Feeds

Employee has no privacy on company computers, US court rules

What's yours is ours

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Employees do not have a reasonable expectation of privacy for material stored on computers owned by their employers, a US court has ruled.

The New Jersey court said that files on a work-owned computer can be accessed and searched if the company gives permission, even if the user does not.

The ruling came in the case of a man referred to as MA whose identity was kept secret because he has AIDS. He was convicted of stealing $650,000 from his employer while acting as a book-keeper there.

The actions came to light through warrantless searching of his laptop and desktop computers at work.

MA was convicted over the thefts but argued that his conviction was unsound because of the way the evidence was gathered. He said he had a reasonable expectation of privacy in relation to material on the computers at work which was password protected.

The Superior Court of New Jersey found otherwise.

"[MA] had no reasonable expectation of privacy in the personal information stored in his workplace computer," said Judge Marie Simonelli in her ruling. "Even if [MA] had a subjective expectation of privacy because he used a confidential password, that expectation was unreasonable under the facts of this case."

MA worked for Certified Data Products (CDP), which was a label making company owned by Joseph Braun, between 1997 and 2002 as a book keeper. He also assumed responsibility for the office's computer systems over time. MA ran a side business selling computers and supplied CDP with around ten machines.

MA had been transferring money from CDP to himself and to his mother as well as giving himself unauthorised pay rises which increased his salary from $40,000 to $125,000 a year.

Those pay rises were discovered in 2002 and Braun dismissed MA, who left the computers he had used for work and which were owned by the company behind.

Braun signed warrants permitting police to search those computers. The police discovered evidence of money being wired to MA and his mother and cheques being written to each of them by MA.

MA had covered his tracks sufficiently that it was never made clear exactly how much was stolen, but Braun was awarded a judgment of $769,631.51, which represented $655,935.95 in damages and the remainder in interest.

MA argued that the computers were his personal machines and not Braun's or CDP's, but the judge rejected those claims. In fact the court believed Braun's assertion that he had paid for the laptop twice. He had bought it from MA second hand for $500, but it emerged that it had originally been paid for on Braun's corporate credit card years earlier without Braun's knowledge.

The original judge had believed Braun over MA, and the Superior Court did too.

"We are satisfied the judge's factual and credibility findings are amply supported, and there is substantial credible evidence that Braun, not defendant, owned the computers," said Simonelli. "Because Braun owned the computers, he had the authority to consent to their search; and because Braun voluntarily consented to the search, the search was valid."

MA argued that he had a right to privacy because he had a private office and had put passwords on the computers to protect them from third party access.

The court relied on a previous case whose ruling said that someone who abandons property no longer has an expectation of privacy in relation to it.

The court found that MA had no expectation of privacy, even if he believed he did.

"Neither the law nor society recognize as legitimate [MA]'s subjective expectation of privacy in a workplace computer he used to commit a crime," said Simonelli.

If the same thing happened in the UK employers would be safe investigating the issue as long as they were convinced a serious incident had taken place, said Ben Doherty, an employment law specialist with Pinsent Masons, the law firm behind OUT-LAW.COM.

"If an employer had a reasonable suspicion that sombody had been stealing from them, whether £650,000 or £6.50, I would be very happy for them to go and look at that computer," said Doherty. "The way in which an employment tribunal looks at it is if an employer's actions have infringed an employee's individual rights, they're not overly concerned about that, provided that the evidence that they've found shows he's guilty."

Employees can have a right in the UK to use employers' facilities for private communication, within reason. This is usually covered by an employer's usage policy which must be adhered to, said William Malcolm, a specialist in privacy and data protection at Pinsent Masons.

"If your communications policy says you can use the system for reasonable personal use you do create an expectation of privacy," said Malcolm. "But if you suspect a crime or serious malpractice has gone on you should consider involving the police."

See: The ruling (23-page/88KB pdf)

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.