Most of us are aware of the increased risk of identity theft caused by the exponential growth of digital communications. But have we stopped to consider how the ease of communication we have today has significantly decreased our right to privacy?
To address this loss, laws have been passed which seek to increase the user’s zone of privacy. For example, in a previous post we reported on Tennessee Employee Online Privacy Act of 2014 which limits the kind of private online information an employer can require from an employee.
Another example is the federal Electronic Communications Privacy Act (the “ECPA’), which makes it illegal for a person to intentionally intercept and disclose wire, oral, and electronic communications. But the ECPA does not protect every communication. Rather it only protects those which the speaker or sender reasonably expects to remain private.
Emphasizing the fact that our expectations of privacy are very different in the digital age, the Sixth Circuit Court of Appeals recently ruled that a person has no privacy rights in a confidential conversation overheard by the recipient of an inadvertently dialed cell phone.
James Huff sued Carol Spaw under the ECPA for listening to and disclosing sensitive employment information he discussed with a colleague during a private conversation. Spaw was able to hear the conversation because Huff accidentally called her from the cell phone in his pocket. Though Spaw knew the call was unintentional, she listened to the Huff’s conversation for 91 minutes, recorded and transcribed the call, took notes, and disclosed the information to other individuals.
Despite her conduct, the court ruled that Spaw did not violate the ECPA.
The problem was Huff, like every other cell phone user, was well aware of the risk of pocket-dialing. Subjectively, Huff expected his conversation to remain confidential. He was discussing sensitive employment information with his colleague in private. But, objectively Huff did not expect his conversation to remain private because he failed to take simple steps to prevent the accidental dialing. Knowing the risk of pocket-dialing, and having experienced it at other times, Huff failed to lock his phone, put it in a case, turn it off, or simply not put it in his pocket.
The court reasoned that Huff’s failure to take these simple preventative measures indicated he did not have an objectively reasonable expectation of privacy. This result, the court said, is consistent with the plain-view doctrine which holds there is no reasonable expectation of privacy when that which the person wishes to conceal is out in the open. For example, a criminal defendant has no expectation of privacy for contraband in his house when he leaves the drapes wide open.
The court said, “[i]n sum, a person who knowingly operates a device that is capable of inadvertently exposing his conversations to third-party listeners and fails to take simple precautions to prevent such exposure does not have a reasonable expectation of privacy with respect to statements that are exposed to an outsider by the inadvertent operation of that device.”
The court’s ruling is applicable in other contexts where digital communications make it easy for third parties to receive otherwise confidential information. For example, a Tennessee court has held employees have no reasonable expectation of privacy in a company-based email service, especially when the company handbook warns that all emails belong to the company and may be disclosed to third parties.
We have all seen similar warnings included with emails sent from company-based email services: “NOTICE: All email sent to or from the [company] corporate email system is subject to archiving, monitoring and/or review by [company] personnel.” There can be no expectation of privacy when senders and recipients are told the communications are not private.
These cases should cause us to be much more cautious when communicating over digital mediums. One of the great benefits of this digital age is the ease of communication. But easy communications reduce our privacy expectations and rights. Businesses should always keep this in mind when communicating sensitive or confidential information digitally. (And, you should make sure your phone is off.)