Want more than just blog posts? Login or Sign up for a free acount and get research, videos, slide decks and more! Join the online social network for Enterprise Mobility.
Home > Hot Enterprise Mobility Topics > Corporate Liable Devices > The Fourth Amendment’s Role in Enterprise Mobility: Why Policies Matter
Apr152010
4 Comments

The Fourth Amendment’s Role in Enterprise Mobility: Why Policies Matter

Philippe Winthrop

I got an early start to the day today.  While I am typically a morning person, I had to take some family members to the airport this morning for an early flight.  At 6am, the usual eight minute trip to the airport was done in five.  I love living so close to the airport.  When I got home, I started my daily routine.  Make a huge pot of rocket fuel (a.k.a. coffee), turn on computer, fire up Outlook and turn on the radio.   As I was checking my email and reading up on world affairs, an interesting story came up on National Public Radio.  I’ll admit it, I’m a NPR junkie.  The first sentence of the article says it all:

“Next week the U.S. Supreme Court takes up a question near and dear to digitally proficient texters: whether their personal messages are private when transmitted over an electronic device supplied by an employer.”

We in the world of enterprise mobility can now say we have reached the main stream of society.  The United States Supreme Court will be hearing a trial on the (in)appropriate personal use of corporate liable devices.  Wow.  I know I’ll be following “City of Ontario v. Quon.”  You also have to wonder how many of the Supreme Court Justices actually send SMS or MMS…

Here’s an interesting out-take from the article.

A federal appeals court ruled that the department had violated the texters’ reasonable expectation of privacy because a supervisor had led the officers to believe that they could use their pagers privately, for personal use.

Now my initial reaction was “Where was the documented policy around mobile device use?”  However, earlier in the article, you can read:

When the Ontario, Calif., police department issued pagers to its SWAT team, the lieutenant in charge first told team members that the pagers would be covered like computer e-mail — in short, that there was a no-privacy rule.

And later…

The department then asked the pager service to provide transcripts, and a review showed that the biggest texter, Sgt. Jeff Quon, had exchanged hundreds of sexually explicit messages with his estranged wife, his girlfriend and a fellow SWAT officer.

Quon paid for those messages, but he was subsequently reprimanded for using the pager for personal purposes on the job, and for using obscene language on the pager — a violation of department rules.

After that, Quon and three people with whom he had exchanged e-mails sued the department for violating their privacy.

So what lesson can we learn here?  Document your mobility policy. This is in my mind, the crux of the IL/CL debate (even if this is all about CL devices).  Your mobility strategy must be holistic and must include a documented and regularly updated policy on what can and cannot be done by your employees.  This is not a document that should gather dust in a filing cabinet, but must instead be a living, breathing document that can be found with all your other HR (you heard me) documents.  The mobility policy document must be something that is created by a steering committee that includes your Senior Management, HR, Finance and Legal, as well as your IT departments.

However, the case does get interesting.

The constitutional nub of the case is the Fourth Amendment ban on unreasonable searches, and whether this sort of text monitoring violates the privacy rights of government employees. [...] Dieter Dammeier, who represents the texters, argues that without an explicit policy that covered pagers — which the police department did not have — this kind of monitoring is unreasonable. [...] Rebutting that argument, the police department’s lawyer, Kent Richland, contends that anyone communicating via police department equipment — whether sending out messages, receiving messages or sending back messages — should assume that nothing is private.

And the final words are what matter most.  “Assume.”  There’s a bad joke about that word that I won’t reference, but the point being, this entire matter would probably not be coming up to the Supreme Court had there been a defined policy that left no room for assumptions.

So do yourself a favor and go find that policy document and dust it off and make sure your entire staff is aware of it, understands it, and understands the repurcussions of violating any of the terms in that document.  Do you need help creating a policy?  Here’s one for you.

2 Comments

  1. David Schofield
    Posted May 5, 2010 at 15:15 | Permalink

    So here is a scenario. You send a personal message to a personal email. The owner of the receiving box(#2) checks the personal email via his/her corporate owned mobile device be it a handheld or a laptop. Since anything viewed resides on the network server and the device, if the company looks at the cache of #2 and reads the email from the personal account viewed from the corporate device are the privacy rights of the sender who is not a corporate employee violated?
    Case in point. A friend lost 3 sales team members in one day. The friend asked me what could be done, they had confiscated their laptops. I suggested he go fishing with forensics. What his expert found was cached (but thought to be deleted) emails from personal accounts on the corporate laptop that showed the former reps communicating with the competitor they went to. The emails also indicated that the reps negotiated their deals via personal email but viewed on the corporate laptop. Hmmmm… corporate espionage?
    If it were an inappropriate picture sent to a personal email but viewed by #2 on the corporate device is the sender being violated? Does the sender have an expectation that the trust and relationship with the receiver will not be violated by a third party if a law has not been broken?
    What the SCOTUS decides will impact every company, and we could end up with privacy laws similar to the EU where the corporation does not see any detail of the use of the corporate device in most cases.

    Thumb up 0 Thumb down 0

  2. Philippe Winthrop
    Posted May 7, 2010 at 15:03 | Permalink

    David – The issue you bring up is a very real one and I agree that it will ultimately be up to the Supreme Court to decide how this should be treated. It’s obviously a dicey question. Until that time, I encourage everyone to only do things that should they be discovered, would not embarrass their mother…

    Thumb up 0 Thumb down 0

2 Trackbacks

  1. By What rights do employees have to privacy on company/organization owned devices? :: ApertoNOW on September 16, 2010 at 18:16

    [...] few months ago, I shared with you a storyI heard on National Public Radio about a Supreme Court case regarding a police officer who sued the [...]

    Thumb up 0 Thumb down 0

  2. By The US Supreme Court Has Spoken on Enterprise Mobility | The Enterprise Mobility Forum on February 23, 2012 at 10:56

    [...] few months ago, I shared with you a story I heard on National Public Radio about a Supreme Court case regarding a police officer who sued the [...]

    Thumb up 0 Thumb down 0

Post a Comment

You must be logged in to post a comment.