Back to News & Commentary

Your Boss Shouldn’t Read Your Email

Catherine Crump,
Staff Attorney,
ACLU Speech, Privacy and Technology Project
Share This Page
July 16, 2012

Senator Charles Grassley got it right: officials at the Food and Drug Administration “have absolutely no business reading the private e-mails of their employees.”

On Sunday, the New York Times ran a lengthy story detailing how the FDA monitored the communications of its own scientists, including communications with members of Congress, lawyers and journalists. Those scientists had blown the whistle on what they believed were flawed internal procedures that led to the approval of unsafe medical imaging devices. The FDA engaged in a massive email monitoring campaign to read their communications—including their private, personal emails. The emails that the FDA collected included those of a former member of Senator Grassley’s staff, presumably because he had exchanged messages with one or more of the targeted FDA officials.

Most of the coverage in the Times article and other publications has focused on whether the FDA violated laws that protect government whistleblowers. And in fact, the federal government itself has stated that it is “highly problematic” for agencies to monitor employee communications with the purpose of targeting disclosures to government watchdog agencies about violations of the law or gross mismanagement.” Why? For the obvious reason that “such targeting undermines the ability of employees to make confidential disclosures.”

As important as the whistleblower angle is to this story, I think there is something larger going on here. The bigger question is this: what are government employers doing reading the mail in people’s personal email accounts in the first place?

While few courts have weighed in on email privacy issues, there are good arguments to be made that the Fourth Amendment’s prohibition on unreasonable searches and seizures prohibits the government from monitoring its employees’ private email accounts absent extraordinary circumstances. Just because a government employee accesses his or her email from work does not mean that he or she has forfeited her privacy interest in it. As a plurality of the Supreme Court has explained with regard to an employee’s luggage, handbag and briefcase:

An employee may bring closed luggage to the office prior to leaving on a trip, or a handbag or briefcase each workday. While whatever expectation of privacy the employee has in the existence and the outward appearance of the luggage is affected by its presence in the workplace, the employee’s expectation of privacy in the contents of the luggage is not affected in the same way. The appropriate standard for a workplace search does not necessarily apply to a piece of closed personal luggage, a handbag, or a briefcase that happens to be within the employer’s business address.

In other words, the Supreme Court has left open the possibility that full Fourth Amendment protections apply to an employee’s personal property, even when it is brought to work. And the analogy between luggage and personal email accounts is strong. Both are containers for personal effects. Both are generally sealed (through a zipper or lock, or password) to protect privacy.

But there is an even broader picture here to keep in mind: recent technological changes have made it cheaper and easier than ever before for employers to engage in surveillance of their workers. And many employers are eager to take advantage of these technologies to monitor and, more fundamentally, control their employees’ behavior at a granular level that was not previously possible. For example, my colleagues at the New York Civil Liberties Union are litigating a case in which the government attached a GPS device to a government employee’s private car and tracked his movements for a prolonged period of time, including when he was on a family vacation.

It is hard in these times of widespread economic distress for employees to take a stand against intrusive monitoring by their bosses. And that’s too bad. There is something depressing about the idea that full-grown adults must be subjected to routine surveillance of their activities in order to hold the jobs necessary to pay their bills and provide for their families. To be sure, there will always be some rogue employees who abuse the trust placed in them by their employers. But these are a tiny minority of cases.

The vast majority of us are honest. We are not widgets. We are people with personal lives that need to be managed from time to time during the workday —from being able to touch base with kids and partners, to consulting with medical professionals. It would be too bad if one side effect of the tremendously beneficial technological developments of the past 15 years included submission to increased quantities of surveillance in the workplace.

Learn More About the Issues on This Page