Can Churches Inspect Employees’ Computers?

Church computers can be a great blessing. Just ask any church employee who was hired before the church purchased its first computer. But, as with many blessings, computers also can be a curse when used for inappropriate purposes. Consider the following examples.

Is the church exposed to liability in any of these cases? If so, on what grounds? What steps can the church take to reduce this risk? This article will address these, and other, questions in light of the recent case, State v. Young, 974 So.2d 601 (Fla. App. 2008).

Pastor Ted served as senior pastor of a church. The church provided him with a desktop computer and a private office. Although the computer was provided to him for use in connection with his pastoral duties, there was no official policy regarding the use of the computer or others’ access to it. Pastor Ted’s computer was not networked to any other computer, and it was kept in his private office. This office had a special lock that could not be opened with the church’s master key. Three keys to the office existed. Pastor Ted kept two of the keys, and the church administrator kept the third key, which she stored in a locked desk drawer in her office.

A previous pastor had requested the special lock for the office door due to concerns about after-hours intruders. The church administrator testified that she regularly opened the door to Pastor Ted’s office for the custodian and visiting pastors, who occasionally used the office to prepare sermons. However, the church administrator acknowledged that no one was permitted to enter the office without Pastor Ted’s permission. Pastor Ted testified to this fact himself and added that when he was absent from the office, even the church administrator’s access was limited to reasonable business purposes, such as delivering paperwork for him to sign. Pastor Ted further testified that the church administrator was not permitted to log on to his computer when he was not physically present.

One day the church administrator received a call from the church’s Internet service provider. A representative from that company informed the church administrator that spam had been linked to the church’s Internet protocol address. In response to this call, the church administrator ran a “spy-bot” program on the church’s computers. She testified that when she ran the program on Pastor Ted’s computer, she saw “some very questionable web site addresses.” The church administrator then contacted a member of the staff-parish committee and an information technology (IT) specialist to set up a time to have the computer examined.

“Over the past decade, there has been a technological revolution in the workplace as employers have increasingly turned to computer technology as the primary tool to communicate, conduct research, and store information. As the use of computer technology has increased, so has concern grown among employers that their computer resources may be abused by employees—either by accessing offensive material or jeopardizing the security of confidential information—and may provide an easy entry point into a company’s electronic systems by computer trespassers. As a result, companies have developed computer policies and implemented strategies to monitor their employees’ use of email, the Internet, and computer files. National surveys have reported that many companies are engaged in such practices. Federal and state laws and judicial decisions have generally given private sector companies wide discretion in their monitoring and review of employee computer transmissions, including the Internet and e-mail. However, some legal experts believe that these laws should be more protective of employee privacy by limiting what aspects of employee computer use employers may monitor and how they may do so.” [From a Report by the General Accounting Office to the Ranking Minority Member, Subcommittee on 21st Century Competitiveness, Committee on Education and the Workforce, House of Representatives, September 2002.]

Later, the chairman of the staff-parish committee contacted an officer of a denominational agency (the “regional church”) with which the church was affiliated to inform him of the situation. The officer instructed the chairperson to contact law enforcement officials and allow them to see the computer. When police officers arrived at the church, the chairman of the staff-parish committee unlocked Pastor Ted’s office and signed “consent to search” forms for the office and computer. Pastor Ted arrived at the church during the morning when the police officers were there. The chairman of the staff-parish committee and the officers instructed Pastor Ted to leave the property immediately, and he complied.

The two police officers later testified that at the time of the search they understood the chairman of the staff-parish committee to be a “representative of the church” whose authority to consent was based on instructions from a supervisor at the church. Neither of these officers spoke with the chairman’s supervisor or asked him further questions about his authority before the search began. However, once in Pastor Ted’s office, one of the officers did speak with an officer of the regional church who approved of the inspection of the church’s computer.

Neither the chairman of the staff-parish committee, nor any officer or employee of the regional church, had ever used Pastor Ted’s computer, worked in Pastor Ted’s office, or kept property there. However, the regional church insisted that it had authority to consent to the search and to instruct Pastor Ted to stay away from the church under the denomination’s Book of Discipline, by which Pastor Ted had agreed to be bound when he was ordained. After searching the office and computer, the police officers went to another location to meet with Pastor Ted. One of the officers advised Pastor Ted of his Miranda rights. Pastor Ted indicated he was willing to talk. During the interview, the officers showed Pastor Ted a printout from his computer, which contained a list of Web sites he had bookmarked. Some of these were associated with child pornography.

During the interview, one of the officers asked, “You have no right to privacy on that computer?” Pastor Ted responded, “I suppose not. I hadn’t really thought about it.” The officer then stated, “It’s like me, my laptop in my truck, if my boss says hand it over, he can look at anything that’s on there because it’s not mine.” Pastor Ted replied, “I suppose technically you’re right.” He also made incriminating statements related to child pornography and signed a form giving the officers consent to search a “memory stick” found in his office. Pastor Ted testified that during the interview, he understood that the officers had been in his office.

Pastor Ted was charged with possession of child pornography. His attorney asked the court to suppress all of the contents of his office computer at his trial on the ground that the police officers did not have authorization to search his office without his consent.

The court concluded that the search and seizure was unlawful and that Pastor Ted’s statements were a product of the unlawful search and seizure. As a result, the trial court ruled that the items seized in the search and the statements taken in the interview could not be used as evidence at trial. The state appealed.

The court began its opinion by noting that to invoke the protection of the Fourth Amendment against unreasonable searches and seizures, a criminal defendant must demonstrate “a legitimate expectation of privacy in the area searched or the item seized.” The likelihood that a person has an objectively reasonable expectation of privacy in an office setting “is increased where the area or item searched is reserved for [the defendant’s] exclusive personal use. Other factors that have been considered in determining the legitimacy of an expectation of privacy in an item seized from an office include the employee’s relationship to the item, whether the item was in the employee’s immediate control when it was seized, and whether the employee took actions to maintain a sense of privacy in the item. Many times, an employee may have a legitimate expectation of privacy in his or her personal office and in personal items stored in a desk or file cabinet.”

The court then addressed workplace computers:

The court concluded that Pastor Ted had a legitimate expectation of privacy in his office and his workplace computer, and as a result law enforcement “could not properly access the contents of the office or the computer without obtaining a search warrant or valid consent. Because the officers did not have valid consent, the trial court properly suppressed the evidence obtained from the search.”

The court mentioned the following facts that gave rise to the reasonable expectation of privacy in this case:

The state claimed that the denomination’s Book of Discipline provided the officers of the regional church with general authority to oversee pastors and churches and that this authority included the right to enter pastors’ offices and inspect their computers. The court disagreed:

What is the significance of this case to church leaders? Consider the following points:

1. In general. A decision by a Florida appeals court is not binding in any other state and is not binding on trial courts in Florida in counties over which the court has no jurisdiction. Further, a decision by a Florida appeals court is not binding on any other Florida appeals court, or the state supreme court. However, there are some aspects to the court’s decision that are instructive for all churches.

2. Office computers. The case reviewed in this article dealt with a criminal prosecution of a pastor who was suspected of possessing child pornography on his church-provided computer. The pastor’s main defense, which the court accepted, was that the inspection of his computer by the police violated his Fourth Amendment right to be free from unreasonable searches and seizures.

The Fourth Amendment is a limitation on government actions and has no direct application to churches. However, the court noted that in order to invoke the protection of the Fourth Amendment a criminal defendant must demonstrate “a legitimate expectation of privacy in the area searched or the item seized.” The court concluded that Pastor Ted had a legitmate expectation of privacy in his office computer, and this conclusion suggests that unauthorized inspections of office computers by church staff may constitute an invasion of privacy that could result in monetary damages in a civil lawsuit.

The concept of invasion of privacy has many meanings, one of which is an intrusion into another’s seclusion. Section 652B of the Restatement of Torts (a respected legal treatise) states that this form of invasion of privacy occurs when one “intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns … if the intrusion would be highly offensive to a reasonable person.”

One court noted that to establish an invasion of privacy based on intrusion into one’s seclusion the following facts must be proven: (1) an unauthorized intrusion or prying into the plaintiff’s seclusion; (2) the intrusion must be offensive or objectionable to a reasonable man; (3) the matter upon which the intrusion occurs must be private; and (4) the intrusion causes anguish and suffering.”

The court’s decision in the case reviewed in this article suggests that the inspection of a church-provided computer in a staff member’s office may constitute an invasion of privacy. The court mentioned the following facts that gave rise to a reasonable expectation of privacy:

The court concluded that “it is clear under these circumstances that the church trusted [the pastor] to use the computer appropriately and … gave no indication that the computer would be searched by anyone at the church.”

3. Criminal prosecutions. Not only does the inspection of a staff member’s church-provided computer expose a church to civil liability for invasion of privacy, but, as this case illustrates, it also may prevent incriminating evidence from being used in a criminal prosecution as a result of the Fourth Amendment guaranty against unreasonable searches and seizures.

Church leaders who suspect that an employee is engaged in criminal activity (such as possession of child pornography) on an office computer, and who notify the police of their suspicions, should recognize that they may not have the authority to consent to a search of the employee’s office computer. This is one reason why it is important for a church to have a computer access policy which, among other things, includes a consent by employees to the inspection of their office computers.

4. The “consent” defense. The court acknowledged that employees have no reasonable expectation of privacy in an office computer if they have consented to its inspection. Significantly, the court observed: “[W]here an employer has a clear policy allowing others to monitor a workplace computer, an employee who uses the computer has no reasonable expectation of privacy in it”. The court added:

“[T]he abuse of access to workplace computers is so common (workers being prone to use them as media of gossip, titillation, and other entertainment and distraction) that reserving a right of inspection is so far from being unreasonable that the failure to do so might well be thought irresponsible.” Muick v. Glenayre Electronics, 280 F.3d 741 (7th Cir. 2002).

The court referred to two federal appeals court cases in which the courts ruled that an employer’s implementation of a computer access policy eliminated any expectation of privacy by employees in their office computers.

(1) United States v. Angevine, 281 F.3d 1130 (10th Cir. 2002)

The court ruled that a university professor had no legitimate expectation of privacy in his office computer since (1) the university had an extensive policy regarding computer use and provided explicit warnings that the computer would be inspected by university officials; and (2) the professor’s university-provided computer was connected to a computer network that was maintained by the university, and accessible by university employees.

The university computer-use policy reserved the right to randomly audit Internet use and to monitor specific individuals suspected of misusing university computers. The policy explicitly cautioned computer users that information fl owing through the university network was not confidential either in transit or in storage on a university computer. The court concluded:

Based on these factors, the court concluded that the professor “could not have an objectively reasonable expectation of privacy,” and therefore it rejected his request to suppress the evidence of child pornography at his trial.

To summarize, the professor did not have a reasonable expectation of privacy in the contents of his employer-provided computer since:

“The companies we reviewed all have written policies that included most of the elements recommended in the literature and by experts as critical to a company computer-use policy. There is a general consensus that policies should at least affi rm the employer’s right to review employee use of company computer assets, explain how these computer assets should and should not be used, and forewarn employees of penalties for misuse. We also found that all companies disseminated information about these policies through their company handbooks, and most discussed their computer-use policies with new employees at the time of hire. In addition, some companies provided annual training to employees on company policies, and others sent employees periodic reminders on appropriate computer conduct.” [From a Report by the General Accounting office to the Ranking Minority Member, Subcommittee on 21st Century Competitiveness, Committee on Education and the Workforce, House of Representatives, September 2002.]

(2) Muick v. Glenayre Electronics, 280 F.3d 741 (7th Cir. 2002)

Another federal appeals court ruled that an employee had “no right of privacy” in the laptop computer his employer had “lent him for use in the workplace” because the employer had announced that it could inspect the laptop. The employee was arrested on charges of receiving and possessing child pornography in violation of federal law. At the request of federal law enforcement authorities, his employer seized from his work area the laptop computer it had furnished him for use at work and held it until a warrant to search it could be obtained. He was later convicted and imprisoned.

The employee sued his former employer, claiming that it violated the Fourth Amendment and invaded his privacy. The court concluded that the employee had no right of privacy in his employer-provided computer. It cautioned that it was possible for such a right to exist under some circumstances. For example, if an employer “equips the employee’s office with a safe or file cabinet or other receptacle in which to keep his private papers, he can assume that the contents of the safe are private.” But, the employer in this case

5. The importance of a computer policy. The cases summarized in this article demonstrate the importance of employers having an appropriate computer policy. Such a policy will minimize or eliminate employees’ expectation of privacy in employer-provided computers, thereby providing a viable defense against alleged Fourth Amendment violations and invasions of privacy.

There are several important issues that should be addressed in a church’s computer policy, including the following

“From our review of the literature and discussions with legal experts, privacy advocates, and business consultants, we identified common elements that should be included in company computer-use policies. These experts generally believed that the most important part of a company’s computer-use policy is to inform employees that the tools and information created and accessed from a company’s computer system are the property of the company and that employees should have no ‘expectation of privacy’ on their employers’ systems. Courts have consistently upheld companies’ monitoring practices where the company has a stated policy that employees have no expectation of privacy on company computer systems. The experts also agreed computer-use policies should achieve other company goals, such as stopping release of sensitive information, prohibiting copyright infringement, and making due effort to ensure that employees do not use company computers to create a hostile work environment for others. Finally, according to experts, employees should clearly understand the consequences for violating company computer policies. For example, one company’s computer- use policy states that ‘violators [of company Internet/Intranet use policy] are subject to disciplinary action up to termination of employment and legal action.'” [From a Report by the General Accounting office to the Ranking Minority Member, Subcommittee on 21st Century Competitiveness, Committee on Education and the Workforce, House of Representatives, September 2002.]

The U.S. General Accounting office has prepared a Table (Table 1) identifying the key elements of a computer-use policy. While the Table leaves out some important elements, it nonetheless is a valuable resource from a repuTable source. The Table is reproduced in this article.

Table 1: Key Elements of a Computer-Use Policy

6. Federal and state legislation pertaining to workplace privacy. Congress, and several state legislatures, have enacted legislation that may expose employers to liability for non-consensual searches of employer-provided computers.

Electronic Communications Privacy Act

The federal Electronic Communications Privacy Act, also known as the Wiretap Act, prohibits the intentional interception of “wire, oral or electronic communications.” The Act defines an “interception” as “the acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”

The federal Wiretap Act provides that “consent” is a defense to criminal liability:

The Act specifies that those who violate the Act “shall be fi ned under this title or imprisoned not more than fi ve years, or both.” The Act also specifies that persons whose telephone or other electronic communications are intercepted in violation of the Act may sue the perpetrator for money damages. Private lawsuits must be filed within two years “after the date upon which the claimant first has a reasonable opportunity to discover the violation.”

The Electronic Communications Storage Act, also known as the Stored Communications Act, was added to the Wiretap Act in 1986. The Act specifies that “whoever (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system” violates the Act. “Electronic storage” is defined as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”

Very few courts have applied the Electronic Communications Storage Act to an employer’s access to an employee’s email account. From the limited precedent, it would appear that an employer does not violate the Act by accessing emails on a computer after they have been downloaded by an employee to his or her hard drive. The Act is violated when an employer accesses without consent an employee’s email account directly on the “electronic communication service provider” (such as Hotmail) and in addition “obtains, alters, or prevents authorized access” to an electronic communication “while it is in electronic storage in such system.” While a church may not violate the Act when it accesses an employee’s email after it has been downloaded to the employee’s computer hard drive, it may invade the employee’s privacy by doing so (as noted above).

Under the federal Computer Fraud and Abuse Act, anyone who “intentionally accesses a computer without authorization … and thereby obtains … information from any protected computer if the conduct involved an interstate or foreign communication” may have violated the Act. However, in order to maintain a civil action under the Act, an employee must have suffered “damage or loss” by reason of a violation. “Damage” is defined as “any impairment to the integrity or availability of data, a program, a system, or information that … causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals.” Damages are limited to economic damages. The Act does not define a “loss,” but the courts have interpreted it to cover “remedial expenses.”

Church leaders should realize that several states have their own electronic privacy laws that may apply to the interception or inspection of emails on church computers. These laws should be consulted.

7. Court decisions. Some of the leading court cases addressing employer liability for accessing employee computers are summarized in the following examples.

In one of the few cases to address the liability of a church for the seizure and inspection of a staff member’s computer, a federal court in Wisconsin ruled that a church and its senior pastor, secretary, and business administrator, could be sued by a former youth pastor who was dismissed as a result of a “pornographic” telephone conversation between the youth pastor and another adult male that had been overheard by other church staff members, as well as pornographic materials that were discovered on his office computer. Fischer v. Mt. Olive Lutheran Church, Inc., 207 F.Supp.2d 914 (W.D. Wis. 2002).

A church employed a young man (“Don”) as its youth pastor. By accepting this position, Don agreed “to teach faithfully the Word of God … in its truth and purity … to exemplify the Christian faith and life, to function in an atmosphere of love and order characteristic of the Body of Christ at work, and to lead others toward Christian maturity, to show a due concern for all the phases of mission and ministry.”

After serving as youth pastor for a few years, Don was criticized by church board members who had received complaints about his job performance. The church personnel committee gave Don a negative performance review and advised him of areas that needed improvement.

Don opened a Microsoft Hotmail email account from a computer terminal at a local public library. Hotmail accounts are web-based, free, and reside on servers that are part of the Microsoft network. Don used his Hotmail account for personal purposes. At the time he opened his Hotmail account, he did not own a computer or subscribe to any Internet service provider. He accessed his Hotmail account from the church’s computers using the church’s Internet service provider, among other places.

On the morning of June 10, 1999, Don arrived early at the church and read the email messages on his Hotmail account. He saw that he had received an email message from “John Jacobsen,” who asked that Don call him. Don did not recognize the name. Later that morning, Don informed the church secretary (with whom he shared an office) that he was going down the hall to the associate pastor’s office. He did not tell the secretary that he was going to make a telephone call, although he often used the associate pastor’s office for this purpose. The church’s senior pastor had told Don to use the associate pastor’s office to make personal phone calls or in any situation in which he needed privacy.

A short time later, the church secretary left her office to place schedules in the mail trays. She took along a cordless telephone because her primary job was answering calls. The church had six telecommunication lines, two for computers and four for telephones. The cordless phone tied into one line of the telephone system. Because the secretary sometimes received church-related calls at home, she tried to call home to check her answering machine for messages. Instead of hearing a dial tone, she heard two male voices involved in a sexually graphic conversation. She recognized one voice as Don’s. According to Don, the other man on the telephone was “John Jacobsen,” a tutor he had known in college who was having a “sexual identity crisis.” The church secretary alleged that Jacobsen talked with Don about his sexual experiences and feelings, at times in graphic detail, and that Don recounted various homosexual encounters of his own. Don later insisted that he had not made any obscene or pornographic statements during this conversation. Rather, he merely listened to Jacobsen because he had been trained as a counselor to listen to people. Don, who was married and had four young children, denied being homosexual or bisexual.

The church secretary became concerned about the possibility of improper contact between Don and children participating in the church’s youth programs, given Don’s position in the church. Shaking from fear and shock, she walked to the church business administrator’s office because she believed the conversation she had overheard was an extremely serious matter that should be witnessed by another employee. She gave the administrator the cordless phone and whispered something about Don’s being on the line. The administrator heard Don and Jacobsen discussing homosexual acts and making lewd noises (Don later denied this). Believing that the caller was threatening violence to Don or others in the church, the administrator instructed the church secretary to use another phone line to call the police.

The church secretary called the police, and requested that an officer be sent to the church to remove Don from the premises because she was scared and repulsed by the conversation. The administrator walked down the hallway and confronted Don about his phone conversation and asked him to leave the building. Don thought that he had been accused of participating in an obscene conversation over the Internet on the church’s computer. He left the building 10 minutes later.

After Don left the church, the administrator called the senior pastor and described briefly what had happened. A police detective called the church and asked the secretary and administrator to come to the police station and provide statements. Shortly after they returned to the church, Don returned as well. The senior pastor met with Don to discuss what had happened, and told Don that he was being suspended with pay pending an investigation. According to the senior pastor and business administrator, Don stated that he had told his wife “everything,” that his marriage was over, that he had nothing left to live for, and that he had checked his life insurance policy to assure his family would be adequately provided for and that he was contemplating suicide. Don later claimed that he had only told the senior pastor that a suspension would ruin his reputation in the church and community and that he had told his wife of the accusations. However, because of the senior pastor’s concerns that Don was suicidal, he stepped out of his office momentarily and had the church secretary contact the police again. Two police officers arrived a short time later and met with Don and the senior pastor. The officers shared the senior pastor’s concern regarding suicide, and had Don committed involuntarily to a hospital for observation.

The senior pastor visited with Don’s wife that evening, telling her that Don was a “sick” man, that he had had three or four gay relationships, and that he was suicidal.

In response to police recommendations, the senior pastor retained a computer technician on June 10, 1999, to examine the church’s computer files that Don used and to check Don’s email messages for any improper sexual communications with minors. Using the church’s computer, the technician accessed Don’s Hotmail account using a password “guessed at” by the senior pastor. The technician printed the email messages that he found in Don’s Hotmail account. The emails, from senders with male names, referred to Don as “my hot man,” “my favorite stud,” and “sweetie,” and included the statements “miss you babe” and “as always you were a treat!” Don insisted that before June 10, 1999, there were no such email messages in his account.

On June 11, 1999, Don accessed his Hotmail account in the presence of his wife and a neighbor and found no offensive emails in his account. The senior pastor claimed that nothing had been deleted from Don’s Hotmail account and that no Hotmail settings or passwords had been changed. Later that day the senior pastor again accessed Don’s Hotmail account to see whether any new messages had been received that would indicate improper communications with minors. He found two old emails (dated March 27 and April 6, 1999) which contained photographs of nude males. Don did not know how these emails ended up in his account. The next day the senior pastor again accessed Don’s Hotmail account and found a new incoming email, dated June 11, 1999, in which the sender wrote, “Wish I were there to give you a big kiss, hug and more this morning! You take care sweetie! Yours, Bill.”

A few days later the senior pastor, along with the chairman of the church’s board of elders, visited Don at his home to deliver his final paycheck and to encourage him to resign in order to avoid having his misconduct brought to the attention of others. Don’s wife asked what evidence the church had to support its claims. The senior pastor told her that he could provide the information only if Don signed a release. Don refused to do so.

The next day the church’s board of elders unanimously approved a motion to schedule a meeting of the congregation to consider the termination of Don’s employment. At the congregational meeting the church’s attorney described the June 10, 1999 telephone call that had been overheard by the church secretary and business administrator, but he did not refer to any emails. At the meeting, Don implied that the church had no documents to support its charges. The church’s attorney responded that he had copies of Don’s emails with him and asked whether Don would consent to their being read to the congregation. Don declined to give his consent, and so the contents of the emails were not disclosed. The congregation voted 91 to 43 in favor of terminating Don’s employment.

Don sued the church, the senior pastor, church secretary, and business administrator (the “defendants”) claiming that they had all violated federal and state electronic privacy laws by intercepting his telephone conversation on July 10, 1999, and by accessing his Hotmail account without his permission. He also sued each defendant for invasion of privacy and defamation. The defendants filed a motion to dismiss the case.

The federal Electronic Communications Privacy Act, also known as the Wiretap Act, prohibits the intentional interception of “wire, oral or electronic communications.” The defendants conceded that Don’s telephone conversation was a “wire communication.” The Act defines an “interception” as “the acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” However, the Act has a “business extension” exemption which permits employees to use company telephones in the ordinary course of business without violating the Act. The court conceded that this exemption would apply to the interception of Don’s telephone call on June 10, 1999 by the church secretary and business administrator if they were using the cordless phone in the ordinary course of business.

The defendants claimed that the Wiretap Act was not violated since the phone was being used for business purposes when Don’s conversation with John Jacobsen was intercepted by the church secretary and business administrator. The defendants noted that Don was allegedly using the phone at the time to “counsel” John Jacobsen. Don insisted that his call was personal and that the secretary and business administrator had an obligation to stop listening as soon as they determined that the call was personal in nature, and in failing to do so they violated the Act.

The court agreed with Don, for two reasons. First, the senior pastor conceded that Don was allowed to make personal calls from the church phone. And second, it was not clear that Don’s duties included conversations “with a college friend, such as Jacobsen, or an adult who is not a member of the congregation, even if the call occurred during work hours.”

Defendants argued that even if the call was personal in nature, they had a legal interest in listening in because it raised concerns about (1) the safety of church personnel, and (2) possible church liability for improper contact between an employee and a minor. The court disagreed:

This federal law specifies that “whoever (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system” violates the Act. “Electronic storage” is defined as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”

The defendants claimed that the senior pastor did not violate the Act when he accessed Don’s Hotmail account on June 11 and 12, 1999, because Don’s Hotmail email was not in “electronic storage” as defined under the Act. The defendants argued that the Act “does not apply to the accessing of email messages in a recipient’s mailbox for at that point, transmission of the messages has been completed.” The court disagreed. It noted that the Act defines “electronic storage” as either temporary, intermediate storage incidental to the electronic transmission or any storage of such communication by an electronic communication service for purposes of backup protection. The senior pastor accessed Don’s email while it was stored on a remote, web-based server that was owned by Microsoft, an electronic communication service provider. The court concluded that Congress intended the Act to cover the exact situation in this case, as illustrated by an example provided in the Senate Report:

The court noted that accessing Don’s Hotmail account intentionally was not enough to violate the act. Don also had to show that the defendants obtained, altered, or prevented his authorized access to his email account. The court concluded that there was enough evidence that this requirement was met that the defendants’ motion to dismiss had to be denied. It noted, in particular, that there was evidence that the church prevented Don from accessing his email account by changing his password.

The defendants also claimed that it was the computer technician, not they, who accessed Don’s emails, and so they had not violated the Act. The court disagreed. It concluded that the technician was acting as the church’s agent. However, the court concluded that the church secretary and business administrator did not violate the Stored Communications Act because they never accessed Don’s emails.

Under the federal Computer Fraud and Abuse Act, anyone who “intentionally accesses a computer without authorization … and thereby obtains … information from any protected computer if the conduct involved an interstate or foreign communication” may have violated the act. However, in order to maintain a civil action under the Act, Don must have suffered “damage or loss” by reason of a violation. “Damage” is defined as “any impairment to the integrity or availability of data, a program, a system, or information that … causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals.” Damages are limited to economic damages. The Act does not define a “loss,” but the courts have interpreted it to cover “remedial expenses.” The defendants argued that Don failed to produce evidence that he suffered any damage or loss as a result of their acts of copying his email messages from his account. Don would have had to suffer damages or loss of at least $5,000 in order to maintain a cause of action under the Act. Although Don alleged that as of June 11, 1999, he could no longer access his Hotmail account because the defendants allegedly changed his password, he failed to show that he suffered any damage or loss as a result. As a result, the court granted the defendants’ motion for summary judgment as to Don’s claims under the Computer Fraud and Abuse Act.

Under Wisconsin law, an “invasion of privacy” includes “an intrusion upon the privacy of another of a nature highly offensive to a reasonable person, in a place that a reasonable person would consider private.” Don claimed that his right to privacy was intruded upon when (1) the church secretary and business administrator eavesdropped on his telephone conversation, and (2) the pastor and church accessed his email account. The defendants argued that neither a telephone conversation nor an email account is “a place” under the privacy law.

Don conceded that a telephone conversation is not “a place.” He argued, however, that at the time he was on the telephone, he was in an office that the pastor had allowed him to use for private telephone calls and the door to that office was closed. Therefore, Don reasoned, the “place” was the office, not the phone conversation. The defendants replied that it was “absurd” for Don to contend that he had a right of privacy when he was located in his employer’s office. The court was not convinced. It observed, “Defendants argue that it is the call that was intruded upon, not the office. However, Don was in a place (the office) where his privacy right was allegedly violated (via a phone extension). In other words, the fact that defendants used a phone extension to listen in on Don’s conversation rather than pressing an ear against the door is of no consequence …. When A taps B’s telephone wires A has invaded B’s privacy.”

The court conceded, however, that it was not clear that the acts of the church secretary and business administrator in eavesdropping on Don’s telephone call were “highly offensive to a reasonable person” as required to be an invasion of privacy. It left these questions to the jury.

The court then addressed the question of whether the access to Don’s email account by the pastor and church invaded his privacy. It concluded, “On its face, the language, ‘intrusion upon the privacy of another … in a place that a reasonable person would consider private’ does not limit the intrusion to a person’s immediate physical environment but rather encompasses a person’s private belongings as long as the place these private belongings are intruded upon is one that a reasonable person would consider private.”

The court quoted with approval from the Restatement (Second) of Torts (a respected legal treatise), “Intrusion on privacy of another may be by some other form of investigation or examination into his private concerns, as by opening his private and personal mail, searching his safe or his wallet, examining his private bank account, or compelling him by a forged court order to permit inspection of his personal documents.” Because it was disputed whether Don’s email account was a place that a reasonable person would consider private, the court denied the defendants’ request to dismiss the case.

8. Examples. A Table (Table 2) illustrates some of the important points made in this article.

Case
Facts
Analysis

Church Law & Tax Report is published six times a year by Christianity Today International, 465 Gundersen Dr. Carol Stream, IL 60188. (800) 222-1840. © 2008 Christianity Today International. editor@churchlawandtax.com All rights reserved. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. “From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations.” Annual subscription: $69. Subscription correspondence: Church Law & Tax Report, PO Box 37012, Boone, IA 50037-0012.