(Photo by iStockphoto.com / Webphotographeer)
The September 2008 guilty plea and resignation of former Detroit Mayor Kwame Kilpatrick after he lost his battle to avoid public disclosure of damning text messages is a resounding wake-up call for every employer: The time to address the impact of text messaging on the workplace has arrived.
Soon text messaging will join, and potentially surpass, e-mail as an indispensable business tool. Text messaging, however, is fundamentally different from most e-mail transmitted for business purposes. Except perhaps when an employee works for a text message provider, employee text messages never pass through a corporate communications network. Instead, they are stored with a third-party service provider whose disclosure of those messages is strictly limited by federal law.
Also, the messages often are transmitted using personal cell phones. Existing corporate electronic-resources policies are premised on the paradigm of e-mail typed on company-owned computers and transmitted through, and stored on, company-owned servers. They do not adequately serve employers’ interests when applied to text messaging.
Describing the growth of text messaging as explosive is an understatement. According to a recently published study by CTIA – The Wireless Association, 75 billion text messages were transmitted in June 2008, a 160% increase over the number transmitted in June 2007, and the total number of wireless users grew by 20 million during the same one-year period to 262 million.
Applying these numbers, the average SMS (short message service) user sends 286 text messages per month. Anecdotal research (i.e., questioning the author’s teenage children) suggests that adolescents, who will soon be the next generation of recruits, send anywhere between 1,000 and 6,000 SMS texts monthly. It is no wonder that the research firm Gartner predicts the number of transmitted text messages will increase to 2.3 trillion annually by 2010. Logic strongly supports the inference that as today’s teens enter the workforce over the next five to ten years, text messaging will be as commonplace a business tool as e-mail is today.
Text messaging is very much like e-mail in one critical respect: Workers transmit text messages that get themselves and their employers into trouble. In the case of former Mayor Kilpatrick, he denied under oath having an affair with his chief of staff and having fired a police officer who sued the City of Detroit for retaliation. After the police officer’s attorney obtained thousands of text messages exchanged between Kilpatrick and his chief of staff, the mayor engineered a deal intended to keep the existence and content of the text messages a secret from Detroit’s City Council and the general public.
When incriminating text messages made their way into the media in January 2008, Kilpatrick was charged with perjury, among other crimes, and the Detroit City Council commenced formal proceedings to remove him from office. On the second day of those proceedings, Kilpatrick pleaded guilty to two felony counts and resigned from office. Attorney fees and settlement payments in litigation related to the text messages cost the city millions of dollars.
Kilpatrick’s fall from power is just one of several recent cases in which text messages have been key to allegations of employee misconduct. In a wrongful termination action pending in Charlotte, N.C., the employer asserts that the plaintiff’s termination was proper because she sent text messages to a former subordinate that were threatening and filled with profanity. A terminated employee in Fresno, Calif., alleges retaliatory discharge after complaining about a text message from a male coworker that stated “I wanna fuck.” A plaintiff in San Bernardino County, Calif., claims that her supervisor sent her a text message stating “Will you practice First Aid on me?” For those who remember the infamous 1990s e-mail, entitled “Twenty Reasons Why Beer Is Better Than Women,” this is dejavu all over again.
These cases illustrate the critical need for employers to gain access to text messages. Because text messages are not stored on a corporate server, however, employers have no choice but to turn to the cell phone’s user, i.e., the employee, or to the service provider to obtain stored text messages. In many circumstances, asking an employee to turn over a cell phone for a review of stored text messages would be impractical.
An employee who is permitted to use a personal cell phone for business purposes will be loathe to reveal personal text messages and other personal information, such as a contacts list, to an employer. Additionally, in many investigations of workplace misconduct, employers do not want the targeted employee to know about the investigation until after it has been concluded.
Even when an employee is willing to give an employee access to the employee’s cell phone, the employer may not be able to recover pertinent text messages. While corporate e-mail servers, computer hard drives and back-up tapes store gigabytes – if not terabytes – of e-mail, a cell phone’s memory chip (known as the SIM card) generally stores a relatively minuscule number of text messages. Moreover, dated text messages are continually being deleted as new text messages are sent and received. For a user who sends or receives hundreds or even thousands of text messages daily, an employer most likely will not be able to retrieve text messages sent months, weeks or even days in the past.
Because of the practical limits on accessing text messages from the cell phone itself, employers often will need to resort to the third-party service provider to access those messages. However, the federal Stored Communications Act, or SCA, which regulates access to text messages stored with providers, generally prohibits disclosure by the providers. The only exception that an employer may be able to invoke permits disclosure “with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of a remote computing service.”
The non-italicized language means, in the employment context, that the employer must have the consent of the employee, who will be the “originator,” “addressee” or “intended recipient” of the text message, before the provider can lawfully disclose stored text messages. Satisfying a service provider that the employee has provided lawful consent most likely will require the employee’s affirmative written authorization for disclosure of stored text messages.
Given that the act is a criminal statute, which also provides significant civil remedies, it is highly unlikely that a service provider would be willing to disclose text messages based on an employee’s acknowledgement of a corporate electronic-resources policy, particularly one in which the employer “reserves the right” to monitor employee communications only over the corporate network. Consequently, this exception would be rendered useless if the employee refuses to consent, is dead, can no longer be located or is implicated in an investigation that the employer does not wish to disclose to the employee.
Of course, an employer could invoke the italicized portion of the exception – “with the lawful consent of . . . the subscriber in the case of a remote computing service” – and ask the provider to disclose an employee’s text messages without first obtaining the employee’s consent. The provider, however, could lawfully comply with that request only if the employer is the “subscriber,” the text messages are not stored with the employee’s cell phone service and the provider is a “remote computing service.” Significantly, if the service provider is not a “remote computing service,” then it cannot lawfully disclose the employee’s text messages, even though the employer is the subscriber. What exactly is a “remote computing service”? Thus far, the definition has varied by legal jurisdiction.
A case decided by the 9th U.S. Circuit Court of Appeals – Quon v. Arch Wireless Operating Company – demonstrates the critical importance for employers to properly determine whether the corporate cell phone provider is a “remote computing service,” a term that may have had a commonly understood meaning when the SCA was enacted in 1986 but has since dropped completely from everyday parlance. [The Supreme Court recently agreed to review this case.]
In that case, the City of Ontario, Calif., Police Department issued two-way pagers to its SWAT team members and paid for the text messaging service through Arch Wireless Operating Co. Arch billed the city a fixed monthly charge for the first 25,000 characters per officer and an overage charge for each character exceeding the limit. Sgt. Jeff Quon exceeded the 25,000-character limit on several occasions, partly because he was using the city’s two-way pager for salacious chats with a woman who was his mistress and, separately, with his erstwhile wife. Quon paid the overage charge, and the officer responsible for overseeing the program, Lt. Duke, in accordance with his practice, refrained from auditing the content of Quon’s text messages.
The police chief subsequently ordered Duke to audit some of the text messages to determine whether the officers were using the pagers for personal purposes. Duke obtained from Arch the transcripts of Quon’s text messages, but without Quon’s consent. Word of the transcripts’ sexually charged content filtered through the police department and ultimately made its way back to Quon who, joined by his ex-wife and then-mistress, sued Arch for violating the SCA and the city for violating his privacy rights.
The federal district court dismissed the claims against Arch, holding that the provider had lawfully disclosed Quon’s text messages to the department because the city was the subscriber and Arch was a “remote computing service.” The district court reasoned that a remote computing service provides long-term storage of communications that is neither incidental to transmission nor for back-up protection.
When Arch printed the transcripts of Quon’s text messages from its archives, the messages already had been read, so the storage was not incidental to transmission. In addition, the archival storage was not for back-up purposes because the text messages had been transferred to the archive after Quon read them and were not retained anywhere else.
The appeals court rejected the district court’s reasoning. The 9th Circuit did not examine the specific function Arch performed when it printed the transcripts from its archives. Instead, the court held that, on the whole, Arch was not a “remote computing service” because Arch served as a “conduit for the transmission” of communications, whereas a “remote computing service” is akin to an “electronic filing cabinet.” In light of this conclusion, the appeals court reversed the dismissal of Quon’s claims against Arch for violating the SCA. The court ruled that Arch violated the SCA by disclosing Quon’s text messages to the department without Quon’s consent.
In the normal jurisprudential course, a reversed lower court ruling, like that in the Quon case, has little or no significance after the reversal. That is not the case with former Mayor Kilpatrick. The federal district court hearing the dispute over the disclosure of Kilpatrick’s text messages took the unusual step of rejecting the 9th Circuit’s reasoning in the Quon case and adopting the reasoning of the lower court that the 9th Circuit had refused to follow.
In the Detroit case, Flagg v. City of Detroit, the city had retained SkyTel as a text message provider, but by the time of the dispute over disclosure of the former mayor’s text messages, SkyTel no longer was providing text messaging services to the city. The court did not look at the general nature of SkyTel’s service as the 9th Circuit’s decision teaches, but rather at the nature of the storage of the text messages as the Quon district court had done.
Following this line of reasoning, the Detroit court concluded that because SkyTel no longer was providing service to Detroit, the text messages in SkyTel’s archives were solely for purposes of long-term storage, and not maintained incidental to transmission or for back-up purposes. As a result, SkyTel was a remote computing service and could disclose the text messages to its subscriber, the city, without Kilpatrick’s consent.
Most corporate electronic-resources policies, drafted before the text messaging explosion, provide employers with virtually no assistance when an employer needs to access an employee’s text messages. These policies rarely mention text messaging and, to the extent that they do, simply clump text messages with other methods of electronic communications without taking into account the integral role of third-party service providers, the possibility that an employee is using a personal cell phone or the existence of an employee’s own cell phone provider.
In light of these common shortcomings in many existing policies and the developments described above, employers should consider revamping their pertinent policies in several important respects.
If corporate culture and financial and administrative resources permit, employers should prohibit employees from sending business-related text messages other than through company-issued cell phones and the company’s cell phone provider. If employees already are using personal cell phones for business purposes, the employer should require the transmission of all business-related text messages, whenever practicable, through the company’s cell phone provider.
The employer should discuss with the service provider at the time of contracting whether the provider takes the position that it is a remote computing service, at least when the employer requests the disclosure of stored text messages. Given the uncertainty in the law, the provider may not be willing to commit to a position. Still, the employer is better off knowing the provider’s position at the inception of the relationship rather than receiving an unexpected denial of a request for disclosure of text messages that are critical to a corporate investigation.
Employers also should consider developing a policy for requesting an employee’s consent to access text messages stored on the employee’s cell phone and with the service provider. Such a policy could require that the employee sign a consent form as a condition to receiving a company-issued cell phone or in return for the company’s paying for the employee’s cell phone service.
Alternatively, the policy could inform employees that if a future need to access the employee’s stored text messages were to arise, the employer would request written authorization to access those messages whether stored with the company’s provider or on the employee’s cell phone.
The employer should consider whether to impose any limits on its requests for consent. Asking an employee to authorize access to text messages stored on the employee’s personal cell phone or with his provider raises more significant privacy concerns than a request to access text messages stored on a company-issued cell phone or with the corporate provider. An employer expecting significant resistance to such a policy could make it more palatable by requesting consent to access stored text messages only if there is reasonable suspicion that an employee has violated company policy or any federal, state or local law.
For many employers, the most difficult drafting issue likely will be whether and how the policy will address the consequences of an employee’s refusal to permit access to text messages. Employers can lawfully follow a forthright approach and expressly state that an employee’s refusal to consent could result in discipline up to and including termination.
A middle course would be a policy providing that refusal to consent will result in termination of the employee’s privilege to use a company-issued cell phone or the company’s refusal to pay or reimburse the cost of cell phone service. As a third alternative, the employer could address the issues on a case-by-case basis without committing to a specific position in its policy.
The substantial monetary and reputational costs to the City of Detroit, resulting from the demise of its chief employee, and the explosive growth in text messaging highlight the need for employers to address text messaging as a business communications tool.
Most significantly, employers need to be in a position where they can lawfully access text messages when the need arises. While the current legal environment creates significant uncertainty, employers can substantially mitigate their risks by updating their existing electronic-resources policies to explain to employees how and why the employer will access their text messages.
About the author: Philip L. Gordon is chair of Littler Mendelson’s privacy and data protection practice group. He litigates privacy-based claims and counsels clients on workplace privacy and security issues. He is the primary author of Littler’s privacy law blog.