[*] Rod Dixon is an attorney at the U.S. Department of Education, and is currently completing work toward an LL.M. degree in Labor Law at Georgetown University Law Center. (J.D. 1992 George Washington Law Center; M.A. 1986, University of Pittsburg; University of Pittsburgh in 1984).

[1] Digital technology can be used to efficiently express vastly different forms of information - such as factual databases, audio recordings, or electronic mail messages - on a desktop computer or across the Internet using bits of data in the form of computer 0s and 1s. Bits (or binary digits) are essentially the smallest and most fundamental units of digital technology data; each bit has a value of 0 or 1. The bits 0 and 1 represent off and on switches, which measure the presence or absence of electrical voltage in any given memory register of the computer. Since binary digits enable fairly easy digital expression and digital technology significantly expands the amount of data that can be processed on a single silicon chip, digital format has become the format of choice in electronics. See Rod Dixon, Profits in Cyberspace: Should Newspaper and Magazine Publishers Pay Freelance Writers for Digital Content? - - Tasini v. New York Times, 4 MICH. TEL. & TECH. L. REV. 5 (1998).

[2] So common is the use of digital technologies in the workplace, that this technology is now simply referred to as information infrastructure. This term of art is presumed to reflect the critical value of the underlying technologies that are used to maintain an organizations's personnel records, trade secrets, business plans, corportate strategy, customer lists - - information - - any information of value maintained in digital form. Notably, the White House and the Department of Commerce have begun to refer to the Internet as the National Information Infrastructure or the NII.

[3] Michael F. Rosenblum, Security vs. Privacy: An Emerging Employment Dilemma, 17 EMPLOYEE REL. L.J. 81, 86 (1991). Undoubtedly, employers have a strong interest in searching for new methods to make their employees more productive and for making the workplace safe. In this respect, some employers may justify the use of surveillance technology to improve employee performance, increase productivity, or increase worker safety practices; notwithstanding that such uses are usually challenged as pretextual excuses for monitoring employees, these uses are not the direct focus of this paper.

[4] Here, "surveillance" means employer controlled observation of employees to ascertain employee performance, behavior, characteristics, and other information by mechanical device or electronic means. This form of surveillance is automatic and unremitting. For example, monitoring devices that use computer technology can provide a means for an employer to view an employee's computer screen without the employee's knowledge. See Andrew M. Kramer & Laurie F. Calder, The Emergence of Employees' Privacy Rights: Smoking and the Workplace, 8 LAB. LAW. 313, 321 (1992) (citing Note, Addressing the New Hazards of the High Technology Workplace, 104 HARV. L. REV. 1898, 1903 (1991)) (noting technology that enables employers to count employees' keystroke and computer screen activity); Oscar H. Gandy, Jr., The Surveillance Society: Information Technology and Bureaucratic Social Control, 39 J. COMM. 61, 63 (1989) (noting that in addition to standard surveillance techniques, employers also use hidden microphones, video cameras, polygraph examinations, and computer programs designed to monitor productivity).

[5] Generally, although not consistently, courts weigh four factors to determine whether an employer's surveillance violates an employee's right of privacy: (1) the means that an employer used to acquire the information, (2) the employer's interest in obtaining the information, (3) the information's relevance to the employer's interest, and (4) the place of surveillance. Jeff Kray & Pamela Robertson, Comment, Enhanced Monitoring of White Collar Employees: Should Employers Be Required to Disclose?, 15 U. PUGET SOUND L. REV. 131, 144 (1991). In this respect, surveillance may not be actionable, if conducted in a reasonable, non-obtrusive manner with proper notice given to the employee. Pemberton v. Bethlehem Steel Corp., 502 A.2d 1101, 1117 (Md. Ct. Spec. App. 1985) (citing McLain v. Boise Cascade Corp., 533 P.2d 343, 346 (Or. Ct. App. 1975) and Forster v. Manchester, 189 A.2d 147, 151 (Pa. 1963) and Ellenberg v. Pinkerton's, Inc., 202 S.E.2d 701, 703-04 (Ga. Ct. App. 1973)), cert. denied, 508 A.2d 488 (Md.), and cert. denied, 479 U.S. 984 (1986).

[6] The "privacy law doctrine" is fully developed, infra. Essentially, the concept is a short-hand way of referring to the basic principles underlying most privacy laws - - whether the law emanates from constitutional sources, common law tort or statutory right.

[7] Most instances of digital surveillance are not well documented, but many have become well known as a result of wide-spread publicity. Alana Shoars, a former systems administrator at Epson America Inc., was discharged for insubordination when she complained that company supervisors were secretly monitoring the electronic mail messages of employees. Alyeska Pipeline Service Company, the employer of Charles Hamel, secretly recorded Hamel's telephone conversations at work and at home through the use of electronic listening devices unauthorized by AT&T when Hamel became an outspoken critic of the company. Micheal Barriere, formerly employed by Delco Systems Operations in Santa, Barbara, California, was dismissed by his employer when he reported that he had discovered that Delco was furtively wiretapping and intercepting voice mail and e-mail communications of employees. Rebecca Huls, the electronic surveillance monitor for USAA Insurance Corporation, was discharged by USAA when she began monitoring management telephone conversations as well as employee calls. See, Robert Ellis Smith, WAR STORIES, vol. 1, 1993.

[8] Perhaps the most evident examples of mistaken societal assumptions about the uses of digital technologies are contained in lower court findings involving intellectual property issues and the Internet. There are an unusually large number of recent court decisions that have been criticized by commentators who reveal how those decisions were based on inaccurate assessments or entirely unfounded assumptions about the technology at issue. For similar reasons, Congress removed jurisdiction over patent cases from the various Federal circuit courts and created an ostensibly specialized court, the Federal Circuit Court of Appeals, to review appeals in patent cases. This is not to say that employment cases involving technological issues should be adjudicated by specialized courts. Rather, the point is simply to illustrate how the development of the law may be hindered or even corrupted when courts, or society, in general, hold mistaken assumptions about the uses of technology.

[9] Telephone monitoring is a standard method of employer monitoring. Supervisors may listen in on employee telephone calls or record conversations for later, more deliberate review. An employer may also electronically ascertain the party called and the number and duration of calls made by an employee or rely on advanced electronic monitoring devices by employing hidden, high-powered microphones and voice-activated tape recorders to record office conversations between and among employees. In addition, the technique referred to as computerized work measurement refers to the practice of monitoring an employee's computer screen as he works and collecting data about the employee's work performance for later review. See Gene Bylinsky, How Companies Spy on Employees, FORTUNE, Nov. 4, 1991, at 131.

[10] At bottom, the law of privacy should inform and remind us that the invasive nature of high technology supports the notion that vigilant protection of the right of privacy must encompass the basic principle that personal autonomy and individual dignity do not become less important simply because the individual has entered a workspace. See, Rod Dixon, Windows Nine-To-Five: Smyth v. Pillsbury and the Scope of an Employee's Right of Privacy in Employer Communications, 2 VA. J. L. & TECH. 4 (1997).

[11] For example, a Federal court in Maryland determined that terminating an employee for surreptitiously tape-recording conversations with his supervisors constituted a legitimate, non-discriminatory reason for discharge. In Bodoy v. North Arundel Hospital, 945 F. Supp. 890 (D. Md. 1996) the plaintiff, Angelo L. Bodoy, contended that his former employer, North Arundel Hospital (the Hospital), discriminated against him on the basis of his race and national origin in violation of Title VII of the Civil Rights Act of 1964 (Title VII), 42 U.S.C. 2000e (1994) and 42 U.S.C. 1981 (Section 1981). The Hospital moved for summary judgment on the retaliatory discharge claim, arguing, inter alia, that it terminated Bodoy for a legitimate, non-discriminatory reason -- the fact Bodoy surreptitiously tape recorded conversations between himself and his supervisors in violation of Maryland's Wiretap and Electronic Surveillance law, MD. CODE ANN., CTS. & JUD. PROC. 10-401 to 10-414 (Michie 1995). The court granted summary judgment, agreeing with the Hospital. Employers also have successfully pursued state statutory claims against employees who record conversations at work without the consent of all parties.

[12] Citicorp's massive private computer network spans 90 countries and is used by its employees to process over $3 trillion a day in transactions. AT&T Wins Contract to Run Citicorp's Global Data Network, WALL ST. J., March 10, 1998 at B8.

[13] Another troubling aspect concerning the use of digital technology in the workplace involves the growing use of digital technologies by employees that enhance employee performance, but are devices owned by the employee. While employers may favor the use of electronic devices such as Personal Digital Assistants (PDAs) and other handheld devices that enable employees to maintain organized schedules and increase their accessibility when they are on travel assignments, most workers who use their own electronic devices maintain personal as well as business related information on these devices. The curious problem this poses is whether an employer may permissibly "sneek-a-peek" at the data on these devices when they are connected to the employer's computer network? See, e.g., Michael Schrage, IS Troubles: of graying hair...and grayer areas, COMPUTERWORLD, March 23, 1998 at 37 (arguing that electronic devices like the PalmPilot, which is popular among techno-oriented employees, require periodic connections to a PC and, thereby, may give the employer an unfair opportunity to read personal employee data).

[14] "Surveillance Technology" covers a vast range of products and devices but the overall trend is towards miniaturization, more precise resolution through the adoption of digital technology and increasing automation so that the technology can be more effectively targeted. Today, it is possible to quickly build up a comprehensive picture of virtually anyone by gaining electronic access to their records. For instance, automatic fingerprint readers are now common place in many companies. There is also a plethora of devices, many pre-packaged to fit into phones, look like cigarette packets or light fittings and some, like the ever popular PK 805 and PK 250, that can be tuned into from a suitable radio. For example, the multi-room monitoring system of Lorraine Electronics called DIAL (Direct Intelligent Access Listening) allows an operator to monitor several rooms from anywhere in the world without effecting an illegal entry. Up to four concealed microphones are connected to the subscribers line and these can be remotely activated by simply making a coded telephone call to the target building. Neural network bugs go one step further. Built like a small cockroach, as soon as the lights go out they can crawl to the best location for surveillance. In fact, Japanese researchers have taken this idea one step further, controlling and manipulating real cockroaches by implanting microprocessors and electrodes in their bodies. The insects can be fitted with micro cameras and sensors to reach the places other bugs cannot reach. Millimeter Wave Imaging developed by the US Millitech corporation can scan people from up to 12 feet away and see through clothing to detect concealed items such as weapons, packages or other items. Variations of this through-clothing human screening (used by companies such as the US Raytheon Co.), include systems which illuminate an individual with a low-intensity electromagnetic pulse. A three side very-low X ray system for human useage, in fixed sites such as prisons, is being developed by Nicolet Imaging Systems of San Diego. Electronic monitoring of offenders or 'tagging', where the subject wears an electronic bracelet which can detect if they have relocated from their home after Satellite tracking is now facilitated by the once military Global-Positioning System(GPS), which is now available for commercial uses. See, STATEWATCH, October, 1996, pp. 6-7.

[15] In Coulter v. Bank of American National Trust & Savings Ass'n, 33 Cal. Rptr. 2d 766 (Cal. Ct. App. 1994), a California appellate court held that an employee violated California law by secretly taping meetings with the employer without the employer's consent, when the employer "expected the conversations to be private." Id. at 771. In so ruling, the court affirmed an award of over $130,000 against the employee. Although the employers in these two cases seem to have relied upon state laws as a basis for worker discharge and discipline, the existence of a relevant state law is not necessarily critical in a jurisdiction that follows an at-will employment doctrine. In an at-will jurisdiction, assuming no other cause-of-action was relevant, employees could be discharged for the same conduct complained of by the employers in the California and Maryland cases, despite the absence of similar laws. See, e.g., Rod Dixon, Windows Nine-To-Five: Smyth v. Pillsbury and the Scope of an Employee's Right of Privacy in Employer Communications, supra,(in an at-will jurisdiction, the employment relationship exists at the will of both parties, and either is free to terminate the relationship at any time).

[16] As developed more fully infra, there is no doubt that employer monitoring can constitute tortious invasion of privacy; especially where the employer does not notify employees of the monitoring activity or obtain their prior consent. If the monitoring activity is also aimed at the employees' personal or private affairs, then the likelihood increases that the monitoring will be tortious.

[17] See, e.g., note 31, infra.

[18] The modern workplace may have all sorts of "insiders." Employers now frequently hire freelancers, contingent employees, consultants, part-timers, and independent contractors in addition to full-time hourly and salaried employees. See, e.g., COMPUTERWORLD, MARCH 23, 1998 at 37.

[19] Digital surveillance technology can be defined as devices or systems which can monitor, track and assess the movements of individuals, their property and other assets through the use of a microprocessor or computer chip. Up until the recent dominance of computers for surveillance uses, most surveillance was actually very low-tech and expensive. The trend toward the use of digital technology for surveillance efforts was fueled in the 1990's by accelerated Federal government funding, at the end of the cold war, of intelligence agencies and the sharing of electronic surveillance technology between these agencies and the private sector. To counteract reductions in military contracts which began in the 1980's, computer and electronics companies expanded into new markets - in the U.S. and abroad - with equipment originally developed for the military. Companies such as E Systems, Electronic Data Systems (founded by Ross Perot) and Texas Instruments started selling advanced computer systems and surveillance equipment to private sector employers. A huge range of surveillance technologies has evolved, including microphones to detect conversations over a mile away; laser versions marketed by the German company PK Electronic, can pick up any conversation from a closed window in line of sight; the Danish Jai stroboscopic camera which can take hundreds of pictures in a matter of seconds and individually photograph all the participants in a crowd; and the automatic vehicle recognition systems, which, after identifying a car license plate number, can track the car for miles using a computerized geographic information system from one work station. The GUARDIAN, May 3, 1995 at 10-11.

[20] In O'Connor v. Ortega, 480 U.S. 709, 722-24 (1987), the United States Supreme Court agreed with the government that employers may have legitimate, work-related reasons to intrude upon a public sector employee's right of privacy. The Court seemed convinced that in some exigent circumstances employers must be given wide latitude when the invasion is work-related or pursuant to an investigation of work-related employee misconduct or possible criminal behavior. Id. at 723-24.

[21] George Orwell, 1984, (Signet Classic ed., Penguin Books 1992) (1949) (Big Brother, Orwell warned us, is an entity, not unlike the modern employer, that in return for services may surreptitiously maintain watch over its subjects in order to control them. Was Orwell clairvoyant? It may be too early to determine. What seems obvious, however, is that the powerful technologies of digital surveillance are destined to be on the job right along with the American worker.)

[22] See, e.g., Rod Dixon, Windows Nine-To-Five: Smyth v. Pillsbury and the Scope of an Employee's Right of Privacy in Employer Communications, 2 VA. J. L. & TECH 4 (1997) (describing electronic monitoring by employers as generally referring to the practice of employer recording, reading, or listening to telephone or computer communications sent to employees by others.) In a few specific contexts, the law governing electronic communications establishes a narrow technical definition of electronic monitoring. Id.

[23] Pamela Burdman, Employee Privacy in Peril in the High-Tech '90s, SAN. FRANCISCO CHRONICLE., Aug. 11, 1992, at B1; Veronica Fowler, Is the Boss Watching You While You Work?, GANNETT NEWS SERV., Nov. 12, 1992; Carol Kleiman, Worker Privacy Right Puts Businesses to Test, CHICAGO TRIBUNE., July 23, 1989, Jobs section at 1; Ronald Rosenberg, Most Workers in Survey Think Employers Use Electronic Means to Spy on Them, BOSTON GLOBE, Mar. 9, 1989, at 10; Jeffrey Rothfelder et al., Is Your Boss Spying on You? High-Tech Snooping in 'the Electronic Sweatshop,' BUSINESS WEEK, Jan. 15, 1990, at 74.

[24] Employees may be far beyond future shock. The presence of some forms of surveillance in the worklace has become so common or expected that there seems to be a contemporary lack of outrage on the part of many workers when they actually discover the existence of monitoring devices; this is particularly true of video monitors (future shock is an obvious reference to the title of Alvin Toffler's 1970 book, Future Shock, a phrase Toffler used to describe how people were becoming overwhelmed by the future. This concept seems particularly appropriate as a notion to describe the state of mind of an individual who has been so overwhelmed by the presence of technology that he slowly, but paradoxically, becomes underwhelmed or beyond future shock).

[25] See ACLU Study Estimates More than 20 Million Workers Have E-Mail, Computer Files Searched by Bosses, West Legal News, Sept. 12, 1996 (1996 WL 513566); see also Jerry Mahoney, Watchful Workplace; Employee Monitoring Has New Dimensions and Old Concerns, Austin American.-Statesman, Sept. 8, 1996, at H1 (estimating that 25 million employees -- nearly one quarter of the entire workforce -- are subject to electronic monitoring).

[26] Planting illegal bugs to intercept cellular telephone conversations is yesterday's technology. Modern snoopers can use desktop or laptop computers running the appropriate software and simply tune in to all the mobile cellular phones active in the area by dragging a cursor down the computer screen and highlighting a particular number. Some communications systems even lend themselves to a dual role as a communications tool and an interceptions network. For example the message switching system used on digital exchanges that support an Integrated Services Digital Network (ISDN) Protocol. ISDN allows digital devices to share the system with existing lines. Many employers use ISDN lines to connect to the Internet because the digital connection provided by ISDN is faster and more efficient than typical analog telephone line connections. Built in to the ISDN protocol is the ability to take phones 'off hook' and listen into conversations occurring near the phone, without the user being aware that it is happening. This effectively means that a national dial up telephone tapping capacity is built into these systems from the start. Interestingly enough, cellular phone technology has a similar disadvantage. The technology required to pinpoint mobile cellular telephone users for incoming calls, means that cellular mobile telephones are essentially mini-tracking devices, giving their owners/users whereabouts at any time and stored in the cellular telephone service company's computer - - which employers may have access to if the cellular telephone is used for business reasons - - for up to two years. See, Coupled With System X Technology, This Is A Custom Built Mobile Track, Tail And Tap System Par Excellence, SUNDAY TELEGRAPH, February 2, 1997 at 1.

[27] For example, the nation's largest public sector employer, the Federal government, has a vast information infrastructure that includes 2.1 million computers, 10,000 local networks, and 100 long-distance networks. In addition, the Federal government uses the Internet to exchange electronic mail, log on to remote computer sites, and obtain files from remote locations. Like the nation as a whole, the Federal government is becoming increasingly dependent on widely interconnected computer systems and the electronic data they maintain. These systems have become essential to carry out critical operations, such as tax collections; asset protection, such as military equipment and accounts receivable; and delivery of basic services, such as social security payments and other benefits.

[28] Of course, the Internet, itself, creates significant privacy concerns unrelated to the protection of employer information infrastructure. These concerns are significant and garner substantial media attention, but are outside the scope of this paper. See, e.g., Exposed: Computer technology, managed health care, and genetic science are all undermining the American tradition of medical privacy, WASHINGTON POST, February 8, 1998, (http://www.washingtonpost.com/wp-Sunday/longterm/exposed/exposed1.htm) (noting that Internet sites offering information about certain diseases have solicited data from cyber-visitors and then sold that information to companies marketing drugs or therapies).

[29] Digital technology can be used to efficiently express vastly different forms of information - such as factual databases, audio recordings, or electronic mail messages - on a desktop computer or across the Internet using bits of data in the form of computer 0s and 1s. Bits (or binary digits) are essentially the smallest and most fundamental units of digital technology data; each bit has a value of 0 or 1. The bits 0 and 1 represent off and on switches, which measure the presence or absence of electrical voltage in any given memory register of the computer. Since binary digits enable fairly easy digital expression and digital technology significantly expands the amount of data that can be processed on a single silicon chip, digital format has become the format of choice in electronics. See, Rod Dixon, Profits in Cyberspace: Should Newspaper and Magazine Publishers Pay Freelance Writers for Digital Content? - - Tasini v. New York Times, 4 MICH. TEL. & TECH. L. REV. 2 (1998).

[30] Richard Lacayo, Nowhere to Hide:Using Computers, High-Tech Gadgets and Mountains of Data, an Army of Snoops Is Assaulting Our Privacy, TIME, Nov. 11, 1991, at 34.

[31] This term broadly refers to an employer's computer systems, computer network, and most importantly, the Intellectual property and trade secrets of an employer.

[32] THE REPORT OF THE PRESIDENT'S COMMISSION ON CRITICAL INFRASTRUCTURE PROTECTION, Critical Foundations: Protecting America's Infrastructures,(October 1997) (the Commission submitted its report to the President on October 20, 1997 pursuant to Exec. Order 13,010, 62 FED. REG. 37,347).

[33] GENERAL ACCOUNTING OFFICE, Information Security: Opportunities for Improved OMB Oversight of Agency Practices(Chapter Report, 09/24/96, GAO/AIMD-96-110). The GAO study found that weak information security is a serious government-wide problem, with serious weaknesses reported for over two-thirds of the agencies reviewed. Commonly reported weaknesses included information access control problems and inadequate disaster planning. At half of the agencies reviewed, information security problems remained uncorrected for 5 years or more.

[34] To be sure, some computer systems connected to the Internet are highly subject to malicious attacks by outsiders, such as the much maligned hacker groups, which meet at malls or other public spaces to plan future website attacks. Estimates by the Department of Defense indicate that attacks on unclassified computer systems and networks are a serious and growing threat to our national security, including the Defense Department's ability to execute military operations and protect sensitive information. Defense Department data indicate that the agency may have experienced as many as 250,000 attacks in 1995 and that the number of attacks doubles each year. Successful attacks have shut down systems and corrupted sensitive data. Similarly, annual audits of the Internal Revenue Service (IRS) since 1993 have found that due to poor computer controls, the IRS cannot ensure that the confidentiality and accuracy of taxpayer data are protected and that the data are not manipulated for purposes of individual gain. Specifically, controls have not prevented users from unauthorized access to sensitive programs and data files. GAO REPORT at 47-50.

[35] Of course, information maintained on computer systems by employers is not limited to trade secrets or strategic business plans, but could include employee and customer information such as taxpayer data; purchasing records, commercial transactions; payroll data, personnel records, and health records.

[36] Indeed, as powerful as digital technology may be, it is often difficult to determine which technologies are best suited for monitoring the activities of people as well as machines. Employers frequently face a difficult task when it comes to monitoring their computer network simply for technological bugs and viruses. The Internet is frequently flooded with information about computer viruses, for example. This information can be found on obscure web sites or from postings on USENET newsgroups, but more often this kind of information spreads throughout the Internet in e-mail messages. Interspersed among genuine e-mail computer virus notices are computer virus hoaxes. These hoaxes report on viruses that do not infect information systems, but because users connected to the Internet do not have equal knowledge about technology, many hoaxes are not recognized as such, and have been very costly as unsophisticated employers try to quickly deploy anti-virus software on their computer networks to battle a virus that does not exist, while also taking resources away from detecting and destroying real computer viruses. This problem is often compounded by the fact that many employees often spread the false virus warning by forwarding the hoax e-mail message to several of their closest co-workers. In some instances, television and print news reports have unwittingly added authority to the hoax by mistakenly reporting it as a genuine computer virus scare.

One virus warning, called the "good times" virus warning, spread through out employer networks in April 1995 because employees had mistakenly taken the warning as serious and forwarded the virus warning to others by e-mail. Since many employer networks are connected to the Internet, this virus hoax was spread rapidly by unwitting employees through universities, government agencies, private sector companies, and was reported on network television news shows. Many computer users were apparently completely unaware that the e-mail message described a computer virus that could not exist. The message contained the following warning:

The FCC released a warning last Wednesday concerning a matter ofmajor importance to any regular user of the InterNet. Apparently, a new computer virus has been engineered by a user of America Online that is unparalleled in its destructive capability. Other, more well-known viruses such as Stoned, Airwolf, and Michaelangelo pale in comparison to the prospects of this newest creation by a warped mentality.

What makes this virus so terrifying, said the FCC, is the fact that no program needs to be exchanged for a new computer to be infected. It can be spread through the existing e-mail systems of the InterNet. Once a computer is infected, one of several things can happen. If the computer contains a hard drive, that will most likely be destroyed. If the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop- which can severely damage the processor if left running that way too long. Unfortunately, most novice computer users will not realize what is happening until it is far too late.

Indeed, the problems that this virus hoax caused did occur because many computer users, including those that should have known better, did not realize the virus message warned of a virus that could not exist. Notably, some of the difficulty in managing computer networks in a manner that they are less vulnerable to harm or sabotage involves the rather simple need to clearly understand the obvious limitations of computer technologies so that unwarranted fears do not become the basis for organizational information technology policy. As comical as the Goodtimes hoax may seem to be, it represents a single example of the difficult task employers face when monitoring their computer networks.

[37] "Cyberspace," although once a concept of fiction, is now the fairly common term used to describe the location of activities that occur on computers linked to each other through networks using the Transmission Control Protocol and the Internet Protocol (TCP/IP) or, more simply stated, computers connected to the Internet. See, Rod Dixon, Profits in Cyberspace: Should Newspaper and Magazine Publishers Pay Freelance Writers for Digital Content? - - Tasini v. New York Times, supra. The most popular location of Cyberspace currently is the World-Wide-Web (the Web), which contains web sites (or home pages) that have information that may be viewed on a computer monitor by any computer properly connected to the Internet. Id.

[38] All major Federal agencies rely on computer systems to provide critical support for their operations, and even greater reliance is planned for the future. In addition, Federal agencies are increasing their use of interconnected systems and electronically transmitted data in order to streamline operations, make data more accessible, and reduce paperwork. For example, the Department of Defense has a vast information infrastructure that includes 2.1 million computers, 10,000 local networks, and 100 long-distance networks. The Defense Department also uses the Internet. The Customs Service relies on automated systems to process port-of-entry declarations, which totaled over 39 million in fiscal year 1994. GAO REPORT at 11-12.

[39] Other than to suggest that the Federal government uses polygraphs, background investigations, criminal histories, and financial records, the Commission did not elaborate extensively on what methods should be adopted to ensure that an employer's computer systems remain safe from employee sabotage. Nor did the Commission directly refer to technological uses of surveillance technology. These omissions, however, do not mean that the Commission would view the use of such as outside of the scope of its recommendations. To the contrary, the Commission's report contains a great deal of anecdotal evidence suggesting that employers adopt broad measures sufficiently secure to preclude harm to an organization's information infrastructure, and that the need to protect information infrastructure from employee sabotage should balance favorably against an employee's privacy interests. See id.

[40] Cf. Schowengerdt v. United States, 944 F.2d 483, 488 (9th Cir. 1991), cert. denied, 112 S. Ct. 1514 (1992) (stating that the "operational realities" of the employee's job precluded any objectively reasonable expectation of privacy and that the nature of employment justified the employer's constant surveillance of his activities); Johnson v. Corporate Special Servs., Inc., 602 So. 2d 385, 388 (Ala. 1992) (filing a workers compensation claim eliminated any reasonable expectation of privacy and permitted investigation into the employee's physical condition).

[41] Although most instances of digital surveillance are not well documented - - since employers use surveillance technology surreptitiously - - there are many instances that have become well known. Alana Shoars, a former systems administrator at Epson America Inc., was discharged for insubordination when she complained that company supervisors were secretly monitoring the electronic mail messages of employees. Alyeska Pipeline Service Company, the employer of Charles Hamel, secretly recorded Hamel's telephone conversations at work and at home through the use of electronic listening devices unauthorized by AT & T when Hamel became an outspoken critic of the company. Micheal Barriere, formerly employed by Delco Systems Operations in Santa, Barbara, California, was dismissed by his employer when he reported that he had discovered that Delco was furtively wiretapping and intercepting voice mail and e-mail communications of employees. Rebecca Huls, the electronic surveillance monitor for USAA Insurance Corporation, was discharged by USAA when she began monitoring management telephone conversations as well as employee calls. See Robert Ellis Smith, WAR STORIES, vol. 1, 1993.

[42] See, e.g., Rod Dixon, Windows Nine-To-Five: Smyth v. Pillsbury and the Scope of an Employee's Right of Privacy in Employer Communications, supra. (demonstrating that the district court in Smyth v. Pillsbury, which held that private sector employees in Pennsylvania have no reasonable expectation of privacy in the content of their e-mail messages, relied upon a flawed analysis of privacy by assuming that the scope of the right of privacy is limited by notions of solitude). Although the Smyth holding was sweeping, it is doubtful that its application will be. Smyth so egregiously departed from current doctrine on the law of privacy that the decision may be validly distinguished and limited to its peculiar findings. Id.

[43] John W. Verity, The Internet: How It Will Change the Way You Do Business, BUSINESS WEEK, Nov. 14, 1994, at 82; ACLU v. Reno, 929 F.Supp. 824 (E.D. Pa. 1996).

[44] ACLU V. Reno, 929 F.Supp. at 831. Interestingly, the genesis of the Internet can be traced back to a design made in 1964 by Paul Baran, a Rand Corporation researcher. This design consisted of a computer-communications network that had no hub, no central switching station, no governing authority, and that assumed that the links connecting any city to any other were totally unreliable. Building on Paul Baran's conceptual scheme, the ARPAnet was unveiled in 1969 by the United States Defense Department as a computerized communications system that was capable of surviving a nuclear attack. The ARPAnet, named after the Federal government's Advanced Research Projects Agency, helped scientists and researchers share limited computing resources. See, James T. Madore, Internet Connects Small Businesses with the World, BUFFALO NEWS, Oct. 24, 1994, at A13; John W. Verity, The Internet: How It Will Change the Way You Do Business, BUSINESS WEEK, Nov. 14, 1994, at 80, 82.

[45] See generally, ACLU v. Reno, 929 F.Supp. 824 (E.D. Pa. 1996) (findings of fact paragraphs 12 & 46).

[46] Id.

[47] Id.

[48] Id.

[49] The Internet is an open system. Once an employer connects its private computer network to the Internet, the TCP/IP protocols enable computer users anywhere in Cyberspace to obtain access to some parts of the private network since every node of a TCP/IP network becomes a door into or out of the employer's system. See, The Firewall Diemma: Too Few locks, Too Many Doors, BYTE, August 1996 at 72. In other words, the Internet is a window into a private network; that, in itself, may not be severely compromising of information security. However, there are more than enough computer users, who are not satisfied with just looking through the network window, they want to force the window open and crawl inside without authorization.

[50] See generally, Intermatic Inc. v. Toeppen, 947 F. Supp. 1227, 1230-32 (N.D. Ill. 1996).

[51] An example of such an address would be 123.456.101.1.

[52] At first blush, it may seem as if Internet users should assume they can be easily identified by their numeric IP address, and that this realization should lead to less bad faith, not more. However, most Internet users are unaware of the nature of the technology that enables them to access Cyberspace so the nature of the technology has little direct impact upon the behavior of most computer users. More to the point, those that do understand the technology are aware that most IP addresses are dynamic, not static. Each time most computer users log on to the Internet they are assigned a random IP address for that session until their computer disconnects from the Internet Access Provider. Consequently, the use of pseudonymous user names that may be changed frequently and easily along with the random assignment of numeric IP addresses would more likely increase an individual's inclination to act in bad faith rather than the contrary.

[53] Edward Cavazos and Gavino Morin, CYBERSPACE AND THE LAW: YOUR RIGHTS AND DUTIES IN THE ON-LINE WORLD, 2-11 (1994).

[54] Daniel P. Dern, THE INTERNET GUIDE FOR NEW USERS 16 (1994).

[55] Web pages are stored on web servers, which are computers that are set up to run Internet software. Web servers log every access. As such, each web page downloaded by an employee is logged on the remote server that contains the web site visited as well as the employer's proxy server, if the employer uses a firewall to protect its private network from unauthorized users on the Internet. In this respect, everything a computer user reads on the Internet is logged and stored while being read in at least one location and possibly several. Only those actively concealing their identity are ostensibly protected from Cyberspace's automated tracking schemes. Most of this tracking and recording happens automatically without the active intervention of humans since the very nature of the Internet's technologies creates records of all computer users activities.

[56] Daniel P. Dern, THE INTERNET GUIDE FOR NEW USERS 16 (1994).

[57] A link is an image or a short section of text referring to another document on the Web.

[58] Panavision Int'l, L.P. v. Toeppen, 945 F. Supp. 1296, 1299 (C.D. Cal. 1996).

[59] Id.

[60] http://www.cs.ucsb.edu/~andre/attack.html. Despite a few claims to the contrary, the software often used to surf the Web, Web Browsers like Netscape Navigator, are notoriously insecure and bug-riddled. This is especially true when unsavvy computer users are given access to the Internet without prior training in safety techniques that could inform users how to spot suspicious websites or detect the presence of malicious code. See, e.g., A.L. Dos Santos et al., Secure Browsers?, Computer Science Department, University of California.

[61] As noted supra, this term broadly refers to an employer's computer systems, computer network, and most importantly, the Intellectual property and trade secrets of an employer.

[62] See Daniel P. Dern, THE INTERNET GUIDE FOR NEW USERS 16 (1994).

[63] See Janet Zimmerman, Exasperated Employees Belt Boss on Web Site, THE DENVER POST, January 20, 1998, at p. G-01.

[64] What are employees doing online? One web site that is frequently visited during the work day is Claude Carter created the Web site and claims 100,000 people per week tap in to his page anonymously to share stories about their victimization by supervisors. There are anecdotes - like the guy who sold 68 cellular phones in two months for his company in hopes of winning an all-expenses-paid trip to a Mexican resort. His boss, who sold two phones, took the trip. Id. at G-02. With the power available through the Internet, a disgruntled employee could easily send his company's client list, personnel roster, or other sensitive data to a competitor in a matter of seconds. Even employers who do not connect desktop computers directly to the Internet, have substantial security concerns about their information infrastructure since with the simple use of a modem and telephone an employee can expose an entire private network to the risks of the Internet. See id. at G-02.

[65] See C. Johnson, Firms Fight Out-Of-Line Online Use, THE RECORDER, January 28, 1998, at 1.

[66] See id. at 2. Surprisingly, one law firm, Wilson, Sonsini, Goodrich & Rosati has gone on record as opting to forgo instituting a policy governing its workers' online behavior. According to Phillip Hoare, the firm's vice president, the firm discussed creating such a policy, but so far has declined to do so. Hoare stated that the firm has never faced a situation where such a policy was necessary and recalled that an outright ban on accessing questionable sites might have impaired the firm's ability to handle a recent case involving a sexually explicit Web site. In that instance, monitoring lawyers' activity might have turned up research mistaken for personal use according to Hoare. At any rate, in Hoare's view, absent an Internet policy, he doesn't know if the firm even has the right to watch over its employees' shoulders.Id.

[67] See Trip Gabriel, New Issue at Work: On-line Sex Sites, N.Y. TIMES, June 27, 1997 at C1.

[68] Compaq Computer dismissed twenty employees for logging more than 1,000 visits each on sexually explicit websites in contravention of company policy. See, Sally Greenberg, Threats, Harassment, and Hate On-line: Recent Developments, B.U. PUB. INT. L.J. 673, 677 (1997).

[69] http://www.pearlsw.com See, Pearl Software Website (visited March 1, 1998).

[70] See id. at 4. There are several technological solutions - - in the form of software applications - - to lessen the difficulty of patrolling inappropriate use of the Internet by employees. However, no technological solution, not itself involving surveillance, has proven sufficient to alleviate the reliance on electronic surveillance. For example, "CYBER-sitter" is a software application designed to operate or run on the ubiquitous Windows 95 operating system. This software allows employers to block access to adult and sexually oriented material on the Internet and other on-line services. Yet, for employers, the software's most useful feature appears to be the additional ability to monitor files, programs and directories on the employee's own computer hard disk. Working secretly in the background, the software is constantly watching all computer activity, including recording Web sites, news groups, chat lines, and FTP sites visited as well as monitoring all incoming and outgoing e-mail and file downloads. PR Newswire September 28, 1995 at 2.

[71] See A former Girlfriend of Oracle's Ellison Convicted of Perjury, WALL ST. J., Jan. 29, 1997, at B3.

[72] See id.

[73] In the end, Lee was sentenced to a year in jail and forced to pay back the $100,000. Telecom-worldwide, May 15, 1997, 1997 WL 10960890.

[74] See, e.g., Anthony J. Dreyer, Note, When the Postman Beeps Twice: The Admissibility of Electronic Mail Under the Business Records Exception of the Federal Rules of Evidence, 64 FORDHAM L. REV. 2285, 2288 (1996). Another interesting condition of e-mail is that e-mail seems to promote a certain type of candor or unguardedness. In this respect, e-mail messages might be more revealing of a person's inner feelings than a traditional paper document. As noted more fully below, an employer's monitoring of e-mail messages surreptitiously necessarily raises very serious questions regarding the invasion of employee privacy.

[75] In one notably case, Compaq Computer Corporation fired 20 employees at one time for allegedly distributing pornographic images downloaded from the Internet on the employer's computers. See Employee Internet Use: Big Brother Gets Involved, NEW YORK L. J., March 17, 1997.

[76] See id.

[77] Owens v. Morgan Stanley, 1997 WL 49354 (S.D.N.Y. 1997); see also, Curtis v. Citibank, No. 97-1064 (S.D.N.Y. 1997) (a pending class action case wherein the plaintiffs raise allegations that are substantially similar to those alleged in the Owen case.)

[78] American employers lost $250 billion to thefts of trade secrets in 1997. See Frances A. McMorris Corporate Spy Case Rebounds on Bristol, WALL STR. J., February 2, 1998 at B5.

[79] See Id.

[80] See, Marc S. Friedman and Kristin Bissinger, Infojacking: Crimes on the Information Superhighway, CLA BULLETIN, Jan. 15, 1998 at 13.

[81] Appendix III, Security of Federal Automated Information Resources. Since 1985, this circular has directed agencies to implement an adequate level of security for all automated information systems that ensures (1) effective and accurate operations and (2) continuity of operations for systems that support critical agency functions. The circular establishes a minimum set of controls to be included in federal agency information system security programs and requires agencies to review system security at least every three years. (GAO/AIMD-96-84, May 22, 1996). Forty two federal organizations estimated that they provided Internet and e-mail access to about 1.7 million, or about 50 percent, of their civilian and military employees and Web access to about 1 million, or about 31 percent, of their employees. In the Federal sector, the Internet has become a valuable and widely used means of communicating and sharing information. There are thousands of Federal government websites. Perhaps quite startling, there is no government-wide policy or regulation that specifically govern employee use of the Internet.

[82] The Computer System Security and Privacy Advisory Board was established by the Computer Security Act to identify emerging issues related to computer system security and privacy; to advise NIST on these issues; and to report its findings to OMB, the National Security Agency, the Secretary of Commerce, and appropriate committees of the Congress. It is composed of both federal and private sector representatives. Id.

[83] OMB, NIST, and agency responsibilities regarding information security were recently reemphasized in the Information Technology Management Reform Act of 1996. (GAO/AIMD-96-84, May 22, 1996).

[84] Id.

[85] An "attack" is an attempt to gain unauthorized access to a computer system with malicious intent. Most attacks of computer systems from those on the outside involve brute-force attempts to compromise a private network's security by overwhelming the computer system in a manner that could lead to a system failure. Some brute-force attacks are aided by the assistance of an employee on the inside who may not have authorized access to the computers that are the focus of attack, but may provide the unauthorized intruders with information about the private network that could enable the intruders wage an assault on the other computers on the private network.

[86] Steven M. Bellovin. Using the Domain Name System for System Break-ins. Proceedings of Fifth Usenix UNIX Security Symposium, June 1995.

[87] Air tasking orders are the messages military commanders send during wartime to pilots; the orders provide information on air battle tactics, such as where the enemy is located and what targets are to be attacked. The intruders also launched other attacks from the lab's computer systems, gaining access to systems at NASA's Goddard Space Flight Center, Wright-Patterson Air Force Base, and Defense contractors around the country. (GAO/T-IMTEC-92-5, November 20, 1991).

[88] Computer Security: Hackers Penetrate DOD Computer Systems (GAO/T-IMTEC-92-5, November 20, 1991).

[89] Indeed, countries today do not have to be military superpowers with large standing armies, fleets of battleships, or squadrons of fighters to gain a competitive edge. Instead, and, perhaps most troubling of all, is that all they really need to steal sensitive data or shut down military computers is a $2,000 computer and modem and a connection to the Internet.

[90] As noted infra, malicious programming code is often referred to as software bombs, trojan horses, and computer viruses. Whatever its nomenclature, malicious code is inserted on a computer network to surreptitiously wreak bothersome or, oftentimes, serious harm to the computer network it travels on.

[91] See id.

[92] There are many instances of electronic surveillance that have recently become well known. Alyeska Pipeline Service Company, the employer of Charles Hamel, secretly recorded Hamel's telephone conversations at work and at home through the use of electronic listening devices unauthorized by AT&T when Hamel became an outspoken critic of the company. Micheal Barriere, formerly employed by Delco Systems Operations in Santa, Barbara, California, was dismissed by his employer when he reported that he had discovered that Delco was furtively wiretapping and intercepting voice mail and e-mail communications of employees. Alana Shoars, a former systems administrator at Epson America Inc., was discharged for insubordination when she complained that company supervisors were secretly monitoring the electronic mail messages of employees. Rebecca Huls, the electronic surveillance monitor for USAA Insurance Corporation, was discharged by USAA when she began monitoring management telephone conversations as well as employee calls. See, Robert Ellis Smith, WAR STORIES, vol. 1, 1993.

[93] U.S. NEWSWIRE, CWA, Northern Telecom Settle Suit on Secret Electronic Surveillance, February 27, 1992 at 2-3. The concept of privacy as a legal interest deserving an independent remedy was actually first enunciated in an article co-authored by Samuel Warren and Louis Brandeis in 1890, supra, which describes privacy as "the right to be let alone."

[94] While Borland Corporation was surreptitiously using electronic surveillance to monitor its employees' e-mail messages it discovered that one of its high level software executives, who had announced an imminent departure from the company, was sending e-mail messages that contained corporate trade secrets to his future boss, Gordon Banks, the president of Symantec Corporation. Borland reported its discovery to law enforcement officials who charged the employee, Eugene Wang, and Banks with theft of trade secrets under California state law. See, Marc S. Friedman and Kristin Bissinger, Infojacking: Crimes on the Information Superhighway, CLA BULLETIN, Jan. 15, 1998 at 13.

[95] A sniffer program is a software communications application that runs on a network and records or steals IP addresses from digital data packets that are transmitted throughout the Internet when computers send messages back-and-forth to web servers, which are the powerful computers that store webpages. Not surprisingly, as the Labor Department's use of sniffer programs illustrate, these programs can be used for legitimate and illegitimate purposes.

[96] Every computer that accesses the Internet must use the Internet Protocol (IP) to do so. Internet Protocol is a communications language computers use to "talk" to each other. When connecting to the Internet, the Internet Protocol uses an IP address (or identifying number) assigned to the computer requesting access. This number may be dynamic or static upon each new connection to the Internet, but regardless of whether the number changes or remains the same, for each connection the IP number can be used to determine which computer is connected to the Internet. Not only does every computer leave a trail of its IP address everywhere it goes on the Internet, but sniffer programs, savvy computer users, untrustworthy computer hackers, website owners, and just about any employer can, with little difficulty, surreptitiously grab a computer's IP address; surprisingly, most Internet users are unaware of this. Oftentimes, if a computer is assigned a static IP address - - most large organizations use static IP addresses whereas most consumers are assigned dynamic IP - - the identity of the computer user can be determined by anyone with access to the Internet and to the protocol called Finger, which is an obscure, but powerful, database that identifies millions of computer users by IP address, e-mail address and occasionally workplace and phone number. You can Finger someone by simply entering a name, e-mail address or IP address when running the Finger protocol. See generally, MDA COMPUTING GLOSSARY, (visited February 18, 1998) http://www.mediawest.com/ver2/def/mwstdf23.html; Internet Address-Rerouting Incident Raises Concern over Control of System, Wall Str. J., Feb. 5, 1998 at B6 (noting that the ultimate authority on the Internet addressing system currently is held by the Internet Assigned Numbers Authority (IANA) at the University of California under contract from the Department of Defense).

[97] This data is gathered in log files to detect which computer users are repeatedly requesting access to the secure parts of the website. This enables the agency to trace visitors who attempt to attack the website. See GOVERNMENT COMPUTER NEWS, February 9, 1998, at 12.

[98] According to more than just a few media sources, computer users access the Internet under the illusion of privacy because they do not consider their computers virtual peepholes in Cyberspace. Indeed, many computer users are often stunned to discover the type of information and the quantity of information that many website owners record from Internet users without their permission. See Don't Expect Your Secrets to get Kept on the Internet, WALL ST J., Feb. 6, 1998 at B5.

[99] Hector Vega-Rodriguez v. Puerto Rico Telephone Co., 110 F.3d 174 (1st Cir. 1997). A few cases have even improperly stated in dicta that employees have no right of privacy. See, e.g., Delury v. Kretchover, 66 Misc. 2d 897, 322 N.Y.S. 2d 517 (Sup. Ct. N.Y. Co. 1971); FMC Corp., 46 Lab. Arb. 335 (1966) (closed circuit cameras); Rogers v. McKoy, 1997 U.S. Dist. Lexis 132 (S.D.N.Y., January 6, 1997) (papers in wastebasket).

[100] People v. Palmer, 888 P.2d 348 (Colo. App. 1994); Colo. Const. art. II, § 7; see also Katz v. United States, 389 U.S. 347, 88 S. Ct. 507, 19 L. Ed. 2d 576 (1967); Title III of the Omnibus Crime Control and Safe Streets Act of 1968, 18 U.S.C. § 2510, et seq. (1988).

[101] To be sure, there is no such thing as a systematic conception of law called "privacy law." The doctrinal basis to the law of privacy is amorphous and unyielding to simple analysis. Nonetheless, the right of privacy emanates from a cohesive framework requiring courts to balance similar equities regardless of whether the cause-of-action is based on tort, contract, or constitutional principles; even statutory privacy protections often are developed in reference to the established framework undergirding the right of privacy.

[102] Although the right of privacy is usually viewed as an exception to the doctrine of at-will employment for private sector employees seeking protection under tort, the fact that courts have had difficulty in applying the right of privacy to appropriate cases may demonstrate the existence of two well-established common law doctrines coming into conflict. The right of privacy protects employees from unreasonable intrusions on their privacy while in the workplace. The doctrine of at-will employment authorizes an employer to discharge its employees at his will, unless a clear agreement exists to the contrary. Cf. Jennings v. Minco Tech. Labs, Inc., 765 S.W.2d 497, 499-502 (Tex. Ct. App. 1989) (rejecting plaintiff's claim of wrongful discharge based on invasion of common law right of privacy) with Twigg v. Hercules Corp., 406 S.E.2d 52, 55 (W. Va. 1991) (recognizing right of privacy as public-policy limitation on at-will rule) and Luedtke v. Nabors Ala. Drilling, Inc., 768 P.2d 1123, 1130 (Alaska 1989) (concluding that violation of public policy protecting employee privacy may breach covenant of good faith and fair dealing implied in at-will employment contract).Cf. Luck v. Southern Pac. Transp. Co., 267 Cal. Rptr. 618, 634-35 (Cal. Ct. App. 1990) (California constitutional right to privacy is not public-policy exception to at-will rule).

[103] A number of Federal statutes have presumptively taken employers out of the at-will employment relationship by forbidding the discharge of employees for certain enumerated reasons. Title VII of the Civil Rights Act of 1964, 42 U.S.C. sections 2000e to 2000e17 (1994), forbids discharge because of an employee's race, color, religion, sex, or national origin, and the Age Discrimination in Employment Act (ADEA), 29 U.S.C. sections 621-634 (1994), and the Americans with Disabilities Act, 42 U.S.C. sections 12101-12213 (1994), similarly limit discriminatory discharges based on age or disability.