Commonplace IT Functions Raise the Risk of Federal Wiretap Act Liability Under Recent Seventh Circuit Decision

Even if your organization already has revised its electronic resources policy — as prior blog posts Email button on laptopsuggest — to address personal e-mail accounts in light of the New Jersey Supreme Court’s decision in Stengart v. Loving Care Agency and to address text messages in light of the U.S. Supreme Court’s decision in Quon v. City of Ontario, you still should consider revisiting that policy yet again in light of the U.S. Court of Appeals for the Seventh Circuit’s decision on September 9, 2010, in United States v. Szymuszkiewicz (pdf). The court’s decision affirmed the criminal conviction for Federal Wiretap Act violations of an IRS agent who, unbeknownst to his supervisor, activated the supervisor’s Microsoft Outlook autoforwarding feature. As a result, duplicates of the supervisor’s e-mail were automatically forwarded to the IRS agent without the supervisor’s knowledge or consent. The IRS agent received a sentence of eighteen months probation.

The Seventh Circuit’s decision turned principally on whether “auto forwarding” e-mail constitutes an “interception” as defined by the Federal Wiretap Act. The court answered that question in the affirmative because the auto forwarding permitted the IRS agent to obtain the content of e-mail stored in his supervisor’s e-mail inbox.

For employers, the court’s decision highlights the risk of Federal Wiretap Act liability arising from commonplace IT functions. Corporate IT departments routinely activate “auto forwarding” after an employee has left an organization so that a supervisor or co-worker can promptly respond to e-mail intended for the former employee. It also is not uncommon for corporate IT departments to rely on “e-mail journaling” to create a duplicate set of out-going and incoming e-mail for archival purposes. Journaling essentially functions the same as auto forwarding except that the duplicate e-mail content is stored on a server for possible future retrieval rather than being transmitted directly to a third party’s e-mail inbox.

Even if the IT department activates these features (which are standard-issue for Microsoft Outlook) for legitimate business purposes, the employer remains at risk of civil liability under the Federal Wiretap Act. The Act’s damages provision is plaintiff-friendly, permitting recovery of $10,000 in statutory damages without proof of actual harm, $100 per day of violation, or actual damages, whichever is greatest, plus attorneys fees and costs. If auto forwarding or e-mail journaling is activated on an enterprisewide basis, the potential exposure could be substantial.

Because consent to an interception by one party to a communication is a defense to liability under the Federal Wiretap Act, employers can reduce the risk of harm by providing employees with notice of the IT processes that constitute an interception and obtaining their express or implied consent. The notice could take the form of language in the employer’s electronic resources policy. In that case, the policy should unambiguously explain the nature and scope of the interception, and the policy should be distributed in a way that permits the employer to prove receipt. In addition, it is critical that representatives of the IT Department, human resources professionals, and in-house counsel communicate when autoforwarding or e-mail journaling is implemented so that employees’ consent can be obtained.

Significantly, in the course of reaching its decision, the Seventh Circuit rejected decisions of the Third, Fifth, Ninth and Eleventh Circuits holding that an actionable “interception” occurs only when the content of an electronic communication is acquired contemporaneously with transmission. This seemingly academic distinction has potentially significant implications for employers. To illustrate its interpretation of the Act in this regard, the appellate court explained that listening to voicemail without the consent of the sender or recipient would constitute an unlawful interception even if the third-party listener (e.g., a member of the HR department) did not hear the recorded message simultaneously with its being left for the intended recipient. While this aspect of the opinion appears to be non-binding dicta, organizations with employees in states within the Seventh Circuit — Indiana, Illinois, and Wisconsin — should, nonetheless, consider obtaining consent to review employees’ voicemail through their electronic resources policy as described above.

This entry was written by Philip L. Gordon.

Photo credit: Pgiam

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.