Welcome to Module 4-I
Privacy Issues in the Search for Truth.
This is an important module and it is long and difficult. It considers privacy issues from three different perspectives. The first examines international issues and points out how weak U.S. privacy laws are compared to the rest of the world. It is provocatively titled “Are We the Barbarians at the Gate?” The second considers the even weaker privacy rights of government employees whose records are subject to government in the sunshine public disclosure laws. The third involves privacy in the corporate world and examines the most protected privacy right of all: attorney-client communications. Study this carefully. Remember that anytime you have discovery from a computer located outside of the United States you could have privacy issues. This module again has very challenging assignments at the end, including discussion of Judge Scheindlin’s 2011 decision on the U.S. Freedom of Information Act, NDLON v. ICE.
Are We the Barbarians at the Gate?
The key issue in international e-discovery today is privacy and the conflict between the discovery laws of the United States, which give little or no regard to individual privacy, and that of the rest of the world, which do. In most of the civilized world today, privacy is a fundamental right. It is expressly stated in the government constitutions and other fundamental laws. The United States stands alone in considering privacy as a secondary, implied right, existing somewhere in the penumbra of other fundamental rights. Griswold v. Connecticut 381 U.S. 479 (1965).
Further, the few privacy rights we have are almost all lost when we go to work, especially when we use our employer’s computer systems. Even the privacy right which is arguably the strongest in our common law system, the right to secret attorney-client communications, is often lost when you enter the workplace. See Adam C. Losey, Clicking Away Confidentiality: Workplace Waiver of Attorney-Client Privilege, 60 Fla. L. Rev. 5 (2008).
Since we have such weak privacy rights, especially for employees, our courts routinely order foreign parties sued here to produce information that is protected from disclosure in their own country. From the perspective of these foreign companies, and their employees, we are the barbarians at the gate bullying away their fundamental rights.
The “Catch-22″of Cross-Border Discovery
The way things stand now, if you want to do business in the U.S., you have to forsake your company’s and your employees’ rights to privacy. You have to allow anyone who sues you, to sift through all of your email and other confidential records. The private communications of your CEO and blue collar workers alike are fair game for any plaintiff to pry into. About the only protection U.S. rules provide are found in our incredibly broad and vague relevancy standard. Here, the information sought only has to be “reasonably calculated to lead to admissible evidence.” The rest of the world finds it incredible (and so too do many in the U.S.) that a plaintiff can read their email, even if it is not relevant, if they can simply argue it might lead to relevant information. Most of the time courts will allow them to do so even before the court has determined that their complaint states a cause of action.
If you, as a foreign litigant, refuse to turn over the information, and instead honor the fundamental rights of your employees and follow the laws of your home country, then U.S. courts are going to punish you with an assortment of sanctions, including adverse inference instructions, fee awards, or even the ultimate sanction of entering a judgment against you. The choice between compliance with the U.S. forum court law, or the law of the country in which the ESI or employees are located, has been called a Hobson’s Choice or Catch 22 situation by the Sedona Conference. They have just completed an excellent publication on international e-discovery entitled: “The Sedona Conference® Framework for Analysis of Cross-Border Discovery Conflicts: A Practical Guide to Navigating the Competing Currents of International Data Privacy and e-Discovery” (August 2008 Public Comment Version). This publication can be downloaded for free at the Sedona Conference website.
Electronic discovery has become the front line of the conflict between the U.S. legal system and the rest of the world. Whenever a foreign company is sued in the U.S., it becomes subject to discovery requests, which today means primarily discovery of the information they keep in their computers (ESI). When the information is kept in computers located in their home country, or involves non-U.S. employees who enjoy fundamental privacy rights that we do not, a conflict of law issue arises. See Cate and Eisenhauer, “Between a Rock and Hard Place: The Conflict Between European Data Protection Laws and U.S. Civil Litigation Document Production Requirements,” Privacy & Security Law Report, Vol. 6, No. 6, 02/25/2007; Leeuw and Wellner, European Data Privacy Laws Pose E-Discovery Problems; New York Law Journal (May 21, 2008).
Litigants, typically plaintiffs, want information that they are entitled to under U.S. law to try to prove their allegations of wrongdoing. But oftentimes the ESI they want and have a right to under U.S. law is located in jurisdictions where they have no right to that information. In fact, in many countries, including all of Europe, it would be a crime for the holders of that information to disclose it without the express permission of the individuals involved.
The rest of the world is getting tired of the U.S. allowing any plaintiff to put their companies into this kind of untenable situation. The U.S., especially certain state courts located in the U.S., is the forum of choice for most class action lawsuits. Often the threat of invasive discovery allows a kind of legal extortion of inflated settlements. The world outside of the U.S. sees our enforcement of no-privacy discovery rules as a kind of legal bullying on our part, and as will be explained here, they are starting to fight back.
U.S. Privacy Laws
There is no express constitutional right to privacy in our legal system. Lee Goldman, “The Constitutional Right of Privacy” 84 Denv. U. L. Rev. 601 (2006). Instead, our unenumerated privacy rights exist as mere shadows of more basic rights that are enumerated in our constitution, such as the right not to have soldiers stationed in your home. I kid you not. Here are the words of Justice Douglas in Griswold where the Supreme Court first articulated this right:
Previous cases suggest that the specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that give them substance. Various guarantees create zones of privacy, such as the First Amendment right of association, the Third Amendment prohibition against quartering soldiers in a home, the Fourth Amendment right to be secure in one’s person, house, papers, and effects, the Fifth Amendment right to not surrender anything to one’s detriment, and the Ninth Amendment right to not deny or disparage any right retained by the people. These cases press for recognition of the penumbral rights of privacy and repose.
Note how even this landmark Supreme Court case, by renowned legal scholar Justice Douglas, mixes the right of privacy with the right of repose, whatever that is – the right to be left alone and go back to sleep I suppose. (This is just what every ruler wants the populace to do!)
There was an active dissent in Griswold that should not be forgotten. Dissenting Justices Hugo L. Black and Potter Stewart argued that a general right to privacy could not be inferred from any part of the Constitution. Further, they criticized the majority for deciding this case according to personal opinion instead of following the text of the Constitution. Justice Black wrote, “I like my privacy as well as the next one, but I am nevertheless compelled to admit that government has a right to invade it unless prohibited by some specific constitutional provision.” In Griswold, Black found no “specific constitutional provision” that prohibited the state government’s regulation of the private behavior at issue in this case.
You may think things have come a long way since Griswold asserted these penumbral privacy rights in 1965. Indeed, there have been advances, but most of the world remains unimpressed. Our zones of privacy are, in my view, quite sketchy, especially in this new century with the widespread collection of personal information databases, online intrusions, the growing problem of identity theft, and the many compromises made since 9/11/01 in the name of the “War on Terror.” See eg. USA PATRIOT Act, 18 USC §2712, 31 USC §5318A (2004).
Politics aside, the power of technology to invisibly encroach upon our privacy is perhaps the most troubling new development. Many people think that the incredible ability of new technologies to intrude upon privacy demonstrates the need to rethink and elevate its legal status. See Susan E. Gindin, “Lost and Found in Cyberspace: Informational Privacy in the Age of the Internet,” 34 San Diego Law Review 1153 (1997); Electronic Privacy Information Center; Open Security Foundation’s Dataloss Report; Electronic Frontier Foundation; U.S. DOJ on Privacy Issues in the High-Tech Context.
The most significant privacy opinion after Griswold by the Supreme Court came just two years later in Katz v. U.S., 389 U.S. 347 (1967). Katz created a two prong “reasonable expectation” of privacy test that has often been criticized as circular and vague. Posner, “The Uncertain Protection of Privacy by the Supreme Court,” 1979 S. Ct. Rev. 173, 188.
The first prong — subjective privacy — is whether the person exhibited a personal expectation to be left alone from government intrusion. Our expectations, in the eyes of the rest of the world, are incredibly low. We appear to be a nation of Gladys Kravitz busy-bodies. We do not seem concerned that a big brother government, especially the judicial branch, can peer into everything you do. In fact, one of the most popular television shows in America is called Big Brother and celebrates that total lack of privacy. We seem to have forgotten the evil Big Brother in George Orwell‘s 1984.
The second prong of the legal test — objective privacy — is whether the personal expectation is one that society is prepared to recognize as reasonable. Again, our personal expectations of privacy are low, especially in the workplace. It is as if we take for granted that every thing we say at work, every email we write, may someday be seized and read to a jury, and thus the newspaper, since trials in the U.S. must be public.
The media and some high tech companies would have us all embrace a paparazzi life style, where we all fancy ourselves a celebrity, at least for fifteen minutes, and gaze trustfully at the ever-more-prevalent Google cameras. A Wall Street Journal article “Privacy? We Got Over It” promotes this view. It suggests that Americans and Brits do not really care about privacy anymore. It quotes the advice of Scott McNealy, chairman of Sun Microsystems, who in 1999 said, “You have zero privacy anyway. Get over it.” And the observation by Oracle CEO Larry Ellison: “The privacy you’re concerned about is largely an illusion. All you have to give up is your illusions, not any of your privacy.” But see The Privacy Journal by Robert Ellis Smith, an attorney, journalist, and author of several books on privacy; Scientific American editorial, Seven Paths to Regulating Privacy making specific suggestions to improve privacy in the U.S. lost by technological advances.
Robert Ellis Smith, who is cited by the Scientific American editors, traces the roots of America’s privacy deficiency to our Puritan roots. Scientific American quotes Rev. Robert Browne, an influential Anglican minister who said in 1582 “We must all watch one another.” According to Robert Ellis Smith, this quote, and the attitude behind it, originate in a dark puritanical view of the human spirit as weak and prone to wickedness without the constant “support” of a community of spies and informers. Smith contends that this view had enormous influence on the New England Puritans and still lingers with us in today’s voyeuristic society. R.E. Smith, “Ben Franklin’s Web Site: Privacy and Curiosity From Plymouth Rock to the Internet” Privacy Journal (2004). (Think this is ancient history? Think again! City councils in Great Britain have begun recruiting unpaid volunteers to spy on their neighbors and report such things as garbage recycling and dog poop violations. According to this London news report: “The ‘environment volunteers’ will also be responsible for encouraging neighbors to cut down on waste.”)
In the U.S. we only seem to think that certain limited types of information about ourselves are entitled to privacy protection, such as our medical records, financial records, and social security numbers. It does not even occur to us, like it does to the average European (excluding the U.K.), that all of our personal information is inherently private, even information in an email identifying whether a particular employee was an author or recipient. Sedona Framework at pg. 9, Fn. 34.
Most employers in the U.S. today make it clear to their employees that they have no right to privacy in anything they do on a computer at work. They monitor their employees’ email and Internet use, and some even go so far as to record every key-stroke they make. The basic rationale is that the computers they use at work belong to the company, so anything an employee writes or does using these computers belongs to the company, regardless of whether they are on a break or after hours. Some courts will also view it as a matter of contract law. The employees “contracted away” any rights they may have had to privacy. Karen Eltis, “The Emerging American Approach to E-Mail Privacy in the Workplace,” 24 Comp. Labor Law & Pol’y Journal 487, 489 (2005) (“employer exercises quasi-absolute sovereignty over employees, having availed himself or herself of their services by virtue of the employment contract”).
American workers seem to accept and submit to this master-servant type of relationship, but in Europe and other countries, it is considered an oppressive violation of basic human dignity. The workers in these countries do not contract away their fundamental human rights, which for them includes a right to privacy. Instead, these rights automatically carry over into the workplace. For instance, in France, it is not legal to inspect an employee’s computer at work, even when the employer has reason to suspect wrongdoing. Philippe K. v. Cathnet-Science, Cour de Cassation, Chambre Sociale, Arret No. 1089 FS-P+B+R+1, Pourvoi No. J-03-40.017, 5/17/05 (holding that presence of erotic photos on employees desk was not grounds for searching his computer); Societe Nikon France v. M. Onof, Cass. soc., Oct. 2, 2001, Bull Civ. V, No. 291 (finding an employee’s rights violated when the employer searched his computer upon suspicion employee was conducting a side business); Davila, Erica; International E-Discovery: Navigating The Maze, 8 U. Pitt. J. Tech. L. Pol’y 5 at pgs. 4-5 and Fn 35 (Spring, 2008). As Davila observed at page 5 of her excellent article:
[M]any countries view privacy in the workplace differently than the United States does. There is generally no expectation of privacy in workplaces in the United States, and so requesting and receiving e-mail in discovery is commonplace. In the EU, however, there is an expectation of privacy in the workplace, and so e-mail sent and received via work accounts may not be discoverable.
Privacy Laws Outside of the U.S.
Most modern democratic countries today have strong individual privacy rights, including all of the countries of Europe. They consider personal privacy to be an inalienable human right, on the same stature as the right to free speech and assembly. The treaties and law that underlie the European Union embody these privacy principles. The fundamental law in this area is the European Convention on Human Rights of 1950:
Article 8 – Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
The European Union clarified that these privacy rights apply to computer data back in 1995 by adoption of the European Union’s Data Protection Directive:
Article 1 – Object of the Directive
1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.
Some American apologists have tried to explain the European privacy laws as a kind of over-sensitivity on their part arising out of their WWII experience with Nazi Germany. So what is wrong with learning the lessons of history? Many countries outside of Europe have strong privacy laws, having learned the same lessons from other totalitarian regimes, including communist. See eg. Article 17 of the Korean Constitution which states that all citizens shall enjoy the inviolable right to privacy, and Article 18 which provides that the secrets of all citizens shall be protected.
Do we have to have a federal gestapo reading all of our email before we react? Let us never forget why our own Bill of Rights was formed. It was a lesson our Founding Fathers learned in 1776 from the oppressive rule of the first King George. If our Founding Fathers were alive today, I have no doubt they would assess the situation with dismay, and rush to add a new privacy right amendment that at least equaled the laws of France.
The World is Fighting Back
Most of the world has reacted to what they perceive as overly-intrusive American discovery laws by enacting what are called blocking laws. These are laws designed to try to protect their citizens and businesses from our no-privacy legal system; some expressly, and some by implication, such as Swiss banking privacy laws. The Sedona Framework cites to a number of these laws, but let’s focus on what France has done.
In 1980, France enacted a criminal law that outlawed discovery within France by private parties for litigation abroad. French Penal Law No. 80-538 provides:
Subject to international treaties or agreements and laws and regulations in force, it is forbidden for any person to request, seek or communicate, in writing, orally or in any other form, documents or information of an economic, commercial, industrial, financial or technical nature leading to the constitution of evidence with a view to foreign judicial or administrative procedures or in the context of such procedures.
Sedona Cross-Border Framework at pg. 18, Fn. 74.
These blocking statutes, including the French one, have not been enforced. For this and other reasons, when a French company is sued in the U.S., and they oppose discovery on the grounds it would violate French law, the typical reaction of the U.S. Court has been “too bad.” You did business in the U.S., you got sued here, so now you have to follow our discovery rules. Enron v. J.P. Morgan Securities Inc., No. 01-16034 (Bankr. S.D.N.Y. July 18, 2007) (involved a French bank); United States v. Vetco, 691 F.2d 1281 (9th Cir. 1981) (involved a Swiss bank); Hagenbuch v. 3B6 Sistemi Elettronici Industriali S.R.L., 2005 U.S. Dist. LEXIS 20049, at *14 (N.D. Ill. Sept. 12, 2005) (involved an Italian company); Columbia Pictures Industries v. Bunnell, at pgs. 28-30; affirmed at 245 F.R.D. 443 (C.D. Cal. 2007) (involved discovery of RAM memory and a website located in the Netherlands).
As a general rule, U.S. courts do not give much weight to foreign blocking laws because they consider them mere Paper Tigers, and besides, they do not much like the idea of foreign countries trying to interfere with our rules of discovery. Although this reasoning may be morally suspect if you value the right to privacy and comity, it was based in fact. Until 2006, or so, the blocking laws were never enforced, even in France.
The foreign prosecutors would recognize that their citizens and businesses were in a Catch 22 situation, and back-down to the U.S. courts. It was like two countries playing a game of legal-chicken. Quite naturally, the U.S. courts would always win that game. The foreign prosecutors and judges would have to back down, because otherwise they would have to punish one of their own. But, as will be explained below, the French appear to have grown weary of losing this game. They tire at watching U.S. courts bully their corporations into disclosing private information to U.S. plaintiffs, even though that directly violates French law. They now appear more than willing to sacrifice one of their own to show that they mean business.
The French Bite the Bullet
After over twenty years of not enforcing their blocking statutes, and observing the near uniform reaction of American courts, it has become obvious to foreign jurisdictions that if they do not start enforcing these laws, they might as well repeal them. For otherwise, the U.S. courts will never take them seriously. If that means a few sacrificial lambs, then so be it.
France has become the first country to so bite the bullet and publicly enforce its blocking laws. It arrested and criminally prosecuted one of its own, a French lawyer no less. In re Advocat “Christopher X”, Cour de Cassation, French Supreme Court, December 12, 2007, Appeal n 07-83228. The Sedona Cross-Border Framework group touts this decision as ground-breaking and I agree.
The french lawyer, Christopher X, was representing his French corporate client, and complying with an order of a federal court in New York. Strauss v. Credit Lyonnais, 242 F.R.D. 199 (E.D.N.Y. May 25, 2007). The U.S. District court had rejected Credit Lyonnais’ argument that it would face possible criminal prosecution by French banking authorities if it complied with the requested discovery order. The U.S. court held that there was a low likelihood of actual prosecution, and so did not give this factor any weight. The court ordered the defendants to disclose records relating to the case within 30 days. When the French advocate started to do that by interviewing a witness in France, he was arrested and prosecuted.
The French in effect finally did not blink; they carried out their law. Would we have done any less if the shoe was on the other foot? If, for instance, a foreign court (think China) had tried to interfere with a right which we consider important, such as freedom of speech or religion? The foreign court might not consider these rights to be that important, just like we do not consider an employee’s right to privacy to be that important.
Mr. Christopher “X” was convicted and fined €10,000 (about $15,000), and could have been sentenced to six months in jail. I cannot help but suspect that if an American lawyer had gone to France for the information, he would have gone to jail (and we would probably know his last name). In fact, I have heard many stories from e-discovery vendors of being threatened with arrest or having their hard drives confiscated at the border by customs. The e-discovery vendors are easy targets and they are very paranoid about it, and always use local people as much as possible. It would not surprise me to see the next criminal prosecution against one of the major e-discovery vendors and a few of their “just following orders” employees.
The Sedona Cross-Border Framework has a good discussion of the significance of In re Advocat “Christopher X”:
The recently published decision of the French Supreme Court affirming the criminal conviction of a French attorney for violating the French Blocking Statute casts in doubt a great deal of U.S. case law precedent on the issue of cross-border discovery. Prior U.S. court decisions ordering cross-border discovery over the objections such discovery violates foreign blocking statutes is expressly premised on the heretofore absence of any public enforcement of such statutes.
Historically, the attitude of the U.S. Supreme Court and U.S. federal and state courts at all levels has been that the threat of such prosecution is, in reality, just a minor factor in the type of proportionality analysis called for by the Restatements of Law. The U.S. courts in these cases almost uniformly reason that in the absence of enforcement of foreign blocking statutes, the Hague Convention cannot be considered the exclusive means of cross-border discovery. This is, if blocking statutes have teeth but no bite, then cross-border discovery should be ordered, albeit with some restrictions based upon the type of case, and uniqueness and relevance of the information sought. . . .
The circumstances of publication of the French decision almost one year later, and its grand jury-like proceedings begs the question whether there have been prior such unpublished decisions. . . .
Now that the logical syllogism upon which prior U.S. case law is based is broken, the stage is set for U.S. Courts to reconsider . . [and] more thoughtfully than ever weigh the civil and criminal consequences in their jurisdictions . . . The stakes of this “Catch-22” are higher than ever before. And the situation cries out for a collaborative framework in which cross-border legal disputes can effectively be resolved.
Sedona Proposes a Solution to the Catch 22 Conundrum
True to the standard setting traditions of the Sedona Conference, the working group behind the Framework for Analysis of Cross-Border Discovery Conflicts not only identifies the problem, but proposes a solution, namely a framework for analysis. The leaders of this Sedona group are M. James Daley and Kenneth N. Rashbaum. They have been helped by Kenneth J. Withers, Quentin Archer, Moze Cowper, Paul Robertson, Amy H. Chung, and Conor R. Crowley. Here is their proposed seven-fold framework:
Ideally, determining the scope of cross-border discovery obligations should be based on a balancing of the needs, costs and burdens of the discovery with the interests of each jurisdiction in protecting the privacy rights and welfare of its citizens. The following factors should be considered in this balancing:
1. The nature of the data privacy obligations in the jurisdiction where the information is located;
2. The obligations of the responding party to preserve and produce relevant information in the jurisdiction where the dispute is filed and the jurisdiction where the data is located;
3. The purpose and degree of custody and control of the responding party over maintaining the
4. The nature and complexity of the proceedings;
5. The amount in controversy;
6. The importance of the discovery to resolving critical issues; and
7. The ease and expense of collecting, processing, reviewing and producing relevant information, taking into account:
a. the accessibility of the relevant information;
b. the volume of the relevant information;
c. the location of the relevant information;
d. the likelihood that the integrity and authenticity of the information will be impaired by the discovery process; and
e. the ability to identify information that is subject to foreign privilege and work product protection from disclosure.
If you do any work with international e-discovery, you should study this Sedona publication and look for ways to apply this framework to address the serious issues you face. These issues now include a very real threat of arrest and criminal prosecution in a foreign land.
I like this framework and think it will help. I would, however, like to see the cost factor emphasized more and add “specificity of the request” as a consideration.
Sedona has provided a good conceptual framework for courts and lawyers to use to analyze the international e-discovery issues. This is a good tool to try to fairly address the “Catch-22” conundrum created by the conflict of laws. But it does not address the source of the problem, the imbalance between the U.S. legal system and the rest of the free-world.
Our laws provide relatively weak privacy protection, and this problem is compounded ten-fold by our “let-it-all-hang-out” discovery system. There are virtually no privacy rights granted to employees of companies, domestic or foreign, whose employers are sued in a U.S. court. Their email and private documents will be seized and read, even email kept on their home computers or personal email accounts. The so called limit of “reasonably calculated to lead to the discovery of admissible evidence” is bogus and subjective.
If we are to stop being seen as “Privacy Barbarians” by the rest of the world, we need to address these fundamental concerns. Privacy rights should not be limited to the home and a few zones of interest. We must learn the harsh lessons of history, of Hitler, Stalin, and Mao, in order to avoid their repetition in a high-tech world of constant surveillance. The time has come for us to realize that privacy is an inalienable human right, not a shadowy extension of other rights. Just like the freedom of religion or free speech, we should not allow it to be contracted away as a condition of employment. When we finally elevate privacy to a core right, we will join the ranks of other civilized countries and this conflict of laws will disappear.
The only way out of the current Catch 22 conundrum is for the U.S. to lift its standards up to that of the rest of the free world. We need to greatly strengthen our own privacy laws, especially those pertaining to employees, so that they are roughly equal to that of other democratic countries. Why should the people of France enjoy greater rights and freedoms than Americans?
Since most of the free world has clear privacy rights built into their constitution, in my opinion we must do the same to attain real parity. A new Privacy Amendment to the Constitution should be passed. I know that a Twenty-Eighth Amendment to the United States Constitution would have huge political implications beyond e-discovery, international comity, and employee rights. Privacy rights underlie some of the most controversial issues of our day, including abortion, gay marriage, pornography, assisted suicide, and the de-criminalization of drug use. Still, I think we as a society should at least start talking about it, rather than continue to muddle through with vague laws subject to so much political manipulation and court stacking.
The other Losey who is writing on this general subject takes a different, more conservative view. “Clicking Away Confidentiality,” supra. Adam in his conclusion suggests that a more gradual approach may ultimately rectify the imbalance in employee privacy rights between the U.S. and the rest of the world:
[I]t is possible that employee privacy rights in the United States will broaden over time to the point that workplace waiver is no longer an issue. Most countries outside the United States offer significantly more privacy rights for employees, and the United States may eventually fall into line with the rest of the world and legislatively establish broader privacy rights for employees in the workplace.
The impetus behind this broadening of employee privacy rights may come from upper level management, and other control group employees. Control group employees are often responsible for making decisions regarding employee privacy and employee surveillence, and yet they themselves are employees. Thus, there is a strong incentive for the employee-authors of employee policy manuals to broaden employee privacy rights per the employer’s policies.
These are good insights into corporate culture. I admit that greater privacy rights for employees are probably more likely to come to pass in this manner, than by my fantasy of a new constitutional amendment. After all, the email of senior management is the number one target of every plaintiff’s fishing expedition.
In addition to strengthening privacy rights, a solution to the international e-discovery conundrum requires a significant tightening of our relevancy standards. We need to move away from our current vague standard. It is ideally calculated for intrusive, over-broad document requests and often results in wildly inconsistent interpretations on permissible discovery. We should, instead, only allow discovery of directly relevant information. Moreover, before we start reading emails and other private communications, there should be some kind of good cause showing.
Finally, I think we should start to move slightly towards the European, Civil Code system of discovery, where the judges are far more active and tightly control discovery. I am not suggesting we abandon discovery altogether and adopt the Civil Code system, but I am suggesting a more active bench and better policing of over-reaching discovery abuses. Simply asking counsel to act like professionals and work things out, which is the typical reaction of most judges today on discovery issues, is a non-solution that has been failing for years.
I recognize that our judiciary is now over-worked and under-staffed and is thus unable to take on the kind of active role needed to curb these abuses. So I couple this suggestion with a plea for more judges and much higher pay. Also, I would suggest a move away from elected judges in our state systems. We should instead follow the German system where the best and the brightest are routinely recruited right out of law school into a judicial track.
Ken Withers, Director of Judicial Education and Content of The Sedona Conference, discussed some of these issues with me via email, which he has graciously allowed me to quote:
As we said in the Webinar, recent events in the US may move us towards a more European view of privacy that might result in restrictions on the scope of some discovery or lead to greater involvement of the judge in controlling discovery. At the same time, at least in the UK, the strict and overbroad definitions of “personal data” and “processing” may be giving way to a more practical approach that recognizes the need to have some reasonable methods for moving data, while protecting core privacy interests.
The problem in the US is the solution. A much greater role for the managerial judge in narrowing the scope of discovery, as proposed in the Economist article, would mean a complete revamping of our judicial system. Judges simply could not continue to have caseloads between 400 (considered light) to 1000 or more cases (in our border districts) and dramatically increase their personal involvement in civil discovery. We have “party driven” discovery in part because we have a judicial system that is incredibly thin on resources. The inquisitor/case manager model of the European courts requires a large number of judges with specialties, compared to the small number of generalists who cannot afford to get into the details of the case.
The Economist article Ken refers to here is called The Big Data Dump. It reviews the problems the U.S. is experiencing with e-discovery and suggests that the solution lies in a move towards the Civil Law inquisitorial approach where the amount of e-discovery allowed would be tightly controlled. The article also claims that the U.K. and other common law countries are already well along in that direction.
I don’t know what is more unlikely, hiring many more judges and raising their pay so as to follow the inquisitorial approach, or a privacy amendment to the Constitution. Both seem like a long shot right now.
The best temporary fix may be a voluntary strengthening of privacy rights by employers, as Adam suggests, coupled by a revision to the federal and state procedural rules to tighten discovery. For instance, the scope of e-discovery could be limited to relevance, and a showing of good cause could be required before an employee’s email, instant messages, etc., are read without their consent. Congress could also enact legislation short of amending the Constitution which addresses these issues. I would start by providing much stronger privacy protections to all email and other electronic communications and criminalize its seizure and disclosure without all parties’ consent. The only exception should be a court order after a showing of good cause. This should not only apply to restrain the government from secret eavesdropping, but also to restrain parties in litigation from excessive discovery.
Are Government Employee Emails Always a Public Record?
Are all emails stored on government computers automatically “public records” subject to disclosure under state and federal Freedom of Information Acts (“FOIA”)? In a sharply divided opinion, the Arkansas Supreme Court said no. Pulaski County v. Arkansas Democrat-Gazette, Inc., No.07-669 (Ark., July 20, 2007). The majority held that it all depends upon the content of the email, not its location in a government computer. Some emails written and received by government employees are personal in nature, and have no “substantial nexus” with government activities. For that reason, they are not considered “public records” and thus are not subject to disclosure under FOIA.
In this case, a newspaper requested all emails from a management employee of the county who had recently been arrested and accused of embezzling $42,000. Before his arrest, and the FOIA request, the employee deleted many of his emails. Deleted, but not fully erased, and certainly not gone. A computer tech for the county was able to restore them. The county then produced most of his emails, but withheld others that were “of a highly personal and private nature.” They were emails to and from a woman with whom the accused manager was having an extramarital affair. This “other woman” also happened to work for a company who was a vendor of the county.
The newspaper naturally wanted to see these emails, and argued they must be presumed to be public records because they were written by a government employee during working hours on government computers, and were located and maintained on government computers. The trial court agreed and held that:
Because the emails at issue are maintained in a public office and are maintained by public employees within the scope of their employment, they are presumed to be public records according to the Freedom of Information Act.
Based on the facts before this Court, the emails at issue are public records because they involve a business relationship of the County and are a record of the performance or lack of performance of official functions by Ron Quillin during the times when he was an employee of Pulaski County.
The county, and the girlfriend who intervened in the suit as “Jane Doe”, asked the court to look at the withheld emails in camera. They wanted the judge to determine whether the emails in fact pertained to county business, as he presumed, or were instead just “monkey business” with no relevance to any kind of county activities, legal or illegal. The judge declined to do so, and entered an injunction giving the county 24 hours to turn over the emails to the newspaper. The county and Jane Doe immediately appealed.
The Arkansas Supreme Court reversed and remanded the case back for the judge to read the letters in camera. The appeals court noted that since the trial court had declined to review the emails, they were not in the record, and so it was impossible to “discern whether some emails at issue were purely business emails while other emails were purely personal in nature.” The Arkansas Supreme Court held that:
[I]n this particular case, it is necessary to conduct an in camera review of the e-mails to discern whether these e-mails relate solely to personal matters or whether they reflect a substantial nexus with Pulaski County’s activities, thereby classifying them as public records. See Griffis, supra. Both parties agree that the definition of “public records” is content-driven. The only way to determine the content of the e-mails is to examine them. In this case, no court has reviewed the e-mails at issue. Absent such a review, we have no record on which we can determine the nature and content of the requested documents.
Rather than relying on Pulaski County or Appellee to make the determination of whether the documents are public, it is necessary to have a neutral court make this decision. See Griffis, supra. Accordingly, we remand this case to the circuit court with instruction to conduct an in camera review to determine if these e-mails “constitute a record of the performance of official functions that are or should be carried out by a public official or employee” thereby making them “public records” pursuant to the FOIA. We ask the circuit court to address this matter forthwith.
The majority decision followed other courts around the country that use content-driven analysis to determine when a document is a public record for purposes of FOIA type laws, both state and federal. State v. City of Clearwater, 863 So.2d 149, 154 (Fla. 2003) (A case involving personal emails where the Florida Supreme Court held that it is absurd to classify household bills or notes about personal conversations as public records simply because they are located in a government office); Denver Publ’g Co. v. Bd. of County Comm’rs, 121 P.3d 190 (Co. 2005) (A case involving sexually explicit and romantic emails where the Colorado Supreme Court held that “[a]n analysis of the messages based solely on the context in which they were created, without an explanation of the content of the messages, is insufficient to determine whether the messages are public records”); Griffis v. Pinal County , 215 Ariz. 1, 152 P.3d 418 at 421-22 (Az.2007) (The Arizona Supreme Court held that it was absurd to apply FOIA to all email, even private email, just because it is in government computers; purpose of FOIA is to “open government activity to public scrutiny, not to disclose information about private citizens.”); Bureau of Nat’l Affairs, Inc. v. United States Dep’t of Justice, 742 F.2d 1484, 1486 (D.C.Cir.1984) (personal appointment materials, such as calendars and daily agendas, are not agency records under the FOIA).
The newspaper and three justices of the Arkansas Supreme Court did not agree with this result. They thought the emails must be presumed to be public records, as in the words of dissenting Justice Tom Glaze:
[T]he personal and professional relationship between Quillin and Doe may have affected or influenced Quillin’s performance and his expenditures of county funds, the communications between them constitute a record of the performance or lack of performance of official functions carried out by a public official or employee.
Under the plain language of the statute, Quillin’s emails were presumed public records, because information is not exempt from the FOIA unless specifically exempted under the Act or some other statute.
Because the records at issue are plainly public records, and neither the County nor Doe has rebutted the statutory presumption compelling that result, remanding the matter for an in camera examination is unwarranted and a complete waste of time. The majority’s position unnecessarily prolongs the process and increases the expenses of a FOIA request, and in so doing needlessly infringes upon a citizen’s right to obtain public records. The Freedom of Information Act simply does not require an in camera inspection in these circumstances, and instructing the lower court to perform such a review thwarts the rights of Arkansas’s citizens to access records that, simply stated, should be public.
The minority dissenters were not concerned with the privacy rights of “Jane Doe” as to the deleted emails forensically restored from her lover’s computer. They apparently felt her rights were outweighed by the public’s right to know, and the newspaper’s right to sell sensational stories of the romantic life of county employees accused of theft. Besides, dissenting Justice Annabelle Imber reasoned that all of these emails would eventually be made public anyway in the subsequent prosecution of the accused.
Clicking Away Confidentiality
A University of Florida law review article on employee confidentiality provides a good introduction to this subject. Adam C. Losey, Clicking Away Confidentiality: Workplace Waiver of Attorney-Client Privilege, 60 Fla. L. Rev. 1179, (Dec. 2008). Adam’s article is concerned with the hot topic of when an employee’s use of their employer’s computers to communicate with an attorney should result in a waiver of their attorney-client privilege. Learned judges around the country have struggled with this question and have come up with answers that vary widely. The state of the law of workplace waiver is murky at best. As a consequence, employees and employers alike cannot predict if employee email communications to lawyers are privileged.
This article proposes a solution to the workplace waiver quandary by use of a presumption. This idea was suggested to Adam by Professor Walter Weyrauch. Professor Weyrauch held a J.S.D. in law from Yale (equivalent of a Ph.D.) and taught at the University of Florida for over fifty-one years. He was my favorite law professor at UF in the late 1970s, at which time he had already been teaching at U.F. for over twenty years, and so it was quite amazing that he also taught my son some thirty years later. Shortly after advising Adam on the finer points of presumptions, Professor Weyrauch passed away on October 17, 2008. His insights and intellect will be sorely missed by the students, faculty, and alumnus of the University of Florida.
The Meat of Clicking Away Confidentiality
The article is 24 pages in length with 162 footnotes. Like most law review articles, it is written in a scholarly style, but also has wit and dry humor. For instance, the article begins with a factual scenario drawn directly from a New York Times article interviewing a woman named Barbara Hall. Ms. Hall describes her constant emails to her daughters while at work as “[i]n the grand tradition of Chekhov, or perhaps ‘Days of Our Lives,’ . . . .”.
I will not reveal the details of the proposed solution to this problem, suffice it to say that it involves the application of a rebuttable presumption concerning whether the privilege has been waived. The presumption is triggered by proof of certain basic facts and circumstances concerning the workplace and employer policies.
Here are a few quotes from the article that I found particularly interesting. Students should, of course, carefully study the entire article, including footnotes. The first quote of interest is from the introduction explaining the premise and scope of the article
While an estimated 90% of companies that monitor employee communications notify their employees about the possibility of monitoring, many employees are oblivious to the fact that a permanent record may exist of their Internet and e-mail use at work. This ignorance has resulted in serious consequences for employee litigants. At risk are the communications between attorney and client that have been extended special legal protections throughout history. This Note discusses workplace monitoring of these privileged communications. (footnotes omitted)
Part II points out the growing and unspoken abandonment of traditional approaches in these non-traditional cases. Part III describes the hodgepodge of emerging case law on the subject. Part IV attempts to identify the underlying source of difficulty in these abstruse cases. Part V teases the logically pertinent variables out of existing case law, and uses these variables as building blocks to construct a workplace waiver presumption. Finally, Part VI advocates the universal adoption of this workplace waiver presumption.
In these workplace waiver cases, a schism is quietly developing. Some courts are discreetly (and perhaps inadvertently) abandoning the traditionally accepted narrow interpretation of attorney-client privilege in favor of a broad protective approach on public policy grounds. Others continue to adhere to traditional doctrine. A clash between these two schools of thought may be inevitable. The universal application of a rebuttable presumption that an employee has waived attorney-client privilege could avert a direct collision between these two schools of thought and establish a semblance of predictability in workplace waiver cases.
Here are the final two closing paragraphs of the article.
Courts can and should distill existing case law to determine the logically pertinent factual variables in workplace waiver cases, but a jurisprudential clash may be inevitable. Courts that have adopted the broad (modern) approach to attorney-client privilege, and those that have held fast to Wigmore’s narrow (traditional) interpretation are on a collision path.
The application of the workplace waiver presumption, described in this Note, is the best way to avert a direct collision between these two schools of thought and to achieve a semblance of predictability in these cases. Adherents to both the modern and traditional approaches would be able to use this presumption without compromising their viewpoints. This presumption would give courts a workable, flexible rubric that would prove invaluable in working through workplace waiver issues. It is clear that the adoption of the workplace waiver presumption is the logical first step in the development of workplace waiver jurisprudence.
Adam C. Losey, Clicking Away Confidentiality: Workplace Waiver of Attorney-Client Privilege, 60 Fla. L. Rev. 1179, (Dec. 2008).
SUPPLEMENTAL READING: This class does not have current information on developments in the last few years. This is background reading only. You should search for updates if you are interested in this area of law. There are many of other good resources.
EXERCISE: Find a new opinion issued after Christopher X by a foreign court related to U.S. e-discovery and privacy right. Find another by a U.S. Court disregarding the privacy laws of the foreign country to compel discovery. In general you will need to update your information in this area.
Discretionary Bonus Exercise: Try to find a U.S. case where the privacy laws of another country were the grounds for preventing discovery in a U.S. court.
Students are invited to leave a public comment below. Insights that might help other students are especially welcome. Let’s collaborate!
Copyright Ralph Losey 2015