube as avenues to claim free speech under sometimes repressive regimes, Pincus said the bill of rights needed to include dissidents’ concerns, such as the ability to have multiple identities on a site.
    While Google and Microsoft are supporters of the conference, and Facebook has also participated, the companies have not been part of the actual deliberations on the bill of rights.
    WHAT THE BILL SAYS:
    We the users expect social-network sites to provide us the following rights in their Terms of Service, Privacy Policies, and implementations of their system:
    1. Honesty: Honor your privacy policy and terms of service.
    2. Clarity: Ensure that policies and terms of service are easy to understand.
    3. Freedom of speech: Don’t censor without a clear policy and justification.
    4. Empowerment: Support privacy-enhancing and assistive technologies.
    5. Security: Treat my data as securely as your own, and notify me if it is compromised.
    6. Data minimization: Minimize the information I am required to provide and share with others.
    7. Control: Let me control my data, and don’t share it with others unless I agree first.
    8. Predictability: Don’t change who or what sees my data without my consent.
    9. Right to know: Show me how you are using my data and allow me to see who and what has access to it.
    10. Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
    11. Right to appeal: Allow me to appeal disciplinary actions.
    12. Right to leave: Allow me to delete my account and take my data with me.
    Source: San Jose Mercury News
    This is only the beginning of a long battle of the rights of privacy and the use of department issued communications equipment. As I stated before – text carefully
    John