Electronic Monitoring: How Far Can You Go?

A Briefing for Corporate Managers

by Nancy J. King - Assistant Professor, Oregon State University

I. Introduction: Electronic Monitoring Involves Employee Privacy, Employer Business, and National Security Concerns

From the perspective of employees, electronic monitoring by employers involves important privacy concerns. Electronic monitoring allows an employer to observe what employees do on the job and review employee communications, including e-mail and Internet activity, often capturing and reviewing communications that employees consider private.1 As described in this article, electronic monitoring also includes the use of computer forensics, a relatively new science, and an important advancement in the broader field of electronic monitoring and computer evidence. There are many good business justifications for employers to electronically monitor employees in the workplace including assessing worker productivity, protecting company assets from misappropriation, and ensuring compliance with workplace policies. Recently, the business justifications for employer monitoring have been bolstered by their relationship to national security concerns.2 Both employers and employees have mutual interests in promoting national security but they also have mutual privacy concerns that arise from the recent development of laws related to electronic monitoring. This is because federal laws designed to facilitate electronic monitoring for national security purposes empower law enforcement to conduct electronic monitoring in new ways that may impact the privacy of both individuals and businesses.

II. What is Electronic Monitoring?

A. Scope of Electronic Monitoring. The term electronic monitoring is used in this paper to encompass three different concepts. First, it includes employer use of electronic devices to review and measure the work performance of employees. For example, an employer may use a computer to retrieve and review an employee's e-mail messages sent to and from customers in order to evaluate the employee's performance as a customer service representative. Second, it includes "electronic surveillance" in the form of employers' use of electronic devices to observe the actions of employees while employees are not directly engaged in the performance of work duties, or for a purpose other than to measure their work performance. For example, an employer may electronically review an employee's e-mail messages as part of an investigation of a sexual harassment complaint. Third, it includes employer use of computer forensics, the electronic recovery and reconstruction of electronic data after deletion, concealment, or attempted destruction of the data.3 For example, an employer may use specialized software to retrieve or recover e-mail messages stored on the employer's computer hard drive that relate to an investigation of alleged theft of its trade secrets by an employee.

B. Technology Enables Employers to Electronically Monitor Employees' Computer Use:

• Monitoring Computer Keyboard Use. Computers may be programmed to monitor clerical workers to record the number of keystrokes per minute, the precise time and location of any errors, the amount of time it takes to process each form or complete each task, and the length of any breaks.


• Monitoring Telephone Use. Computers may count the number and type of calls and call-backs, the number of messages opened and waiting, the number of seconds before the call is answered, the number of times a caller is put on hold, the precise duration of each call, and the time period between calls.


• Monitoring Computer Document Drafting. Computers may monitor the number of drafts of documents and the number of revisions per line of dictation.


• Monitoring Network and Internet Use. Software enables employers to secretly, and in real-time, monitor employees' use of networked computers including individual monitoring of each connected computer.4 Software enables employers to capture the images from an employee's computer screen at random intervals and then compress those images to provide documentation of all computer work.5 Software also may reveal the online activities of all employees, including Websites visited, the length of the employees' visits to Websites, and whether those sites are productive or unproductive. Software enables employers to monitor employees' use of chat rooms, programs run, games played, files used, bytes transferred or downloaded, time spent downloading, and e-mail sent or received.6 Additionally, software may be used to monitor employees' access to pornography.


• Computer Forensics Techniques as Monitoring. Computer forensics focuses on retrieving and/or reconstructing electronic communications, generally after the communications have been transmitted, received, and stored on a computer hard drive.7 Computer forensics may recover electronic communications even after attempts have been made to delete or obscure any record of the electronic communications. Since specialized computer forensics software is used in the retrieval/reconstruction process and the retrieval/reconstruction process generally occurs post-transmission, this form of monitoring often deals with stored electronic communications, rather than interception of electronic communications while they are in transit.

III. What Federal Privacy Laws Relate to Electronic Monitoring by Employers?

The basic federal protection for the privacy of electronic communications is found in the Electronic Communication Privacy Act (ECPA), which encompasses federal wiretapping laws and federal laws prohibiting unauthorized access to communications in electronic storage.8 Under these federal statutes it is unlawful for anyone, including an employer, to intentionally "intercept" the content of a wire, oral or electronic communication (hereafter "Title I" violations).9 It is also a federal crime for anyone to "access" without "authorization" a facility providing electronic communication service and thereby obtain access to a wire or electronic communication while it is in electronic storage (hereafter "Title II" violations).10

Unless the interception or unauthorized access of a wire, oral, or electronic communication is covered by one of several statutory exemptions or defenses, violation of these statutes is a federal crime. These laws also give private citizens, including employees, the right to sue for civil damages when there has been an unlawful interception or access to a communication in electronic storage in violation of the privacy rights set out in these statutes. See Appendix A for a Summary of Federal Privacy Statutes: The Electronic Communications Privacy Act.

One statutory exemption to Title I and Title II of the ECPA is of primary importance to employers who electronically monitor company electronic communications systems, for example, company e-mail systems and company provided Internet access systems. This exemption is referred to as the "consent" exception under Title I and the "authorization of a user" exception under Title II. See Appendix A for a description of the statutory exemptions to Title I and Title II. Essentially, one way for an employer to obtain the consent or authorization of a user to intercept or access stored electronic communications is to adopt and distribute a workplace policy permitting the employer to electronically monitor employee electronic communications in the workplace. To take advantage of this statutory exemption to shield the employer's electronic monitoring of communications by employees in the workplace, an employer needs a comprehensive workplace policy that has been communicated to employees. Alternatively, the employer could obtain individual consent from employees to the employer's electronic monitoring.

The federal privacy statutes have been recently amended by Congress in the USA PATRIOT Act and have important implications for employers. Also recent federal circuit and district court cases have interpreted the scope of the laws narrowly, avoiding unnecessary restrictions on the use of electronic monitoring by employers or law enforcement. The combined actions of Congress and the courts have effectively expanded the ability of employers to monitor electronic communications of employees without violating these laws. But there are negative implications for businesses as well that arise from these recent developments that include enhanced ability of law enforcement to compel businesses to monitor their electronic communications systems for law enforcement purposes and enhanced government access to electronic communications by businesses.

IV. Recent Cases: Employee Monitoring Scenarios as Viewed by the Courts.

A. Courts hold Title I of the ECPA only covers interception of electronic communications in transit. Two federal circuit courts, including the 9th Circuit in Konop v. Hawaiian Airlines, Inc., have held that an "interception" of an electronic communication is prohibited under federal law only when it occurs contemporaneously with the transmission of the communication.11 In Konop, the 9th Circuit held Hawaiian Airlines' access of an employee's private secured Website without authorization was not an unlawful interception of an electronic communication while it was in transit. (The 9th Circuit held that Hawaiian Airlines may have violated Title II, by accessing stored electronic communications on his Website without authorization, and remanded the case for trial on the Title II claims.) Likewise in Steve Jackson Games, Inc. v. U.S. Secret Service, the 5th Circuit Court of Appeals held the employer did not unlawfully intercept electronic communications when it seized a computer containing unread e-mail messages, because the seizure of the computer containing the unread e-mail messages occurred sometime after the transmission of the e-mail messages to the computer.

B. Courts hold the Title II of the ECPA only prohibits unauthorized access to stored electronic communications before delivery of the communications. With respect to Title II violations of ECPA which relate to unauthorized access to stored electronic communications, recent court cases have held that unauthorized access to stored electronic communications is only prohibited by federal law when the electronic communication is in temporary storage prior to delivery to the intended recipient, not to access of communications in storage after the communication has been delivered to the intended recipient and then stored. For example, in Fraser v. Nationwide Mutual Insurance Company, Fraser, an insurance agent, sued Nationwide for wrongfully discharging him as an independent contractor.12 Fraser claimed Nationwide violated both Title I and Title II of the ECPA. Nationwide obtained Fraser's and another Nationwide agent's e-mail messages from storage on Nationwide's electronic file server and opened the messages, discovering that an e-mail criticizing Nationwide's business practices had been sent by the insurance agents to one of Nationwide's competitors. The e-mail Nationwide retrieved from its storage site was in "post-transmission storage" because it had already been sent by Fraser and received by the intended recipient, another Nationwide agent. (The district court also held Nationwide's e-mail monitoring did not violate Title I because Title I only prohibits interception of private communications during the course of transmission, not after the communication has been received and stored. Here Nationwide obtained the e-mail communications after transmission.)

Based on the Title I and Title II cases described above, the ECPA does not appear to prohibit an employer from electronically monitoring employee electronic communications (including e-mail, voice mail, or Web communications) at least as long as the employer does not intercept those messages while they are in transit or retrieve them from temporary storage or backup storage before the intended recipient has retrieved the messages. However electronic monitoring software is available to employers that permits interception of electronic communications by employees in real-time, an ECPA liability risk.

C. Monitoring an employee's private communications, even at work, may violate federal laws. The employer should stop listening when it is determined that an employee's communications are a private affair.

In Fischer v. Mt. Olive Lutheran Church, a youth minister, Fischer, was terminated and sued his employer, the Mt. Olive Lutheran Church, claiming the church violated Title I of the ECPA by eavesdropping on his personal telephone conversations at work13 A church manager listened to a telephone conversation between Fischer and an outside caller using a cordless telephone that tied into the employer's telephone system. Fischer's conversation allegedly contained explicit sexual material that was homosexual in nature. The court refused to dismiss Fischer's Title I claim, after considering application of the ECPA's business extension exception, which would permit the employer's interception of the plaintiff's telephone conversation as long as it was being used in the "ordinary course of its business." The court found Fisher's telephone conversation was not in the ordinary course of business because it was not a business call and monitoring a personal call was not justified by valid business concerns, giving two reasons for its holding. First, it was unsure how a private telephone conversation raised safety concerns for church personnel that could justify monitoring an otherwise personal call, however sexually graphic and homosexual in nature it may have been. And second, the church might have a legal interest in continuing to listen to the conversation if plaintiff were speaking to a minor due to his job responsibilities as a youth minister; however, it was undisputed that the employer's managers believed that the plaintiff was speaking with an adult. The court held that under Title I, the employer was required to cease listening to Fischer's telephone call as soon as it determined that it was personal and that the person Fischer was not speaking to a minor. The employer did not have a workplace policy permitting interception of employee telephone calls and other electronic communications, so the "consent" exception to the ECPA was not applicable.

D. Employer access of employee maintained Websites and off-site e-mail accounts without authorization may violate Title II.

Two cases help explain why an employer's use of electronic monitoring to monitor employees outside the workplace may violate the ECPA. First, in Konop v. Hawaiian Airlines, the 9th Circuit Court of Appeals remanded an employee's Title II claim for trial that involved company managers accessing the employee's non-public and off-site Website without authorization. Hawaiian Airlines argued that two employees who were authorized to access Konop's Website had authorized a manager to access Konop's Website using their names consistent with the Title II exception that allows persons who are users of an electronic communication service to authorize a third party to access the electronic communications intended for the user. The 9th Circuit held that because the two employees had not accessed Konop's Website before they authorized Hawaiian Airlines manager to do so using their names, they were not "users" who could authorize management to access Konop's site.

Second, access of an employee's off-site e-mail account that was not provided by the employer has also been found to violate the ECPA. In Fischer v. Mt Olive Lutheran Church, a computer expert hired by the church used the employer's computers to access plaintiff's Hotmail account by using a password guessed by a church manager. The computer expert printed out the e-mail messages that he found in the plaintiff's e-mail account, including e-mail messages that appeared to be from a male lover. This claim was remanded for trial because Title II prohibits intentionally accessing the storage of other subscribers without specific authorization to do so.

V. Impact of the Recent Amendments by the PATRIOT Act on Federal Privacy Rights

In October, 2001, the USA PATRIOT Act amended the federal wiretapping laws and the ECPA, amending both the provisions prohibiting interception of electronic communications (Title I) and provisions restricting access to stored wire and electronic communications (Title II).14

A. New employer legal obligations related to monitoring employees.

As a result of the USA PATRIOT Act's amendments to these federal laws, employers should anticipate increased obligations to provide private information about employees to law enforcement.15 The employer's new obligations arising from the USA PATRIOT Act include the possibility of the employer receiving a search warrant, a government order, a subpoena, certification of a government official (hereafter "government orders") or a government request to produce information about a former or current employee. There are many dimensions to these new employer obligations, including the following:

• Employers may be required to comply with search warrants, including search warrants for e-mail or voicemail messages of employees. The USA PATRIOT Act allows government investigators to use a search warrant to obtain stored voicemail evidence related to an investigation of any criminal offense. Court wiretap orders are no longer needed for government access to stored voicemail messages.


• "Sneak and Peak" searches and seizures by the government, which authorize searches and seizures without prompt notice to the subject of the search and seizure, to obtain evidence of a criminal offense are now lawful across the nation. There are some limits on "sneak and peek" searches that balance the interests of law enforcement with the privacy interests of persons under surveillance. When a "sneak and peek" search is authorized, employer or other provider of electronic communication service may be ordered by a court to keep its monitoring of communications secret from the subject under surveillance.


• Businesses and their employees, including U.S. citizens, may have their wire and electronic communications monitored by the government through the use of "pen register and trap and trace devices under expanded rules. With proper authorization, the government may use these devices to protect against international terrorism or in foreign intelligence investigations and may use these devices to trace communications made over the Internet or telephone lines. When the device is not used to capture the contents of a communication, it is not considered to be a search and seizure requiring a showing of probable cause.


• Employers and other persons may be asked or ordered to provide access to business records and other "tangible" items to the FBI under the Foreign Intelligence Surveillance Act. The information that the FBI may obtain in an investigation of international terrorism is no longer limited to information about "agents of foreign powers" and may include information about U.S. citizens. The FBI may get an order requiring the provider of business records to keep its production of records secret.

B. New employer rights related to monitoring employees.

A new "computer trespasser" exception16 authorizes law enforcement to assist employers who provide electronic communications systems when hackers or other unauthorized persons have accessed the employers' computer systems. Before the computer trespasser exception was available, law enforcement needed a warrant to intercept the contents of Internet communications sent by a computer trespasser (for example, a computer hacker), even if the owner of the computer system under attack gave its consent for law enforcement to access its system and intercept electronic communications on that system. Delays in obtaining a warrant may seriously impair efforts by law enforcement to apprehend the hacker. Now, employers may authorize law enforcement to intercept communications on the employer's computer systems. However, the employer may not authorize law enforcement to obtain any communications other than those from the computer trespasser, so precision in interception is still required. Technology is lagging behind the law here, and there is a need to develop monitoring technology that will intercept only the desired communications.

C. The "good faith reliance" defense.

Employers may benefit from a defense from lawsuits found in the ECPA which applies when the employer responds to proper government requests to produce information, provide facilities, or provide assistance. This defense to lawsuits will shield employers who monitor their electronic communication systems in response to government request or order (including a certification, subpoena, court order or search warrant). Of course, the defense may be lost if the employer exceeds the scope of the government order or request. The defense from civil damages is also lost if the employer discloses to an employee that the government has asked the employer to monitor the employee's electronic communications or tells the employee that such monitoring has occurred.

D. Privacy concerns shared by employers and employees

The USA PATRIOT Act amends federal privacy laws in ways that should concern both employers and employees by increasing permitted privacy intrusions by the government related to Internet communications. For example, the USA PATRIOT Act expands the ways that electronic communication providers that serve the public may access and disclose stored electronic communications of those who use their services. These provisions primarily govern access and disclosure by Internet Service Providers (hereafter "ISPs") who may be under contract with employers or employees.

The exceptions will apply when the employer subscribes to an Internet service and may permit the ISP, who provides services to an employer, to access and/or disclose electronic communications related to the employer's business to law enforcement and to other persons. An ISP may access or disclose the contents of communications in electronic storage 1) to addressee or intended recipient of the communication: 2) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service; and 3) when it is necessary to provide the service or protect the provider's rights or property.17

ISPs may also access or disclose the contents of communications to law enforcement in expanded circumstances. Lawful disclosures to law enforcement include: 1) a service provider who inadvertently obtains content of stored communication that appears to pertain to the commission of a crime may disclose the contents of the communication to law enforcement: 2) a service provider who reasonably believes there is an emergency that involves immediate danger of death or serious injury to any person that requires disclosure of the information without delay may disclose the contents of the communication to law enforcement.

ISPs may disclose customer records, but not the contents of communications, in certain circumstances and the nature of the disclosures have recently been expanded. The information that may be disclosed under this exception includes information about the subscriber or customer's account, such as the subscriber's name, address, billing records, length of service. The USA PATRIOT Act expanded the customer records that may be divulged to include records of session times, network addresses, and source of payment, including credit card or bank account numbers. The exception allows disclosure of these customer records (1) with the consent of the customer or subscriber, (2) when it is necessary to the rendition of the service or to protect the rights or property of the service provider; (3) to a governmental entity when the provider reasonably believes that an emergency involving immediate danger of death or serious injury to any person justifies disclosure of the information, or (4) to any person other than a governmental entity.

Privacy concerns related to ISP's permitted disclosures to the government have been enhanced by provisions in the Homeland Security Act of 2002 that was recently passed by the House and Senate and signed by President Bush.18 Section 225 of the Homeland Security Act extends the good faith defenses under Title I and II of the ECPA to ISP's. Under Section 225, an ISP may make disclosures of the contents of electronic communications to federal, state, or local government entities when the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of communications relating to the emergency.

The above permitted disclosures have privacy and security considerations for employers because information that is generally considered proprietary or confidential by an employer may be accessed or disclosed by an Internet Service Provider.

VI. State Wiretapping Statutes Also Apply to Employer Monitoring

As discussed above, the federal Electronic Communications Privacy Act, as amended by the USA PATRIOT Act, sets a minimum privacy protection for electronic communications, including those of employees. Some state laws provide greater protection for electronic communications than federal laws. When employers engage in employee monitoring of electronic communications they must comply with both federal and state law. See Appendix B for a Summary of Oregon and Washington State Wiretapping Statutes.

The ECPA's "good faith" reliance defense applies to civil or criminal liability under "any other law," so the federal defense should be available to an employer in a civil or criminal case under state wiretapping or state tort laws. However, to date, no court has applied the good faith exception found in the ECPA to actions under state laws.

VII. State Privacy Tort Claims May Include Employer Monitoring

Most courts that have ruled in favor of employers when deciding cases involving claims by employees that their employer's electronic monitoring activities violate their rights to privacy under state tort laws19 For example, in Garrity v. John Hancock Mutual Life Insurance Company, the court dismissed employees' claims of invasion of privacy based on their employer's reading of their e-mail on the employer's computer system and concluded the employees had violated the policy by sending and receiving sexually explicit e-mail messages.20 The employer, John Hancock, had a company policy that prohibited the employees' use of its e-mail system to send or receive sexually explicit material and had disseminated that policy to employees.

However, having a written policy against inappropriate use of the employer's e-mail system may not be necessary to defeat a claim of invasion of privacy when an employer reads e-mail communications of employees stored on its computer system. In fact, even where a company has promised employees that e-mail communications will remain confidential, and the company has no e-mail policy, a company has prevailed on invasion of privacy claims brought by an employee after the company retrieved and read e-mail messages sent by the employee. This was the case in Smyth v. Pillsbury Co., where an employee sued for wrongful discharge in violation of public policy arising from alleged invasion of privacy, after his employer fired him for inappropriate use of the company's e-mail system.21 The employer obtained copies of the employee's e-mail which included a threat "to kill the backstabbing bastard" and compared an upcoming holiday party to a "Jim Jones Kool-Aid Affair."

In McLaren v. Microsoft Corporation, McLaren was terminated from his employment and sued Microsoft for invasion of privacy.22 Prior to his termination McLaren was suspended him for investigation of sexual harassment and other alleged misconduct, and his employer read McLaren's e-mail messages which were stored in personal folders on the employer's computer system under a password created by McLaren. The court rejected McLaren's claim, holding he had no reasonable expectation of privacy with respect to e-mail messages stored on his office computer and, even if he did, a reasonable person would not consider Microsoft's interception of these communications to be a highly offensive invasion.

Public employers also have used workplace policies to successfully defend invasion of privacy claims related to electronic monitoring of employee electronic communications. In Kelleher v. City of Reading, a city employee lost a claim for invasion of privacy against the City of Reading for allegedly publicizing her e-mails and other purportedly private information relating to her suspension by the City Council.23 With respect to the publication of the employee's e-mail communications, Kelleher held:

Plaintiff did not have a reasonable expectation of privacy with respect to her e-mail. The City's Guidelines regarding the expectation of privacy of e-mail messages, which are uncontroverted, explicitly informed employees that there was no such expectation of privacy: "Messages that are created, sent, or received using the City's e-mail system are the property of the City of Reading. The City reserves the right to access and disclose the contents of all messages created, sent, or received using the e-mail system. The E-mail system is strictly for official City of Reading messaging."

The City of Reading also had proof that the employee received notice of the workplace policy in the form of a written and sign acknowledgment by the employee that she had received and read its policy.

In sum, an employer is well advised to adopt and distribute a workplace policy governing employee use of its electronic communications systems, to communicate that policy to employees, and to obtain documentation that employees have received and reviewed the policy. However, as the above cases demonstrate, even in the absence of these preventative measures, employees have not been successful in lawsuits claiming their employers' retrieval or reading of their e-mail messages communicated on employer computer systems was a violation of their rights to privacy under state law.

VIII. Constitutional Privacy Claims Cover Public Employer Monitoring

Public employees may have constitutional rights to privacy under federal or state laws that employees in the private sector generally do not have.24 However, even where a constitutional right to privacy claim may be made, employers have generally prevailed on invasion of privacy claims. In U.S .v Simmons, the federal government used electronic monitoring to examine the records of Websites a federal employee had visited and then examined files saved on his computer.25 Although the court recognized that the public sector employee may have a privacy right in these materials, it found that in light of the employer's monitoring policy, that the employee did not have an objectively reasonable expectation of privacy. The employer's monitoring policy specified the types of data that would be monitored, including e-mail, Internet and electronic file transfers, and specified the ways in which the data would be retrieved, including audit and inspection. Some states also have provided for constitutional rights to privacy for private sector employees in their state constitutions.26

IX. Federal Labor Laws Apply to Private Sector Employer Monitoring

Section 7 of The National Labor Relations Act (NLRA) makes it an unfair labor practice for private sector employers to engage in surveillance of employees through electronic monitoring when the employer's surveillance would interfere with the employees' right to engage in protected concerted activities.27 Employees have the right to engage in "protected concerted activity" even when there is no union involved in the conduct, for example to discuss matters of common concern related to a non-union workplace including work rules, wages, vacation policies or confidentiality rules.

However, when the employee activity involves employee use of employer property, for example employee use of employer provided e-mail or Internet access, the National Labor Relations Board and the Courts have tended to recognize the employer's property rights in its computer systems and support the employer's right to monitor the work performance of employees.

When the employees' computer use is outside the employer's workplace, employer surveillance of their protected concerted behavior may well be an unfair labor practice. In Konop v. Hawaiian Airlines, Inc., the 9th Circuit Court of Appeals held it was a violation of the Railway Labor Act28 for Hawaiian Airlines' managers to access an employee's Website without authorization to find out what the employee was saying about the company, its managers, and the incumbent union. Hawaiian Airlines' managers viewed the site and disclosed the contents of the site to the incumbent union. The 9th Circuit Court of Appeals agreed with Konop that this type of behavior by an employer would interfere with his rights protected under federal labor law, and sent the case back for trial on this unfair labor practice charge.

X. Check List for Employers: Minimizing Litigation Risk

A. Adopt a well drafted workplace electronic communications policy/review other Policies. Make sure the policy reserves the employer's ability to respond to government requests and government/court orders to monitor or produce employee electronic communications. Make sure the policy covers all forms of electronic communications that may occur in the workplace or using company provided electronic communications equipment including e-mail, Internet use, devices that have text messaging capability, etc.

Also, review other policies that cover employee privacy of disclosure of employee records. An important purpose of these revisions is to prevent employee claims that the employer violated its own privacy policies related to disclosing private information about employees.

B. Communicate the workplace electronic communications policy to all employees and obtain documentation that employees have received and reviewed the policy.

C. When in doubt of the employer's legal right to monitor, obtain consent from employees to monitor electronic communications. For example, obtain consent from employees to have office staff retrieve and read their e-mail and other electronic communications due to the concern that non-business communications may be received by employees.

D. Determine whether there is a business justification for monitoring and document the business justification for monitoring. For example, if monitoring that is not in the ordinary course of business is being considered, for example, the employer has received a bomb threat and is investigating that threat, document the reasons for the monitoring.

E. When electronic monitoring reveals "private" employee communications stop the monitoring and obtain legal advice before continuing to monitor. Even monitoring in the ordinary course of business may occasionally reveal employee communications that appear to have no relationship to business matters. The classic cases have involved romantic relationships between employees that the employee desired to keep secret. When in doubt about whether to continue monitoring of purely private matters, discontinue the monitoring and obtain legal review of the matter.

F. Develop an action plan to respond appropriately to government/law enforcement requests and orders to monitor electronic communications by employees. Anticipate the various mechanisms that may be used by government, including law enforcement, to request or demand that an employer monitor the electronic communications of employees. Also consider the possibility that the employer may need to preserve evidence while a court order, subpoena or other legal process is obtained requiring monitoring or production of evidence. Consider whether the employer will be able to comply with "real-time" monitoring requests or orders related to its computer systems.

G. Be aware of the "computer trespasser" exception to federal wiretapping laws. Consider whether this exception may enable the employer to seek the assistance of law enforcement with computer expertise to help the employer respond to computer hackers and other situations involving unauthorized access to the employer's computer systems.

H. Review contracts with Internet service providers for privacy concerns and develop procedures and policies to protect confidential and proprietary information communicated over the Internet. Be aware that Internet service providers have more latitude to access and disclose electronic communications over their Internet services, including confidential or proprietary information about businesses, and develop a plan to protect important business communications.

APPENDIX A
SUMMARY OF FEDERAL PRIVACY STATUTES
ELECTRONIC COMMUNICATIONS PRIVACY ACT

A. Employer monitoring Involving Interception of Oral, Wire or Electronic Communications.

1. The Federal Wiretap Act Prohibits "Interception" of Oral, Wire or Electronic Communications.

Title I of the Electronic Communications Privacy Act of 1986 ("ECPA"), Interception of Electronic Communications ("The federal Wiretap Act"), creates privacy rights in oral, wire, or electronic communications.29 Unlawful interception or disclosure/use of the contents of an oral, wire or electronic communication that has been intercepted in violation of the statute is prohibited. Procuring another person to intercept or try to intercept an electronic communication is also a violation of Title I. Telephone conversations are wire communications. E-mail messages and conversations in Internet chat rooms are electronic communications.

2. There are several statutory exceptions to the prohibition on interception of electronic communications that apply to businesses and individuals:

• a. Business Use Exception to Monitor Using Telephone or Telegraph Equipment in the Ordinary Course of Business. This exception covers the use of electronic devices by a subscriber or user (including an employer) to intercept wire, oral or electronic communications when the interception is done in the ordinary course of business. It has been called the "telephone extension" exception because the statute only references this form of technology. For example, in Briggs v. American Air Filter Co., an employer who suspected that confidential information was being disclosed by an employee to a business competitor after the employee had been told not to disclose such information to competitors did not violate federal privacy laws by listening in on an extension phone on the employee's call with a competitor for at least as long as the call concerned the type of information that the employer feared was being disclosed.30


• b. Provider Exception to Intercept, Disclose, Use Wire or Electronic Communications in the Ordinary Course of Business. For example, an employer may be a provider of an electronic communication service for employees use and may intercept electronic communications in the ordinary course of its business.31 However, this exception not been interpreted by courts to authorize an employer to intercept an employee's private electronic communications, even when the private conversation is made on the employer's system. In Watkins v. L.M. Berry & Co., the court held that in monitoring a telephone call received by an employee to determine whether it was a business or personal call, the employer was obliged to cease listening as soon as it determined that the call was personal, regardless of the contents of the conversation that the employer legitimately heard.32


• c. Exception for Consent of a Party to the Communication when the interception is not by the government and is not for the purpose of committing a crime or tort (civil violation of the law, such as the tort of invasion of privacy). For example, employees may consent to the interception of their e-mail messages on company provided computer equipment in order to facilitate customer service, e.g. to permit office staff to review incoming e-mail messages for managers when they are out of town.


• d. Government Authorization for Disclosure, Interception or Government Required Preservation of a Backup Copy of an Electronic Communication. The government may compel an electronic service provider to access or disclose the contents of a communication by obtaining a warrant requiring the disclosure of the contents of an electronic communication in electronic storage, a court order requiring interception of electronic communications, or a subpoena or court order requiring the electronic communication service provider to retain a backup copy of contents of an electronic communication.33 Therefore an employer could be ordered by the government to intercept electronic communications about an employee or others when the communication is made using the employer's electronic communication service.

3. Civil and Criminal Liability and Defenses to Criminal or Civil Liability for Interception of Electronic Communications by Businesses/Employers. In addition to criminal sanctions, there is a private right of action under this statute that permits individuals to sue for damages, including punitive damages and attorney's fees, when their privacy rights under the statute have been violated.

• a. Civil Liability. Those who are found to have intentionally violated Title I's prohibitions on interception may be sued civilly for damages and other relief by persons who have had their privacy rights violated. Remedies available include the greater of 1) actual damages plus any profits made by the violator as a result of the violation, or 2) statutory damages. Statutory damages may range from $100 a day for each day of violation up to a $10,000 maximum. Punitive damages are available in appropriate cases as well as awards of reasonable attorney fees and other litigation costs.


• b. Criminal Liability. An intentional violation of Title I is punishable by fines or imprisonment, or both; imprisonment is limited to not more than five years.


• c. Defenses to Civil and Criminal Liability. Good faith reliance on a court warrant or order, grand jury subpoena, or a legislative authorization or a statutory authorization is a complete defense against any civil or criminal action brought under this chapter or any other law.34 It is also a complete defense to civil or criminal actions to rely in good faith on the request of an investigative or law enforcement officer to intercept a wire, oral, or electronic communication in specified emergency situations before an order authorizing such interception can, with due diligence, be obtained.35 The specified emergency situations in which law enforcement may request an interception without a court order are: 1) immediate danger of death or serious physical injury to any person, 2) conspiratorial activities threatening the national security interest, or 3) conspiratorial activities characteristic of organized crime.36

A two year statute of limitation applies to civil liability for violations of Title I. This statute of limitations begins running from the first time that the plaintiff has a reasonable opportunity to discover the violation.

B. Monitoring Involving Access to Stored Electronic Communications

1. The Federal Stored Communications Act Prohibits Unauthorized Access to Stored Wire and Electronic Communications.

Title II of the ECPA, the "Stored Wire and Electronic Communications and Transactional Records Act"37 prohibits unauthorized access to electronic communications in storage. The statute also prohibits unauthorized disclosure of the contents of a stored communication. This statute was primarily intended to address the problem of computer hackers who often access computer systems without authorization but may not intercept the content of a communication, either in transit or from stored communications. Employees have used Title II to challenge employer monitoring of stored e-mail and other electronic communications.

2. There are three general exceptions to the prohibitions on access and disclosure of stored electronic and wire communications:

• a. Provider Exception. This exempts access to stored electronic or wire communications by a provider of wire or electronic communication services. This exception may authorize employer access when the employer provides the electronic communication service that is accessed. However, there are only a few cases that have considered whether an employer is a provider under this exception. In Bohach v. City of Reno,38 the City acted lawfully when, months after messages were sent over police department's computerized paging system, it accessed and retrieved them from storage in the computer, because the city was the "provider" of the electronic communications service. The court said the city's terminals, computer and software, and pagers it issued to its personnel were what provided those users with the ability to send or receive electronic communications and that providers can do as they wish with respect to access. And in Andersen Consulting LLP v. UOP the court held that only a company that is a provider of electronic communication services to the public can be sued for divulging contents of the company's electronic mail messages to third parties, and since Andersen did not offer its electronic communication services to the public, it prevailed.39


• b. Authorization by a User to access or disclose stored electronic or wire communications of the user or intended for that user. A user of an electronic communication service may authorize access/disclosure so employees may authorize their employers to access their e-mail. This could be accomplished by express authorization or perhaps by an employer policy distributed to employees that grants the employer access to the employee's electronic communications on the employer's system. In the absence of a workplace policy granting the employer access to employee electronic communications on the employer's system, it is unclear whether the employer is a "user" so that an employer may authorize access to employees' e-mail or voicemail communications received or sent from employer provided e-mail systems. For example, may the employer grant office staff permission to access managers' e-mail messages that are received on employer provided e-mail systems without informing the managers in advance of the access?


• c. Government Authorization for access or disclosure of the contents of a communication or government required preservation of a backup copy. The government may require an electronic communication provider to access or disclose the contents of stored electronic or wire communications on its systems by obtaining a warrant requiring the disclosure of the contents of an electronic communication in electronic storage, or a subpoena or court order requiring the electronic communication service provider to retain a backup copy of contents of an electronic communication.40 Therefore an employer could be ordered by the government to retrieve an employee's e-mail or other Internet communications or retain a backup copy of the contents of an employee's electronic communication made using the employer's electronic communication systems.

3. Civil and Criminal Liability and Defenses to Civil Liability for Unlawful Access of Stored Electronic Communications by Businesses/Employers

• a. Civil Liability. Plaintiffs may file lawsuits for knowing violations of this statute to recover damages in the form of actual damages suffered by the plaintiff plus any profits made by the violator as a result of the violation, with a minimum of $1000. Punitive damages are also available for willful or intentional violations. Plaintiffs may also recover litigation costs and reasonable attorney fees.


• b. Criminal Liability. The maximum imprisonment ranges from 6 months to 2 years depending on the purpose of the offense and whether it's a first or subsequent offense. Fines may also be imposed.


• c. Defenses to Civil and Criminal Liability. Good faith reliance is a complete defense to any civil or criminal liability under any law for accessing or distributing a stored electronic communication.41 This defense applies when it is determined that the defendant accessed or disclosed a stored electronic communication in good faith reliance on a warrant, court order, grand jury subpoena, legislative authorization, or statutory authorization.42 The defense also applies to certain government and investigative or law enforcement requests related to stored electronic communications, including a request to preserve records and other evidence.43 There is a two year statute of limitations for civil claims under Title II.

APPENDIX B
SUMMARY OF STATE WIRETAPPING LAWS
OREGON AND WASHINGTON

1. Oregon prohibits using devices to obtain a telecommunication or radio communication when a person is not a participant without one participant's consent and prohibits using devices to obtain other conversations unless all parties have all been informed.44

Oregon's statute references telecommunications, radio communications, and conversations, although it does not specifically address e-mail or Internet communications. The statute makes it unlawful for any person to obtain a telecommunication or radio communication to which the person is not a participant unless consent is given by at least one participant. So a party to a telephone call may lawfully consent to interception of the telephone call or recording of the call, even if other parties to the telephone call are not aware of the interception or recording. It is unlawful to obtain conversations (defined as oral communications between two persons not including telecommunications or radio communications) using any electrical, mechanical or other device unless all parties in the conversation have been specifically informed that their conversation is being obtained. This statute does not require the parties to a conversation to consent when a person records a conversation during a felony that endangers human life.

Oregon courts have not considered the application of state privacy statutes to e-mail or Internet communications or interceptions using computer technology. However, keep in mind that e-mail and Internet communications generally utilize telephone lines, so it is likely that e-mail and Internet communications will be treated as telecommunications and will require the consent of only one party to the communication in order to lawfully intercept and record the communication.

Violation of the Oregon statute is a Class A Misdemeanor.45 The statute does not provide for civil damages or a remedy of suppression of unlawfully obtained evidence, except when law enforcement has unlawfully obtained a communication.46

2. Washington prohibits using a device to intercept or record private communications and private conversations without first obtaining the consent of all participants in the communication or private conversation.47

The term "private" in the Washington statute means a conversation that is secret, that is intended only for persons involved in conversation, that holds a confidential relationship to something, or that is not open or in public.48 Consent will be found where one party has announced to all other parties engaged in the communication or conversation that the communication or conversation is about to be recorded or transmitted.49

There are exceptions to the two party consent requirement for wire communications or conversations, including those: 1) of an emergency nature, such as the reporting of a crime; 2) which convey threats of extortion, blackmail, bodily harm, or other unlawful requests or demands; and 3) which occur anonymously or repeatedly or at an extremely inconvenient hour. The threat exception did not entitle a neighbor who owned a police scanner to eavesdrop on his neighbors' cordless telephone conversation, where the owner of the scanner was not a party to those conversations.50 Although this statute prohibited interception and recording without all parties' consent of e-mail communications over the Internet between a defendant and fictitious 13-year-old girl created by detective where detective could not read or print those communications without recording them on his computer, defendant implicitly consented to the recording of these private communications so there was no violation of this statute.51 As the Washington Court of Appeals stated:

The nature of e-mail is such that, to be useful, it must be recorded. [Citations omitted] ... [e]ven deleted messages may remain available for retrieval... A person sends an e-mail message with the expectation that it will be read and perhaps printed by another person. To be available for reading or printing, the message first must be recorded on another computer's memory. Like a person who leaves a message on a telephone answering machine, a person who sends an e-mail message anticipates that it will be recorded. That person thus implicitly consents to having the message recorded on the addressee's computer.52

The Washington Court of Appeals also found defendant also impliedly consented to recording of his real-time chat conversations with the detective who represented himself as a fictitious 13-year old girl. These conversations were made over the Internet using real-time discussion software, but unlike e-mail, the real-time technology itself did not require that messages be recorded for later use. However the manufacturer of the real-time discussion software had a privacy policy that expressly warned users of risk of unauthorized exposure of information they might send, and manufacturer expressly advised users not to use the software if they wished not to be exposed to those risks.

Violation of the Washington statute is a criminal offense punishable as a gross misdemeanor.53 Civil damages are available against any person who violates the Washington statute.54 Where evidence is obtained in violation of this statute, it is inadmissible in a legal proceeding for any purpose.

1 Copyright 2002, Nancy J. King, Oregon State University. All Rights Reserved. Please do not copy or distribute without express permission of the author. These materials are provided for general educational purposes and are not legal advice for specific situations. This is a working paper, subject to revision, and may be withdrawn from this Website when the final work is published elsewhere. Comments from those who review the work are welcome. Send comments to kingn@bus.oregonstate.edu.

2 Nancy J. King is an Assistant Professor at Oregon State University, College of Business in Corvallis, Oregon, where she teaches courses in Business Law and E-Commerce Law. She was formerly a Visiting Professor of Law at Willamette University College of Law in Salem, Oregon; a partner with the law firm of Bullard Smith Jernstedt & Wilson, P.C., Portland, Oregon; a partner with the law firm of Lane Powell Spears Lubersky in Portland, Oregon; and Associate General Counsel for Boise Corporation in Boise, Idaho.

REFERENCES:

1 Amy Rogers, You Got Mail But Your Employer Does Too: Electronic Communication and Privacy in the 21st Century Workplace, 5 J. TECH. L. & POL'Y 1 (2000); Lawrence E. Rothstein, Privacy or Dignity: Electronic Monitoring in the Workplace, 19 N.Y.L. SCH. J. INT'L & COMP. L. 379 (2000).

2 Jennifer C. Evans, Comment, Hijacking Civil Liberties: The USA PATRIOT Act of 2001, 33 LOY. U.CHI.L.J. 933, 959-64 (2002) (discusses history of terrorism in the United States); see also Federal Bureau of Investigation, 30 Years of Terrorism: Terrorism in the United States (1999), available at http:/www.fbi.gov/publications/terror/ terroris.htm (last modified June 20, 2001); Charles M. Madigan, 'Our Nation Saw Evil'; Hijacked jets destroy World Trade Center, hit Pentagon , Thousands feared dead in nation's worst terrorist attack, CHI. TRIB., Sept. 12, 2001, 1, at 1, available at 2001 WL 4113876.

3 Computer Forensics Defined (2002). New Technologies, Inc. Retrieved October 14, 2002, from http://www.forensics-intl.com/def4.html (last visited Dec. 12, 2002).

4 Charles E. Frayer, Employee Privacy and Internet Monitoring: Balancing Workers' Rights and Dignity With Legitimate Management Interests, 47 BUS. LAW. 857 at 858-59 (describes available Internet monitoring technology including software that gives employers the ability to monitor in complete secrecy and provides a real-time view of whatever activity is occurring on a connected computer).

5 Douglas M. Towns, Legal Issues Involved in Monitoring Employees' Internet and E-Mail Usage, GIGALAW.COM 2 (2002), available at http://www.gigalaw.com/arti cles/2002/towns-2002-01.html (last visited Dec. 12, 2002) (Describes new technological advances that provide employers a number of options in monitoring devices.).

6 Michael R. Anderson, Identifying Internet Activity, Computer Forensics Goes to Cyber Space, available at http://www.forensics-intl.com/artipfl.html (last visited Dec. 12, 2002); Net Threat Analyzer, available at http://www.forensics-intl.com/nta.html (last visited Sept. 3, 2002).

7 Monique C.M. Leahy, Recovery and Reconstruction of Electronic Mail as Evidence, 41 AM. JUR. PROOF OF FACTS 3D 1 (2002); see also Computer Forensics Defined, New Technologies, Inc. at http://www.forensics-intl.com/def4.html (last visited Dec. 12, 2002) ("Computer forensics" deals with the application of law to...computer science... some refer to it as Forensic Computer Science. Computer forensics has also been described as the autopsy of a computer hard disk drive because specialized software tools and techniques are required to analyze the various levels at which computer data is stored after the fact. Computer Forensics deals with the preservation, identification, extraction and documentation of computer evidence...Like any other forensic science, computer forensics involves the use [of] sophisticated technology tools and procedures which must be followed to guarantee the accuracy of the preservation of evidence and the accuracy of results concerning computer evidence processing. Typically, computer forensic tools exist in the form of computer software. Computer forensic specialists guarantee accuracy of evidence processing results through the use of time tested evidence processing procedures and through the use of multiple software tools, developed by separate and independent developers...Computer forensics is used to identify evidence when personal computers are used in the commission of crimes or in the abuse of company policies. Computer forensic tools and procedures are also used to identify computer security weaknesses and the leakage of sensitive computer data....").

8 See Konop v. Hawaiian Airlines, 302 F.3d 868, 2002 WL 1941431 at *2, n. 2 (9th Cir. 2002) ("In 1986, Congress passed the Electronic Communications Privacy Act (ECPA), Pub. L. No. 99-508, 100 Stat. 1848, which was intended to afford privacy protection to electronic communications. Title I of the ECPA amended the federal Wiretap Act, which previously addressed only wire and oral communications, to 'address the interception of...electronic communications.' S. Rep. No. 99-541, at 3 (1986), reprinted in 1986 U.S.C.C.A.N. 3555, 3557. Title II of the ECPA created the Stored Communications Act (SCA), which was designed to 'address access to stored wire and electronic communications and transactional records.'" The Wiretap Act and the SCA have been amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act), Pub. L. No. 107-56, 115 Stat. 272 (October 26, 2001).).

9 The Wiretap Act, 18 U.S.C. 2510-2522 (2000).

10 The Stored Communications Act, 18 U.S.C. 2701-2711 (2000).

11 Konop, 2002 WL 1941431 at *7; Steve Jackson Games, Inc. v. U. S. Secret Service, 36 F.3d 457 (5th Cir. 1994).

12 Fraser v. Nationwide Mut. Ins. Co., 135 F. Supp.2d 623 (E.D. PA 2001).

13 Fischer v. Mt. Olive Lutheran Church, 207 F.Supp.2d 914, 922 (W.D.Wis. 2002).

14 On October 26, 2001 President Bush signed the USA PATRIOT Act. It has over one thousand sections and 342 pages and outlines the government's response to the events of September 11, 2001. The Act gives the government enhanced surveillance powers that may affect every employer and provider of Internet communications. Some of the Act's provisions take effect immediately, others must be set out in regulations to be promulgated in the coming months, and some will expire automatically in 2005.

15 The USA PATRIOT Act's amendments will increase the obligations of businesses to provide information to law enforcement about their customers as well as their employees. However, new obligations by businesses to provide information about their customers are beyond the scope of this presentation. See Michael A Benoit and Elena A. Lovoy, Recent Federal and State Consumer Financial Privacy Developments, 57 BUS. LAW. 1209 (2002) (discusses the obligations of financial institutions to comply with the privacy provisions of the Gramm-Leach-Bliley Act and the corresponding Regulation P).

16 18 U.S.C. 2510(21) (A computer trespasser: "(a) means a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer; and (B) does not include a person known by the owner or operator of the protected computer to have an existing contractual relationship with the owner or operator of the protected computer for access to all or part of the protected computer.")

17 U.S. v. Mullins, 992 F.2d 21472, 1378 (9th Cir. 1993).

18 Homeland Security Act of 2002, HR5710, 107th Congress, 2d Session (2002).

19 See Douglas M. Topolski and Albert W. Palewicz, Employee Privacy Rights in the Electronic Workplace, MD. B. J. 43(2002) (Restatement (Second) of Torts, Section 652A, recognizes four separate torts that protect an individual's right to privacy. One of the four privacy torts is "unreasonable intrusion upon the seclusion of another. This privacy tort is the one most frequently claimed by employees with respect to employer monitoring. The privacy torts set forth in the Restatement (Second) of Torts become law in a state only when that state adopts its provisions as law.

20 Garrity v. John Hancock Mut. Life. Ins. Co, 2002 WL 974676 at *1 (D.Mass. 2002).

21 Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996).

22 McLaren v. Microsoft Corporation, 1999 WL 339015 (Tex. App. 1999) (unpublished opinion).

23 Kelleher v. City of Reading, 2002 WL 1067422 (E.D.Pa. 2002).

24 O'Connor v. Ortega, 480 U.S. 709 (1987) (the Fourth Amendment protects employees in the public sector workplace in the context of workplace searches).

25 U.S. v. Simmons, 206 F.3d 392 (4th Cir. 2000).

26 For e.g., private sector employees have been found to have privacy rights under the California constitution.

27 National Labor Relations Act 7, 29 U.S.C. 157 (2001) [hereinafter "NLRA" and "Section 7"] (Section 7 gives employees the right to engage in "other concerted activity" for the purpose of "mutual aid or protection." These rights are not dependent on union membership). 28 45 U.S.C. 151-188 (2001) [hereinafter "RLA"] (Section 152 of the RLA prohibits "interference, influence, or coercion by either party over the designation of representatives by the other"). The RLA is a separate federal labor law from the NLRA that covers employees of railway and airline carriers.

29 18 U.S.C. 2510-2522 (2000).

30 Briggs v. American Air Filter Co., 630 F.2d 414 (5th Cir. 1980).

31 Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th cir. 1983).

32 Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th cir. 1983) (employer can intercept employee personal calls only to guard against unauthorized use of the employer's telephone or to determine if the telephone call is personal).

33 18 U.S.C. 2701(c)(3); 18 U.S.C. 2518.

34 18 U.S.C. 2520(d)(1).

35 18 U.S.C. 2520(d)(2).

36 18 U.S.C. 2518(7).

37 18 U.S.C. 2701, et. seq.

38 Bohach v. City of Reno, 932 F. Supp 1232 (D. Nev. 1996).

39 Andersen Consulting, LLP v. UOP, 991 F.Supp. 1041 (N.D. Ill. 1998).

40 18 U.S.C. 2701(c)(3); 18 U.S.C. 2518.

41 18 U.S.C. 2707(e).

42 18 U.S.C. 2707(e)(1).

43 18 U.S.C. 2707(c)(1); 18 U.S.C. 2703(f).

44 O.R.S. 165.540(1)(a),(c).

45 O.R.S. 165.540(8)

46 O.R.S. 133.739 (civil damages for willful interception or disclosure of communications); O.R.S. 133.735 (motion to suppress intercepted oral communications). O.R.S. 133.739 provides for civil damages, including actual damages (but not less than $100 a day for each violation or $1000, whichever is greater), attorneys fees, and punitive damages to any person whose wire, electronic, or oral communications were willfully intercepted in violation of O.R.S. 133.724 or O.R.S. 133.737. Because O.R.S. 133.724 and O.R.S. 133.737 only apply to law enforcement, civil damages are apparently only applicable to unlawful interceptions, etc. of communications by law enforcement. A person whose communications were unlawfully intercepted in violation of O.R.S. 133.726 (also apparently only applicable to law enforcement) may also make a motion to suppress the use of the communications in any trial, hearing or other proceeding.

47 R.C.W. 9.73.030(1).

48 State v. Flora, 68 Wash. App. 802, 845 P.2d 1355 (1992).

49 R.C.W. 9.73.030(3).

50 State v. Faford, 128 Wn.2d 476, 910 P.2d 447 (1996).

51 State v. Townsend, 105 Wash.App. 622, 629, 20 P.3d 1027, review granted, 144 Wn.2d 1016, 32 P.3d 283 (2001).

52 105 Wash.App. at 622, 627.

53 R.C.W. 9.73.080.

54 R.C.W. 9.73.060.