Feb 12, 2007 General Employment Issues

Ninth Circuit Recognizes Employee Privacy Right in Workplace Computer but Rules that the Employer Validly Consented to Government Search

On January 30, 2007, the United States Court of Appeals for the Ninth Circuit ruled that while employees may have a reasonable expectation of privacy in their workplace computers, an employer retains the ultimate authority to consent to a government search of the computer. U.S. v. Ziegler, 2007 WL 222167 (9th Cir. Jan. 20, 2007). The defendant in a criminal case, Jeffrey Ziegler, sought to prevent images of child pornography found on his workplace computer from being admitted into evidence in a criminal prosecution. While the Court of Appeals agreed with Ziegler that he had a reasonable expectation of privacy in his workplace computer, it concluded that his employer validly consented to a government search of the computer and that the search of his computer, therefore, did not violate his Fourth Amendment rights.

Ziegler worked for Frontline Processing, a company that processes online payments for Internet merchants. At Frontline, Ziegler had his own private office which he kept locked and his own personal workplace computer that was password protected. The case arose when an employee of Frontline’s Internet service provider contacted the FBI with a tip that a Frontline employee had visited child pornography websites on a Frontline office computer. Following up on the tip, an FBI agent contacted the company’s IT department and confirmed that child pornography had been accessed through and downloaded onto Ziegler’s computer. The IT employees testified that the FBI agent instructed them to copy Ziegler’s hard drive in order to prevent evidence tampering. As a result, the IT employees obtained a key to Ziegler’s private office along with permission from the company’s CFO to copy Ziegler’s hard drive.

Ziegler was indicted for receiving and possessing child pornography and for receiving obscene material. Ziegler sought to suppress the evidence obtained from his Frontline computer on the grounds that, because his workplace computer was searched without a warrant, the FBI agent had violated his Fourth Amendment rights.

The Ninth Circuit agreed that Ziegler had a reasonable expectation of privacy in his office and workplace computer. The Court found that the use of a password on the computer and the lock on Ziegler’s private office door constituted sufficient evidence that Ziegler had a subjective expectation of privacy. It also found the expectation was objectively reasonable because Ziegler could assume that the contents of his office and computer only would be accessed by other company employees and that his business records would only be taken with company permission. Having found that Ziegler had a reasonable expectation of privacy, the court turned to the issue of whether the FBI obtained valid consent to search Ziegler’s computer.

Because Ziegler had not personally given consent, the court examined whether Frontline had “common authority” over Ziegler’s office and computer, which would permit it to validly consent to the search. With respect to Ziegler’s office, the court ruled that Frontline had common authority because Ziegler assumed the risk that Frontline could give consent to a search of its office space. As for Ziegler’s computer, the court reasoned that a computer is the type of workplace property that remains within the control of the employer even if an employee has used it to store personal information. Despite the password protection, Frontline’s policies made clear that its IT personnel had complete administrative access to all employee computers, that it had a firewall in place used by the company to routinely monitor employee Internet use, and that computers were company owned and not to be used for personal activities. On these facts, the Ninth Circuit ruled that Ziegler’s downloading of personal items to the computer did not destroy the employer’s common authority over the computer, and held that Frontline could validly consent to the search of Ziegler’s workplace computer. Concluding its analysis, the court found that Frontline had consented to the search through its CFO, who gave the IT employees keys to Ziegler’s office and told them that as an officer of the company he agreed to the duplication of Ziegler’s hard drive.

The Ziegler case illustrates both the high level of privacy rights an employee retains within the workplace and the importance of having clear workplace computer policies. Ziegler provides a reminder that in order to protect the employer’s authority over its information technology systems and their contents, employee handbooks and training materials should: (1) state that the employer retains control over its employees’ workplace computers; (2) enumerate what limitations the employer places on personal use of its computers; and (3) disclose whether the employer engages in monitoring of employee Internet use or the contents of employee computers.