NH judge throws out paedo chat-log evidence

Monitoring email

A similar and more insidious set of circumstances arose in connection with early cases about employer's right to monitor employee's email communications. Under US federal law, the employer, as the provider of the electronic communications services, can monitor communications "in the ordinary course of employment," or if any party to the communication has consented to the monitoring. While the former rationale - called the "provider exception" - traditionally has been applied to permit the telephone company to listen in on telephone calls, most companies have relied upon the latter rationale to permit them to monitor employees' emails or other electronic communications. Employee handbooks, login screens and warning banners contain language to the effect that "by using this system, you are consenting to our monitoring..."

That's all well and good under federal law. But what about the employees' email to a non-employee third party in one of the all-party consent states? Putting aside the provider exception, why is an employer allowed to monitor this communication?

In permitting employers to read electronic communications without all-party consent, courts have determined that the capture of the inbound or outbound mail at the mail server is not an interception of a communication in transmission. Voila! We have defined the pesky privacy provisions out of existence. In fact, since email is always "store and forward," is it even possible to intercept it in transmission? Like Schroedinger's cat, don't you have to stop it to measure it and thereby alter its character?

The New Hampshire decision muddies the waters for employers. Many regulations mandate that companies monitor, record and preserve both e-mail, IM and chat communications. For example, brokers, dealers, and transfer agents subject to Securities and Exchange Commission (SEC) and National Association of Securities Dealers (NASD) rules have to keep records of such chat sessions. But the New Hampshire precedent might make such recording illegal unless the brokers obtain the effective consent of all people in the conversation - e.g., with some sort of warning banner before they can enter the chat or conversation. It's not enough that the broker-dealer consent, but everybody in the chat must do so as well.

With new technologies, like VoIP (and the new digital telephony proposal by the US Department of Justice to the US Federal Communications Commission to make VoIP less secure and subject to monitoring), we have to reassess the fundamental rights to privacy. In at least those states that prohibit monitoring without all party consent, the employer generally cannot record an employee's telephone calls using company hardware during company time unless the person he or she is talking to also consents to the recording. This is what got Linda Tripp into trouble by recording Monica Lewinsky (well, almost got her into trouble.) Why should email be any different? Why should VoIP? Why should IM? IRC? SMS? Either communications are private, or they are not. To the Internet, packets is packets. Maybe its time for the law to make up its mind.

Copyright © 2004,

Mark D Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc.

Related stories

Milking the Internet surveillance cash cow
Spooks want more Web-tapping powers
Privacy in the workplace is a myth
Paedo-stalking ChatNannies - fact or fiction?
Watch out! There's a chatroom paedophile about