Electronic Mail and the growth of the Internet becoming a popular medium of communication amongst the society.

By Dilrukshi Dias Wickramasinghe*


With the exponential growth of the Internet, e-mail1 has become a popular medium of communication amongst students, family circles, business communities, government agencies and other similar institutions. It has become an essential tool in the work place because of its cost effectiveness, increase of productivity and efficiency.

Monitoring of e-mail by employers has gained importance during the past decade with the growth of its usage. On the one hand, employers justify monitoring as a method of verifying work performance, efficiency, productivity, preventing theft, fraud and other illegal conduct of their employees. A survey carried out by the American Management Association indicates that in early 1999 nearly 30 percent of companies monitored the e-mail of their employees.2 On the other hand, employees consider their e-mail to be private and its monitoring to be an invasion of their privacy

This paper discusses the employer’s right to monitor the e-mail of its employees and the remedies that are available for employers to prevent any legal suits of vicarious liability on the basis of their employees’ actions. The paper also discusses the techniques that could be used by employees to minimise the monitoring of their e-mails by their employers and the current status of the law in Sri Lanka in respect of the right to privacy by individuals.

What is Electronic mail? Technology

E-mail is a medium used to transmit information electronically from one computer to another, via a network. “These networks of e-mail systems, when connected, operate as one large system, allowing users to send e-mail to any other user connected to the system, regardless of the specific e-mail system used by the recipient. Sending or receiving e-mail through the Internet occurs one of two ways. A direct connection allows the computer of the sender and the computer of the receiver to interact directly. Although somewhat less reliable than direct connection, most e-mail travels indirectly from one computer to another until it reaches the recipients computer. With both methods, the computers communicate using simple mail transfer protocol (SMTP) to transfer mail from one host to another. The store-and-forward method sends the entire message to the nearest

LLM (Monash), Senior State Counsel.

1 Electronic mail.

2 Mark S. Dichter and Michael S. Burkhardt. “Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age”,(1999) http://www.morganlewis.com/art61499.htmffN 5

intermediate station where it is copied into the secure memory of that station, or computer. Once the entire message is received and stored, the intermediate station sends a message back to the originating computer that the e-mail was successfully received. This cycle repeats itself, sending the message to the next nearest intermediate station, until the message finally arrives at the recipient’s computer. Routing refers to the direction a message travels on its way to the recipient and which intermediate stations it gets forwarded to along the way. Generally, messages travel the most efficient route between sender and receiver computers”.3

E-mails become vulnerable to prying eyes because of the way in which it moves through the Internet. When a mail is received in Microsoft’s Outlook Express or in the Qualcomm’s Eudora Pro program ‘IN BOX’ the user has an ability to organise the mail, delete any unwanted messages, forward them to friends or just reply the sender within minutes. This ability gives the user a sense of control over its correspondence4. However, no sooner the message is sent to the OUT BOX of the e-mail account it attracts snooping eyes. ‘E-mail follows a routing process similar to the postal system only without the added protection of a sealed envelop. Each stop along the way offers an opportunity for prying eyes’ .

Pitfalls and Risks

Users often use e-mail in the belief that only the intended recipient can access their communication. As observed by Negrino6 “e-mail is about as private as undressing with your curtains open. You may think that you are having a private moment, but the reality is different”. With the development of many monitoring software, reading an employee’s e-mail from a different computer terminal, without the consent or the knowledge of the employee is technologically possible and has been regularly practiced by many employers during the past decade7. Monitoring the e-mail of employees has also been approved in many courts in the USA. Apart from the employer, modern monitoring software also facilitates the hacker, the ISP’s mail administrator or a co-worker to intercept and read e-mail.

The monitoring software also permits the simple monitoring of the frequency of e-mail and Internet use by the employees, thereby permitting the employers to know the length of time spent by their employees online. Monitoring software can also be used to scan messages for keywords such as ‘sex’ or ‘resume’ thereby permitting the employers to track employee’s surfing habits. The ‘investigator’, a monitoring software introduced by the WinWhatWhere Corporation has the ability to monitor all activities of the user of a

3 Heidi Van Doren, “Gaining Confidence: E-mail & the Attorney-Client Privilege”, (January 1999) University of Kansas School of Law. http://www.ukans.edU/~cybermom/CLJ/N 1

4 Tom Negrino, “Protect Your E-mail

http://www.macworld.com/2000/07 /features/email

5 id.

6 id.

7 EPIC, “Many companies fail to protect confidential employee data” Washington DC, (April 22 1996)The article could be found at http://www.epic.org/privacy/workplace/linowesPR.html.>

8 id

computer, which includes opening windows, and posting items in chat rooms and then sending an activity report to your employer-tracker.

If an employee takes the liberty of using the email system provided by the employer to post messages to discussion groups, the employer also has the ability to read all the comments that have been made to these discussion groups. Deja.com10 archives every posting to Internet news groups. By using the name or the e-mail address as parameters, an employer can conveniently read all the postings made by an employee to these groups. There are many other ways in which mail could be read apart from using software to monitor e-mail. The most convenient would be to sit at the employee’s desk in his/her absence and scroll through the e-mail program. Most of the e-mail programs in the current market place require passwords only to download the new mail. Therefore one could easily read the mail by just opening your Outlook Express, Eudora Pro, etc. The worst of all is that even the deleted messages could be easily read if they are not cleared from trash. Even after the copy is deleted from trash, a copy of the message remains in the hard drive of the computer. This copy disappears from the Electronic ether without any trail only after other files overwrite it.

Monitoring of e-mail communications made on a employer’s mail system

To enhance the efficiency in work places most employers have provided their employees with desktop computers connected to an area network. Most of these employers also permit their employees to ‘password protect’ their computers either providing them with passwords or permitting them to choose their own. This leads to the misconceived belief by employees that all communications made by them using the employers e-mail system is private. Often the employee uses the workplace e-mail system in a manner akin to making a telephone call, believing that the e-mails are free from intrusion.

The employers’ right to monitor e-mail of their employees has been acknowledge and approved in a number of courts in the USA. In Bonota P Bourke et al v. Nissan Motor Corporation in USA11

9 Barbara Weil Gall, “Company E-mail and Internet Policies’ http://www.gigalawxom/artic!cs/gall-2000-0l-pl.html

10 All posting made to the Internet is archived in this site and a search could be done using the name or the e-mail address as parameters.

11 No. BO68705 (Cal.Ct. App. July 26, 1993) (unreported decision).

12 The California State Constitution recognises the right to privacy in the constitution as oppose the USA Federal Constitution.

In this case, one of the Plaintiff’s co-workers Lori Eaton was demonstrating at a training session the usage of e- mail, and randomly selected a message sent by Bourke to an employee of the dealership. It was found that Bourke’s e-mail was of a personal, sexual nature and not business related. Consequent to Eaton’s complaint, the management reviewed the e-mail messages of all their employees and found a number of personal and sexual messages belonging to Bourke and Hall. At the trial, Nissan maintained that the plaintiffs did not have a ‘reasonable expectation of privacy in their e-mail messages due to the following undisputed facts.

1. Plaintiffs each signed a Computer User Registration Form, which states that “It is company policy that the employees and contractors restrict their use of company owned computer hardware and software to company business.”

2. In November/ December 1989 more than a year before termination of Hall’s employment she learnt from other employees that individuals other than the intended recipient read her e-mail messages and she relayed this information to Bourke in March 1990.

3. In June 1990, a full six months before Bourke’s termination, a fellow employee, Lori Eaton complained to Bourke about the personal, sexual nature of her e-mail messages, which Eaton retrieved at the demonstrations.

Countering the above argument the plaintiffs maintained that they in fact had an expectation of privacy because they were given passwords to access the computer system and were told to safeguard their passwords. The courts rejecting this argument, held that while the plaintiffs’ statements that they believed that their e-mail messages would remain private was an issue of the Plaintiffs’ subjective understanding, and therefore their expectation of privacy were not objectively reasonable.

Another legal issue that was determined in this case was whether the employer violated any wiretapping13 and eavesdropping statutes. The courts concluded that the wiretapping law does not apply to this case as “(i) there is no allegation that Nissan ‘tapped’ into its own telephone lines, and indeed there would be no need to do so since, being the system operator, Nissan had access to the network without resort to a telephone tapping (ii) likewise as the owner and operator of the system, Nissan’s connection to the telephone lines or cable which connected the system would necessarily be authorised and (iii) Nissan did not access the messages during transmission. Rather, the messages were retrieved from an electronic storage device and printed so that they could be read. Nissan’s actions in retrieving, printing and reading plaintiff’s e-mail messages simply are

13 Penal Code section 631 prohibits a person from “intentionally tap[ping], or mak [ing] any unauthorised connection …with any telegraph or telephone wire, line, cable or instrument,….or read[ing] or attempt[ing] to read, or to learn the contents of any message, report, or communication while the same is in transit or passing over any wire, line or

cable …”

not included within the actions proscribed by Penal Code section 63114. The judges in this case specially noted that, “While the plaintiffs may argue that the law is outdated, judges are not authorised to amend the Statutes even to bring them up-to-date.” l5 In the case of Steve Jackson Games, Inc. v. United States Secret Service16 the courts held that e-mail in “electronic storage” cannot be intercepted17. The issue that was addressed in this case was whether the seizure by United States Secret Service of a computer used to operate an electronic bulletin board system constituted an ‘intercept’ of the stored, but unread e-mail on the system.

The Shoars and Flanagan cases also offer additional support for an employer to monitor

e-mail messages. In Shoars v. Epson America, Inc.18 , “Alana Shoars was responsible for providing employees with training and support in the use of office e-mail and she informed employees that their messages were confidential. She later discovered that her supervisor had been intercepting and reading all e-mail messages entering and leaving the office, and demanded that he refrain from doing so. When she sought an e-mail account number to which her supervisor could not access, she was fired for gross insubordination. Shoars sued Epson under the California Penal Code Section 631 for wiretapping. The California statute provided a private cause of action for illegal interception of private telegraph and telephone wire communications. The court rejected Shoars’ claim that Epson’s actions constituted a violation of Section 631 because the court was unwilling to extend the statute’s protection to cover electronic communications.”19

In Flanagan v. Epson America, Inc.,20, about 700 Epson employees brought a class action suit against the company under Section 631. The court reached the same conclusion, as in the Shoars case, but stated that it was not clear that the employees had an expectation of privacy, which was a required element to establish an action for the invasion of privacy.

14 id. Therefore Nissan’s actions in retrieving, printing and reading plaintiffs e-mail messages simply are not included within the actions proscribed by Penal Code section 631

15 The courts also held that though section 632 of the Penal Code prohibits eavesdropping or recording of a “confidential communication by means of any amplifying or recording device” Nissan could not be held liable for violating the law, as it did not use any amplifying or recording device to retrieve and read e-mail messages. It could thus be seen from the above judgement that the usage of an e-mail system provided by an employer cannot be used by the employee for their private use and that employees cannot have an expectation of privacy even if the facilities were given for usage with their own password.

16 36 F. 3d 457 (5th Cir. 1994)

17 Under the ECPA anyone who “intentionally intercepts, endeavours to intercept or procure any other person to intercept any…electronic communication commits and illegal act. However the ECPA has failed to determine when an interception begins or ends thus creating ambiguity. Therefore according to the Steve Jackson Games case inception of e-mail could occur only when it is on transit-within seconds or mili seconds. Therefore interception of e-mail for the purpose of monitoring becomes impossible unless with some type of automatic routing software.

18 No. BO73243 (District, Div. 2), review denied. No. SO40065, 1994 Cal. LEXIS 3670 (1994)

19 Dichter, (n 2)

20 No. BC007036 (Super. Ct. L.A. Co., Jan. 4, 1991)

21 Dichter, (n 2). It should however be noted that both Bourke and Shoars cases discussed above are marked “NOT FOR PUBLICATION.” which means “for your eyes only.” In the USA, in order to prevent a judgment becoming precedent in subsequent cases the Judges can prohibit the publication of an opinion (in the official court reports). “As D’Amico observes “If you’re an employer, you can read these cases, then recycle the paper upon which they’re printed, because you can’t cite them to support your spying”. Therefore other jurisdictions looking for case laws for guidance would have to take note of this fact.

In Bohach v. Reno22, “the court denied plaintiffs’ application for a preliminary injunction based on alleged violation of privacy rights by the Reno Police Department in monitoring of alphanumeric pager messages sent between its officers over the department’s message system. The police officers including the plaintiff had been told that all messages would be logged on the network and that the system should not be used for certain types of messages. The system was also freely accessible with no password requirement. The court held that the system was essentially electronic mail and that the officers did not have an objectively reasonable expectation of privacy in these communications.”

Despite the fact that the above cases were based on the concept of ‘objective reasonable expectation of privacy’, it appears that even if the employer had given an assurance of not monitoring employee mail and thereby protected their privacy rights, the court tend to hold that the employers still have a right to monitor the mail of their employees. In Smyth v. The Pillsbury Company the defendant maintained an electronic mail communication system in order to promote internal corporate communications between employees. The defendants repeatedly assured their employees, including the plaintiff, that all e-mail communications would remain confidential and privileged, and that the communications would not be intercepted nor used against the employees for purposes of termination or reprimand. Subsequently however, the plaintiff’s employment was terminated for transmitting inappropriate and unprofessional comments using the defendant’s e-mail system.25 In the case whilst making an order in favour of the defendants the court made two salient points in respect of e-mail communications of employees who use the system provided by an employer.

• That there is no ‘reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurance that such communications would not be intercepted by the management’.26

• Even if the employee has a reasonable expectation of privacy on the contents of his/her e-mail communications over the company e-mail system, a reasonable person would not consider the defendant’s interception of these communications to be a substantial invasion of his/her privacy. This is due to the fact that the company’s interest in preventing inappropriate and unprofessional comments being transmitted or even illegal activity being conducted over its e-mail system outweighs any privacy rights of the employees.

22 932 F, Supp 1232 (D.Nev. 1996), 23 Dichter, (n 2)

24914F, Supp. 97 (ED. Pa. 1996). 25 Plaintiff sued the defendant on the ground that the termination was in violation of ‘public policy, which precludes an

employer from terminating an employee in violation of the employee’s right to privacy as embodied in the

Pennsylvania common law’. 26 The courts further held on this point that “once plaintiff communicated the alleged unprofessional comments to a

second person over an e-mail system which was apparently utilized by the entire company, any reasonable

expectation of privacy was lost”.

In a more recent case, Bill McLaren v. Microsoft Corporation27 the courts once again reconfirmed the decision of Smyth’s case by reiterating that the employer has a right to monitor the mail of their employees. In this case Bill McLaren, filed an action on invasion of privacy based on his employer’s review and dissemination of electronic mail stored in the “personal folder” application on McLaren’s office computer. McLaren was an employee of Microsoft Corporation. In December 1996, Microsoft suspended McLaren’s employment pending an investigation into accusations of sexual harassment inter alia. McLaren requested access to his electronic mail to disprove the allegations against him. According to McLaren, he was told he could access his e-mail only by requesting it through company officials and by telling them of the location of a particular message. McLaren requested that no one tamper with his Microsoft office workstation or his e-mail. McLaren’s employment was terminated on December 11, 1996.

Following the termination of his employment, McLaren filed action against the company, alleging a claim of invasion of privacy, In support of his claim, McLaren alleged that, Microsoft had invaded his privacy by “breaking into” some or all of the personal folders maintained in his office computer and releasing the contents of the folders to third parties. According to McLaren, the personal folders were part of a computer application created by Microsoft in which e-mail messages could be stored. Access to the e-mail system was obtained through a network password. Access to the personal folders has additionally restricted by a “personal store” password created by the individual user. McLaren created and used a personal store password to restrict access to his personal folders”.28 McLaren argued that e-mail provided by Microsoft is analogous to a locker provided by an employer to store the personal effects during work hours as argued in Trotti’s cae.29 Disagreeing with this argument the court held that “the locker in Trotti’s case was provided to the employee for the specific purpose of storing personal belongings, and not work items. In contrast, the court held that Microsoft provided McLaren’s workstation to him so that he could perform the functions of his job. In connection with that purpose, and as alleged in McLaren’s petition, part of his workstation included a company-owned computer that gave McLaren the ability to send and receive e-mail messages. The courts thus held that the e-mail messages contained on the company computer were not McLaren’s personal property, but were merely an inherent part of the office environment.30 Confirming Smyth’s case decision the courts concluded that the company’s interest in preventing inappropriate and unprofessional

27 No 05-97-00824-CV, In the Court of Appeals Fifth District of Texas at Dallas, Opinion Filed May 28, 1999

28 id.

29K-Man Corp. Store No 744] v. Trotti, 677 S.W.2d at 637. In this case court concluded that “when an employee buys and uses his own lock on the locker, with the employer’s knowledge, the fact finder is justified in concluding that the “employee manifested, and the employer recognized, an expectation that the locker and its contents would be free from intrusion and interference.”

30 McLaren v. Microsoft Corporation. No 05-97-00824-CV. The courts further said, “The nature of a locker and an e-mail storage system are different. The locker in Trotti was a discrete, physical place where the employee, separate and apart from other employees, could store her tangible, personal belongings. The storage system for e-mail

messages is not so discrete…… E-mail was delivered to the server-based “inbox” and was stored there to read.

McLaren could leave his e-mail on the server or he could move the message to a different location. According to McLaren, his practice was to store his e-mail messages in “personal folders.” Even so, any e-mail messages stored in McLaren’s personal folders were first transmitted over the network and were at some point accessible a third-party.

comments, or even illegal activity, over its e-mail system would outweigh the privacy interest of any communications.31

It appears from the above cases that the courts in the US have generally attempted to balance an employee’s reasonable expectation of privacy against the employer’s business justification for monitoring. Thus, the critical issues to examine when determining employer right to monitor the employee e-mail messages would be: (1) does the employee have a reasonable expectation of privacy and, if so, (2) was there a legitimate business justification for the intrusion sufficient to override that privacy expectation.32

Monitoring of e-mails by Employers

The employers monitor the e-mails of employees for many reasons. Sending, receiving and reading e-mails, accounts for significant work hours spent on-line by the employees thereby affecting their productivity. NetPartners estimated that businesses lost $450 million in worker productivity when Congress released the Starr Report and President Clinton’s video deposition over the Internet.33 Apart from the waste of working hours the employers are also faced with commercial, legal and technological risks when permitting their employees to use the company e-mail system. Firstly, employers are faced with commercial risk when their employees exchange compromising e-mails and when they are publicised among the customers and clients.34 Secondly, the employers face legal risks when action is filed against them for vicarious liability for causes of actions such as defamation, copyright infringement, harassment, and criminal suit against its employees. Recently a 32-year-old black secretary brought a claim of harassment and sexual discrimination against the law firm Charles Russell when she unwittingly saw an e-mail sent after she handed over her notice of resignation.35 One of the partners of the law firm wrote an e-mail which suggested that “now they could get ‘ a busty blond’ who might still not be good at the job but at least would be nice to look at”.36 In Nuri v PRC Inc37 the courts said circulation of dirty jokes via e-mail could be treated as causing hostile environment for its employees. Thirdly, the employers are faced with technological risks when viruses are transmitted through e-mail communications, which could cause the collapse of the entire e-mail or computer system.

31 id.

32 Dichter, (n 2). 33id.

34 See Bourke v Nissan Corporation. No. BO68705 (Cal.Ct. App. July 26, 1993) (unreported decision).

35 “The high cost of e-mail-even lawyers are not immune” http://www.weblaw.co.uk/art email.htm

36 id.

3713 F. Supp.2d 1296 (M.D. Ala. 1998).

E-mail/ Internet policies and E-mail disclaimers

Implementing comprehensive Internet/ E-mail policies at the work place, using e-mail disclaimers, e-mail filtering and anti-virus software, etc can assist employers to protect themselves from expensive litigation by third parties. 38 It is essential for the employers to specify its e-mail and Internet policies when providing e-mail facilities from a system owned by them. There are many sample policies available in the net for ready reference. Below is one such sample policy that could be used as a guideline by employers.

“E-mail and Internet access, including, but not limited to, facsimile machines, computers, electronic mail and voice mail, is to be used solely for company or client business. COMPANY reserves the right to monitor for any purpose all communications and access usage via the company or client computing systems. All communications, information or materials delivered via such resources must be transmitted, stored, and accessed in a manner that safeguards appropriate confidentiality. Employees may encrypt their e-mail and files only with software approved by COMPANY. COMPANY may require a copy of any key necessary to access encrypted e-mail messages or files, as well as a copy of any password used by any employee. Employee and others working for COMPANY or its clients may not:

1. Under any circumstances, transmit, access, or download offensive, fraudulent, or defamatory images or text, such as pornography or off-colour jokes, or anything that may be construed as illegally harassing or offensive to others.

2. Transmit or download copyrighted images, games, or text belonging to third parties without the copyright-holder’s permission.

3. Transmit COMPANY or client information to third parties without the express permission of COMPANY or the client, as appropriate.

4. Download or open any file received from any source outside COMPANY without first scanning the same for viruses using an approved virus-checking program.

Employees who violate this policy may be subject to disciplinary action up to and including discharge. This policy includes COMPANY locations and client locations at which any employee may be working”39.

E-mail disclaimers are another way in which employers could prevent themselves from legal threats. Up to date there are no judicial decision in the US or UK indicating how Courts would treat disclaimers in e-mails. In Sri Lanka it is not clear how Courts would view these disclaimers, especially in the light of the Unfair Contracts Act40. However many writers on the subject are of the view that disclaimers could often help employers exempt themselves from liability. Above all, its mere presence could prevent lawsuits

38 “E-mail disclaimers”, http://www.emaildisclaimers.com/ 39 http://www.giglavv.com/library/emailpolicy.html 40 Act No. 26 of 1997.

against the employer, as it could deter persons seeking legal remedy against the employer41. There are several legal threats that could be protected by disclaimers.

1. Breach of confidentiality – A recipient of a communication under English law, is obliged not to disclose its content or use it for purposes other than the purpose for which it is communicated. A disclaimer on confidentiality would thus prevent an employer against the exposure of confidential information. However the receiver of the confidential material will be liable against any breach of such confidential information. A suitable statement for disclaimer for confidentiality would be:

“Unless otherwise agreed expressly in writing by a [senior manager] of [company], this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately.’

2. Accidental breach of confidentiality – if an employee accidentally forwards a confidential mail received by the employee to a wrong person, both the employee and the employer could be liable for breach of confidentiality. A suitable statement for disclaimer for accidental breach of confidentiality would be:

“This e-mail is only intended for the addressee, and that if anyone receives this e-mail by mistake they are bound to confidentiality”4

3. Transmission of viruses – If e-mail sent from the employers’ e-mail system contain viruses that deletes the entire hardware of recipient’s computer or causes similar damages, the employer could be liable in a legal suit. In order to minimise this liability an employer could use a virus guard that prevents the transmission of viruses and also use a disclaimer for further protection as stated below.

“WARNING”: Computer viruses can be transmitted by e-mail. The recipient should check this e-mail and any attachments for the presence of viruses. [Company] accepts no liability for any damage caused by any virus transmitted by this e-mail. This e-mail and any attachments may not be copied or forwarded without express written permission of [a senior manager of company]. In the event of any unauthorized copying or forwarding, recipient will be required to indemnify [the company] against any claim for loss or damage caused by any viruses or otherwise.’ ‘

41″E-mail disclaimers” (n 38).

42 Simon Halberstam. “The Legal position of E-mail disclaimers”. http://www.gigalaw.com/articles/halberstam»2000-03-p3.html

43 id.

44 “E-mail disclaimers”, (n 38).

45 Halberstam, ( n 43)

4. Entering into Contracts – Binding legal contracts are usually formulated through written documents. This includes communications made by e-mail. Therefore, if the employer does not wish certain employees to enter into binding contracts by e-mail then provision should be made to state that all contracts needs to be confirmed by and authorised person and state such persons name.

5. Legal Privilege – Often there could be privilege attached to communications made between employers/ employees and legal advisors for obtaining legal advice or when preparing for legal proceedings. Under the rules of procedure the aggrieved party has a right to request a disclosure of documents relevant to a particular case. When communications are made on e-mails the same procedure could apply to such communications. Therefore, it is essential to ensure that a disclaimer is made to documents that could be pleaded under privilege. Following could be used as a declaimer for privilege documents.

“This communication is made for the purpose of obtaining legal advice or preparing for legal proceedings and legal privilege will be claimed accordingly “

6. Employer’s liability – The employer is vicariously responsible for the actions of the employee. Therefore if an employee makes a defamatory statement or infringes or causes to infringe a copyright of software, data, text, music, graphic, etc or indulging in criminal activity using the employers e-mail, the employer could be ultimately liable for the actions of the employee. However, if an employer could satisfy court that it had implemented a comprehensive e-mail policy48 with a clear warning against its misuse, it may be possible for the employer to disclaim responsibility of the employees’ breach of the rules. A disclaimer on the following lines could also assist in this regard. “Employees of [company] are expressly required not to make defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by e-mail communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such

46 Privileged and confidential

the information in this email is intended only for the person or entity to which it is addressed and contains confidential and/or privileged material protected by state and federal law. Any review, re-transmission. dissemination or other use by other persons or entities is strictly prohibited. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, please contact the sender and delete the material including any attachments in any form and from any computer.

47 “E-mail disclaimers”, (n 38)

48 Employers should individually send disclaimers to the employees and must ensure that they read, understand and sign the policy and return.

a communication, and the employee responsible will be personally liable for any damages or other liability arising thereof.

Halberstam49 states that disclaimers should appear at the top rather than at the bottom of an e-mail in order to permit the recipient to make an informed decision whether to proceed to read the contents.

Protecting the privacy of e-mail messages

• Web-based mail service

The privacy of the mail could be protected to some extent with the usage of a web-based mail account such as Hotmail or Yahoo mail.50. These servers permit employees to compose personal mail at work without using the employers e-mail server. This prevents employer prying employee’s e-mail.51 However as Negrino says “Don’t think that you’re untraceable just because you haven’t associated your real name with an account. When you send a message through Hotmail or Yahoo, the Web site places your computer’s IP address (the identifying number that your system uses on the Internet) into the message header. Many work-based computers, as well as home computers with DSL or cable connections, have a fixed IP address that points directly to you. Even if your computer has a dynamic IP address (one that changes each time you log on to the Internet), your ISP can check its server logs to find out which user occupied a specific IP address when a particular message was sent”52. An employer would still own the mail sent by their employee through a web-based mail server using the employer’s computer. However, it would reduce the ability of the employer to get at such mail.

• Re-mailer service

The anonymity of e-mail could be ensured with the usage of a re-mailer service. This facility ensures that no one can trace your message by stripping all identifying address information from outgoing messages and encrypt it whilst in transit to its destination. The recipient is unable to respond without your details. Therefore the return e-mail details must be communicated to the recipient before using this service. This service can be utilised by using a web interface, such as Anonymizer53.

49 Halberstam (n 43).

50 Web-based mail accounts also provided a degree of anonymity as one could give false information when using these accounts. Eg. You could open and e-mail address such as love@hotmail.com love@yahoo.com and maintain such account without disclosing your name or anyother personal information.

51 Negrino, ( n 4)

52 id

53 hltp://www,anonymizer.com. Anonymizer uses its servers to mask your identity as you continue to surf. This blocks the transmission of your IP address when you visit a site. The service can be tried without a fee in which you experience a slight delay before linking to sites, or pay for a Premium account ($14.95 for three months or $49.95 for

• Web-based encryption service

Encryption is another method in which employees can protect their e-mail. There are several types of encryption software that are available in the market. Relatively weak software with about 40 bits could protect your e-mail from prying eyes.

Current status of the law in Sri Lanka

The Constitution of Democratic Socialist Republic of Sri Lanka does not recognise privacy as a right protected under the Constitution. Neither does the Constitution recognise the right of people to be secured against ‘unreasonable searches and seizures’.54 However under the Roman -Dutch law, injury 55 to a person’s feelings was remediable through actio injuriarum which recognises the ‘right to be let alone’ or the ‘right to seclusion of oneself or one’s property from the public’ 56. The principle was accepted in specific regard to the concept of dignitas57 as an interest to be protected by the law relating to iniuria58 . In many instances the South African courts have recognised that a cause of action in respect of injury to dignity to a person could arise by invasion of privacy59. The courts of Sri Lanka are yet to be called upon to determine this issue. Acts such as peeping into private places, eavesdropping, wiretapping, constantly following a person in public, spying upon a person, appropriation of ideas, taking a photograph or publishing it without consent, etc could amount to infringement of a right to privacy under the Roman- Dutch law60.

a year) for quicker performance. The site also provides free anonymous e-mail and an anonymous ISP for $59.95 a month.

54 This is a right protected under the Fourth Amendment to the US Federal Constitution. In the US this protection is limited to intrusions by the government and does not apply to private employees. Therefore only the government employees could make a claim for constitutional infringement of privacy if an employer accesses their e-mail. Jenna Wischmeyer, “E- mail and the Workplace” http://www.ukans.edu/-cybermom/CLJ/l. In Bohach v. Reno, 932 F. Supp 1232 (D.Nev. 1996) the court addressed the Constitutional infringement of privacy.

55 As stated by Voet, injury (iniuria) is revolved around three concepts. Namely corpus, dignitas and fama.

56 C. F. Amerasinghe “Aspects of the Actio Iniuriarum in Roman – Dutch Law” 1966, Lake House Investments Ltd. Colombo. Joubert has suggested that the law of privacy should relate to the injury which is inflicted upon an individual by an unjustified infringement of his seclusion to which he is entitled in his private life.

57 In O’Keefe v Argus Printing and Publishing Co. Ltd, 1954(3) S.A.244 (c), the principal of dignitas was given judicial recognition as stated in the passage of de Villers: ” the specific interest that are detrimentally affected by the acts of aggression that are comprised under the name of injuries are those which every man has, as a matter of natural right, in the possession of an unimpaired person, dignity and reputation. By a persons reputation in here meant that character for moral or social worth to which he is entitled among his fellowmen

58 Amerasinghe, ( n 57).

59 O’Keefe v. Argus Printing and Publishing Co. Ltd, 1954(3) S.A.244 (c), Epstein V. Epstein 1906 T.H. 87, R v. Holiday 1927 C . P. D. 395 R v Woods 1940 S. R. 58.

60 Amerasinghe, loc cit

It could thus be seen that under Roman – Dutch law an employee may resort to actio injuriarum for invasion of privacy against the employer if such employer monitors the e-mail communications of the employee. Nevertheless as held in the US cases discussed above, where privacy has been accepted as a common law right it is likely that the courts in Sri Lanka would also determine that the employers right to monitor outweighs the right of privacy of the employees.


E-mail is a convenient mode of communication. This convenience gives a false notion of control and privacy of the communication to its users.

Many courts in the USA have already determined that the employers have a right to monitor the e-mail of its employees. These decisions have been justified on the premise that the employer’s interest in preventing inappropriate or unprofessional comments or any other illegal activity over its e-mail system outweighs any right of privacy of an employee. Under the doctrine of vicarious liability the employers are liable for the actions of its employees. Therefore any email communication which forms the basis of any defamatory statement or which infringe copyrights or comments made on fellow employees on sexual or racial discrimination, etc would warrant a cause of action against the employer. The employers therefore have an added responsibility to ensure that such actions are prevented or minimised by their employees. The employers can prevent such situations by introducing comprehensive e-mail policies, using suitable statements of disclaimers, introducing virus guards and periodically educating the employees on the usage of the e-mail system.

Employees could however ensure the privacy of their private mail communicated using the employers e-mail system by using web based servers, re -mailer facilities, encryption methods, etc. In many countries the employer does not have a legal obligation to inform its workers that they monitor the e-mails of their employees. It is thus prudent for an employee to treat all e-mails as important as any other business correspondence and not to let the ease and convenience of sending the e-mail replace common sense.