The Volokh Conspiracy

The difficulty some of the Justices had with pager technology in City of Ontario v. Quon yesterday reminds me of a passage in an article of mine on why judges should be cautious about applying the Fourth Amendment to new technologies. In the passage, I argue that judges are particularly likely to make errors in applying the Fourth Amendment to new technology because they are not well-situated to get a sense of the technology, its evolution, and the likely impact of potential Fourth Amendment rules. The argument goes on for several pages, but here’s a taste:

The task of generating balanced and nuanced rules requires a comprehensive understanding of technological facts. [C]ourts generally are not [well-equipped to develop such understandings].

The information environment of judicial rulemaking is usually poor. Judges decide cases based primarily on a brief factual record, narrowly argued legal briefs, and a short oral argument. They must decide their cases in a timely fashion, and can put only so much effort into any one case. In some contexts, these limitations do not impose a heavy burden on effective judicial rulemaking. Recall the automobile traffic stop cases. Because judges can readily understand traffic stops, a brief record and narrow argument is generally sufficient to allow judges to create rules governing the specific facts at hand.

In contrast, cases involving new technologies such as wireless networks, public-key encryption, and data-mining technologies raise more complicated issues. Judges struggle to understand even the basic facts of such technologies, and often must rely on the crutch of questionable metaphors to aid their comprehension. Judges generally will not know whether those metaphors are accurate, or whether the facts before them are typical or atypical given the technology of the past or the present.

These dynamics make it easy for judges to misunderstand the context of their decisions and their likely effect when technology is in flux. Judges who attempt to use the Fourth Amendment to craft broad regulatory rules covering new technologies run an unusually high risk of crafting rules based on incorrect assumptions of context and technological practice. The context of judicial rulemaking is unusually conducive to high rates of error when technology is in flux.

At today’s oral argument in City of Ontario v. Quon, several Justices took the view that whether Fourth Amendment “reasonable expectation of privacy” existed in the case depended in part on whether the disclosure violated the Stored Communications Act (SCA), an electronic privacy statute. That raises a surprisingly tricky question: Was the Stored Communications Act actually violated in the Quon case?

The Justices seemed to think the disclosure violated the Stored Communications Act, presumably because the Ninth Circuit had held that Arch Wireless was a provider of electronic communication service that could not disclose Quon’s messages to the government. But if the Justices conclude that the Fourth Amendment issue granted in Quon depends on whether the SCA was actually violated, then presumably the Ninth Circuit’s analysis isn’t law of the case (that is, binding on the Supreme Court) and the Justices need to do an independent analysis of whether the disclosure violated the SCA. That turns out to be quite uncertain, and I wanted to explain why.

Here are the facts. The city hired Arch Wireless to provide pager service, and then gave the pagers to individual police officers to use. Arch Wireless made copies of all sent and received text messages for billing purposes. The city later asked Arch Wireless for copies of the texts, and Arch Wireless then provided the transcripts to the city. The city looked through the transcripts, finding the non-work related text messages that led to the lawsuit.

So was the SCA violated? In the district court and the Ninth Circuit, the plaintiffs litigated the issue under the voluntary disclosure provisions of 18 U.S.C. 2702. Under that provision, providers generally cannot disclose the contents of communications it is holding, with a series of possible exceptions. The exception litigated below was 2702(b)(3), which says that disclosure is allowed:

with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;

The litigants in Quon agreed that the City of Ontario was the “subscriber” of the text messages, in that it had actually purchased the service, but that the city was not an “originator or an addressee or intended recipient of such communication.” As litigated in Quon, then, the legal question was whether Arch was acting as a “remote computing service” or an “electronic communication service” in its storage of the texts. If it was acting as a remote computing service, it could disclose to the City, as the City was the subscriber; if it was acting as an electronic communication service, it could not disclose to the City, as the City was not an “originator or an addressee or intended recipient of such communication.”

The Ninth Circuit concluded that Arch Wireless was acting as a provider of electronic communication service with respect to the stored texts, and therefore that it could only disclose with the consent of Quon, not the City. The court concluded:

We hold that Arch Wireless provided an “electronic communication service” to the City. The parties do not dispute that Arch Wireless acted “knowingly” when it released the transcripts to the City. When Arch Wireless knowingly turned over the text-messaging transcripts to the City, which was a “subscriber,” not “an addressee or intended recipient of such communication,” it violated the SCA, 18 U.S.C. § 2702(a)(1). Accordingly, judgment in Appellants’ favor on their claims against Arch Wireless is appropriate as a matter of law, and we remand to the district court for proceedings consistent with this holding.

I think the Ninth Circuit was right that Arch Wireless was acting as a provider of ECS, not RCS, for essentially the reasons that the Ninth Circuit explained. (Full disclosure: The Ninth Circuit cited one of my articles in support of its holding.) But I think the Ninth Circuit was wrong to end the analysis there. In particular, the Ninth Circuit failed to consider the next step in the analysis, whether Jeff Quon had consented to the disclosure as a matter of law under the workplace privacy policy, permitting the disclosure.

To understand this issue, you need to realize that the exception in 2702(b)(3) is a consent exception. This consent exception has generally been understood as adopting the standard of consent that Congress has used in its related statute, the Wiretap Act, and specifically the Wiretap Act’s consent exception found in 18 U.S.C. 2511(2)(c) and (2)(d). See LaFave, et. al. 2 Criminal Procedure 4.8(e) at 540 (3d ed. 2007). There is lots of litigation on the consent exception in 2511(2)(c) and (2)(d), and the lower courts have agreed that consent under the Wiretap Act is a pretty low standard: A person who receives notice that monitoring may occur “consents” to that monitoring by proceeding in light of notice. See,e .g., United States v. Willoughby, 860 F.2d 15 (2d Cir.1988); United States v. Workman, 80 F.3d 688 (2d Cir.1996).

As an aside, this low standard is the reason why you’ll often hear that “calls may be monitored for quality assurance” when you call a help number. By telling you that they may record the call, the companies are getting your consent to record the call, which they may need depending on whether your state Wiretap statute is a so-called “all party” consent statute or a one-party consent statute. Of course, this is sort of a weird kind of consent — is letting you know that they might do something really the same as getting your okay to do it? — but that is how courts have interpreted the consent standard in the analogous setting of the Wiretap Act.

If that same standard applies to the Stored Communications Act, which I think it does, then I would think that notice to Jeff Quon that the government does not give him any privacy rights in his government-provided pager should also generate his consent to the disclosure under 2702(b). If that’s right, then the Stored Communications Act was not actually violated: By giving Quon notice, the City obtained his consent, permitting Arch Wireless to disclose the texts to the City. Incidentally, that’s the conclusion a district court reached in a closely analogous case involving disclosed pager communications in a city-provided pager. See Flagg v. City of Detroit, 252 F.R.D. 346, 363-64 (E.D. Mich. 2008) (“Alternatively, even if the Court is mistaken in its conclusion that the service provided by SkyTel is an RCS, there is ample basis to conclude that the City nonetheless has an obligation to secure the requisite consent from its employees that would permit SkyTel to proceed with its retrieval of communications.”).

Now perhaps the SCA requires some sort of more specific consent, like consent to the disclosure specifically instead of a general waiver of privacy. But that’s a question that no court has considered, so we don’t really have any caselaw to go on there. So on the question of whether the SCA was actually violated in this case, I think the answer is, well, I don’t really know: It depends on the meaning of consent in 2702(b), and whether you think that consent standard is the same as the consent standard in the Wiretap Act.

To be sure, the consent issue wasn’t litigated in the Ninth Circuit. The parties made some somewhat puzzling litigation decisions below, and this argument didn’t come up. And if for some reason the lower court’s conclusion that the SCA was violated is binding on the Supreme Court, then so be it. But if a statutory violation is evidence of a constitutional violation on a theory that the statute is good evidence of what society thinks is reasonable, then a careful analysis of the statute itself suggests that it’s not at all clear that the statute was actually violated.

I was at the Supreme Court this morning for oral argument in City of Ontario v. Quon, the Fourth Amendment text messaging case. Here are a few thoughts from what I heard over the speakers from the Lawyer’s Lounge:

1) Based on the questions, the strongest proponent of Fourth Amendment protection in this case appeared to be Chief Justice Roberts. Yes, seriously. Chief Justice Roberts jumped out of the gate with very critical questions for the city’s lawyer, and offered mostly very friendly questions to the lawyer for Quon. My sense was that Roberts seemed to think that if you have a pager, and you’re communicating using it, it’s yours and you have privacy rights in those communications — subject to an allowance for reasonable searches, of course, but privacy rights nonetheless.

2) There was a lot of discussion of the Stored Communications Act, and whether breach of a statutory privacy law essentially created or at least helped make the case for a Fourth Amendment violation. I don’t think there was a real resolution of the issue, or that enough Justices tipped their hand on this, but there was a lot of discussion of it. As I’ve written here before, I don’t think the statutory questions should be part of the constitutional inquiry: Especially so with a hypertechnical statute like the Stored Communications Act. But there were at least some Justices (including Roberts, if I recall correctly) who seemed to think SCA violations were relevant to whether there was a constitutional violation.

3) More broadly, there was lots of discussion on the meaning of “reasonable expectations of privacy” in new network technologies. As Justice Alito noted, this is a new world of computers and network communications, with facts really different from what we’re used to: What do we look to in order to say when an expectation of privacy is “reasonable”? The Justices spent some time on analogies to postal letters, as well as possible differences among postal letters and text messages and e-mails. (As I noted last night, my own answer to these questions appears in this new article.)

4) Justice Breyer focused on the reasonableness of the search (Step 2 of the O’Connor test), suggesting that even if Quon and the others had a reasonable expectation of privacy in their communications, the City acted reasonably in accessing the pager transcripts and looking through them. That might end up being the best narrow way to resolve the case: If the parties all agree that we’re in O’Connor-reasonableness-land, and the search is deemed reasonable under that standard, then that would seem to resolve the case without getting into the issue of notice or expectations of privacy in text communications generally.

The Reply Brief in the Court’s only major Fourth Amendment case this term, the text-messaging case City of Ontario v. Quon, has now been filed and is available here. Here are a few thoughts on it.

(1) The parties focus significant attention on the Stored Communications Act, somewhat to my surprise. The Stored Communications Act (SCA) is the federal statute that governs access to e-mail and the like: The Quon case was originally litigated under both the SCA and the Fourth Amendment. Quon argues that the SCA helps create a reasonable expectation of privacy in the stored text messages. By creating statutory privacy rights, Quon argues, the SCA helped make any expectation of privacy “reasonable.”

I don’t think that’s a persuasive argument, with a possible caveat I’ll get to in a minute. As a general rule, I think statutory privacy laws have to be considered independently from the Fourth Amendment: The creation of statutory privacy laws cannot make an expectation of privacy constitutionally reasonable, and the absence of them cannot make an expectation of privacy constitutionally unreasonable.

The problem with the argument that statutory privacy laws can create a reasonable expectation of privacy is that it is only made when Congress legislates and intentionally rejects the standard of Fourth Amendment protection and opts instead only for lesser, sub-Fourth Amendment protection. After all, if Congress created a right coextensive with the Fourth Amendment, the Fourth Amendment rule would never be reached: Under the principle of Constitutional avoidance, courts generally would resolve cases on statutory grounds rather than constitutional ones. Thus the argument for statutory creation of Fourth Amendment rights is invoked only when Congress has enacted privacy protection less than the equivalent Fourth Amendment standard. This creates a problem, as the argument then becomes that Congress’s rejection of the Fourth Amendment standard but recognition of lesser privacy as a matter of statute should be read as forcing the courts to embrace the greater Fourth Amendment standard. That would be pretty odd, I think.

Plus, presumably it would create a two-way street: The Supreme Court would have to start looking to Congress to see if there is a statutory privacy law, and that if there is no such law, that should be evidence that no reasonable expectation of privacy exists even if the Court were otherwise inclined to recognize one. And what if Congress enacts a law giving sub-Fourth Amendment protection, the Supreme Court uses that to say there is Fourth Amendment protection, and then Congress, preferring no standard to the constitutional higher standard, repeals the statute? If the legislation really matters, then the Supreme Court presumably should have to rethink its earlier decision and likely reverse itself, right? And what if after the Court reversed itself, Congress reenacted its original law — should the Supreme Court take that as a sign that the expectation of privacy is reasonable again, or only that Congress wants the Supreme Court to go away so Congress can have its modest level of statutory protection? I think the only way to avoid these problems is to say that statutory protections and constitutional protections are independent.

Now I said above that there was a possible caveat, and the caveat is this: The two parties in Quon both agree that Quon’s rights are governed by the government workplace rules of O’Connor v. Ortega, and specifically the standard of Justice O’Connor’s plurality opinion in that case. That matters because, as I have said before, Justice O’Connor’s plurality opinion offers a version of the reasonable expectation of privacy test for government workplaces that is simply different from how the test applies elsewhere. (The briefs unfortunately miss this point at times; they cite and rely on cases from the traditional setting together with cases applying the O’Connor plurality standard.) Once you agree you’re in O’Connor plurality-land, the key question becomes the policies and operational realities of the workplace, and becomes at least theoretically possible that background principles of federal privacy law are relevant to that. But this is only a possible caveat, not a real one, as there is a record from below as to what the policies and operational realities of the workplace are in this case. Background statutory privacy rules may shape that in some probably minor ways, but what matters is the factual question of the policies and the operational realities of the workplace actually are, not the legal question of how the privacy statutes are supposed to work. So in the end, I’m brought back to the earlier point: The SCA arguments shouldn’t matter to the resolution of this case.

(2) The tail end of the reply brief (pgs 28-34) focuses on the issue that I think is the really tricky question in the case: The rights of the other plintiffs who were communicating with Quon, a question I blogged about extensively here. The reply brief pretty mostly repeats the same argument as the merits brief: That the folks communicating with Quon really should have known that he had no privacy rights, and they shouldn’t have expected privacy communicating with someone who they should have known had no privacy rights. The reply brief also essentially adopts DOJ’s argument that Arch Wireless is the city’s agent, so the arrival of the text message at the computers of Arch Wireless is essentially “delivery” of the text messages. As I explained before, I don’t think these arguments are persuasive: I’m sticking to my earlier view that the Court would be best off coming up with a way to avoid having to answer this question.

One related point: The Reply brief argues that everyone knows that government employees have no privacy rights in their text messages because everyone knows that government workplaces have policies that take away such privacy rights. I don’t think that’s right, though. My experience is a little dated, but back when I was at DOJ, from 1998 to 2001, I spent a lot of time talking to different government agencies about their workplace monitoring policies. I also participated in a lot of meetings on what DOJ’s policies should be. My overall impression from this experience is that workplace policies varied dramatically. Some government offices had policies that eliminated rights. Other government offices should have had such policies, but were so disorganized that they didn’t. Other offices opted to have much narrower waivers, and some had no waivers at all. See, e.g., Leventhal v. Knapek, 266 F.3d 64 (2d Cir. 2001) (Sotomayor, J) (concluding that a state DOT employee had a reasonable expectation of privacy in his workplace computer because there was no workplace policy eliminating rights or any practice of searching computers). Generalizations were hard to make: The government was so vast, and policies so office-specific, that you couldn’t generally know what the policy was going to be in any particular office.

The announcement of the cert grant in City of Ontario v. Quon means that the Supreme Court will revisit for the first time the splintered decision in O’Connor v. Ortega, 480 U.S. 709 (1987), that created the modern framework of public employee privacy rights. That raises the possibility that the Court might change the basic legal standard that lower courts have applied since O’Connor, shaking up the rules in this area that have long been considered settled. I wanted to blog a bit on what that means and why it matters.

Let’s start with private-sector employee rights. When a criminal investigation arises in the private workplace setting, there are three basic players: the Employee, the Boss, and the Policeman. The Boss is free to search the Employee’s space because the Boss is a private actor who is not regulated by the Fourth Amendment. On the other hand, the Policeman can’t enter the workplace without a warrant or the third-party consent of the Boss. Under the Fourth Amendment, we say that the Employee has a reasonable expectation of privacy in the workplace — at least the workplace not exposed to the public, such as the open areas of a store. At the same time, the Boss has very broad third-party consent rights to let the Policeman come in and search.

Now consider what changes in the setting of government employment. The Boss and the Policeman are now on the same team. They are both “the Government.” And the precise lines between the Boss and the Policeman may be hard to draw. If you go up the chain of government employment, you quickly get to the Boss who has both work-related control of the office and also control of criminal investigators or security officers who have the power to investigate workplace crimes. In effect you now have two players instead of three: the Employee and the Boss-With-A-Badge. So what should the rules be? How should the Fourth Amendment apply?

In O’Connor v. Ortega, the Court split three ways on the issue. Four Justices created a new sui generis approach to applying the reasonable expectation of privacy test in the public workplace setting, combined with the “special needs” exception allowing reasonable warrantless workplace searches. See Plurality Opinion of Justice O’Connor joined by Rehnquist, White, & Powell. Under the sui generis approach, Fourth Amendment rights are more modest in the government workplace than elsewhere: Employees lose their rights if they share their space with other employees or a workplace policy says they have no privacy rights. One Justice rejected this somewhat watered-down approach to privacy and applied the traditional private workplace approach to the reasonable expectation of privacy test – but then agreed that the “special needs” exception applied. See Concurrence in the Judgment of Justice Scalia. Finally, four Justices offered a somewhat jumbled view as to which approach to the REP test they followed but then rejected the “special needs” exception. See Dissenting Opinion of Justice Blackmun joined by Brennan, Marshall, & Stevens.

Lower courts trying to make sense of O’Connor have treated Justice O’Connor’s plurality opinion as the binding standard — and in particular the sui generis “reasonable expectation of privacy” standard, on which the plurality and concurrence disagreed. Exactly how you get there is sort of tricky, though. It’s somewhat hard to subject the O’Connor opinions to a Marks analysis. If A needs to win both points to beat B, and both the plurality and concurring opinions say A loses because while A beat B on point 1, B beat A on point 2, which should be the controlling opinion under Marks: The 4-Justice plurality opinion that took a narrow view of why A beat B on the first point, or the 1-Justice concurring opinion that took a broad view of why A beat B on that first point? The question makes my head hurt. So courts have mostly just figured that four Justices is more than one and that they should follow the analysis in the concurring opinion.

But the Supreme Court won’t have to do that in Quon. And of the five Justices on the winning side in O’Connor, only the one-vote concurring Justice, Justice Scalia, remains on the Court. That raises the possibility that the Court will revisit the sui generis approach to public employee privacy introduced in O’Connor v. Ortega that has been applied in the lower courts for the last 20 years. It’s just a possibility: The Court could just take the framework as given (and as likely offered by the parties) without reopening the O’Connor question. But the divided opinions in O’Connor suggest that Quon may be important less for what it says about Fourth Amendment rights in new technologies than what it says about the future of government employee privacy rights.