UNITED STATES, Appellant and Cross-Appellee
v.
Jennifer N. LONG, Lance Corporal
U.S. Marine Corps, Appellee and Cross-Appellant
No. 05-5002
Crim. App. No. 200201660
United States Court of Appeals for the Armed Forces
Argued February 21, 2006
Decided September 27, 2006
GIERKE, C.J., delivered the opinion of the Court, in which
EFFRON, BAKER, and ERDMANN, JJ., joined. CRAWFORD, J., filed a
dissenting opinion.
Counsel
For Appellee and Cross-Appellant: Charles Gittins, Esq.
(argued); Lieutenant Commander Jason S. Grover, JAGC, USN (on
brief); Lieutenant Brian L. Mizer, JAGC, USN.
For Appellant and Cross-Appellee: Major Kevin C. Harris, USMC
(argued); Commander Charles N. Purnell II, JAGC, USN (on brief);
Colonel Ralph F. Miller, USMC.
Amicus Curiae for Appellee and Cross-Appellant: Stephanie Knott
(law student) (argued); H. Brian Holland, Esq. (supervising
attorney) and Patrick E. Tolan, Esq. (supervising attorney) (on
brief) - for Barry University, Dwayne O. Andreas School of Law.
Military Judge: E. W. Loughran
This opinion is subject to revision before final publication.
United States v. Long, No. 05-5002/MC
Chief Judge GIERKE delivered the opinion of the Court.1
This case presents us with questions certified by the Judge
Advocate General of the Navy regarding the reasonable
expectation of privacy a military person has in e-mail messages
sent and stored on a government computer system.2 Lance Corporal
Long, in a cross-petition, questions the holding by the lower
court that the search and seizure violation it found was
harmless beyond a reasonable doubt.3 We conclude that based on
1
Oral argument in this case was heard on February 21, 2006, at
Barry University, Dwayne O. Andreas School of Law, in Orlando,
Florida, as a part of this Court’s “Project Outreach.” See
United States v. Mahoney, 58 M.J. 346, 347 n.1 (C.A.A.F. 2003).
This practice was developed as part of a public awareness
program to demonstrate the operation of a federal court of
appeals and the military justice system.
2
The Judge Advocate General of the Navy certified the following
issues:
I. WHETHER THE NAVY-MARINE CORPS COURT OF CRIMINAL APPEALS
ERRED WHEN [IT] DETERMINED THAT, BASED ON THE EVIDENCE
ADDUCED AT TRIAL, APPELLEE HELD A SUBJECTIVE EXPECTATION
OF PRIVACY IN HER E-MAIL ACCOUNT AS TO ALL OTHERS BUT
THE NETWORK ADMINISTRATOR.
II. WHETHER THE NAVY-MARINE CORPS COURT OF CRIMINAL APPEALS
ERRED WHEN [IT] DETERMINED THAT IT IS REASONABLE, UNDER
THE CIRCUMSTANCES PRESENTED IN THIS CASE, FOR AN
AUTHORIZED USER OF THE GOVERNMENT COMPUTER NETWORK TO
HAVE A LIMITED EXPECTATION OF PRIVACY IN THEIR E-MAIL
COMMUNICATIONS SENT AND RECEIVED VIA THE COMPUTER
NETWORK SERVER.
3
We granted the following issue submitted by Appellee and Cross-
Appellant:
WHETHER THE LOWER COURT ERRED IN FINDING THAT THE MILITARY
JUDGE’S ERROR IN ADMITTING E-MAILS SENT AND RECEIVED BY
LANCE CORPORAL LONG ON HER GOVERNMENT COMPUTER WAS HARMLESS
BEYOND A REASONABLE DOUBT.
2
United States v. Long, No. 05-5002/MC
the particular facts of this case, Appellee4 did have a
subjective expectation of privacy in these e-mails, that her
expectation of privacy was objectively reasonable, and that the
error in admitting these e-mails was not harmless beyond a
reasonable doubt.
FACTS
Appellee was charged with several specifications of
unlawful drug use in violation of Article 112a, Uniform Code of
Military Justice (UCMJ).5 The Government’s case was based, in
part, on several e-mails that were sent and received by Appellee
and that were retrieved from a government server. These e-mails
contained statements written by Appellee indicating, among other
things, a fear that her drug use would be detected by urinalysis
testing and the steps she had taken in an attempt to avoid such
detection.
At trial, the defense made a motion to suppress the e-mails
because they were the result of a search which was not properly
authorized. The military judge denied the motion holding that
Appellee had no expectation of privacy in the e-mails stored on
4
Lance Corporal Long is the Appellee on the certified issues and
the Appellant on her cross-petition. For clarity we will refer
to her as Appellee throughout this opinion. We will refer to
her opponent as the Government.
5
10 U.S.C. § 912a (2000).
3
United States v. Long, No. 05-5002/MC
the government server. Contrary to her pleas, Appellee was
convicted by members of the charged offenses.6
On appeal, Appellee challenged the ruling of the military
judge on the motion to suppress her e-mails. The United States
Navy-Marine Corps Court of Criminal Appeals disagreed with the
military judge, holding that the search was unlawful, but
further concluding that the error in admitting the e-mails was
harmless beyond a reasonable doubt.7
EVIDENCE ON THE MOTION TO SUPPRESS
Mr. Flor Asesor, the Senior Network Administrator for the
government computer network, was the sole witness to testify on
the motion. He testified that Captain Fitzharris, an
investigator for the Marine Corps Inspector General, was looking
for evidence of misconduct.8 Captain Fitzharris told Mr. Asesor
to retrieve the e-mails from Appellee’s e-mail account. Mr.
Asesor retrieved her e-mails which had been stored on the
government server and provided them to Captain Fitzharris.
6
Appellee was sentenced to confinement for two months, reduction
to the lowest enlisted pay grade and a bad-conduct discharge.
The convening authority approved the sentence as adjudged.
7
United States v. Long, 61 M.J. 539, 546, 549 (N-M. Ct. Crim.
App. 2005).
8
Although there is no evidence in the trial transcript
explaining the nature of Captain Fitzharris’s investigation,
there are averments in the prosecution trial brief on the motion
to suppress indicating that the investigation involved
allegations of an improper relationship between Appellee and an
officer. Although the details are not clear, the military
judge’s finding of fact that Captain Fitzharris was searching
for evidence of misconduct is fully supported by the testimony
of Mr. Asesor.
4
United States v. Long, No. 05-5002/MC
The Court of Criminal Appeals found that the e-mails were
retrieved as the result of a specific request by law enforcement
officials9 and concluded that “[t]here is also no doubt under the
facts of this case that the actions of the network administrator
in looking for, retrieving, and turning over the subject e-mails
to law enforcement officials amounted to a search.”10 These
findings and conclusions are consistent with the finding by the
military judge that this was a “search for evidence” and the
Government’s concessions in their brief and oral argument before
this Court. Mr. Asesor authenticated Appellate Exhibit XIII, a
log-on banner which appeared anytime a user logged onto his or
her office computer. This banner contained the following
information:
This is a Department of Defense computer system.
This computer system, including all related equipment,
networks and network devices (specifically including
Internet access), are provided only for authorized U.S.
Government use. DoD computer systems may be monitored for
all lawful purposes, including to ensure that their use is
authorized, for management of the system, to facilitate
protection against unauthorized access, and to verify
security procedures, survivability and operational
security. Monitoring includes active attacks by authorized
DoD entities to test or verify the security of this system.
During monitoring, information may be examined, recorded,
copied and used for authorized purposes. All information,
including personal information, placed on or sent over this
system may be monitored. Use of this DoD computer system,
authorized or unauthorized, constitutes consent to
monitoring of this system. Unauthorized use may subject
you to criminal prosecution. Evidence of unauthorized use
collected during monitoring may be used for administrative,
9
Id. at 541.
10
Id. at 543.
5
United States v. Long, No. 05-5002/MC
criminal, or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.
Mr. Asesor also explained that each individual user of the
computer system had his or her own unique password known only to
them. Users were required to change their password every ninety
days. As the network administrator, Mr. Asesor did not have
access to user passwords, and the only way he could access
individual accounts was to lock the individual user out of the
account. As the network administrator, Mr. Asesor was able to
access the entire network or any part of it, including personal
e-mails sent by individual users such as Appellee.
He testified that in conducting the monitoring described in
the banner, it was general policy to avoid examining e-mails and
their content because it was a “privacy issue.” Mr. Asesor
indicated that the examination and seizure of the e-mails in
this case were not related to the monitoring program and were
not the result of concerns about a security violation or
unauthorized use. Instead, he conceded that they were retrieved
as a part of a search for evidence of misconduct.
Based on these facts, the military judge denied the motion
to suppress. He concluded that this was a search for evidence;
there was not actual consent by the accused to this search; and
there was no search authorization issued by a commander. The
linchpin of the military judge’s ruling was that Appellee had no
reasonable expectation of privacy in the e-mail account. In
6
United States v. Long, No. 05-5002/MC
explaining his conclusion, the military judge stated, “I find
that anyone who saw that banner on an ongoing basis would not
believe that they had a reasonable expectation of privacy in any
e-mails that were sent.”
THE COURT OF CRIMINAL APPEALS DECISION
The Navy-Marine Corps Court of Criminal Appeals examined
the case and concluded that the military judge should have
suppressed the e-mails.11 The court held that Appellee had a
reasonable expectation of privacy in the e-mails sent and
received on her government computer.12 The court further
indicated that the banner relied upon by the military judge to
find no privacy expectation may have limited Appellee’s
expectation of privacy with regard to non-law enforcement
monitoring of the computer system, but that the seizure of the
e-mails in this case was for law enforcement purposes.13 The
court then tested the error for prejudice and ultimately
concluded that the error was harmless beyond a reasonable
doubt.14
DISCUSSION
The Fourth Amendment of the Constitution protects
individuals, including servicemembers, against unreasonable
11
Long, 61 M.J. at 546.
12
Id.
13
Id.
14
Id. at 546-49.
7
United States v. Long, No. 05-5002/MC
searches and seizures.15 We have described a search as an
official governmental intrusion into an individual’s reasonable
expectation of privacy.16 Whether such an expectation of privacy
exists is therefore a question in any search and seizure
analysis. The question is resolved by examining whether the
individual challenging the alleged intrusion had a subjective
expectation of privacy which was objectively reasonable.17 If
such an expectation is established, the inquiry then moves to
the remaining issues raised by the Fourth Amendment.
Official intrusions into protected areas in the military
require search authorization supported by probable cause, unless
they are otherwise lawful under the Military Rules of Evidence
(M.R.E.) or the Constitution of the United States as applied to
members of the armed forces.18
The determination of the reasonableness of an expectation
of privacy, “is understood to differ according to context.”19
The present case involves a military member’s claimed
expectation of privacy in e-mails sent and received on a
government computer. The Supreme Court has recognized that in
the context of the government workplace, employees may have a
15
United States v. Daniels, 60 M.J. 69, 70 (C.A.A.F. 2004).
16
Id. at 71.
17
Minnesota v. Olson, 495 U.S. 91, 95-96 (1990); United States
v. Monroe, 52 M.J. 326, 330 (C.A.A.F. 2000).
18
See M.R.E. 314(k).
19
O’Connor v. Ortega, 480 U.S. 709, 715 (1987) (plurality
opinion).
8
United States v. Long, No. 05-5002/MC
reasonable expectation of privacy against certain intrusions.20
However, “[p]ublic employees’ expectations of privacy in their
offices, desks, and file cabinets . . . may be reduced by virtue
of actual office practices and procedures, or by legitimate
regulation.”21 The rationale for this suggestion is the
“efficient and proper operation of the agency.”22 Thus, an
“employee’s expectation of privacy must be assessed in the
context of the employment relation.”23
If the practices of the workplace establish an environment
where the employee enjoys no reasonable expectation of privacy,
the underlying search and seizure issue is easy to resolve. In
such a situation the protections of the Fourth Amendment would
simply not apply. If an expectation of privacy is supported by
the workplace environment, however, the analysis must continue.
The Supreme Court instructs us that, in the government
workplace, a reasonable expectation of privacy may not provide
the employee with complete Fourth Amendment protection. The
Supreme Court, in O’Connor, concluded that the need for a search
warrant based on probable cause was not required for legitimate
workplace searches conducted by supervisors.24 Instead,
“[P]ublic employer intrusions on the constitutionally protected
20
Id. at 716.
21
Id. at 717.
22
Id. at 723.
23
Id. at 717.
24
Id. at 725.
9
United States v. Long, No. 05-5002/MC
privacy interests of government employees for noninvestigatory,
work-related purposes, as well as for investigations of work-
related misconduct, should be judged by the standard of
reasonableness under all the circumstances.”25 This conclusion
was based on the Supreme Court’s recognition that “[W]hile
police, and even administrative enforcement personnel, conduct
searches for the primary purpose of obtaining evidence for use
in criminal or other enforcement proceedings, employers most
frequently need to enter the offices and desks of their
employees for legitimate work-related reasons wholly unrelated
to illegal conduct.”26
O’Connor, therefore, presents two situations where employer
searches into zones of privacy are legitimate even if not
supported by normal Fourth Amendment warrant and probable cause
requirements. The first exception is where the search is for
noninvestigatory, work-related purposes. The second is if the
search by the employer is investigatory but involves matters of
workplace misconduct. In either of these situations the search
is evaluated using the standard of reasonableness based on all
the surrounding facts and circumstances.27 When the
reasonableness standard is applicable, the government must
establish: (a) that the search “was justified at its
25
Id. at 725-26.
26
Id. at 721.
27
Id. at 725-26.
10
United States v. Long, No. 05-5002/MC
inception”; and (b) that the conduct of the investigation was
“reasonably related in scope to the circumstances which
justified the interference in the first place.”28
We must note that the military workplace is not the usual
workplace envisioned by the Supreme Court in O’Connor. The
military workplace can range from an office building to a bunker
or tent in a combat zone. Similarly, military leaders and their
subordinates are different than civilian public officials and
their employees. Military commanders have authority and powers
not possessed by civilian employers. Military commanders, for
example, can authorize searches of their personnel,29 order them
confined,30 and bring criminal charges against them.31 Military
personnel operate in a system that provides criminal sanctions
for workplace misconduct.32 Accordingly, we need to keep these
unique aspects of the military environment in mind whenever we
apply the O’Connor decision to workplace searches.
As this is a case certified to this Court by the Judge
Advocate General of the Navy, we will focus our analysis on the
questions certified. We therefore turn to the ultimate question
presented: did Appellee have a reasonable expectation of
28
Id. at 726 (citations and quotation marks omitted).
29
M.R.E. 315(d)(1).
30
Article 9, UCMJ, 10 U.S.C. § 809 (2000).
31
Articles 22, 23, and 24, UCMJ, 10 U.S.C. §§ 822, 823, 824
(2000).
32
See, e.g., Article 86, UCMJ, 10 U.S.C. § 886 (2000), which
provides criminal sanctions for what would be addressed through
administrative measures in the civilian workplace.
11
United States v. Long, No. 05-5002/MC
privacy in the e-mail communications sent and received via the
Headquarters, Marine Corps (HQMC) computer network server?
As noted, in examining Fourth Amendment privacy interests,
the courts look first to whether the individual had a subjective
expectation of privacy.33 If the courts ascertain that a
subjective expectation of privacy exists, they then determine if
that expectation is one that society is prepared to accept as
reasonable.34
The first question is one of fact, which is reviewed using
a clearly erroneous standard.35 The second is one of law, which
we review de novo.36 In this case the military judge did not
differentiate between the subjective and objective expectations
of privacy. Instead, he simply concluded that there was no
expectation of privacy. For purposes of our discussion, we will
assume that the military judge found that any subjective
expectation of privacy held by Appellee was not objectively
reasonable and will review that determination de novo.
THE SUBJECTIVE EXPECTATION OF PRIVACY
This Court previously considered military members’
subjective expectations of privacy in Maxwell37 and Monroe.38 In
Maxwell, the accused used America Online’s (AOL) e-mail service
33
Olson, 495 U.S. at 95-96; Monroe, 52 M.J. at 330.
34
Ortega, 480 U.S. at 715.
35
United States v. Maxwell, 45 M.J. 406, 417 (C.A.A.F. 1996).
36
United States v. Reister, 44 M.J. 409, 413 (C.A.A.F. 1996).
37
45 M.J. at 417-19.
38
52 M.J. at 330.
12
United States v. Long, No. 05-5002/MC
to communicate with another junior Air Force officer about the
accused’s sexual interests and to send and receive obscene
material and child pornography.39 This Court concluded that
Maxwell possessed a subjective expectation of privacy where it
was AOL’s policy to offer “contractual privacy protection,”
including nondisclosure of e-mail without a court order.40
In Monroe, this Court concluded that, in contrast to
Maxwell, the e-mail system in question was owned by the
government.41 We noted that Monroe’s subjective expectation of
privacy was not governed by contractual agreement, as in
Maxwell, and we concluded that, based on the totality of the
circumstances, Monroe had no expectation of privacy, at least
from persons maintaining the electronic mail host system.42
In making the case that she had an expectation of privacy,
Appellee argues that access to her computer and therefore her
e-mail account was protected by a password known only to her.
Indeed, the network administrator testified that he did not know
her password.
In response to the argument that Appellee’s password
created an expectation of privacy, the Government points out
that the passwords are required as a part of the government
computer security concerns in order to limit unauthorized access
39
45 M.J. at 414.
40
Id. at 417.
41
42 M.J. at 330.
42
Id.
13
United States v. Long, No. 05-5002/MC
to the government system. Accordingly, the Government concludes
that passwords protect governmental interests, not individual
privacy concerns.
The Government relies most heavily on the log-on banner to
support its notion that Appellee could not have believed her e-
mail communications were private. The Government argues that
courts have looked at similar warnings and policies, and found
them sufficient to establish that the employee had no
expectation of privacy.43 Conversely, Appellee argues that the
language of the banner is not sufficient to remove her
expectation of privacy from unreasonable, warrantless searches
conducted for law enforcement purposes.
In light of the particular facts of this case, we conclude
that the lower court was not clearly erroneous in its
determination that Appellee had a subjective expectation of
privacy in the e-mails she sent from her office computer and in
the e-mails that were stored on the government server.
We conclude that the testimony of the network administrator
is the most compelling evidence supporting the notion that
Appellee had a subjective expectation of privacy. Mr. Asesor
repeatedly emphasized the agency practice of recognizing the
privacy interests of users in their e-mail. The fact that
43
See United States v. Simons, 206 F.3d 392, 398 (4th Cir.
2000); United States v. Angevine, 281 F.3d 1130, 1135 (10th Cir.
2002).
14
United States v. Long, No. 05-5002/MC
Appellee had a password known only to her, supports Mr. Asesor’s
testimony regarding the attitude toward privacy and the lower
court’s conclusion that Appellee had a subjective expectation
that access to her e-mails was protected and severely limited.
Her subjective expectation was not diminished by the fact that
the password may also have served certain governmental
interests. The language of the log-on banner also confirms the
privacy interests testified to by Mr. Asesor. The banner
described access to “monitor” the computer system, not to engage
in law enforcement intrusions by examining the contents of
particular e-mails in a manner unrelated to maintenance of the
e-mail system. In summary, we find that the password and the
language of the banner, in light of Mr. Asesor’s testimony,
support the lower court’s conclusion that Appellee met her
burden of demonstrating a subjective expectation of privacy.
THE REASONABLENESS OF THE PRIVACY EXPECTATION
In O’Connor, the Supreme Court recognized that there may be
an expectation of privacy in a government workplace but that
there is no talisman for determining the reasonableness of such
an expectation in cases involving public employees.44 Instead,
the reasonableness of a privacy expectation will differ
according to the context, and the “operational realities of the
44
480 U.S. at 715.
15
United States v. Long, No. 05-5002/MC
workplace.”45 M.R.E. 314 discusses searches not requiring
probable cause, and subsection (d) of M.R.E. 314 deals
specifically with searches of government property. M.R.E.
314(d), which is consistent with the holding in O’Connor,
indicates that searches of government property may be made
without probable cause unless an individual has a reasonable
expectation of privacy in that property and that the
determination of the reasonableness of an expectation of privacy
“depends on the facts and circumstances at the time of the
search.”
The e-mails seized in this case were originally prepared in
an office in HQMC on a computer owned by the Marine Corps and
issued to Appellee. They were transmitted over the HQMC network
system, stored on the HQMC server, and retrieved by the HQMC
network administrator. Each of those factors might arguably fit
a situation where society would be unwilling to recognize an
individual expectation of privacy.46 Other evidence in this
case, however, convinces us that Appellee’s subjective
expectation of privacy in these e-mails is one that society is
prepared to accept as reasonable.
We consider the testimony of Mr. Asesor, the network
administrator, describing the agency practices and policies to
be most persuasive. We look to office practices because the
45
Id. at 717.
46
See Bond v. United States, 529 U.S. 334, 338 (2000).
16
United States v. Long, No. 05-5002/MC
Supreme Court in O’Connor indicated that privacy expectations in
the workplace may be reduced by virtue of office practices,
procedures, or regulation.47 In this case, the policies and
practices of HQMC reaffirm rather than reduce the expectations
regarding privacy on office computers. These policies, among
other things, require individual users to have passwords known
only to themselves and to change their passwords periodically to
ensure privacy. Additionally, these policies limit outside
network access to the network administrator and describe very
limited conditions under which he would monitor the network for
unauthorized use.
The testimony of the Government’s witness about policies
and practices is strong evidence that Appellee’s subjective
expectation of privacy was objectively reasonable. Mr. Asesor
explained that HQMC’s policy regarding using the network to send
personal e-mails had always been lenient and that such use of
the network was considered authorized. Mr. Asesor further
testified that when doing the testing and monitoring of the
network, he did not monitor individual accounts because “it’s a
privacy issue.”
This Court in Monroe held that a military member did not
have a reasonable expectation of privacy with respect to the
47
480 U.S. at 717.
17
United States v. Long, No. 05-5002/MC
content of e-mail messages.48 In Monroe, we held that the
appellant, despite any subjective expectation of privacy, had no
objectively reasonable expectation of privacy because the
incriminating e-mails were discovered as part of the routine
monitoring described in the log-on banner message in use.49
The totality of the circumstances in this case leads us to
conclude that, unlike in Monroe, Appellee’s expectation of
privacy was objectively reasonable. The HQMC log-on banner
explained that the network administrator had access to
Appellee’s computer as a “monitoring” function. The e-mails
retrieved in this case were from Appellee’s account on an
unclassified government computer system on which she was
authorized limited personal use and were not obtained for
maintenance or monitoring purposes. Mr. Asesor testified that
prior to accessing Appellee’s e-mail account, he had no
information based on his previous monitoring that she was using
her account in an unauthorized manner. As noted, Mr. Asesor
further testified that he retrieved Appellee’s e-mails to look
for evidence of misconduct. If Mr. Asesor had been doing the
monitoring described in the log-on banner when he came across
Appellee’s incriminating e-mails, this case would fall within
the parameters of O’Connor and Monroe, thus presenting a
different analytic framework and potentially a different result.
48
52 M.J. 330.
49
Id.
18
United States v. Long, No. 05-5002/MC
Instead, Mr. Asesor confirmed that the sole purpose of seizing
the e-mails was to search for evidence of misconduct.
Accordingly, this case is not like Monroe where the
incriminating e-mail evidence was found inadvertently by
personnel performing routine systems maintenance described in
the log-on banner. To the contrary, the evidence seized in this
case was done so as a part of a search for law enforcement
purposes.50
The result we reach in this case is not inconsistent with
other federal court decisions that have considered similar
situations and found no privacy expectation. In Simons,51 the
court was dealing with a very different, very specific policy
regarding use of the computer system. In Simons the Internet
policy both restricted use, including e-mail use, to official
government business and indicated to employees that ongoing use
of the system was subject to audit and inspection.52 In the
present case, however, Appellee was authorized to use the
government computer for personal use and the banner described a
less intrusive monitoring program directed to unauthorized use.
In Angevine, the log-on banner expressly informed the employee
that e-mail messages “contain no right of privacy or
50
See Long, 61 M.J. at 541.
51
206 F.3d at 396.
52
Id.
19
United States v. Long, No. 05-5002/MC
confidentiality.”53 The banner in the instant case did not
provide Appellee with notice that she had no right of privacy.
Instead, the banner focused on the idea that her use of the
system may be monitored for limited purposes.
Based on our review of precedent and the totality of the
circumstances in this case, we conclude that while the log-on
banner may have qualified Appellee’s expectation of privacy in
her e-mail, it did not extinguish it. Simply put, in light of
all the facts and circumstance in this case, the “monitoring”
function detailed in the log-on banner did not indicate to
Appellee that she had no reasonable expectation of privacy in
her e-mail.
Based on this evidence, we conclude that Appellee’s
expectation of privacy was, in fact, recognized as reasonable by
virtue of the rules, regulations, practices, and procedures of
HQMC. Accordingly, her subjective expectation of privacy was
one which society is prepared to recognize as reasonable.
THE EXPECTATION OF PRIVACY –- CONCLUSION
The fact that the seizure of Appellee’s e-mails in this
case was solely for law enforcement purposes is not in dispute.
While government employers may need to enter an employee’s
office space or intrude into an employee’s computer or e-mail
account for work-related reasons, searches conducted for the
53
281 F.3d at 1133 (emphasis added).
20
United States v. Long, No. 05-5002/MC
primary purpose of obtaining evidence of illegal conduct require
probable cause.54 As this search went beyond work-related
monitoring or an investigatory search of work-related
misconduct, it was not one exempt from the probable cause
requirement. Thus, to be admissible, the evidence obtained in
the search must have been pursuant to authorization.55 Because
there was no command authorization, the evidence should have
been suppressed.56
HARMLESS ERROR
After concluding that the search was unreasonable and that
Appellee’s e-mails should have been suppressed, the Court of
Criminal Appeals determined that the error was harmless beyond a
reasonable doubt.57 Appellee, in her cross-appeal, takes issue
with this conclusion.
54
O’Connor, 480 U.S. at 724.
55
See M.R.E. 314; M.R.E. 315.
56
Even if this had been an intrusion for noninvestigatory, work-
related purposes or an investigation of work-related misconduct
which, under O’Connor, would have been measured by a
reasonableness standard, the Government would still fail.
O’Connor requires the government to demonstrate reasonableness
by showing that: (a) the search “was justified at its
inception”; and (b) the conduct of the investigation was
“reasonably related in scope to the circumstances which
justified the interference in the first place.” 480 U.S. at 726
(citations and quotation marks omitted). In the case at bar,
the Government presented no evidence on either question and
relied solely on the argument that Appellee had no reasonable
expectation of privacy.
57
Long, 61 M.J. at 546-49 (citing United States v. Simmons, 59
M.J. 485, 489 (C.A.A.F. 2004); Neder v. United States, 527 U.S.
1, 15 (1999)).
21
United States v. Long, No. 05-5002/MC
After reviewing all the evidence, we agree with Appellee.
The lower court concluded that the witnesses for the Government
were “credible, uniform, and detailed in their testimony
regarding the appellant’s unlawful drug use,”58 which was in
sharp contrast to the defense witnesses whom the lower court
found to be less than credible because they all had “significant
motive to fabricate.”59
Although the lower court’s skepticism regarding the
credibility of the defense witnesses may be well founded, there
are substantial reasons why one might be equally skeptical of
the credibility of the Government witnesses. The prosecution
witnesses were all admitted drug users who had incentives to
testify for the Government in this case. Additionally, they
were all potential accomplices and the court members were
instructed by the military judge that their testimony should
therefore be viewed with great caution.
Perhaps most important to our determination of the harmless
error issue is trial counsel’s reliance on the e-mails in his
presentations to the court members. Trial counsel ended his
opening statement referring to the importance of those e-mails
because they were Appellee’s own account of her worries and
fears about upcoming urinalysis testing.
58
Id. at 548.
59
Id.
22
United States v. Long, No. 05-5002/MC
Similarly, the subject of Appellee’s e-mails was emphasized
in trial counsel’s closing argument. In discussing the members’
task of evaluating the evidence, trial counsel explained that
the evaluation is made much easier by the e-mails, which contain
Appellee’s own words. He then proceeded to read from several of
the e-mails and concluded by saying: “Gentlemen, I submit to
you, if there was anything even resembling reasonable doubt,
those e-mails should pretty much clear that up.”
Whether error is harmless beyond a reasonable doubt is a
question of law reviewed de novo.60 The burden is on the
Government to show whether “it appears beyond a reasonable doubt
that the error complained of did not contribute to the verdict
obtained.”61
In Simmons, we concluded that the error in admitting
certain evidence was not harmless beyond a reasonable doubt when
trial counsel in that case “referred to the illegally seized
letter in the beginning, middle, and end of his closing
argument.”62 We are faced with almost identical facts in this
case, where constitutionally inadmissible evidence was a
60
Chapman v. California, 386 U.S. 18, 24 (1967); Arizona v.
Fulminate, 499 U.S. 279 (1991).
61
Mitchell v. Esparza, 540 U.S. 12, 16 (2003) (per curiam)
(quoting Neder, 527 U.S. at 15 (quotation marks omitted); see
also United States v. Hall, 58 M.J. 90, 94 (C.A.A.F. 2003);
Simmons, 59 M.J. at 489.
62
Simmons, 59 M.J. at 491.
23
United States v. Long, No. 05-5002/MC
cornerstone of trial counsel’s opening statement and his closing
argument.
Trial counsel obviously felt that the e-mails were very
important to his case. We agree. Accordingly, we cannot
conclude that the erroneous admission of the e-mails was
harmless beyond a reasonable doubt.
CONCLUSION
The certified questions are answered in the negative: the
United States Navy-Marine Corps Court of Criminal Appeals did
not err when it found that Appellee had a subjective expectation
of privacy in her e-mail communications. Further, we hold that
the lower court did not err when it concluded that Appellee’s
privacy expectation was reasonable. Because we are not
convinced that the error in admitting the e-mail communications
was harmless beyond a reasonable doubt, we decide the granted
issue in favor of Appellee. Accordingly, the findings and
sentence are set aside. The record of trial is returned to the
Judge Advocate General of the Navy. A rehearing is authorized.
24
United States v. Long, No. 05-5002/MC
CRAWFORD, Judge (dissenting):
I respectfully dissent from the majority’s holding that
despite the Department of Defense (DoD) log-on banner and
Appellee’s consent to monitoring, she had both the subjective
and objective expectation of privacy in e-mails seeking advice
from her friends regarding concealing her drug use. This case
impacts on the DoD policy as set forth in the banner. “DoD
computer systems may be monitored for all lawful purposes
. . . . Use of this DoD computer system, authorized or
unauthorized, constitutes consent to monitoring of this system.”
This banner, which appears on nearly all DoD systems,
constitutes consent to monitoring. See Scott A. Sundstrom,
You’ve Got Mail! (And the Government Knows It): Applying the
Fourth Amendment to Workplace E-mail Monitoring, 73 N.Y.U. L.
Rev. 2064, 2090 (1998) (citing Scot L. Gulick, Memorandum from
Office of General Counsel to All Computer Users, The Standards
of Ethical Conduct (United States Department of Defense), Sept.
1997, at 1). Our analysis should determine whether there is
coverage and protection under the Fourth Amendment.∗ See, e.g.,
∗
Since 1960, this Court has held that the Bill of Rights applies
to servicemembers “except those [rights] which are expressly or
by necessary implication inapplicable.” United States v.
Jacoby, 11 C.M.A. 428, 430-31, 29 C.M.R. 244, 246-47 (1960); cf.
Davis v. United States, 512 U.S. 452, 457 n.* (1994) (Supreme
Court has “never had occasion to consider whether Fifth
Amendment privilege . . . applies of its own force to the
military . . . .”); United States v. Taylor, 41 M.J. 168, 171
United States v. Long, No. 05-5002/MC
Taylor, 41 M.J. at 170. The question hinges on whether Appellee
had a subjective and objectively reasonable expectation of
privacy. Katz v. United States, 389 U.S. 347, 361 (1967)
(Harlan, J., concurring). If there is, what protection does
Appellee deserve?
In United States v. Monroe, 52 M.J. 326, 330 (C.A.A.F.
2000), we held that a defendant does not have an expectation of
privacy in his e-mail, “at least from the personnel charged with
maintaining the EMH [electronic mail host] system.” We left
open the issue presented in this particular case. Here the
Government banner removes any subjective or objective
expectation of privacy by requiring all employees to consent to
monitoring before they may use their computers. See Wyman v.
James, 400 U.S. 309, 318-24 (1971)(notice to welfare benefits
recipient was factor in determining no violation of the Fourth
Amendment).
The majority mistakenly believes that an objective
reasonable expectation of privacy can be preserved for some
forms of seizure despite being nonexistent for others. The
majority cites no legal authority to support this position.
Once Appellee was given notice of and consented to monitoring of
(C.M.A. 1994) (application of Bill of Rights “is not only of
academic importance, but also it is important to the President
in deciding what rules should be applied to the military”).
2
United States v. Long, No. 05-5002/MC
any kind, she could not maintain a reasonable expectation of
privacy against other forms of intrusion. As the Supreme Court
writes, “‛Once frustration of the original expectation of
privacy occurs, the Fourth Amendment does not prohibit
governmental use of the . . . information . . . .’” Georgia v.
Randolph, 126 S. Ct. 1515, 1534 (2006) (quoting United States v.
Jacobsen, 466 U.S. 109, 117 (1984)). Knowledge of actual
monitoring negates any reasonable expectation of privacy. See
United States v. Hatcher, 323 F.3d 666, 674 (8th Cir. 2003)
(holding prisoners and their attorneys had no reasonable
expectation of privacy since they knew their conversations were
being recorded); United States v. Madoch, 149 F.3d 596, 602 (7th
Cir. 1998) (no spousal privilege when communicating to an
inmate, knowing that inmate communications are monitored).
Appellant in the present case was aware of and consented to the
monitoring and archiving of electronic communications
originating from her government computer. She therefore could
not have a reasonable expectation of privacy in those
communications. That the communications were obtained
specifically for law enforcement purposes has no bearing on her
expectation of privacy.
The majority cuts too fine a line in trying to distinguish
applicable federal precedent based on the wording of the banner.
The majority states that United States v. Angevine, 281 F.3d
3
United States v. Long, No. 05-5002/MC
1130, 1133 (10th Cir. 2002), is not applicable because in that
case, the banner included the explicit term, “contain no right
of privacy or confidentiality.” While a rewording of subsequent
DoD Internet usage banners may be advisable, the language of the
banner at issue here leaves no doubt as to its invasiveness:
“All information, including personal information, placed on or
sent over this system may be monitored.” The majority seems to
think that the average servicemember would not understand the
plain meaning of that sentence without the magical phrase “no
expectation of privacy.” This conclusion is disconcerting. The
majority ignores a number of other cases with less specific
banner language where the courts found no reasonable expectation
of privacy. See Kaufman v. SunGard Inv. System,
No. 05-CV-126(JLL), 2006 U.S. Dist. LEXIS 28149, at *12, 2006 WL
1307882, at *4 (D.N.J. May 9, 2006)(letter-opinion and order);
Muick v. Glenayre Elec., 280 F.3d 741, 743 (7th Cir. 2002);
United States v. Simons, 206 F.3d 392, 398 (4th Cir. 2000). The
purpose of the banner was to give notice that computer activity
would be monitored, and as imprecise as it may be, the language
of the banner unambiguously conveyed that message.
The majority also attempts to distinguish Simons based on
the “very specific policy regarding use of the computer system”
in that case. This is a distinction that should not be made.
As stated above, a reasonable expectation of privacy is not
4
United States v. Long, No. 05-5002/MC
divisible. The majority refuses to directly acknowledge
applicable federal precedent on this issue. In doing so, they
ignore a clear trend in the federal courts that there is no
expectation of privacy in situations, like this one, where there
is a DoD banner clearly announcing a departmental monitoring
policy. When an employee knows that an employer is monitoring
his or her e-mail, there cannot be a reasonable expectation of
privacy, especially when the employee is notified each time that
logging on constitutes consent to monitoring.
The court noted in Simons, 206 F.3d at 398, that “office
practices, procedures, or regulations may reduce legitimate
privacy expectations.” Likewise, in Angevine, 281 F.3d at 1134,
the court held that a university professor had no expectation of
privacy to files erased on his computer because the university’s
“policy explicitly cautions computer users that information
flowing through the University network is not confidential
either in transit or storage on a University computer.” Thus,
university users were aware that administrators and others had
free access to the downloaded Internet material. The court held
that deleting the files “was not sufficient to establish a
reasonable expectation of privacy.” Id. at 1135. “[G]iven the
absence of the city policy placing [defendant] Slanina on notice
that his computer use would be monitored and the lack of any
indication that other employees had routine access to his
5
United States v. Long, No. 05-5002/MC
computer, we hold that Slanina’s expectation of privacy was
reasonable.” United States v. Slanina, 283 F.3d 670, 677 (5th
Cir. 2002), vacated on other grounds by 537 U.S. 802 (2002).
In United States v. Bailey, 272 F. Supp. 2d 822, 835-36 (D.
Neb. 2003), the court held that a defendant had no reasonable
expectation in his computer at his civilian work site which had
a log-on banner. The log-on banner stated:
These computer resources are solely owned by the
Company. Unauthorized access or use is a violation of
federal law and could result in criminal prosecution.
Users agree not to disclose any company information
except as authorized by the company. Your use of this
computer system is consent to be monitored and
authorization to search your personal computer to
assure compliance with company policies.
Id. at 831. The company’s policy available to the workers
said:
It is critical that all agents, employees,
suppliers and vendors understand these information
security policies and comply with them when accessing
and using American Family’s electronic resources. All
of us -- as individuals and as a Company -- will be
held accountable for knowing and adhering to these
policies. Each of us as individuals and as a Company
can be held liable for failing to comply with these
policies.
Id. at 832.
Additionally, the company policy posted on the Intranet
site explained that while personal use of computers was not
prohibited, it could not be used for unlawful purposes, and the
workers had “no expectation of privacy associated with the
6
United States v. Long, No. 05-5002/MC
information they store in or send through these systems.” Id.
at 832, 836. As to the expectation of privacy, the court
stated:
Absent a legitimate and constitutionally protected
expectation of privacy in e-mail files, defendant
cannot successfully assert a Fourth Amendment
violation. United States v. Bach, 310 F.3d 1063, 1066
(8th Cir. 2002). Factors relevant to determining if a
legitimate expectation of privacy exists include
ownership, possession and/or control of the area
searched or item seized; the defendant’s historical
use of the property or item; whether the defendant can
exclude others from that place; whether he took
precautions to maintain the privacy; and whether the
defendant had a key to the premises.
Id. at 834-35.
The fact that an individual has a password does not change
the expectation of privacy. Garrity v. John Hancock Mut. Life
Ins. Co., No. 00-12143-RWZ, 2002 U.S. Dist. LEXIS 8343, at *5-
*6, 2002 WL 974676, at *2 (D. Mass. May 7, 2002); see also
Bailey, 272 F. Supp. 2d at 835-37 (the facts, including
“employer’s notice [that] . . . internet use[] and e-mail may be
monitored,” undermine[] an employee’s claim that the information
was private and “any expectation of privacy that the employee
has is not one that society is willing to accept and protect”).
In Smyth v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa. 1996),
the court indicated that an employee has no reasonable
expectation of privacy in e-mail because “the company’s interest
in preventing inappropriate and unprofessional comments or even
7
United States v. Long, No. 05-5002/MC
illegal activity over its e-mail system outweighs any privacy
interest the employee may have in those comments.”
The majority improperly uses Appellee’s authorization for
personal use of her e-mail account to support their finding of a
reasonable expectation of privacy. However, her personal
account was her work account and Appellee’s communications fall
within the scope of work-related communications. Appellee
discussed her diminished ability to perform her job as well as
her appearance at work in e-mails sent to Ms. KS between 9:46
a.m. and 1:07 p.m. on August 15, 2000, the day of her urinalysis
test. The times the e-mails were sent indicate that they were
sent while she was at work. The systems administrator testified
that the e-mail accounts were “authorized specifically for doing
your job within DOD” and that personal use is something they
have been “lenient on allowing.” The distinction between a
work-related e-mail and e-mail unrelated to work would be
difficult, if not impossible, to make in many instances.
The perception of one administrator in a department as
large as the DoD, with over 2.5 million servicemembers,
excluding civilians, is not binding on the department itself.
The belief of an administrator is even more attenuated
considering how computers are used on the job. Cf. United
States v. Muniz, 23 M.J. 201, 206 (C.M.A. 1987) (“[W]e note that
the credenza, like any other item of Government property within
8
United States v. Long, No. 05-5002/MC
the command, was subject at a moment’s notice to a thorough
inspection. That omnipresent fact of military life, coupled
with indisputable government ownership and the ordinarily
nonpersonal nature of military offices, could have left
appellant with only the most minimal expectation -- or hope --
of privacy.” (citation omitted)).
As the United States Court of Appeals for the Ninth Circuit
stated in United States v. Ziegler, 456 F.3d 1138, 1146 (9th
Cir. 2006), “Employer monitoring is largely an assumed practice,
and thus we think a disseminated computer-use policy is entirely
sufficient to defeat any expectation that an employee might
nonetheless harbor.” Every time Appellee turned on her
computer, she was aware of the computer-use policy of her
service and could not have a reasonable expectation of privacy.
While the Supreme Court has not heard an e-mail case, the
Supreme Court’s expectation of privacy approach applies.
Certainly, the possibility of exposure to the public eye
diminishes or alleviates one’s expectation of privacy, and
undoubtedly when one is so warned of monitoring, there is no
expectation of privacy. Just as the Supreme Court indicated,
there is no reasonable expectation of privacy in numbers dialed
on a telephone because “[w]hen he used his phone, petitioner
voluntarily conveyed numerical information to the telephone
company and ‘exposed’ that information to its equipment in the
9
United States v. Long, No. 05-5002/MC
ordinary course of business.” Smith v. Maryland, 442 U.S. 735,
744 (1979), superseded by statute, Electronic Communications
Privacy Act of 1986, 18 U.S.C. § 3121(a) (2000). Similarly, as
to business records, the Supreme Court indicated that financial
statements and deposit slips are “voluntarily conveyed to the
banks and exposed to their employees.” United States v. Miller,
425 U.S. 435, 442 (1976), superseded by statute, Right to
Financial Privacy Act of 1978, 12 U.S.C. § 3401 (2000), as
recognized in SEC v. Jerry T. O’Brien Inc., 467 U.S. 735, 745
(1984). Based on the hierarchy as to sources of rights, a
statute can grant more rights than the Fourth Amendment. See
United States v. Lopez, 35 M.J. 35, 39 (C.M.A. 1992). Thus,
there is no expectation of privacy. Miller, 425 U.S. at 443-44.
One “takes the risk, in revealing his affairs to another,
that the information will be conveyed by that person to the
Government,” id. at 443, thus providing a basis for the
conclusion that the subscriber lacks an expectation of privacy
in communications held by a service provider, especially when
there is a log-on notice and no statutory protection.
Even when there is a reasonable expectation of privacy, one
of the exceptions is consent to search. Consent is such that
one would not rely upon an assumption of risk that the service
provider would not reveal this information to law enforcement
officials. Hoffa v. United States, 385 U.S. 293, 302-03 (1966).
10
United States v. Long, No. 05-5002/MC
Likewise, in Lopez v. United States, 373 U.S. 427, 465 (1963),
the Supreme Court acknowledged that a conversation
surreptitiously recorded by a government agent was admissible
even though there was no prior judicial authorization for the
recording. See also Osborn v. United States, 385 U.S. 323, 327-
31 (1966) (holding that a tape-recorded conversation based on
surreptitious surveillance was properly admitted). Certainly, a
communicator’s expectation of privacy is not reasonable once he
or she has given consent to search. Expectation of privacy is
also lessened when the user recognizes that his or her
communications are recorded. Where consent is given to an
administrator or someone with mutual use of the property, see
United States v. Matlock, 415 U.S. 164, 171 (1974), the
originators of e-mail assume the risk that the administrator may
give consent to law enforcement officials. This is not an
instance where the police went to the Internet provider as in
United States v. Maxwell, 45 M.J. 406, 412 (C.A.A.F. 1996). The
possession of the password means that this information is
protected against other individuals logging onto Appellee’s
computer or to another computer and trying to obtain her
e-mails. The password is not a protection against the systems
administrator or law enforcement. For the aforementioned
reasons, I respectfully dissent.
11