Qualified Immunity Shields Employer From Liability For Illegal Dropbox Search

Written on 06/10/2022
Will Aitchison

Steven Bowers was a sergeant for the Taylor County Sheriff’s Department in Wisconsin. In 2017, the Department started working with a television show called Cold Justice, a true-crime series that investigated unsolved crimes. The Department gave the crew members access to one case file, but Bowers began sharing other case files with them, even though he did not have permission to do so.

After Bowers admitted what he had done, Sheriff Bruce Daniels directed IT Director Melissa Lind to access Bow­ers’ Dropbox account, where Daniels believed that Bowers had stored the files. Lind was able to do so because the Dropbox account was linked to Bowers’ work email. Lind changed Bowers’s ac­count password, accessed the account, and found the case files.

Bowers sued, contending Daniels and Lind violated the Fourth Amend­ment by failing to obtain a warrant before changing his password and accessing his account. He claimed dam­ages for ‘mental suffering, anguish, fear, humiliation, loss of personal freedom, and expenses.’

A federal trial court dismissed Bow­ers’ lawsuit. The Court began by noting that “the general rule is that a warrant is required for searches of private property. But there are more lenient standards involving some searches conducted by government employers. The Dropbox account was Bowers’s personal account, and it wasn’t stored on county servers, factors tending to support Bowers’s contention that a warrant was required. But other factors point the other way, in­cluding that Bowers linked the account to his work email and he placed work files taken from a work computer into the account. The account was password protected, but Bowers had shared access with several others.

“The question for Bowers’s claim isn’t whether he had a general expec­tation of privacy in his Dropbox ac­count, but whether he had a reasonable expectation of privacy specifically from intrusions by his employer. A difficulty for Bowers is that his claim arises out of the intersection of two areas of law that are largely unsettled: (1) a government employee’s expectation of privacy from his employer; and (2) an individual’s expectation of privacy in electronic data. The Supreme Court has decided only a few cases on either issue.

O’Connor v. Ortega established that the Fourth Amendment applies to gov­ernment employers, and the Court held that a public employee had a reasonable expectation of privacy in the contents of his office desk and file cabinets. But that holding was highly fact-specific, relying on several facts: the employee did not share his desk or file cabinets with any other employees; he had been the sole occupant of the office for 17 years; only the employee’s personal doc­uments were found inside the desk and cabinets; and the employer didn’t have a policy that discouraged employees from storing personal items in their desks and cabinets. The Court expressly declined to articulate a clear, general rule for determining a government employee’s reasonable expectation of privacy.

“The Court’s cases regarding elec­tronic privacy outside the workplace provide little additional guidance. The parties discuss two cases, Riley v. Cal­ifornia and Carpenter v. United States. In Riley, the Court held that police can’t search the contents of a cell phone under the doctrine that allows searches of some physical objects at the time a suspect is arrested. The Court concluded that cell phones aren’t comparable to most phys­ical objects because cell phones contain ‘vast quantities of personal information’ and allow the user to access even more personal information stored on the cloud. In Carpenter v. United States, the Court considered whether cell phone users have a reasonable expectation of privacy in their location information even though such information can be accessed by the wireless carrier. Riley and Carpenter show that the Court is concerned with protecting electronic privacy but also that the Court is proceeding cautiously and on a case-by-case basis rather than establishing bright-line rules.

“Bowers did take some steps to keep the account private from defendants. Linking the account to his work email blurs the boundary between his work and private spaces, but the County’s IT policy says nothing about monitoring private accounts that are linked to work email. In the absence of a clearer notice from the County, Bowers was entitled to assume that a private account was private. As for sharing the account with the TV crew members and a friend, that doesn’t mean that Bowers was inviting anyone to view his account. By way of comparison, homeowners don’t forfeit a reasonable expectation of privacy against intrusions by the police if they invite friends to stay with them.

“But whatever the limitations of defendants’ authority, Bowers cannot prevail by showing that defendants have failed to disprove his claim. It is his burden to show that the law was clearly established. And the bottom line is that Bowers hasn’t cited Supreme Court or Seventh Circuit law clearly establishing that he retained a reasonable expectation of privacy against intrusions by the County despite his linking the account to his work email, putting confidential work files from a work computer in the account, and sharing access to the account with others. The precedential authority he relies on provide the general principles that provide the foundation for his claim. But that case law doesn’t show that the contours of the law were so well-defined that it would be clear to a reasonable officer in defendants’ position that Bowers had a reasonable expectation in keeping his Dropbox account private from the County. In the absence of such a showing, defendants are entitled to summary judgment on the basis of qualified immunity.”

Bowers v. County of Taylor, 2022 WL 1121376 (E.D. Wisc. 2022).

The post Qualified Immunity Shields Employer From Liability For Illegal Dropbox Search appeared first on Labor Relations Information System.