Skip to main content
Find a Lawyer

Appellate Courts Refine Computer Search Rules

Following on the heels of a workplace computer search ruling last August, the Ninth Circuit has again waded into the rapidly expanding pool of Fourth Amendment law concerning computer searches. It is joined by the Tenth Circuit, which in April handed down an interesting ruling regarding the search of personally-owned computers present at a workplace. Both decisions defended the searches involved, but also reaffirmed protections for personal computers in various contexts.

Ninth Circuit: U.S. v. Ziegler

The Ninth Circuit's decision in US v. Ziegler laid down some important principles regarding the search of workplace computers. In that case, a prosecution for possession of child pornography, the court ruled that an IT department's cooperation with law enforcement officers in an investigation of an employee did not violate the Fourth Amendment since the worker did not have a reasonable expectation of privacy in the contents of his company-provided computer.

The IT technicians noticed that the employee had viewed child pornography sites, and that his computer contained images of child pornography on the hard drive. The company turned over the computer and copies of the hard drive that the technicians had made, though the parties disputed whether or not they did so on the instruction of law enforcement officials.

The court opined that the employee had a subjective expectation of privacy in the contents of his computer, as evidenced by password protection he employed and his locked office door. That subjective expectation of privacy was not objectively reasonable, however, since society largely assumes that employers will monitor their employees' activities.

Moreover, the fact that the company in this case distributed a computer-use policy destroyed any subjective expectation of privacy that the employee might have retained. All told, the fact that the computer was company-owned and the company had a policy in place that prohibited private use of computer systems and allowed for routine monitoring operated to render the employees subjective expectation of privacy objectively unreasonable.

As such, he had no standing to invoke his Fourth Amendment protection.

10th Circuit: U.S. v. Barrows

But what if the computer is not company-owned? The Tenth Circuit addressed this issue in a recent ruling, again dealing with possession of child pornography.

In that case, US v. Barrows, a city treasurer brought a personally-owned computer to city hall so that he and another worker could access city files simultaneously. He connected his computer to the city's network, placed the computer in a publicly accessible area within the city's offices, and thereafter conducted all his city work on his own machine. He did not password-protect his computer, and left it running at all times.

Shortly after he connected the computer to the network, his co-worker began having trouble accessing a file. A passing police officer with experience as a computer salesman offered to help. After learning that the treasurer had recently attached his personal computer to the city's network, the officer went to the treasurer's personal computer to see if it could be the source of the problem.

Once in front of the machine, the officer noticed that the computer was running a file-sharing program that had recently traded child pornography files. He seized the computer and obtained a warrant to search the entire hard drive. The treasurer subsequently plead guilty to possession of child pornography.

The treasurer, now a defendant, argued on appeal that he had a reasonable expectation of privacy in the computer since it was his personal possession, and not the property of the city. The court, however, disagreed.

The court did concur that private ownership represents an important factor in support of Fourth Amendment protection. Under the circumstances, however, private ownership was not enough to demonstrate a subjective expectation of privacy or render that expectation reasonable.

Since the defendant networked his computer to other city computers for the express purpose of sharing files, placed his computer in a public area, and did not take any steps to prevent third-party use, he could claim no subjective expectation that the contents of his computer would remain wholly private.

Even if the defendant did have a subjective expectation, the court continued, his failure to prevent third-party access rendered the expectation unreasonable. The court analogized the situation to cases where people bring personal material into public spaces and make no effort to hide the material from public view, such as items in a common apartment hallway or personal effects left in a driveway.

Since the defendant had "voluntarily moved his personal computer into a public space and took no measures to protect its contents from public inspection," he could not claim a reasonable expectation of privacy such that the Fourth Amendment would apply.

Both of these workplace cases affirmed that people do have a reasonable expectation of privacy in their purely personal computers, but carved out some interesting exceptions for computers used by employees while in their place of business, or in public generally. While the decisions suggest that a person has a right to expect privacy in the contents of their computer at home, that expectation goes out the window as soon as one enters the workplace or even works on a computer in a public space without preventing access by others.

Ninth Circuit: U.S. v. Heckenkamp

In an interesting contrast to the previous two cases, the Ninth Circuit recently reaffirmed strong expectations of privacy in the content of computers in the education context. Even so, the court still upheld a warrantless search of a student's computer under the "special needs" exception.

In US v. Heckenkamp, an IT administrator at the University of Wisconsin in Madison received notice from the FBI that a computer on the University's network had hacked into Qualcomm Corp.'s computer system.

Following up on this notice, the university's IT admin discovered that, in addition to hacking Qualcomm, the computer was also gaining unauthorized access to the school's e-mail servers. Because of the importance of the service and the fact that finals were rapidly approaching, the admin was understandably alarmed.

After tracing the access to a particular computer, the admin accessed the computer using a password he gleaned through his previous investigations in order to confirm that it was in fact the offending machine. Once confirmed, the admin went to the student's room with campus police, disconnected the computer from the network and made a copy of the computer's hard drive with the student's permission.

In an interesting departure from the previous two cases, the court found that the admin's initial log-in to the student's computer violated the student's reasonable expectation of privacy in the contents of his computer. The school did not have a general network monitoring policy in place, but did allow for limited instances where school officials could access the student's computer in order to protect the university's systems. Without more, the court argued, "the mere act of accessing a network does not in itself extinguish privacy expectations," thus the student had a right to keep the contents of his computer private.

Despite this expectation of privacy, however, the court upheld the search as falling under the "special needs" exception to the warrant requirement. Since the school IT admin was operating to protect the university's e-mail system, which was a compelling government interest, and not for the purpose of law enforcement (indeed, he even ignored the request of law enforcement officers to wait before disconnecting the computer from the network), a warrant was not required before accessing the student's computer.


These cases demonstrate that Fourth Amendment protections for purely personal computer use remain alive, but they also raise questions going forward about how much privacy we can expect to have in computer use outside the home. As society becomes more networked, and the lines between work and home continue to blur, this question could become extremely important to all of us.

Was this helpful?

Copied to clipboard