E-MAIL PRIVACY

Board of County Commissioners v. Tracy Baker, et al.

Court of App. No. 03CA0074 (Colo. Crt. of App., July 17, 2003)

Colorado Court of Appeals holds that a governmental official has a limited expectation of privacy
in sexually explicit and romantic e mails he sent to a female subordinate via a County’s e mail
system. This expectation of privacy was created, in part, by the County’s e-mail policy. As a
result, the Court remanded for reconsideration so much of the trial court’s decision which directed
disclosure of these e-mails pursuant to Colorado’s Open Records Act (“CORA”). On remand, the
trial court was directed to determine the “least intrusive” form of disclosure necessary to serve the
“compelling state interests” for which such disclosure was sought.

Respondent Tracy Baker (“Baker”) is the clerk and recorder of Arapahoe County, Colorado.
Respondent Leesa Sale (“Sale”) is Baker’s assistant chief deputy. As a result of certain charges
of impropriety leveled against Baker by a former governmental employee, the Arapahoe County
Board of County Commissioners hired a private investigator who prepared a report (“Johnson
Report”) concerning the charges. This report included “the contents of 570 sexually explicit and
romantic e-mails that Baker and Sale sent to one another” over the County’s e-mail system.

At the time of the transmission of the e-mails, Arapahoe County had an e-mail policy, of which
both respondents were aware, pursuant to which the County “reserve[d] . . . the right to review . .
. and disclose all matters on the County’s e mail systems at any time.” The e mail policy further
provided that e mail was to be used for business purposes, and that all e-mail messages are the
property of the County.

However, the County’s e mail policy also provided that “messages not deleted by users will be
automatically purged after 90 calendar days . . . with no further possibility of retrieval,” that “some
occasional use of e mail for personal reasons is anticipated” and “that notwithstanding the
County’s right to retrieve e-mails, they should be treated as confidential by other employees and
accessed only by the intended recipient.” A number of the e-mails in question were retrieved by a
computer expert after having been deleted by respondents.

The Board released a redacted copy of the Johnson Report. The News Media thereafter applied
under Colorado’s Open Records Act for disclosure of the e-mails, or the unredacted Johnson
Report.

The trial court directed disclosure of the entire Johnson Report, including the contents of the
disputed e-mails, finding that respondents had no legitimate expectation of privacy in the e mails.
The Appellate Court disagreed, and remanded for reconsideration as to the appropriate scope of
disclosure, if any.

The Colorado Court of Appeals held that the e-mails in question were public records subject to
public inspection in accordance with CORA. However, such inspection could not proceed in
violation of an individual’s Constitutional right to privacy. Following the lead of the Colorado
Supreme Court in Martinelli v. District Court, 199 Colo. 163 (1980) the Court held that the
propriety of disclosure was determined by “a three part balancing inquiry:”

(1) does the party seeking to come within the protection of the right to confidentiality
have a legitimate expectation that the materials or information will not be disclosed?

(2) is disclosure nonetheless required to serve a compelling state interest?

(3) if so, will the necessary disclosure occur in that manner which is least intrusive with
respect to the right to confidentiality?

For an individual to have a legitimate expectation of privacy in the information in question, he

must show that “the information . . . is ‘highly personal and sensitive’ and that its disclosure would
E-MAIL PRIVACY

be offensive and objectionable to a reasonable person of ordinary sensibilities. . . . [T]hose

materials deserving the highest constitutional interest concern the intimate relationship of the
claimant with other persons.”

Applying this test, the Court held that respondents had a “limited expectation of privacy in the e-
mails exchanged.” In reaching this result, the Court relied heavily on the substance of the
communications in question, which were highly personal and sensitive and therefore entitled to
heightened protection. The Court also relied on the County’s e mail policy, which, as stated
above, (i) provided that messages would be automatically deleted after 90 days with no further
possibility of retrieval, (ii) provided that e mails should be treated as confidential by other
employees and accessed only by the intended recipient, and (iii) anticipated some personal use
of the e mail system.

Even though respondents had a legitimate expectation of privacy in their e-mails, they could still
be disclosed if such disclosure served a “compelling state interest.” The Court held that
disclosure here may serve a compelling state interest, namely:

such disclosure may help explain why Baker promoted Sale to her current position, why
she received substantial increases in salary as well as overtime pay, and why she has
not been terminated despite allegations she embezzled money.

As a result of its determination, the Court of Appeals remanded the case to the Trial Court for
consideration of the appropriate amount of disclosure, if any, necessary to achieve these
compelling state interests. In making this determination the trial court was instructed to follow
Martinelli, which permits only such “necessary disclosure” as “is least intrusive . . . to the
[individuals] right to confidentiality.”

It is important to note a distinction apparently drawn by the Court between the limited disclosure
necessary for governmental review of the charges advanced against the respondent officials, and
the more public disclosure sought by the Media. Said the Court:

Baker and Sale contend they had a legitimate expectation of privacy because, although they
recognized that the contents of their e-mails could be disclosed to the county, they had no
basis to believe that the e-mails would be disseminated to the public.

* * *

[W]e conclude that even though Baker and Sale did not have a reasonable expectation that
their e-mails would not be disclosed at all, they still had a reasonable expectation under CORA
that there would be more limited disclosure of at least their sexually explicit e mails.
E-MAIL PRIVACY

Intel Corp. v. Kourosh Kenneth Hamidi

S103781 (Cal. Supreme Ct., June 30, 2003)

By a 4-3 margin, the California Supreme Court holds that the transmission of six e-mails
criticizing Intel's employment practices to approximately 35,000 Intel employees over Intel's
Intranet, despite Intel's objection, does not constitute an actionable trespass to chattels because
the transmission did not cause any injury to Intel's computer systems. The transmission of these
e-mails neither slowed nor otherwise disrupted the functioning of Intel's computer system. As a
result, the California Supreme Court rejected Intel's application for an injunction, enjoining
defendant, a former Intel employee, from continuing to send e-mails to Intel employees. In
reaching this result, the Court held that neither the time Intel's employees spent reviewing these
unwanted communications, nor the funds Intel expended in attempting to block their continued
transmission, constituted the type of injury necessary to sustain a trespass to chattels claim.

This result constituted a reversal of prior decisions by both the California Superior Court and the
California Court of Appeals, each of which had enjoined future transmissions by the defendant.
Three justices dissented in two extensive dissents. Each of the dissenters would have continued
the injunction issued by the lower courts on the grounds, inter alia, that a trespass to chattels
claim does not require injury to the chattel in question -- rather, such a claim can be established
solely by showing an unpermitted and objected to use of the chattel.

Kourosh Kenneth Hamidi ("Hamidi"), a former Intel employee, sent six e-mails over a 21 month
period to approximately 35,000 Intel employees. These e-mails were transmitted to Intel's
employees via Intel's internal e-mail system, and over computers Intel purchased to enable this
system to function. The e-mails "criticized Intel's employment practices, warned employees of
the dangers those practices posed to their careers, suggested employees consider moving to
other companies, solicited employees' participation in FACE-Intel, and urged employees to …
visit FACE-Intel's Web site." FACE Intel was an organization formed to disseminate information
critical of Intel's employment practice.

The transmissions of these e-mails did not injure the computers which handled Intel's e-mail
system, nor impair the functionality of this system.

Hamidi advised the recipients of his e-mails that he would not send them any further materials if
they objected. From the record, it appears Hamidi complied with this commitment.

During the course of these transmissions, Intel notified Hamidi that it objected to this use of its e-
mail system and directed him to stop. Hamidi refused, and instead continued to send e-mails to
Intel's employees.

The e-mails 'caused discussion' among Intel employees, many of whom asked Intel to stop their
receipt of further communications. As a result, Intel attempted via technological means to prevent
Hamidi from continuing to be able to send his e-mails. Hamidi was able, at least partially, to
evade Intel's blocking efforts. Intel expended funds in attempting to block Hamidi's e-mails. It
also lost the employee time spent reviewing and/or deleting these materials.

In an effort to prevent Hamidi from continuing his activities, Intel commenced this suit claiming
Hamidi's activities constituted a trespass to chattels. Both the Superior Court and Court of
Appeals agreed, and issued an injunction, permanently enjoining Hamidi "from sending
unsolicited e-mail to addresses on Intel's computer systems."

The tort of trespass to chattels provides a remedy for "the interference with possession of
personal property." To state such a claim under California law, "the defendant's interference
must … have caused some injury to the chattel or to the plaintiff's rights in it." As explained by
the California Supreme Court:
E-MAIL PRIVACY

[O]ne who intentionally intermeddles with another's chattel is subject to liability only if his
intermeddling is harmful to the possessor's materially valuable interest in the physical
condition, quality, or value of the chattel, or if the possessor is deprived of the use of the
chattel for a substantial time …

Importantly, the Court spelled out the applicability of this doctrine to computer e mail systems.
Said the Court:

[U]nder California law the tort does not encompass, and should not be extended to
encompass, an electronic communication that neither damages the recipient computer
system nor impairs its functioning. Such an electronic communication does not constitute
an actionable trespass to personal property, i.e., the computer system, because it does
not interfere with the possessor's use or possession of, or any other legally protected
interest in, the personal property itself.

Applying these principles to the case at bar, the majority concluded that Intel had failed to
establish a trespass to chattels claim because it had failed to show that its computer system
sustained the requisite injury. As explained by the Court:

The dispositive issue in this case, therefore, is whether the undisputed facts demonstrate
Hamidi's actions caused or threatened to cause damages to Intel's computer system, or
injury to its rights in that personal property, such as to entitle Intel to judgment as a matter
of law. To review, the undisputed evidence revealed no actual or threatened damage to
Intel's computer hardware or software and no interference with its ordinary and intended
operation. Intel was not dispossessed of its computers, nor did Hamidi's messages
prevent Intel from using its computers for any measurable length of time. Intel presented
no evidence its system was slowed or otherwise impaired by the burden of delivering
Hamidi's electronic messages. Nor was there any evidence transmission of the
messages imposed any marginal cost on the operation of Intel's computers. In sum, no
evidence suggested that in sending messages through Intel's Internet connections and
internal computer system Hamidi used the system in any manner in which it was not
intended to function or impaired the system in any way.

The harms Intel did sustain -- the costs incurred in attempting to block Hamidi's continued
transmission of his e-mails, and the lost employee time spent reviewing and/or deleting these e-
mails -- were not sufficient to sustain a trespass claim because they did not constitute injury to the
chattel in question. Said the Court:

The consequential economic damage Intel claims to have suffered, i.e., loss of
productivity caused by employees reading and reacting to Hamidi's messages and
company efforts to block the messages, is not an injury to the company's interest in its
computers-which worked as intended and were unharmed by the communications any
more than the personal distress caused by reading an unpleasant letter would be an
injury to the recipient's mailbox, or the loss of privacy caused by an intrusive telephone
call would be an injury to the recipient's telephone equipment.

* * *

Whatever interest Intel may have in preventing its employees from receiving disruptive
communications, it is not an interest in personal property, and trespass to chattels is
therefore not an action that will lie to protect it. Nor, finally, can the fact Intel staff spent
time attempting to block Hamidi's messages be bootstrapped into an injury to Intel's
possessory interest in its computers. To quote, again, from the dissenting opinion in the
Court of Appeal: "[I]t is circular to premise the damage element of a tort solely upon the
steps taken to prevent the damage. Injury can only be established by the completed
E-MAIL PRIVACY

tort's consequences, not by the cost of the steps taken to avoid the injury and prevent the
tort; otherwise, we can create injury for every supposed tort."

Because Intel failed to establish its trespass claim, the Court held it was not entitled to injunctive
relief. Importantly, the Court reached this result notwithstanding its recognition that Hamidi did
not have a right to use Intel's Intranet in a manner contrary to its wishes. "While one may have
no right temporarily to use another's personal property, such use is actionable as a trespass only
if it 'has proximately caused injury.' '[I]n the absence of any actual damage the action will not lie.'"

In reaching this result, the Court rejected the views of two courts which held that evidence of
injury to the chattel itself was not a prerequisite to a trespass to chattel claim. The first, Oyster
Software Inc. v. Forms Processing Inc., 2001 WL 1736382 (N.D. Cal. Dec. 6, 2001) was criticized
for "incorrectly read[ing] eBay as establishing, under California law, that mere unauthorized use
of another's computer system constitutes an actionable trespass."

And to the extent the second decision, eBay Inc. v. Bidder's Edge, 100 F.Supp.2d 1058 (N.D.
Cal. 2000) held that a trespass to chattel claim could proceed based solely on the unauthorized
use of a chattel, without any evidence of its injury, this decision "would not be a correct statement
of California or general American law on this point."

Finally, the California Supreme Court declined Intel's invitation to modify existing California law to
grant it a viable cause of action.

The majority's decision was accompanied by two extensive dissenting opinions, authored by
Justices Brown and Mosk, which collectively garnered the support of three of the seven judges
who decided this appeal. Each dissenter would have affirmed the award of injunctive relief
granted by the courts below.

According to Justice Brown, the injunctive relief issued by the lower courts was in accord with
those cases that allow an individual to avoid unwanted communications, be they junk mail sent to
his home, unwanted door-to-door salesmen, or unsolicited 'junk' faxes. Accordingly, Justice
Brown would hold that Hamidi's transmission of e-mail to Intel employees can be enjoined once
Intel objects to further communications.

Justice Brown would also hold that a claim of trespass to chattels can be sustained without any
injury to the chattel in question. It is enough that the defendant used the property of another
without permission, a position Justice Brown opines finds support in prior Court decisions such as
e-Bay. Finally, Justice Brown would hold that the injuries sustained by Intel -- the cost of blocking
and the time expended by employees during their review of the unwanted e mails -- were
sufficient to sustain a trespass to chattels claim.

Justice Mosk, in a dissenting opinion joined by Chief Justice George, would also hold, like Justice
Brown, that Hamidi's unauthorized use of Intel's e-mail system over Intel's objection was sufficient
to constitute a trespass to chattels, even in the absence of any injury to the chattel itself. Justice
Mosk would further hold that, to the extent injury is a required element of a trespass claim, the
injuries Intel claimed to have sustained would be sufficient to sustain the claim.
E-MAIL PRIVACY

Bill McLaren, Jr. v. Microsoft Corp.

Case No. 05-97-00824, 1999 Tex. App. Lexis 4103 (Tex. Crt. of App., May 28, 1999)

In this suit, plaintiff alleged that his former employer's act of reading e-mail stored in a "personal
folder" on plaintiff's personal office computer, and disseminating that e-mail to third parties,
violated his right of privacy under Texas law. The Texas Court of Appeals disagreed, and affirmed
the trial court's dismissal of his action.

Plaintiff was employed by Microsoft Corporation ("Microsoft") which provided him with a personal
computer and access to the company's e-mail system to aid him in the performance of his job
duties. Access to this e-mail system was gained by use of a network password, which password
was known by both plaintiff and his employer. In addition, Microsoft permitted plaintiff to maintain
on this PC a "personal folder" in which he could store e-mail he received. Access to this folder
was via a second password known only to plaintiff.

Plaintiff was accused of "sexual harassment." He informed Microsoft that e-mail in his personal
folder would aid him in disproving these allegations, and requested that Microsoft not tamper with
it. Microsoft subsequently discharged plaintiff and, according to plaintiff, obtained the e-mail from
his personal folder.

Plaintiff claimed that defendant's conduct "intruded upon plaintiff's seclusion or solitude or into his
private affairs," and thus invaded his privacy. Under Texas law:

There are two elements to this cause of action: (1) an intentional intrusion, physically or
otherwise, upon another's solitude, seclusion, or private affairs or concerns, which (2)
would be highly offensive to a reasonable person.

The court found that plaintiff's claim failed to pass muster under this standard. Notwithstanding
Microsoft's provision to plaintiff of a password accessible personal folder for the storage of e-mail,
the court held that plaintiff had no reasonable expectation of privacy in the e-mail he stored inside
it. The court based this conclusion on its finding that such e-mail had first traveled through various
points in Microsoft's company e-mail system, where it was accessible by Microsoft. Said the
court:

As asserted by McLaren in his petition, e-mail was delivered to the server-based "inbox"
and was stored there to read. McLaren could leave his e-mail on the server or he could
move the message to a different location. According to McLaren, his practice was to store
his e-mail messages in "personal folders." Even so, any e-mail messages stored in
McLaren's personal folders were first transmitted over the network and were at some
point accessible by a third-party. Given these circumstances, we cannot conclude that
McLaren, even by creating a personal password, manifested -- and Microsoft recognized
-- a reasonable expectation of privacy in the contents of the e-mail messages such that
Microsoft was precluded from reviewing the messages.

Moreover, even if plaintiff had a reasonable expectation of privacy in his e-mail, Microsoft's
intrusion was not sufficiently offensive to be actionable under Texas law. Given plaintiff's claim
that the e-mail at issue was relevant to the allegations of sexual harassment lodged against him,
Microsoft's:

interest in preventing inappropriate and unprofessional comments, or even illegal activity,

over its e-mail system would outweigh McLaren's claimed privacy interest in those
communications.

It should be noted that "pursuant to the Texas Rules of Appellate Procedure, unpublished
opinions [such as this one] shall not be cited as authority by counsel or by a court."
E-MAIL PRIVACY

Michael A. Smyth v. The Pillsbury Company

914 F. Supp. 97 (E.D. Pa., 1996)

In this case, the District Court dismissed the wrongful discharge claim brought by plaintiff, an at-
will employee, against his employer. The court reached this conclusion notwithstanding accepting
as true, for the purposes of the motion, the following allegations advanced by plaintiff:

1. Defendant employer promised that it would neither read employee e-mail, nor terminate or
reprimand an employee based on the content of such e-mail; and
2. In breach of this commitment, defendant intercepted plaintiff's e-mail, and discharged him
because defendant found its content inappropriate and unprofessional.

The court rejected plaintiff's contentions that such conduct constituted an invasion of plaintiff's
privacy under Pennsylvania law. Reasoned the Court: "[W]e do not find a reasonable expectation
of privacy in e-mail communications voluntarily made by an employee to his supervisor over the
company e-mail system notwithstanding any assurances that such communications would not be
intercepted by management. Once plaintiff communicated the alleged unprofessional comments
to a second person (his supervisor) over an e-mail system which was apparently utilized by the
entire company, any reasonable expectation of privacy was lost. Significantly, the defendant did
not require plaintiff, as in the case of an urinalysis or personal property search, to disclose any
personal information about himself. Rather, plaintiff voluntarily communicated the alleged
unprofessional comments over the company e-mail system. We find no privacy interests in such
communications. ... [W]e do not find that a reasonable person would consider the defendant's
interception of these communications to be a substantial and highly offensive invasion of his
privacy. Again, we note that by intercepting such communications, the company is not, as in the
case of urinalysis or personal property searches, requiring the employee to disclose any personal
information about himself or invading the employee's person or personal effects. Moreover, the
company's interest in preventing inappropriate and unprofessional comments or even illegal
activity over its e-mail system outweighs any privacy interest the employee may have in those
comments."
E-MAIL PRIVACY

United States of America v. Eric Neil Angevine

281 F.3d 1130 (10th Cir., February 22, 2002), cert. denied, 537 U.S. 845 (2002)

10th Circuit holds that a University professor has no reasonable expectation of privacy in an office
computer supplied for his use by the University which employed him. This result was mandated
by the University's computer policy, which provides both that the University may inspect such
computers at any time to ensure their appropriate use, and that the University is the owner of
everything stored in such computers. As a result, the court held that the seizure of these images
did not violate defendant's Fourth Amendment rights, given his lack of a reasonable expectation
of privacy in this computer. The 10th Circuit accordingly affirmed the denial of defendant's motion
to suppress the introduction of child pornography found in files defendant attempted to delete
from his computer hard drive and upheld defendant's agreement to plead guilty to violating 18
U.S.C. §2252(a)(5)(b) based on his possession of child pornography.

Defendant was a Professor who taught architecture at Oklahoma State University. The University
provided defendant with an office computer, which he "used … to download over 3000
pornographic images of young boys." After viewing the images, defendant attempted to delete
them from this computer.

Oklahoma State had a computer use policy pursuant to which "the University reserves the right to
view … any file … stored in [office] computer[s] or passing through the network and will do so
periodically … to audit the use of University resources." The policy also provided that the
University maintained ownership of both any office computer as well as anything stored thereon.
Lastly, the use policy warned employees that:

under Oklahoma law, all electronic mail messages are presumed to be public records
and contain no right of privacy or confidentiality except where Oklahoma or Federal
statutes expressly provide for such status. The University reserved the right to inspect
electronic mail usage by any person at any time without prior notice as deemed
necessary to protect business-related concerns of the University to the full extent not
expressly prohibited by applicable statutes."

Defendant sought to prevent the use of these pornographic images in his subsequent prosecution
on 4th Amendment grounds. The district court denied defendant's motion to suppress, holding
that defendant did not have a reasonable expectation of privacy in his office computer. The
defendant thereafter conditionally pled guilty to possession of child pornography in violation of 18
U.S.C. 2252 (a)(5)(B). In his plea, defendant preserved his right to appeal from the lower court's
denial of his motion to suppress.

On appeal, the Tenth Circuit affirmed the denial of defendant's motion to suppress. The Fourth
Amendment guarantees the right of people to be secure in their persons, houses, papers and
effects against unreasonable searches and seizures. To establish a violation of the Fourth
Amendment, however, a defendant must prove that he has "a legitimate expectation of privacy" in
the place searched. This, in turn, requires defendant to show both that he has "a subjective
expectation of privacy in the area searched" and that "that expectation must be one that society is
prepared to recognize." In analyzing whether a defendant employee has reasonable expectation
of privacy in spaces or equipment supplied by his employer, courts will examine "(1) the
employee's relationship to the item seized; (2) whether the item was in the immediate control of
the employee when it was seized; and (3) whether the employee took actions to maintain his
privacy in the item."

The Court held that Oklahoma State University's computer policy prevented defendant from
having a reasonable expectation of privacy in his office computer. Said the Court:

Oklahoma State University policies and procedures prevent its employees from
reasonably expecting privacy in data downloaded from the internet onto university
E-MAIL PRIVACY

computers. The University computer-use policy reserved the right to randomly audit
Internet use and to monitor specific individuals suspected of misusing University
computers. The policy explicitly cautions computer users that information flowing through
the University network is not confidential either in transit or in storage on a University
computer.

This result was supported by the fact that Oklahoma State, in its computer policy, reserved to
itself ownership of defendant's computer and the data stored on it, the fact that defendant did not
have access to the materials in question, because he attempted to delete them, and because
defendant had not taken sufficient steps to protect his privacy in the seized items. Importantly,
the Court held that "given his transmission of the pornographic data through a monitored
University network, deleting the files alone was not sufficient to establish a reasonable
expectation of privacy." The Tenth Circuit accordingly affirmed the denial of defendant's motion
to suppress, and upheld his plea agreement.