“Three can keep a secret, if two are dead.” – Benjamin Franklin
Private thoughts are a dying breed. You may recall the story of the city government of Bozeman, Montana, which mandated that job applicants turn over their social networking passwords. Another “give me (voluntary) access to your private life or I will hurt you” case has appeared, this time in a Houston’s Restaurant in New Jersey.
After the management at Houston’s learned that two servers, Brian Pietrylo and Doreen Marino, had set up an invite-only MySpace group as a venting forum for their dissatisfied peers, the bosses demanded that a hostess and member of the group, Karen St. Jean, give up the password. She did. They did not like what they read (e.g., “let the shit talking begin" “stupid corporate fucks" and "dick suckers"). And then management fired Pietrylo and Marino for failure to exhibit “a positive mental attitude.”
Pietrylo and Marino thought they might have a right as Americans to call their boss a son of a bitch, so they sued on invasion of privacy, wrongful termination in violation of free speech, wiretapping, and unauthorized access grounds. The judge threw out the free speech count and Pietrylo and Marion voluntarily dropped the wiretapping counts after it became clear that Houston's "did not intercept any electronic communications as required by the federal and state wiretapping statutes." (Opinion at p. 4) The court did not kick out the privacy claim as there was "a disputed issue of material fact as to whether St. Jean provided authorization . . . access the website." (Opinion at p. 12) However, the court cautioned that the privacy interests of Pietrylo and Marino "will be balanced against the employer's interests in managing the business." (Opinion at p. 11)
On June 18th, a jury found that the managers had violated federal and state telecommunication laws -- the federal Stored Communications Act (18 U.S.C. 2701-11) and the equivalent New Jersey statute (NJSA 2A: 156A-27) -- finding that they improperly pressured St. Jean for her password, accessed the MySpace group, and then acted on that information. These statutes protect "electronic data while it is in electronic storage" and make unauthorized access of that data illegal. The jury found in favor of the defendants on Pietrylo's and Marino's claims for invasion of privacy, finding that the plaintiffs had no reasonable expectation of privacy in the MySpace group. Thank god for technicalities, as this case against employer snooping likely fails but for the telecommunications protections. Even with this sorta happy (but not really) ending, I find myself terrified.
The trend of password querying was scary enough when it was limited to public employment. Now that it has spread to the private sector, I am at orange alert. The time has come for a blanket prohibition on employer mandated disclosure of cyber identities. If we allow the practice, the boss will always have the power to pressure employees to volunteer for a head-spinning cyber possession/debriefing. When it comes to private passwords at the work place, it should be “Don’t Ask, Don’t Tell.”
A password gag order from on high is necessary, even in light of Pietrylo’s recent victory. Pietrylo prevailed not on any First Amendment grounds (there is no state actor here), but merely because the company was viewed by the jury as coercing St. Jean into providing managers with her password to access the private page.
If instead Houston’s had an explicit policy requiring employees to print out and hand over posts concerning work in exchange for continuation of the at-will employment relationship, the case might have gone the other way. New Jersey courts have typically read NJSA. 2A:156A-27 as a narrow protection of “transmission.” White v. White, 344 N.J. Super. 211 (N.J. Super. Ch., 2001).
How much would you like to wager that most corporate offices WILL NOT begin to include “work-volunteer-print” clauses in their form contracts? Or that when the first batch of these unconscionable contracts hits the front lines, the workers of the service industry (what with their immeasurable bargaining power in this bull-economy) will reject the anti-privacy clause? At this rate, it won’t be long before we are required to attach copies of our keys and a standing invitation to enter to any job application.
Benjamin Franklin assumed that secrets would survive in private thoughts. He could not predict a world where only a password would shield personal diaries from public view. If our dear kite flyer were alive today, his proverb on secrecy would be slightly less elegant: “Three can keep a secret, if two are dead and the surviving one does not willingly give his/her MySpace, Facebook, Gmail, etc. password to his/her employer(s) or sign an employment contract that requires disclosure and explicitly created a diminished expectation of privacy.” Just doesn’t have the same ring to it. For the good of the proverb (and incidentally, ourselves), we should protect our right to our private lives by banning password querying.
(Andrew Moshirnia is a rising second-year law student at Harvard Law School and a CMLP legal intern.)