When the United States Supreme Court handed down its decision Riley v. California, a Fourth Amendment criminal case, we suspected it would not be long before the rationale in that case concerning the privacy interests individuals have in cellphones would be more broadly applied. In late June, a federal district court in Connecticut denied a request by two former employees to inspect six years of cellphone data for ten other employees on cellphones that either were provided or paid for by the employer. Bakhit v. Safety Marking, Inc., D. Conn., No. 3:13-CV-1049, June 26, 2014. The plaintiffs were interested in text messages, e-mails, and other information and data, including metadata, that might provide evidence of racial and other discrimination.
Justice Robert’s language in Riley raises interesting parallels in the civil context when thinking about cellphone and mobile device privacy and security, particularly in an environment of more widespread use of “Bring Your Own Device” (BYOD) and cloud computing platforms. For example, the decision acknowledges:
Cell phones differ in both a quantitative and a qualitative sense from other objects that might be kept on an arrestee’s person. The term “cell phone” is itself misleading shorthand; many of these devices are in fact minicomputers that also happen to have the capacity to be used as a telephone. They could just as easily be called cameras, video players, rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, or newspapers…
An Internet search and browsing history, for example, can be found on an Internet-enabled phone and could reveal an individual’ s private interests or concerns—perhaps a search for certain symptoms of disease, coupled with frequent visits to WebMD. Data on a cell phone can also reveal where a person has been…
Mobile application software on a cell phone, or “apps” offer a range of tools for managing detailed information about all aspects of a person’s life. There are apps for Democratic Party news and Republican Party news; apps for alcohol, drug, and gambling addictions; apps for sharing prayer requests; apps for tracking pregnancy symptoms; apps for planning your budget; apps for every conceivable hobby or pastime; apps for improving your romantic life. There are popular apps for buying or selling just about anything, and the records of such transactions may be accessible on the phone indefinitely. There are over a million apps available in each of the two major app stores; the phrase “there’s an app for that” is now part of the popular lexicon. The average smart phone user has installed 33 apps, which together can form a revealing montage of the user’s life.
Citing some of the same language quoted above, Magistrate Judge Holly B. Fitzsimmons found the Supreme Court’s observations about cellphone technology and privacy interests reinforced her own conclusions that the request by the plaintiffs in her case were overbroad, and failed to exhaust other options to obtain similar information.
Businesses encounter a number of risks when they monitor and search devices used by employees, whether those devices are owned by the company or the employee. The acknowledgement by the Supreme Court of the unique nature of today’s smart communications devices has begun to heighten the scrutiny with which courts examine access to these devices, whether by other employees or employers. Surely, employers should be thinking more carefully about the nature and extent of searches they may conduct on these devices, but also whether their policies are drafted clearly enough to alert employees of the potential scope of such searches and the level of privacy employees can expect.