A federal appeals court ruled this weekthat companies can’t read your e-mail or instant messages without your permission if you or your employer are using an outside service provider.
That covers, for example, e-mail sent via Gmail or chats via AIM. And it even covers you if the employer outsources the provision of e-mail or chat and provides you with the PC, laptop, phone or pager. As part of the ruling, the court also prohibited contracted companies from providing e-mails or IM logs if they’re requested by the companies that are their customers.
One of the three judges in the case, Judge Kim McLane Wardlaw, said that employees can, should and do carry an expectation that personal text messages and e-mail are as private as letters and telephone calls. This ruling in general and Wardlaw’s comments in particular inject a little bit of sanity into how the law and the government treat e-mail and chat e-mail.
For the past several decades, the conventional legal wisdom has been that anything written could be fair game for employer or government snooping, but anything spoken is not. So, for example, companies can and do read your company-maintained e-mail and instant messaging, but cannot and don’t place microphones in the break room, hallways and bathrooms to record spoken conversations.
This radical distinction between words spoken and words written never made any sense. Even more problematic is the formation over time of a dangerous disconnect between what users think about the privacy status of e-mail and chat, and what their employers and courts do.
To users, personal e-mail — even if sent via the company’s network and e-mail servers — and especial chat are akin to random, casual spoken conversation (and therefore as privacy-protected speech). So people “drop their guard” via e-mail and chat, and make off-the-cuff, half-baked, comments. They vent, say things they don’t really mean or speak in a way that’s acceptable for a private conversation with a friend, but unacceptable professional business communication.
Later, some prosecutor with a court order goes fishing — or, more accurately, data mining — for evidence or patterns in the e-mail system. Entire lawsuits and other courts cases have been won or lost based on these comments which would never have been admissible or even discovered had they been uttered in the company parking lot or in the break room.
At a large company, you can find anything and everything somewhere in the e-mail system. When hundreds of thousands of people send millions of messages over many years — all the while believing those messages to be private — everything that can be said, will be said. These comments are easily exposed and highlighted in the context of some court case, and used to demonstrate, for example, that the company “tolerated a pattern of .”In ancient times (before the 1980s), there was a clear distinction between official company communication and personal or private communication. Official communication took the form of “memos,” which were created and intended to be part of the company record. Everything else — phone calls, personal chats, hand-written scribbles — were clearly understood to be unofficial, off-the-record and private.
E-mail gradually killed the memo. But I’d like to see it make a comeback. Here’s how it would work.
The software industry could create stand-alone memo software, or build in memo functionality into e-mail software, that very clearly brands or labels e-mails as official company memoranda. (In fact this already exists to some degree.) The sender — and the receiver — would understand the status of these electronic documents because they would be clearly marked as such. These would be backed up and retained in perpetuity, available to management and others in the company and admissible in court as evidence. Further, they would be encrypted and unavailable, including to IT staff (a recent surveyrevealed that one third of IT staff routinely use their admin privileges to read employee e-mail and other sensitive documents).
Then, the courts should go further than the 9th U.S. Circuit Court of Appeals did this week and rule that all regular e-mail and all text, including e-mail provided directly by employers, is protected, private speech. Only sender and receiver could legally read it. In other words, it would be treated exactly as many people assume it’s already treated, which is like casual spoken conversation.
This system would remove the current, unacceptable state of affairs where people believe their communication is private, then later someone comes along and says “gotcha! — we recorded everything!”
I applaud the court’s ruling this week, but let’s take it further. Bringing back the official company memo — both culturally and legally — would clarify to all parties what’s potentially public and what’s truly private.