United States: Ninth Circuit Orders Trial Over Privacy Rights Of Secure Website

Anyone visiting a secure website under an assumed name may be violating federal privacy laws. On January 8, 2001 the Ninth Circuit allowed a Hawaiian Airlines pilot to proceed with a trial on his claims against the airline in Konop v. Hawaiian Airlines, Inc., 2001 WL 13232. Expanding the previous definition of "electronic communications," within the Wiretap Act, the Court held that the contents of a secure website are protected from unauthorized interception. Confidential communications need no longer be intercepted in transit to be protected.

Robert Konop, a pilot for Hawaiian, maintained a website where he posted comments critical of his employer, its officers, and his union. He also encouraged other pilots to consider alternative union representation. Konop controlled access to his website by requiring visitors to log in with a user name and password. User names were provided to certain employees, but not to managers or union representatives. To view the site, eligible employees had to obtain a password by registering and consenting to an agreement not to disclose the site’s contents. In December 1995 the vice president of the airline, James Davis, approached a pilot who was eligible to view the site. He asked and received permission to use the pilot’s name to gain access to the site. He later obtained permission from a second pilot to enter the site using the second pilot’s user name. According to the lawsuit, the same day Davis first logged on, Konop was contacted by both the union chairman and the president of the airline regarding the content of the site. The president threatened to sue Konop for defamation based on statements contained on the website.

Konop brought suit under the Wiretap Act, 18 U.S.C. §2510-2520, and the Stored Communications Act, 18 U.S.C. §2701-2710. He argued that when Davis accessed the secure website under false pretenses, he intercepted an electronic communication in violation of the Wiretap Act. Additionally, Konop claimed that Davis accessed an electronic communication facility in violation of the Stored Communications Act. Konop also brought claims against the airline under the Railway Labor Act, 45 U.S.C. §151-188, alleging coercion, intimidation, and employer interference with labor organizing efforts.

Judge J. Spencer Letts of the U.S. District Court for the Central District of California dismissed Konop’s claims on summary judgment. He found that that Konop raised no material issues of fact regarding the Wiretap Act and the Stored Communications Act. The Wiretap Act was traditionally thought to apply only to interception of electronic communications in transit, rather than those stored at one site. He also ruled that the Court lacked jurisdiction to hear the Railway Labor Act claims because the claims involved a collective bargaining matter that should have instead gone to arbitration under the company’s Collective Bargaining Agreement.

The Ninth Circuit reversed and remanded. Judge Boochever, writing for the Court, held that the Wiretap Act applies not only to messages that are intercepted as they are being transmitted, but also to messages that are stored and later retrieved. Judge Boochever wrote that the contents of secure websites qualify as "electronic communications" in intermediate storage and are thus protected from unauthorized interception under the Wiretap Act. That means postings on websites not intended for the public may receive the same privacy protection as off-the-clock communications between workers. The Court found Konop also had raised sufficient material issues of fact to defeat summary judgment on the Stored Communications Act.

The Ninth Circuit reversed the District Court’s grant of summary judgment on the Railway Labor Act. The Ninth Circuit held that the statutory claims regarding labor organizing in no way depended upon a finding that Hawaiian violated Konop’s contractual rights under the airline’s Collective Bargaining Agreement. Therefore, Konop’s claims were not grounded in the Collective Bargaining Agreement and were not subject to mandatory arbitration. Judge Boochever concluded that the District court will have jurisdiction on remand.

Although Konop is a civil case, the Wiretap Act contains criminal penalties. The use of a false identity to gain access to a secure website might be criminal under state law as well. For example, California Penal Code Sections 631 and 632 provide both criminal and civil sanctions for wiretapping, recording, or eavesdropping on confidential communications. These sections use language that could potentially be interpreted by state courts to define websites as confidential communications within the meaning of the statutes.