Case One:
Your Career Matters: Disaster Raises New Legal Issues In the Workplace
Wall Street Journal
November 20, 2001
Can a company fire employees who refuse to get on an airplane? Is it legal for a business to
remove pictures of employees of Middle Eastern background from a marketing brochure?
America's war with terrorists is provoking a host of questions in the workplace, and employmentlaw attorneys say they are being peppered with inquiries from businesses seeking guidance on
how to respond.
Many of the questions raise classic issues of privacy, discrimination or compliance with labor
laws. Others, however, are leading attorneys into uncharted terrain. "I think lawyers don't have a
clue about how to advise their clients on some of these things," says Robert D. Lipman, an
attorney in Jericho, N.Y. "A lot of these problems don't have a legal remedy because nobody
contemplated something like this."
New problems can elicit conflicting opinions. For example, an executive who was killed while
attending a meeting at the World Trade Center on Sept. 11 had stock options that were due to vest
on Oct. 1. No death certificate had been issued by that date. Should the options vest?
No, says Michael Lotito, a partner in the San Francisco office of Jackson Lewis, an employment
law firm that got such an inquiry from a client it declines to name. Since the executive had ceased
working for the company on Sept. 11, he didn't qualify for vesting, Mr. Lotito says. Mr. Lipman,
whose four-lawyer firm represents both management and employees, isn't so sure, since the
executive hadn't officially been declared dead as of the vesting date.
Far from ground zero, employers are coping with workers unnerved by the terrorist attacks. Mr.
Lotito says one California client had employees who were resisting flying, even after the
company arranged for them to travel on private jets. A group of workers at another company
didn't want to return to work on the 52nd and 53rd floors of a New York office building.
Can these employees be fired?
Mr. Lotito and other employment attorneys emphasize that the initial response of most companies
has been to cut back on travel or allow telecommuting for anxious workers. At some point,
though, Mr. Lotito notes, "the company has a right to pursue its business," and if getting on an
airplane – or working on a high floor -- is necessary to a job, and an employee refuses to do it, he
or she can be fired.
There are, however, some caveats. A little-known provision of the National Labor Relations Act
protects "concerted activity" of even nonunion employees. Thus, if anthrax fears lead two or more
employees to object to mail-handling procedures, they cannot be fired or disciplined for agitating
for better protection. Also, if a worker claims he or she can't perform certain functions because of
posttraumatic stress disorder or another diagnosed condition, an employer may have to make
accommodations under the Americans with Disabilities Act.
Companies could also be at legal risk if they aren't complying with guidelines issued by
authorities for dealing with current threats. Terri M. Solomon, an attorney at Littler Mendelson in
1
New York, says she was contacted by a client who told her that a mailroom worker's insistence
on wearing gloves to deliver company mail was creating fear among other employees. "To which
I said, `Too bad,' " says Ms. Solomon, who notes that a number of federal agencies have
suggested precisely that precaution.
Efforts by companies to improve security since Sept. 11 have spurred numerous legal questions.
Tom Finkbiner, chief executive of Quality Distribution Inc. in Tampa, Fla., which operates the
largest chemical tank-truck fleet in the country, says some chemical makers have asked Quality to
provide them with names, addresses and other background information on its 3,350 drivers. After
consulting with in-house counsel, Mr. Finkbiner concluded that "a lot of the things they're
requesting are invasions of privacy." Quality is providing names and photo IDs but not
employment histories and home addresses.
Managers of office buildings trying to prepare evacuation plans have asked tenants to supply lists
of employees with disabilities that might hinder their escape in an emergency, raising privacy
concerns. But in a recent bulletin, the Equal Employment Opportunity Commission said
employers may ask employees if they will need assistance, as long as answering is voluntary. The
EEOC also said companies can provide this information to building security officers and others
responsible under any emergency evacuation plan.
There are few limits on companies conducting security checks of employees' bags or work areas,
attorneys say, provided the company clearly informs its workers of the inspection policy. In
presentations for employers, Ms. Solomon's firm advises them to maintain broad rights to conduct
searches, suggesting, for example, that they "expressly reserve the right to enter all lockers, desks,
and vehicles at any time."
Newfound security concerns have sent many employers rushing to perform background checks on
workers. Here, too, there are certain legal requirements to navigate. The Fair Credit Reporting
Act, for example, requires job applicants and employees to consent to checks of their credit
history and, in certain circumstances, to employers obtaining drug-test reports, driving records
and interviews with friends or associates. And while companies are free to inquire about past
convictions, many states forbid inquiry into arrests, notes Ms. Solomon.
Because background checks can be expensive, the question was raised at a Nov. 12 meeting of
human-resource officials in Pittsburgh whether it would be possible to conduct them just for
foreign nationals. That, says John Hill, a Jackson Lewis attorney who attended the meeting,
would be a bad idea. To avoid potential discrimination claims, he says, "if you do it for one
person, do it for everybody."
David Ross, an attorney for Seyfarth Shaw in New York, says his firm gave similar advice to the
company that inquired about removing pictures of workers of Middle Eastern background from
its marketing materials. Although it's not illegal, he says, "we cautioned them that that could
come back to haunt them in other contexts" such as discrimination lawsuits because it shows
separate treatment of people based on their heritage.
Credit: Staff Reporter of The Wall Street Journal
Reproduced with permission of the copyright owner.
Further reproduction or distribution is prohibited without permission.
2
Case Two:
Source: Training, August 2000 v37 i8 p50.
Title: They're Watching YOU WORKPLACE PRIVACY IS GOING...GOING...
Author: SARAH BOEHLE
With the proliferation of Internet and e-mail monitoring, the boss's eyes are everywhere. Is this
any way to run a business?
I visited a pornographic Web site at work, and Gordon Alexander knows it.
Thing is, I never told Alexander about my visit to the Internet's underbelly, nor did he pass by my
cubicle when risque photographs were splashed across my monitor. So is he some sort of
clairvoyant? Nope. He's the MIS manager at the Minnesota office of Bill Communications (which
owns TRAINING Magazine), and he's using the latest in employee surveillance aids: Internet
monitoring software. From his desktop, Alexander has a bird's-eye view into the Internet surfing
habits of the 100 or so employees here in Minneapolis. And the software he uses is so advanced
that not only can he track and record which Web sites workers visit, he can also determine how
much time they spend at each site.
Welcome to the 21st century workplace, where such tactics are no longer the exception but the
norm. According to a survey this year by the American Management Association (AMA), nearly
three-quarters of major U.S. firms now record and review some form of their employees'
communications—either telephone calls, email, Internet connections or computer files. That's
more than double the number of just two years ago.
Of all surveillance methods, Internet and email monitoring have seen the most explosive growth
recently, with 54.1 percent of companies now monitoring their employees' Internet connections
and 38.1 percent reviewing e-mail messages.
What's behind this rush to Orwellian oversight? Employers cite lost productivity, decreased
bandwidth, corporate espionage and legal liability as some of the reasons, fearing that employee
abuse of e-mail and the Internet will damage their bottom lines. All this, coupled with the fact
that monitoring software is now faster, cheaper and more flexible than ever before, has made it
tough for employers to resist.
Ray Boelig, CEO of Elron Software in Burlington, MA, a leading purveyor of Internet and email
surveillance tools, believes that the rise in monitoring isn't a sign that companies are overly
paranoid. "Monitoring is essential," Boelig says. "Organizations need to look at the proper use of
their assets. They have a responsibility to make sure that their workplace is a nonhostile
environment."
In fact, employers don't just have a moral obligation to maintain a nonhostile working
environment, they're legally required to do so. The Communications Decency Act of 1996 says
that an employer can be held liable for the activities of its employees. Logging on to playboy.com
over the lunch hour, for example, might seem fairly harmless to one employee, but if a co-worker
who doesn't share that viewpoint sees those lewd images, she might construe them as sexual
harassment and sue the employer for allowing a hostile work
environment to exist.
3
E-mail is even more nettlesome. Under federal law, sending and receiving e-mail via an
employer's computer is no different than writing a memo on company letterhead--meaning that
any off-color e-mails circulating around the office can set employers back millions of dollars.
Chevron Corp. learned this lesson the hard way when it settled a sexual-harassment lawsuit for
$2.2 million over offensive e-mail postings such as "25 reasons why beer is better than women."
Corporate behemoths like Citigroup and Morgan Stanley Dean Witter have also been taken to
court by employees who allegedly received email at work containing racist jokes.
But do a few isolated lawsuits really warrant a bandwagon approach to prying into the doings of
millions of U.S. employees? Privacy watchdogs would answer with an emphatic no. But
employers point to statistics that show some cause for concern.
Last year, Elron Software commissioned a study by market research firm NFO Interactive in
Northwood, OH, that revealed some chilling trends. According to the survey, the number of
employees who admitted to sharing confidential business information via e-mail with other
companies weighed in at 20.6 percent. The poll also found that nearly three-quarters of
respondents sent or received adult-oriented e-mail at work, and 64.4 percent admitted to sending
or receiving sexist or racist e-mail. And according to a 1998 Internet-abuse study conducted by
NFO and Elron, 62 percent of organizations reported catching employees accessing sexually
explicit Web sites on company computers.
While the Elron/NFO surveys undoubtedly raised red flags among corporate management types,
Lewis Maltby, who is president of The National Workrights Institute in Princeton, NJ, takes a
more skeptical view. "I would be suspicious," he says of such studies. "There's a lot of junk data
that has come out from advocates who are more interested in pushing their agenda than in being
straight with the [research]." Nevertheless, Maltby admits that employers have legitimate
concerns. "The Web is seductive," he says. "The risk that employees will spend all day surfing
the Web instead of working is vastly greater than the risk that they'll goof off in some other, less
entertaining way."
The Gray Zone
In 1890, in one of the most seminal essays on privacy ever written, Louis Brandeis and Samuel
Warren proclaimed that the right most valued by the American people was "the right to be left
alone." Brandeis and Warren were worried that then-modern-day technology such as photography
and the tabloid press were invading "the sacred precincts of private and domestic lives," and they
warned that "[n]umerous mechanical devices threaten to make good the prediction that what is
whispered in the closet shall be proclaimed from the housetops." If Brandeis and Warren could
see the wired world of today, they'd likely turn over in their graves.
Thanks to the expeditious advance of technology and the advent of the World Wide Web, the
most minute details of our everyday lives are now on display for the world to see--often without
our knowledge. Each time we swipe our frequent-buyer savings card at the local supermarket, our
grocer surreptitiously tracks what food we eat, even how much dog food or kitty litter we buy.
"Cookies," which are pieces of computer code dropped from Web sites onto users' hard drives,
record where we travel on the Net, what purchases we make, which passwords we create, and any
personal information we disclose. This data is then used for marketing purposes or sold to third
parties.
Public outcry against such intrusions has reached a boiling point in recent months, leading
consumer rights advocates to lobby Congress to enact legislation that would limit the types of
4
information companies are allowed to collect on the Web. Should such legislation pass, however,
it is doubtful that any protections will extend to the millions of Americans subjected to
monitoring on the job.
Not that monitoring is anything new to the business world. In the manufacturing industry, it has
been used for decades to track employee productivity and to record inventory. Cyclometers
(which measure typing output) were in place by 1913, and employers began monitoring employee
telephone calls for "quality assurance purposes" in the 1920s.
What has changed is the sophistication of surveillance software and the types of information it
allows employers to gather--which is precisely what disturbs privacy advocates. Although most
concur that employers have valid reasons for watching their employees, the fear that these
methods are becoming too meddlesome is nonetheless blossoming. Maltby and many other
privacy advocates argue that those employers who routinely read their employees' e-mail and
compile individualized lists of all Web sites workers visit are creating a nightmare for themselves
as well as their employees. "If someone has a problem today, they don't write to 'Dear Abby.'
They go to the Web with their darkest, most personal secrets," says Maltby. "Do employers really
want to know one of their employees is HIV-positive or just got divorced? These are not things
employers have any right to know or even want to know, but they're going to routinely find out if
they keep going down the road they're on."
Not surprisingly, fallout from such spying can be ugly. In fact, this year more than half of
employers reported reprimanding employees--ranging from a formal warning to termination--for
abusing company telecommunications equipment. Yet at its most insidious, the result of snooping
is not termination or some draconian penalty; it is loss of privacy.
Although multimillion-dollar e-mail- and Internet-oriented lawsuits make for juicy headlines, it is
spying of a more mundane ilk that threatens to hit workers the hardest. The latest software, for
example, can monitor employees' every keystroke, even allowing managers to view workers'
desktops in real time-- i.e., what they're working on minute by minute--on the sly.
Extrapolate a bit, and it is not hard to imagine the machinations running through some pointyhaired boss's brain. "Hmm...Smith didn't log on to the company network until 8:30 a.m. even
though work was scheduled to begin at 8." (Never mind that Smith has been in the office since
6:30 this morning working from hard copy; the boss has no record of that.) Or, "Interesting. Julie
spent two hours reading The Wall Street Journal online this afternoon. I'll make a note of that on
her next performance review." (So what if Julie was doing research pertinent to her job.)
Holy Grail?
Then there's online learning. The latest generation of training management software can monitor
and record every moment of a student's progress through an online course. To be sure, there are
tangible benefits. Dave Mandelkern, executive vice president and chief technology officer for elearning provider Docent Inc. in Mountain View, CA, calls reporting software the "Holy Grail" of
the training industry. "Traditionally, getting data back on what students thought and what they
learned was extraordinarily difficult," says Mandelkern. "Now, for the first time, we've got this
built-in two-way communications mechanism that allows us to capture that data." Reporting
software is also invaluable in helping employers to improve their e-learning programs, allowing
them to determine the effectiveness of specific test questions or course modules by gauging
student performance.
5
For all its attractiveness, though, tracking software sometimes borders on the intrusive, going so
far as to monitor students' activity down to the mouse click and to record what they say in course
chat rooms and asynchronous forums. Ostensibly, these features are for students' own good; yet
they raise some concerns, especially when studies show that many people are more open with
their thoughts on the Web, revealing personal information online that they otherwise wouldn't
share in face-to-face environments.
So why aren't employees asking questions about it? Although there are no hard numbers as to
how many companies inform their workers that online classrooms are monitored, it appears that
most employees are currently unaware they're being watched. Dave Evangelisti, vice president of
marketing for e-learning management software provider Pathlore in Columbus, OH, estimates
that less than half of Pathlore's customers tell their students that monitoring is in place. "A lot of
companies are not prone to abusing this cache of information," notes Evangelisti. "But anytime
you have employees interact with software and ask them to put in comments and give their
feedback and then capture that information, the potential for abuse is definitely there."
The Electronic Boss
Evangelisti also points out that it is important for employers to use such information in the right
way, and to refrain from determining employee performance based on limited data gleaned from
monitoring, such as test scores and time spent completing specific assignments.
This opens up a larger debate, which is that electronic surveillance, in its sundry forms, not only
has the potential to encroach upon worker privacy, it also could change the way in which
employee job performance is assessed.
Indeed, with continuing corporate downsizing leaving fewer and fewer middle managers to
supervise employees in person, the likelihood that monitoring software will soon play a larger
role in the performance-assessment process is increasing--and many pundits doubt its
effectiveness.
MIT professor and Fortune columnist Michael Schrage attacked this phenomenon recently in a
column decrying the best-practices databases that have spread like wildfire in world-class
organizations such as General Electric and Asea Brown Boveri. Likening them to "databasedriven blackmail," Schrage argued that such knowledge management systems are poised to
squash innovation because they define, in set terms, the best way to go about doing things without
giving employees rein to think up new, and possibly better, practices of their own.
Schrage also lambasted the tracking features of such systems, citing their sometimes arbitrary
determination of "good" performance as a detriment to all. "You ignore checking in with these
databases at your peril," he wrote. "Dis [them], and you may lose your promotion, your job, or
your employment lawsuit--whether you're suing because you've been fired, or being sued for
firing....And if your performance evaluation isn't based in part on how well you draw upon these
best-practice resources, then what's the point of having them?"
Which begs the question: Do employers actually realize any of the gains in productivity they
trumpet as a reason for turning to monitoring software in the first place?
"This kind of piecework keeping track of everything people do is really not the way to get people
to do their best jobs and feel best about companies. It makes employees feel like children or
potential miscreants," says Richard Sobel, a political scientist at Harvard University who works
6
on privacy policy and who opposes workplace monitoring. "The environments that respect people
and their privacy tend to see results in productivity, good ideas, and in people giving their best
efforts."
Unfortunately, there is virtually no research on the effects of monitoring on employees whose
work is more complicated than data entry or customer service. But several studies of
telecommunications and clerical workers suggest that electronically monitored workers
experience higher levels of depression, tension and anxiety, lower levels of productivity, and
more health problems than unmonitored employees.
Studies also indicate that the most creative thought takes place during periods of seclusion or
daydreaming, meaning that if workers know or suspect they are being watched, there's a good
chance their ability to think freely and creatively will suffer.
Your Privacy Ends at the Office Door
While federal, state and local government employees benefit from some degree of legal
protection of their privacy, private businesses (particularly those whose employees are not
unionized) are free to monitor their workers' every move with near total impunity. "You don't
have a right to privacy at work," says Maltby. "You don't have a right to free speech. You don't
have a right to due process. You don't have any Constitutional rights at work because the
Constitution only applies to the government, not to the private sector."
There are, however, a few exceptions. The Federal Electronic Communications Privacy Act
prohibits employers from deliberately eavesdropping on purely personal conversations that an
employee may have at work. Yet while this legislation includes telephone calls and audioequipped video devices, it does not protect purely personal communications that occur through
means other than the spoken word, such as e-mail or other Web-based forms of communication.
And here's something most workers don't know. Even when employers promise not to monitor
their employees, courts are supporting companies' right to break such promises without notice. In
1994, a Pennsylvania case between Michael A. Smyth and the Pillsbury Co. helped to establish
this precedent. According to court documents, Smyth, an at-will employee, was fired based on an
indiscreet private e-mail message that he sent from his home computer to a supervisor at work.
The message, which referred to the company's sales management and made threats to "kill the
back-stabbing bastards," was later read by company executives who terminated Smyth for
"inappropriate and unprofessional comments" made over the company's e-mail system.
Smyth filed a wrongful-discharge action against Pillsbury, alleging that the company had
repeatedly promised its employees that all email would remain confidential and that no employee
would be fired based on intercepted e-mail. Yet the court dismissed Smyth's claim, saying that
because Pillsbury owned the computer system to which the message was sent, it could intercept
the e-mail without invading its workers' legitimate expectations of privacy.
In some instances, employers have even nosed into their employees' company-owned home
computers. Consider the case of Ronald F. Thiemann, the respected dean of the Harvard Divinity
School who was forced to resign in 1998 after pornographic images were discovered on a
university-owned computer located in his home. Reportedly, none of the pornography found was
illegal. Yet in Harvard's and many other employers' view, the very fact that Thiemann accessed
the images via his employer's computer was grounds for dismissal.
7
What's the Solution?
In 1993, in one of the most sweeping federal actions governing workers' privacy to date, Sen.
Paul Simon of Illinois and Rep. Pat Williams of Montana made a failed attempt to enact
legislation that would have required employers to more clearly define their privacy policies and to
refrain from monitoring employees' personal communication.
Jim Bruce, outside counsel to EMA, The E-Business Forum in Arlington, VA--which represents
the e-business and messaging industries and is a staunch supporter of employers' right to monitor
workers--opposed the legislation because of the way in which it was drafted. "The problem was
that nobody in Congress or anyone else could forecast all the types of electronic monitoring that
could be done in the workplace," says Bruce.
The good news is that even in the absence of government intervention, a majority of employers
are beginning to institute monitoring policies of their own accord. This year's AMA survey, for
instance, revealed that 88 percent of companies now have established Internet and email usage
policies and also inform their employees of them. That's real progress, considering that a 1993
Mac-world poll determined that less than one-third of companies that monitored their workers
gave advance warning, and only 18 percent had established a written policy.
Yet the privacy problem is far from solved. The reason, experts say, is that most companies'
electronic monitoring policies and training programs are woefully inadequate. "The standard
notice form employers use today communicates virtually nothing," says Maltby. "It basically
says, 'We reserve the right to monitor any form of electronic communications for any reason at
any time in the future.' What does that tell employees? How? When? Is it going to be e-mail
monitoring? Voice mail? Web site monitoring? Is it going to happen all the time or on certain,
specified occasions? And is it going to include everything or just things that are work-related?"
Indeed, the 1999 Elron study offers some evidence that few employees understand the scope of
their company's monitoring practices. It found that nearly two-thirds of workers are unaware that
a policy exists--despite the fact that, as the AMA points out, 88 percent of employers claim that
they have such a policy and inform their employees of it.
The key to bridging this divide, experts say, is better communication. Even some of those who
support an employer's right to monitor are urging companies to improve their policies and to take
more proactive measures with their educational initiatives. The EMA recently released an
updated version of its Privacy Toolkit booklet, which provides guidelines for writing effective
electronic monitoring policies. Next fall, the EMA also intends to debut a set of interactive
training tools that will help employers to better communicate both their policies and the
ramifications of Internet and email abuse to workers. "I believe that the next stage is going to be
education and employee understanding of what company policies are," says Lauren Haywood, the
EMA's acting president and CEO.
These are hopeful trends. However, barring the unlikely event that federal legislation sets clear
guidelines as to what's fair game for employee monitoring and what's not, Kevin Conlon, district
counsel for the Communication Workers of America, urges workers to take responsibility for
protecting themselves. "Like it or not, the presumption should be that there is no such thing as
privacy in the workplace," he says. "Everything is subject to scrutiny, and employees need to start
living their work lives accordingly."
How to Create an Effective Monitoring Policy
8
The American Management Association recently called on employers to raise the level of
dialogue with workers over the use of electronic monitoring in the workplace. "...[M]onitoring is
such a new area filled with so many misconceptions of what is proper, appropriate and legal, that
employees and employers need to have a clear, mutual understanding of what each may and may
not do," says Ellen Bayer, the AMA's global practice leader on human resources issues.
In an effort to ensure fair and effective surveillance practices, Bayer recommends that company
policies be:
* Clearly defined and disseminated to all employees through all communication channels from
paper to electronic media.
* Addressed in recruitment, orientation and training.
* Discussed in face-to-face meetings between managers and employees, allowing for questions to
be answered and concerns aired.
* Illustrated through specific examples of misuse, accompanied by a consistent explanation
regarding the application of standards.
Privacy 101
Eric Schmidt knows the value of education. Before he landed a job as chief information officer at
Bricker & Eckler LLP in Columbus, OH, six-and-a-half years ago, he spent a large portion of his
career as director of information services at Ohio State University. So when Bricker & Eckler
decided to install Elron Software's Internet Manager and E-Mail Inspector, he rallied hard for a
first-rate policy and training program to be put in place before the software hit the firm's
computer network.
"Education can solve 90 percent of your problems," says Schmidt, who claims that a number of
companies he's talked to have installed monitoring technology without telling anyone. "If you
don't let [employees] know up front, it's not playing fair. You've first got to tell folks what your
expectations are."
So Schmidt put together a monitoring policy that was quite explicit. It stated that office
computers were the law firm's property and that there was no expectation of privacy. It detailed
how, when, and to what extent monitoring would take place. And it provided employees with
several examples of inappropriate usage.
From the outset, Schmidt wanted to avoid creating what he calls a "Stalinesque" working
atmosphere. Rather than relying on human nature or attempting to create "block lists" of
inappropriate sites--a Sisyphean task, considering the amount of pornographic material currently
on the Net--the firm uses Elron's SmartList technology, which screens the language of Web sites
before they're visited and blocks users from those deemed unacceptable.
Bricker & Eckler refrains from monitoring the content of text-based e-mail messages--a tactic it
believes infringes on employee privacy. Instead, Schmidt gathers a random sampling of e-mail
attachments every few months and reviews them to make certain that employees are not
downloading software illegally or sending classified information or inappropriate pictures and
jokes over the company network
9
The next step was education. Coordinating with Bricker & Eckler educational specialist Rick
Anderson, Schmidt put together a training program for new and existing employees that
explained the reasons behind the firm's decision to install monitoring software, set the ground
rules, and gave staffers an opportunity to ask questions. And education doesn't stop there; every
six to eight weeks, Schmidt sends out "gentle reminders" of the monitoring policy. He also
includes links to the policy on every page of the firm's intranet, which is the mandatory home
page for all attorneys and support staff.
Thus far, the approach seems to be working. According to Schmidt, only one employee has been
reprimanded for excessive personal Internet surfing, and that person is still employed by the
company. Morale hasn't plummeted either--though Schmidt admits to receiving his fair share of
ribbing from staffers. "Yeah," he chuckles. "I sometimes get stuff like, 'How's Big Brother doing
today?'"
Case Three:
Source: Newsweek, Sept 17, 2001 p56.
Title: Spyware: Taking On Office Snoopers: A colorful federal judge scores a win for workplace
privacy
Full Text COPYRIGHT 2001 Newsweek, Inc.
Alex Kozinski hardly fits the mold of the digital rebel. At 51, the Romanian-born federal judge, a
conservative appointed by Ronald Reagan, still drafts his opinions on an IBM Selectric
typewriter. But that didn't stop him from marching into the server room of the Ninth Circuit Court
of Appeals' San Francisco headquarters last May and shutting down a server programmed to
detect unauthorized Internet use by the 30,000 employees of the federal court system. The
monitoring software was installed by an obscure division of the judicial branch called the
Administrative Office. The system was supposed to detect whether workers in the nation's
courthouses were wasting government time and taxpayer dollars by visiting porn sites or
downloading songs and video clips. But by treating court workers who must uphold the nation's
electronic surveillance laws "like a bunch of 12-year-old kids," says Kozinski, the AO may also
have been violating their civil rights. "I saw myself as preventing an illegal act. Isn't that what
you would expect of a federal judge?"
Last week the AO finally surrendered to Kozinski's loud public campaign, which included a
barrage of memos, media interviews and an op-ed piece in The Wall Street Journal. With a 27judge policymaking panel led by Chief Justice William H. Rehnquist set to decide this week
whether to resurrect the monitoring program, the AO conceded in a letter that "the need for
privacy appears to have, at least temporarily, taken precedence." Citing "misunderstanding" and
"worry among judges," the AO rescinded a recommendation that court employees be notified that
they have no "expectation of privacy" while using government computers. It was a big win for
Kozinski, and for privacy advocates who have watched as courts repeatedly sided with companies
against employees in these kinds of disputes over the past few years. "This is a victory for
privacy," says Stanford law professor Lawrence Lessig. "The real thing is balance. It's signaling
that the courts are thinking about a balanced way of dealing with this complicated issue."
Kozinski may have accomplished what employees elsewhere probably wish they could do--throw
a dark blanket over the watchful eyes of Big Brother. The Denver-based Privacy Foundation
10
estimates that one out of every three employees who accesses the Internet from the office is
subject to some kind of Internet surveillance by his boss. As corporations see it, the Internet is a
productivity tool--but can also be a vast arena of sports chat rooms, gambling halls and porn sites
that distract workers. Companies worry, too, that they can be sued for fostering a hostile work
environment if an employee sends a harassing e-mail or leaves a pornographic Web site up on his
computer.
In several cases where workers were fired for sending inappropriate e-mail and then sued the
company for violating their privacy, judges have mostly sided with the employer. In one 1996
case, Smyth v. Pillsbury, the court found that the company had rightfully terminated a worker for
dispatching threatening e-mail, even though it had promised all messages would be kept
confidential and privileged. "The company's interest in preventing inappropriate and
unprofessional comments or even illegal activity over its e-mail system outweighs any privacy
interest the employee may have," the Philadelphia judge wrote.
In the clubby confines of the federal judiciary, staging a public protest is hardly the norm. Not
that Kozinski is the typical judge. The son of Romanian Jews who fled Bucharest when he was a
boy, he is also a freelance writer whose articles range from snowboarding to the death penalty. He
may be the only federal judge to have appeared on "The Dating Game"--twice. Kozinski's
gamble, openly criticizing his own institution as only someone with lifetime tenure would dare,
appears to have paid off. By backing down, court watchers say, the AO spared Rehnquist the
potential embarrassment of endorsing a controversial Big Brother policy for the nation's
courthouses.
Kozinski's victory could turn the tide on the larger issue of Internet monitoring in the private
sector. Business interests have so far defeated previous efforts by lawmakers to limit monitoring,
but last week the AFL-CIO said it would start lobbying Congress on the issue, partly because of
the attention brought by the Ninth Circuit dispute. And last week liberal members of the House
Judiciary Committee threatened to limit the use of federal funds for monitoring in government
offices. Office workers who combine a little personal Internet surfing with their daily diet of
Powerpoint presentations may owe Judge Kozinski a thank-you e-mail.
Case Four:
Judges' Ire Stirs Debate on Web Monitoring
Wall Street Journal
WASHINGTON -- Privacy advocates hope a simmering dispute within the federal judiciary over
Internet use will spark changes to federal laws on employer monitoring of company networks.
A group of senior West Coast judges, angry that their online activity is monitored by a federal
agency here that administers the court system, have suggested the scrutiny may be illegal and for
one week earlier this year disabled the monitoring system in protest.
Judge Alex Kozinski of San Francisco's U.S. Court of Appeals for the Ninth Circuit -- where the
disabling took place -- has claimed in a memorandum that such oversight violates the federal
wiretap statute.
But experts in workplace law say the legality of such monitoring is widely accepted. Broad
surveillance by system administrators is explicitly permitted under the 1986 Electronic
11
Communications Privacy Act and has been upheld by several courts, and Congress has rejected
attempts to craft a new policy.
"This sounds like the judge had no clue how intrusive modern monitoring security is," said
Stewart Baker of the Washington law firm Steptoe & Johnson, an expert on wiretap law.
Calls to Judge Kozinski and the Ninth Circuit's media representative weren't returned.
The dispute could spur lawmakers to re-evaluate federal policy on monitoring, privacy advocates
said.
"We may need to have people in a position of power affected by electronic monitoring before
there is going to be an honest legislative evaluation of the current situation in the American
workplace," said Jeremy Gruber, legal director at the National Workrights Institute in Princeton,
N.J.
Under the 1986 law, a network operator can intercept or disclose a user's messages "in the normal
course of his employment" to protect the rights and property of the network's owner -- even
without giving a warning, though experts frequently advise companies to do so.
It isn't unusual for companies to monitor the online behavior of employees; a survey in July of
435 large U.S. companies by the American Management Association found more than 60%
watched Internet connections. Most indicated they are worried about lawsuits, especially
stemming from workers visiting pornographic Web sites or distributing sexually suggestive
material, but many said they also check to detect network attacks by hackers.
Sen. Charles Schumer (D., N.Y.) and Rep. Bob Barr (R., Ga.) are expected to introduce
legislation later this year that would limit employer surveillance. A similar bill sponsored by the
two was voted down last year.
The judiciary dispute was reported July 5 by the Houston Chronicle and was also the subject of
an article yesterday in the New York Times.
For the judges, the issue will be decided when the United States Judicial Conference meets on
Sept. 11. The conference, which makes policy for the judiciary, "is actively studying the issue,"
conference spokesman David Sellers said. "There's really nothing to be said until the conference
meets."
Credit: Staff Reporters of The Wall Street Journal
Reproduced with permission of the copyright owner.
Further reproduction or distribution is prohibited without permission
Case five:
Privacy on Trial: Wall Street Journal
An open letter to federal judges:
The U.S. Bureau of Prisons maintains the following sign next to all telephones used by inmates:
12
"The Bureau of Prisons reserves the authority to monitor conversations on the telephone. Your
use of institutional telephones constitutes consent to this monitoring. . . ."
I'm planning to put signs like these next to the telephones, computers, fax machines and other
equipment used in my chambers because, according to a policy that is up for a vote by the U.S.
Judicial Conference, we may soon start treating the 30,000 employees of the judiciary pretty
much the way we treat prison inmates.
Exaggeration? Not in the least. According to the proposed policy, all judiciary employees -including judges and their personal staff – must waive all privacy in communications made using
"office equipment," broadly defined to include "personal computers . . . library resources,
telephones, facsimile machines, photocopiers, office supplies." There is a vague promise that the
policy may be narrowed in the future, but it is the quoted language the Judicial Conference is
being asked to approve on Sept. 11.
Not surprisingly, the proposed policy has raised a public furor. This has so worried the policy's
proponents that Judge Edwin Nelson, chairman of the Judicial Conference's Automation and
Technology Committee, took the unprecedented step of writing to all federal judges to reassure
them that the proposed policy is no big deal. I asked that my response to Judge Nelson be
distributed to federal judges on the same basis as his memo, but my request was rejected. I must
therefore take this avenue for addressing my judicial colleagues on a matter of vital importance to
the judiciary and the public at large.
The policy Judge Nelson seeks to defend as benign and innocuous would radically transform how
the federal courts operate. At the heart of the policy is a warning -- very much like that given to
federal prisoners -- that every employee must surrender privacy as a condition of using common
office equipment. Like prisoners, judicial employees must acknowledge that, by using this
equipment, their "consent to monitoring and recording is implied with or without cause." Judicial
opinions, memoranda to colleagues, phone calls to your proctologist, faxes to your bank, e-mails
to your law clerks, prescriptions you fill online -- you must agree that bureaucrats are entitled to
monitor and record them all.
This is not how the federal judiciary conducts its business. For us, confidentiality is inviolable.
No one else -- not even a higher court -- has access to internal case communications, drafts or
votes. Like most judges, I had assumed that keeping case deliberations confidential was a bedrock
principle of our judicial system. But under the proposed policy, every federal judge will have to
agree that court communications can be monitored and recorded, if some court administrator
thinks he has a good enough reason for doing so.
Another one of our bedrock principles has been trust in our employees. I take pride in saying that
we have the finest work force of any organization in the country; our employees show loyalty and
dedication seldom seen in private enterprise, much less in a government agency. It is with their
help -- and only because of their help -- that we are able to keep abreast of crushing caseloads that
at times threaten to overwhelm us. But loyalty and dedication wilt in the face of mistrust. The
proposed policy tells our 30,000 dedicated employees that we trust them so little that we must
monitor all their communications just to make sure they are not wasting their work day cruising
the Internet.
How did we get to the point of even considering such a draconian policy? Is there evidence that
judicial employees massively abuse Internet access? Judge Nelson's memo suggests there is, but
if you read the fine print you will see that this is not the case.
13
Even accepting the dubious worst-case statistics, only about 3% to 7% of Internet traffic is nonwork related. However, the proposed policy acknowledges that employees are entitled to use their
telephone and computer for personal errands during lunchtime and on breaks. Because lunches
and breaks take up considerably more than 3% to 7% of the workday, we're already coming out
ahead. Moreover, after employees were alerted last March that downloading of certain files put
too much strain on the system, bandwidth use dropped dramatically. Our employees have shown
they can be trusted to follow directions.
What, then, prompted this bizarre proposal? The answer has nothing to do with bandwidth or any
of the other technical reasons articulated by Judge Nelson. Rather, the policy became necessary
because Leonidas Ralph Mecham, director of the Administrative Office of the U.S. Courts, was
caught monitoring employee communications, even though the Judicial Conference had never
authorized him to do so. Unbeknownst to the vast majority of judges and judicial employees, Mr.
Mecham secretly started gathering data on employee Internet use. When the Web sites accessed
from a particular computer affronted his sensibilities, Mr. Mecham had his deputy send a letter
suggesting that the employee using that computer be sanctioned, and offering help in
accomplishing this. Dozens of such letters went out, and one can only guess how many judicial
employees lost their jobs or were otherwise sanctioned or humiliated as a consequence.
When judges of our circuit discovered this surreptitious monitoring, we were shocked and
dismayed. We were worried that the practice was of dubious morality and probably illegal. We
asked Mr. Mecham to discontinue the monitoring. Rather than admitting fault and apologizing,
Mr. Mecham dug in his heels. The monitoring continued for most of the country until Mr.
Mecham was ordered to stop by the Judicial Conference Executive Committee.
Hell hath no fury like a bureaucrat unturfed. In a fit of magisterial petulance, Mr. Mecham
demanded that his authority to monitor employee communications be reinstated without delay. A
compliant Automation Committee hastily met in secret session to draft the proposed policy,
pointedly rejecting all input from those who might oppose it. In their hurry to vindicate Mr.
Mecham's unauthorized snooping, the committee short-circuited the normal collegial process of
deliberation and consultation.
Salving Mr. Mecham's bureaucratic ego, and protecting him from the consequences of his
misconduct, is hardly a basis for adopting a policy that treats our employees as if they live in a
gulag. Important principles are at stake here, principles that deserve discussion, deliberation and
informed debate. As Chief Judge James Rosenbaum of Minnesota has stated, "giving employers a
near-Orwellian power to spy and snoop into the lives of their employees, is not tenable." If we
succumb to bureaucratic pressure and adopt the proposed policy, we will betray ourselves, our
employees and all those who look to the federal courts for guidance in adopting policies that are
both lawful and enlightened.
I therefore suggest that all federal judges reading these words – indeed all concerned citizens -write or call their Judicial Conference representatives and urge them to vote against the proposed
policy. In addition, we must undo the harm we have done to judicial employees who were victims
of Mr. Mecham's secret, and probably illegal, snooping. The Judicial Conference must pass a
resolution that offers these employees an apology and expungement of their records.
Moreover, we should appoint an independent investigator to determine whether any civil or
criminal violations of the Electronic Communications Privacy Act were committed during the
months when 30,000 judicial employees were subjected to surreptitious monitoring. If we in the
14
judiciary are not vigilant in acknowledging and correcting mistakes made by those acting on our
behalf, we will surely lose the moral authority to pass judgment on the misconduct of others.
--Mr. Kozinski is a judge on the Ninth U.S. Circuit Court of Appeals in California. His
unmonitored e-mail address is kozinski@usc.edu.
Case six:
Data Raid: In Airline's Suit, PC Becomes Legal Pawn, Raising Privacy Issues --- Northwest
Mines Hard Drives Of Employees
Wall Street Journal
May 24, 2000
NORTH HOLLYWOOD, Calif. -- Each day, Ted Reeve pours his life into his home computer.
He spends hours reading news online, and dutifully records monthly payments for his Visa card
and Toyota Camry, along with ATM withdrawals at Ralphs grocery store. He regularly types up
notes -- from talks with his doctor, and one day wrote up an offer to his landlady to buy his
apartment building from her.
It never occurred to him that such personal data could be extracted and shared among strangers.
But that's what happened when his computer's hard drive was copied by two investigators
retained for his employer, Northwest Airlines. Working right in his living room with a program
called EnCase, they excavated every last bit and byte from his desktop hard drive.
As part of a court-approved search, the man and woman arrived at 11 in the morning on Feb. 3,
tugging a dolly carrying tool boxes and diagnostic equipment that banged at each step up to the
second floor of his duplex. They moved Mr. Reeve's PC from its usual place in his bedroom -near a red, cross-stitched sign that says "Home Sweet Apartment" -- and, with cover unscrewed,
spent three hours copying everything on the hard drive.
Northwest suspected that its flight-attendant union had used the Internet to run an illegal call-insick campaign to disrupt the airline, the country's fourth-largest. So the airline won a court order
to search 20 or so hard drives at flight attendants' homes and union offices.
"I didn't know your company could wholeheartedly ransack your computer," says Mr. Reeve,
who celebrated his 42nd birthday and 10th anniversary as a Northwest flight attendant last week.
The Northwest case shows how hard it is to protect privacy when hard drives become pawns in
litigation -- and how hard it is to handle the flood of data that can emerge. As people commit an
ever-growing pile of information to computers, their hard drives are becoming a digital mother
lode for lawyers. The issue moved into the spotlight when Kenneth Starr's prosecutors scavenged
Monica Lewinsky's computers and published what they found, including e-mails to friends and
unsent drafts of letters.
Now more federal courts are approving searches of home PCs for evidence in civil cases. But it
isn't easy drawing limits around a vast digital pool of data, and even safeguards put in place by a
federal judge can fall apart as a legal battle speeds up or heats up.
15
Swamped by the files unearthed from just the first few computers in its search, Northwest
complained to one judge that printing each document found inside the workers' PCs would amass
a paper pile five times as tall as the Washington Monument, which stands 555 feet.
In the unresolved dispute, both sides have been caught off-guard by the magnitude of the data
haul. And so, apparently, were the two presiding judges and Northwest's investigative consultant,
Ernst & Young, whose cutting-edge computer -- forensics lab is run by the former chief of
computer-crime investigations for the U.S. Air Force.
The latest technology makes it easy to extract most deleted files, fragments of Web searches and
a host of other data from a PC. Deep in the recesses of the hard drive -- the massive repository
sometimes heard groaning as a computer starts up are untold numbers of documents and records
of digital actions that many computer owners believe had long since vanished into the ether:
forgotten drafts of notes never sent, deleted e-mails, Web pages visited by the owner or anyone
who happened to tap the keys.
Almost everything is kept somewhere on the hard drive. Not until there is no nook or cranny left
on it do the deleted files typically get overwritten. And many computers never reach that point.
The "C" drive of Mr. Reeve's four-year-old computer had 4.36 gigabytes of memory, capable of
storing more than a dozen sets of the 32-volume Encyclopedia Britannica. He believes the drive
wasn't full.
Mr. Reeve and Kevin Griffin, a Honolulu-based flight attendant, accuse Northwest in documents
filed with the court of launching a "fishing expedition" that violated their privacy. Trying to wade
through an ocean of documents under a fast-track discovery order, their lawyers say in a
statement that they were forced to turn over "hundreds or even thousands of pages" that were
irrelevant to the order. Northwest says it had no interest in the personal correspondence and files
of its workers, but it was entitled to any evidence related to a sick-out conspiracy.
The story of Mr. Reeve and his disemboweled desktop began as the past century closed. The final
weekend of 1999 was brutal for Northwest schedulers. Between Dec. 30 and Jan. 2, anywhere
from 932 to 1,042 flight attendants called in sick every day, nearly double the number of the same
weekend in 1998, according to the suit Northwest filed in U.S. District Court in St. Paul, Minn.,
in early January. The airline and its 11,000 flight attendants have been locked in a contract
dispute stretching back to 1996. Even by scrambling to shift crews around, and calling on a pool
of reserves, Northwest still couldn't get 317 planes in the air.
Northwest was convinced that the sharp increase in absenteeism was an orchestrated protest
campaign by the flight attendants' union, the Teamsters Local 2000. For weeks leading up to the
weekend, Northwest had been watching anonymous postings on the local's own Web pages and
elsewhere. Messrs. Griffin and Reeve each ran personal Web sites concerned with union matters.
In Northwest's suit, it cited one anonymous message that appeared on Mr. Griffin's site Dec. 8.
"While not sanctioned by the union," the message said, "a sick-out en masse is one way the
company will be convinced that we are serious about an industry-leading contract." Northwest
asked the court to grant a restraining order to prevent the union from future disruption of flight
operations. Weighing the interests of the flying public, the court complied.
The flight attendants named in the suit denied fomenting any illegal work disruption. "Trust me, I
thought about calling in," Mr. Reeve says. "I think a lot of people were frustrated and took
matters into their own hands."
16
The airline negotiated an agreement on discovery guidelines with attorneys representing the union
officials, but not with Messrs. Reeve and Griffin, who are rank-and-file members. The parties
agreed to allow Ernst & Young to make copies of the hard drives and search for any
correspondence related to numerous specific subjects or groups, including Local 2000, "calling in
sick" and the Contract Action Team, or CAT. The period involved was limited to April 1, 1999,
to Feb. 8, 2000.
Ernst & Young was supposed to comb the drives using unspecified keywords, and hand over to
Northwest anything it turned up. At its National Computer Forensics Lab in Vienna, Va., Ernst &
Young routinely makes "mirror image" copies of hard drives. The drive itself, a stack of
magnetically coated platters spinning at blinding speeds, stores data on a microscopic scale.
Using sophisticated software, computer detectives can exhume even data nestled in remote, hardto-access areas, such as the "slack space" or "unallocated" parts of the thin disks.
David Morrow, who heads the lab, joined Ernst & Young in 1998 from the Air Force Office of
Special Investigations, where he directed the operation that processed computer evidence for
counterintelligence, and criminal and fraud cases. Using the court-approved guidelines, Mr.
Morrow, who led the Northwest project, said his team alone devised the keywords, and wouldn't
share them with Northwest or the flight attendants, according to a statement he filed with the
court.
Concerned about free-speech issues and the Internet, Paul Levy, an attorney for the Public Citizen
Litigation Group in Washington, agreed to represent Messrs. Griffin and Reeve. At a February
hearing in St. Paul, he argued that the keywords, to the extent he could learn them, were overly
broad. After learning that one was "flu," he argued that the tiny word would also snatch any
innocent or irrelevant file in which "the letters `f' `l' `u' happened to appear together in another
word, such as `influential' or `influx.'"
The search of just Mr. Griffin's and Mr. Reeve's computers proved formidable. "The responsive
data identified would consume 75,200 pages of paper," Mr. Morrow said in his court statement,
much of it nothing more than "unintelligible computer code." By discarding the documents with
gibberish, Ernst & Young cut the number to 22,500. The discovery process was further
aggravated because Northwest's attorneys were trying to amass evidence quickly for a Feb. 15
hearing, at which they would seek a more substantial ruling against the union, a preliminary
injunction.
Fighting erupted before the drives were even copied. When the parties met in the St. Paul court
on Feb. 1, Mr. Levy said Messrs. Griffin and Reeve hadn't been involved in negotiating the
search guidelines, and objected to them. Mr. Levy said the two had reviewed their own hard
drives "and because the computers had been used mostly for private and not work-related
purposes, they contained a vast array of personal material that should not be subject to inspection
by strangers."
He later argued that Ernst & Young couldn't operate neutrally. Aside from already being
Northwest's accounting firm, Ernst & Young also was retained by some of Northwest's lawyers to
do the computer analysis. Mr. Morrow, in his statement, responded that Ernst & Young acted
professionally in complying with the court's orders. "The Teamsters union negotiated extensively
on the procedures, and then agreed to Ernst & Young," says John Gallagher, an attorney for
Northwest with Paul, Hastings, Janofsky & Walker. "Everybody was on board except" Messrs.
Griffin and Reeve, he adds.
17
Magistrate Judge Arthur Boylan agreed that the computer-search procedure -- even though agreed
to by the other flight attendants -- didn't offer adequate protection. He suggested that Ernst &
Young proceed with determining which documents were responsive to the discovery request, but
then send them to lawyers for the defendants. They, in turn, could pluck out anything they
objected to, noting the specific reasons. Only then would the remainder go to Northwest.
The judge gave Ernst & Young 24 hours to search computers and produce the documents.
Defendants' attorneys got 24 hours to review them. The schedule proved impractical immediately.
On Feb. 3, the day Mr. Reeve's hard drive was copied in North Hollywood, two Ernst & Young
staffers flown in to Honolulu copied Mr. Griffin's computer files. Others descended on the Local
2000 office near the airport in Minneapolis.
Days passed before Ernst & Young delivered the first paper documents. The two sides bickered
about who was to blame for the delay, but in the end, the attorneys for Messrs. Griffin and Reeve
say they received their first batch on Friday morning Feb. 11, eight days after their computer
drives were copied. Over the weekend, boxes of documents arrived day and night.
"I got through the Friday morning delivery -- extremely rushed examination -- and basically what
I did was anything that might be discoverable I tried to turn over," Mr. Levy said at a hearing.
"Where a privilege wasn't involved, I just gave. They got much more because of the rushed
schedule they put me under." (At least one file related to Mr. Reeve's bid for his apartment
building, for instance, was apparently cleared for release to Northwest.)
At the same hearing, noting that the airline's attorneys had just been hit with an avalanche of
more than 6,000 documents from Ernst & Young, Northwest attorney Timothy Thornton pleaded
for more time to review them. "I think everybody was a little naive when we felt we could just
dive into these computers and make it simple," he said.
Anyway, he told the judge, rather than pursue the injunction immediately, the airline wanted to
devote its energy to new contract negotiations with the flight attendants.
Mr. Levy suspects something else. Noting that Northwest's legal team had been given several
thousand pages mined from the two flight attendant's computers to comb through, he concludes,
"The problem was there was no smoking gun."
Emboldened, lawyers for Messrs. Griffin and Reeve asked the court in March to reverse the
computer-search order, arguing a fresh angle: It had erred by not allowing the defendants to
search their own files and turn over relevant documents to the other side. That's normal discovery
procedure, and penalties are high if it is later proved that evidence was withheld.
The only exception, they said, was when a court was presented with evidence that documents had
been destroyed or the computer owner couldn't otherwise be trusted to do the search himself. In
one case they cited, a federal judge in Illinois last year allowed a computer expert hired by a
machinery company to inspect the PC of an ex-employee it was suing -- but only after he sought
to excuse the disappearance of certain electronic files by claiming his computer had "fallen off
my desktop on at least four to five occasions."
In their appeal, the two Northwest flight attendants argued that "because deleted materials can be
retrieved from computer storage, unlike conventional paper files, the material stored on personal
computers may be uniquely private, including thoughts never communicated to another soul."
18
For instance, among the documents Mr. Levy objected to was one called "rebuttal for court.doc,"
dated Jan. 8, 2000. His reason: "Griffin prepared it shortly after the lawsuit was filed . . . to
assemble his thoughts; it was intended for eventual communication to his attorneys.
"Although it was never sent to his attorneys, it is withheld because an invasion of his personal
computer and seizure of a memorialization of his thoughts about how to mount his legal defense
would violate his right of free speech under the First Amendment, his right of privacy under the
Fourth Amendment, and the attorney-client privilege."
"Everybody has a private side with a computer," Mr. Reeve says. "It's like putting part of your
brain in a box."
He says he thinks the airline really wanted to frighten employees, to prevent the Internet from
becoming a powerful organizing tool. "They have yet to turn up any evidence of conspiracy," he
adds.
"Our intention was to stop illegal activity," says Jon Austin, a Northwest spokesman. "We are
pleased that that activity did stop."
As for evidence on the drives, Mr. Gallagher, the Northwest attorney, notes that the airline agreed
to halt searches weeks ago to focus on contract negotiations with the union. Northwest's suit may
be dismissed if a vote on the resulting new contract, currently being tallied, is passed. If that
happens, he adds, "we'll never know what we might have discovered."
While Andrea Todd and Vincent King, the Ernst & Young computer team in Los Angeles, copied
his computer hard drives three months ago, Mr. Reeve, who earns about $35,000 a year,
videotaped them for legal protection. At one point, he cleared his coffee table, removing his white
"Ted" mug, to make room for the Ernst & Young equipment. Soon, on the firm's monitor, the
EnCase drive-copying software was displaying a series of commands that sound like missileguidance lingo, including "Locking" and "Acquire."
"I felt pretty damned violated. I couldn't figure out what crime I committed," he says. He adds,
"What I did is run a Web site, and got a very large company mad at me."
A hearing is set for next month on a request by Messrs. Griffin and Reeve to reverse the
computer-search order and immediately destroy the CD replicas of their hard drives.
"Maintenance of such copies perpetuates the potent chilling and intimidating effect of the harddrive discovery," they said.
When considering that request, the airline's reply said, the court shouldn't be swayed by
"defendants' hyperventilated accusations about `Big Brother' and Northwest's `intrusion' into their
private lives."
Credit: Staff Reporter of The Wall Street Journal
Case seven:
Hands Off My Genes
Wall Street Journal
19
February 15, 2000
Authors: By Matt Ridley
Last week President Clinton signed an executive order forbidding discrimination on genetic
grounds by the federal government, a probable step toward prohibiting genetic discrimination in
the private sector, too. He is responding to an understandable public unease at the way our genes
are being gradually exposed, for anybody to see, by efforts to map the human genome.
Various forms of genetic discrimination are already illegal. Sexual and racial discrimination
amount to genetic discrimination, since it is genes that differentiate sex and race. Given strong
evidence for the moderate heritability of homosexuality, even discrimination on the grounds of
sexual orientation could be seen as genetic discrimination.
A ban would simply move the prohibition deeper, from the visible surface expression of genes, to
the genes themselves. Though better genetic understanding will increasingly throw into question
our traditional ideas of meritocracy, a discrimination ban is necessary if we are to guarantee
privacy and avoid potential employer misuses of genetic information.
In one sense, the ban is only logical. It reinforces an important principle: Genes are private, not
public, property. A potential employer asking whether you have a genetic predisposition to heart
disease, cancer or mental illness would be invading your privacy. It is already theoretically
possible for an employer to ask candidates to take a genetic test for breast-cancer susceptibility
(the BRCA1 gene on chromosome 17) or for an elevated probability of Alzheimer's disease
(APOE-4 on chromosome 19). A lunatic employer could even ask to check whether the employee
has the version of the IGF2R gene on chromosome 6, which has recently been linked to high IQ.
In each case, the discrimination would be idiotic. The increased probability of cancer,
Alzheimer's or high IQ caused by these genes is very marginal and not the kind of thing that
would make a practical difference to job performance. Moreover, most such genes have their
effect only if an environmental factor is also pushing in the same direction. A genetic
predisposition toward alcoholism is meaningless, for example, in a person who does not
drink.
This last point is perhaps the best reason for a law. The ordinary employer may have a grossly
exaggerated view of the power of genes, thinking of them as implacable masters of fate.
Geneticists have been trying to correct this misunderstanding by stressing that the effects of genes
are just as complicated, contingent and partial as the effects of social factors. As James Watson,
first head of the Human Genome Project, remarked: "We talk about gene therapy as if it can
change someone's fate, but you can also change someone's fate if you pay off their credit card."
In fact, we can overcome the effects of genes. Dyslexia is probably an innate condition with a
strong genetic component, but that does not make it incurable. Ironically, it is the polemicists who
rail against genetic determinism who have done most to propagate the myth of genetic fatalism.
"To the biological determinists, the old credo `You can't change human nature' is the alpha and
omega of the human condition," wrote Steven Rose, Leon Kamin and Richard Lewontin in their
1984 book, "Not In Our Genes."
So, to prevent people with unrealistic ideas about the power and irreversibility of genes from
discriminating on genetic grounds is sensible, liberal and tolerant. But it is not an easy path, for it
trespasses on the whole idea of meritocracy -- a concept that is fundamentally genetic. Employing
somebody is almost always a discriminatory act. If the employer interviews the candidates and
20
chooses the one who shows the best ability, or the most cheerful personality, or the clearest
understanding, he is discriminating -- perhaps even discriminating genetically.
Suppose an employer is faced with two equally qualified candidates. One comes from a
privileged background, the other from a poor and illiterate family. Suppose the employer argues
to himself that the poor candidate deserves the job because he must have greater innate ability to
have gotten so far with such disadvantages. The employer is being admirably meritocratic, but he
is also being genetically discriminatory. That is the basis of meritocracy: Innate (i.e., genetic)
ability should overrule environmental factors like class privilege.
Nonetheless, it is fanciful to imagine a time, even decades hence, when an employer could learn
more about your abilities from a genetic test than from an interview. There are a few legitimate
reasons for asking to see a candidate's genes, and they could easily be dealt with by exemptions
from the discrimination law. A lifeguard, for instance, should not be employed in the open air if
he has a predisposition to skin cancer. Presumably, even today, lifeguard employers discriminate
against people with especially fair skin.
Despite these reservations, Mr. Clinton's instinct is right. As the contents of the genome unfold, a
vital principle must remain sacrosanct: Your genes belong to you. Your employer cannot ask to
see them without your permission, nor can your insurer, nor the government. Genetic privacy is
as vital a principle as other forms of private property.
Unless people have confidence in the privacy of their genes, they will not take genetic tests, and
they will thus forgo the benefits of new predictions, diagnoses and therapies. If we are allowed to
keep our genetic test results secret, we will indeed create major problems for the insurance
industry, as we rush out to buy policies for only the afflictions we are likely to get. But that is the
industry's problem, not ours. It is a problem we can deal with while still protecting private genetic
property.
--Mr. Ridley is author, most recently, of "Genome: The Autobiography of a Species in 23
Chapters" (HarperCollins, 2000).
Case eight:
U.S. Seeks to Halt Employee DNA Tests
Wall Street Journal
February 12, 2001
WASHINGTON -- The U.S. Equal Employment Opportunity Commission is seeking to halt
genetic testing of employees by Burlington Northern Santa Fe Railroad in a landmark lawsuit that
could establish a precedent concerning the nascent but controversial practice.
The suit, filed Friday in U.S. District Court for the Northern District of Iowa in Sioux City, seeks
to halt what it described as a nationwide policy of requiring employees who have submitted
claims of work-related carpal-tunnel syndrome, a repetitive-stress injury of the wrist, to provide
blood samples for DNA tests. The suit alleges that the company's program violates employees'
privacy rights and runs afoul of laws that prohibit discrimination against the disabled insofar as it
links employment decisions with DNA testing.
21
The commission's action against the railroad, a unit of Burlington Northern Santa Fe Corp., of
Fort Worth, Texas, is its first involving genetic testing. The suit alleges that employees weren't
told of the DNA test or asked to consent to it, and that at least one individual who refused to
provide a blood sample had been threatened with imminent discharge.
The samples were used for a DNA test for Chromosome 17 deletion, which some claim predicts
some forms of the disease, the agency said. The EEOC also asked the court to order the company
to halt any disciplinary action or termination of the employee who refused to submit a blood
sample.
Burlington Northern spokesman Richard Russack said the company in some instances requested
employees to undergo genetic tests "because there could be a predisposition within the body
chemistry of the individual" to get carpal-tunnel syndrome "that had nothing to do with work."
But he added that such tests aren't required, and there has been no disciplinary action or threat of
such action against any worker who refused the tests.
It's not clear how many employers are using genetic information when making hiring and firing
decisions. But with progress in mapping the human genome and the development of genetic tests
to determine predispositions for hundreds of diseases and disorders, concern is mounting that
employers, to cut health-care costs, could seek to get rid of employees with predispositions for
certain conditions.
Reliance on such tests is controversial, and the law governing their use is unsettled. There are
worries that workers subjected to such tests will face illegal discrimination and invasions of
privacy. Moreover, "We don't know how accurate genetic tests are for predicting genetic
conditions," said Vicky Whittemore, associate director of the Genetic Alliance, a Washingtonbased coalition of support groups for people with genetic disorders.
The Clinton administration issued an executive order last February prohibiting federal agencies
from discriminating against employees based on genetic information, and some two dozen states
have passed similar measures. Congress hasn't taken action on genetic testing, though it's looking
into the matter. The EEOC case could influence policy nationwide.
"This is the first time the EEOC is assertively coming forward in the legal realm to challenge
genetic testing," EEOC Chairwoman Ida Castro said. "It hopefully will begin to clarify this field
and send an important message to the employer community as to what type of genetic testing and
applications are unacceptable" under laws protecting against discrimination of disabled workers.
The EEOC is looking into a handful of genetic-testing cases. While it doesn't comment on active
cases unless they end up in litigation, the Genetic Alliance said the agency recently ruled against
an employer in one mediation effort.
In that case, Ms Whittemore said, a company fired an employee after learning that the employee
had been diagnosed with Alpha-1, a genetic condition affecting the lungs, even though she hadn't
developed any disabling symptoms. The EEOC has yet to mediate a settlement in the case, she
said.
In a survey by the American Management Association of more than 2,000 U.S. companies in
March 2000, only seven said they performed genetic testing. But about 16% said they tested for
"susceptibility to workplace hazards" -- testing that might not involve genetic tests -- and 18%
said they asked about family medical history.
22
Credit: Staff Reporter of The Wall Street Journal
Case nine:
EEOC Settles Genetics Suit With Burlington Northern
Wall Street Journal, April 19, 2001
WASHINGTON -- Burlington Northern Santa Fe Railroad settled the federal government's first
lawsuit against workplace genetic testing, agreeing that it wouldn't conduct any more genetic tests
on employees.
Burlington Northern, Fort Worth, Texas, also agreed that it wouldn't analyze blood it had
previously obtained; nor would it retaliate against employees who opposed the testing, the Equal
Employment Opportunity Commission said.
The commission filed the suit in February, alleging the railroad violated the Americans with
Disabilities Act when it secretly tested 18 workers who had filed claims for carpal-tunnel
syndrome.
"Our swift action in this case allows Burlington Northern employees subjected to genetic testing
to continue to work free of retaliation and future invasions of privacy," EEOC Chairwoman Ida
Castro said in a statement.
Burlington Northern had agreed in February to suspend testing. The commission must still
resolve several charges of discrimination filed against the company, and said it may seek
damages totaling as much as $300,000 per individual for more than two dozen workers who
either were tested or penalized for refusing.
Case ten:
Burlington Northern Is Locked in Privacy Fight
Wall Street Journal
Copyright Dow Jones & Company Inc May 17, 2000
Full Text:
Do you have a right of privacy for your Social Security number? How about your salary? A pair
of lawsuits has put Burlington Northern Santa Fe Corp. uncomfortably at the center of a debate
on these questions.
In one case, the railroad giant is suing a company gadfly over his threat to post on his Web site
the salaries and Social Security numbers of hundreds of its white-collar employees, including top
executives. Publicizing salaries would damage employee morale, the railroad contends, and
disseminating Social Security numbers could lead to credit-card fraud.
But in a people-who-live-in-glass-houses twist, Burlington Northern itself faces a suit alleging
that as part of an effort to crack down on overtime pay, the company publicized the salaries and
Social Security numbers of about 300 blue-collar track workers.
23
The two suits highlight the dual character of Social Security numbers, which many Americans
carry on their driver's licenses and write on their checks, but which also serve as a key piece of
information that institutions require to unlock reams of personal information.
Burlington Northern's problems began with an errant company e-mail. It landed on the screen of
William Purdy, a former Burlington Northern locomotive engineer fired for insubordination in
1990. For much of the past decade, he has afflicted his ex-employer, criticizing its safety
procedures and executive salaries.
Mr. Purdy's main platform has been his Web site, BNSF.org. On March 12, an outside consultant
to Burlington Northern mistakenly directed an e-mail to BNSF.org, instead of the company's
official site, BNSF.com. The message had an attached file containing the names, salaries and
Social Security numbers of about 800 railroad employees, all of which fell into the hands of an
amazed Mr. Purdy.
After learning that Mr. Purdy planned to put the information on the Internet, a number of
employees and the railroad itself rushed to federal district court in St. Paul, Minn., to seek a
judicial order stopping him. Paul Hoferer, general counsel of Burlington Northern's railroad
operating unit, said in an affidavit filed with the suit that publicizing salaries "is likely to be
detrimental to employee morale" and could "decrease productivity by distracting employees." Mr.
Hoferer also cited concerns about identity theft if Social Security numbers were posted on the
Internet.
Relying on Minnesota tort law, under which individuals can be found liable for "publication of
private facts," U.S. District Judge Donovan Frank issued a temporary restraining order
prohibiting Mr. Purdy from posting the Social Security numbers. The ruling allowed Mr. Purdy to
publish salaries, but only if they weren't linked to individual names.
But on May 5, the Eighth U.S. Circuit Court of Appeals, without explaining its reasoning, set
aside that ruling. Yesterday, Mr. Purdy posted what he said is the first digit of the Social Security
number of Robert Krebs, Burlington Northern's chief executive. Additional digits will follow, he
said, noting that his aim is to express his outrage at what he considers inappropriate company
actions following train accidents.
Burlington Northern, meanwhile, finds itself faced with allegations that it violated track workers'
privacy rights by disseminating salaries and Social Security numbers. A suit filed in U.S. district
court in Minneapolis on May 9 says the railroad distributed lists of the top 300 salaried workers
in the track department as part of an effort to crack down on excess overtime.
Gary Marquart, a longtime track worker for the railroad, says his overtime work in 1997 helped
him earn just over $100,000 that year, landing him the No. 3 spot on the list. The information
spread both inside and outside the company, including to his ex-wife, Mr. Marquart says.
Steve Forsberg, a company spokesman, denies violating workers' privacy. The overtime list, he
says, "was not meant to go outside the company."
Credit: Staff Reporter of The Wall Street Journal
24
Case eleven: Source: The Business Review (Albany, NY), Oct 8, 2001 v28 i27 p19(1).
Title: Workplace privacy: Balancing priorities.
Author: Robin Wood
Full Text COPYRIGHT 2001 Albany Business Journal, Inc.
Earlier this year, the town of Colonie planned to install a video surveillance system at its landfill
on Route 9. Joseph Stockbridge, the town's director of environmental services, said the cameras
would be used to improve the waste screening process, fiscal management of the facility and site
security.
The 120-acre landfill is difficult to monitor, he said. Camera eyes could substitute for human eyes
under certain circumstances.
It seemed like a good plan.
But many of the people working at the landfill thought otherwise. The plan "raised a lot of ire on
the part of employees," Stockbridge said. Employees had questions about the camera system's
purpose and who would have access to the tapes, he said.
The system was not designed to check up on employees, Stockbridge said. But if people were
caught doing something inappropriate, we weren't going to look away because a camera caught
them rather than a supervisor, he said.
Camera surveillance currently is on hold as the town reconsiders the program. But the main
problem wasn't employee resistance; the bid for the project came back much higher than
expected. Stockbridge said the town had estimated the nine-camera system would cost around
$25,000, but the contractor said it would cost $130,000.
Stockbridge still thinks the town can come up with a workable surveillance system, but wants
employees to be on board. "We have good, trustworthy employees, I don't want to make this
adversarial, he said.
Increasingly, employers are having to make tough decisions balancing workplace security and
privacy, said Joseph Masciocco, owner of Security Integrations Inc. in Albany.
When companies consider video surveillance systems, employees often are concerned about
privacy. But usually the systems are designed to protect workers, customers and property, he said.
Cameras and other security measures, such as card-controlled doors, are becoming more common
in many kinds of workplace environments, he said. People don't like the sense of being watched
all the time, but many are increasingly willing to trade some privacy for a greater sense of
security.
"It is almost never the case that we are hearing that we have to keep an eye on people because
they are not doing their jobs," Masciocco said.
But the Internet and e-mail have created new workplace distractions and new privacy concerns
for companies and workers.
25
Misuse of the Internet and e-mail can cost a business through reduced employee productivity, can
facilitate the theft of trade secrets and proprietary information, and potentially expose the
company to liability in sexual harassment cases, said Mike Popolizio, fraud division manager for
Camelot Computer Forensics in Albany, which specializes in recreating how computers have
been used, including recovering deleted or transferred files.
Many companies don't put technology-use policies into place until there is a problem, Popolizio
said. In some cases, companies would be "rudely surprised" to discover how much time
employees are spending surfing the Internet or playing games.
The technology exists to allow employers to track employee computer use very closely, Popolizo
said. It is even possible to capture individual keystrokes. But in most cases, that kind of approach
would be very expensive overkill.
Simply having policies that restrict the use of company property to company business and letting
employees know the company reserves the right to monitor computer use is an effective deterrent
to misuse in many cases, he said.
Privacy laws are still catching up to technological advances, said Andrew Rose, an attorney with
the Albany office of Nixon Peabody LLP. For example, the courts are still working out how
wiretap rules apply to e-mail, he said.
But in New York state, employers have pretty broad rights to control and monitor their own
property, including computer systems, Rose said. Effectively, when people go to work, they give
up some of their privacy rights, he said.
26