A New York court has dismissed a criminal complaint brought against an employer who secretly accessed an employee’s personal email account. In People v. Klapper, an employee reported that his employer, a doctor, surreptitiously installed keystroke tracking software on his computer; obtained the password for the employee’s personal email account; and then accessed and printed out documents from that account. The prosecutor’s office charged the employer with Unauthorized Use of a Computer, a misdemeanor under section 156.05 of the New York Penal Law.
The employer asked the court to dismiss the complaint. The employer argued that his access was authorized and that the employee did not have an expectation of privacy in his private email accessed through a work computer owned by the defendant.
The court agreed with the employer and dismissed the complaint. The court said that to support a charge under sec. 156.05, the prosecutor’s complaint must allege facts demonstrating that the defendant ”knowingly used or accessed a computer … without authorization.” The court held that the employer access in this case was not “without authorization” as required by sec. 156.05. There was no allegation, said the court, that the defendant “had knowledge or actual notice that the particular access was prohibited,” or that the defendant ”circumvented some security device” installed by the employee.
Emails are not like postal letters, said the court. To the contrary, ”emails are more akin to a postcard as ”they are less secure and can easily be viewed by a passerby.” The opinion also notes that “the concept of internet privacy is a fallacy upon which no one should rely.”
While this court’s reasoning seems to us contrary to emerging privacy norms and has been questioned, whether there is an expectation of privacy in emails remains a hot topic. We will keep an eye out for further developments.
People v. Klapper, 2010 WL 1704796 (Crim. Ct. N.Y. City, Apr. 28, 2010)