Mediaboss Marketing

We're taking it back a few decades to the 1980s to kick offthe second in this series of posts. (In the interest of fulldisclosure, only one of us (guess who) was around during the 80s,and he was many moons away from practicing law.) Computers werearound but weren't ubiquitous in offices until late in thedecade. Chances are, if a federal agent popped into a company'soffice in 1988 with a warrant to search its files, she'd betasked with collecting and combing through hundreds of thousands ofpages of documents, both typed and handwritten, shoved into boxesand desks and filing cabinets. Imagine, then, that the agent entersthe office of a corporate bigwig and finds a locked safe. Once thesafe is opened, she finds two folders inside: one marked"Work" and one marked "Personal." Assuming thatthe search warrant is appropriately circumscribed to only companyinformation and is supported by probable cause, the agents likelyhave the authority to search the "Work" folder but notnecessarily the "Personal" one.

The twist, though, is that before our agent can even get to thefolders, she has to open the safeand that's not an easything to do. Can the government require the company to open thesafe so the agent can search the folder containing work papers?Even if opening the safe would implicate the employee who opens itin a crime? After the Supreme Court's decision in Braswellv. United States, 487 U.S. 99 (1988), the answer isyessort of. Braswell tells us that corporationshave no Fifth Amendment privilege against self-incrimination, andthe corporation can be required to designate a custodian to producethose records on the corporation's behalf.

Fast forward to today, where 80s musicthankfullyisstill alive and well. Like our 1980s example, if a company findsitself ensnared in an investigation, federal agents may well showup one day with a warrant to search for company files in anemployee's smartphone. And just like they could with thecompany safe, if those devices are password protected, you canimagine that, invoking Braswell, the government could seekto compel the company's custodian to unlock the phone so theagents can do the searching, without running afoul of the FifthAmendment.

But what if the only person who can unlock the device is theemployee himself? For many employees who use their personal cellphones for work under a BYOD policy, that may very well be thecase. Does the employee have a Fifth Amendment right to refuse tounlock the device, even in response to a subpoena for thecorporation's records? It turns out that the answer isn'tall that clear, and may depend on which state or jurisdictionyou're in. Although corporate employees have no Fifth Amendmentright to refuse to produce corporate records in their possession,they can invoke their Fifth Amendment right to testify againstthemselves. If the act of providing a personal passcode tounlock his phone is testimonial in nature, then the employee maywell be able to assert his Fifth Amendment right to refuse.See, e.g., SEC v. Huang, No. 15-269, 205WL5611644 (E.D. Pa. Sept. 23, 2015) (holding that because personalpasscodes to a smartphone were not corporate records and weretestimonial in nature, the SEC could not compel disclosure of thosepasswords). But if unlocking his phone is not testimonialin nature, then the employee could be compelled to enter hispassword. As we discussed in our previous blog post in thisseries, the courts are currently divided aboutwhether individuals have a Fifth Amendment right to refuse tounlock their phones at the government's behest. If the Indiana Supreme Court's view prevails, theFifth Amendment can prevent the government from compelling theemployee to unlock his smartphonebut if the Massachusetts Supreme Court's viewprevails, it does not.

An employee's decision to "take Five" in thesecircumstances can have significant ramifications for his employer.Among other things, good faith cooperation with a governmentinvestigation often goes a long way in mitigating acorporation's liability for any potential wrongdoing. Byrefusing to unlock his phone, an employee can undercut thecompany's effort to cooperate. And in some circumstances, itcan lead to an adverse inference of wrongdoing against thecorporation in civil proceedings. See, e.g., Libuttiv. United States, 107 F.3d 110 (2d Cir. 1997). For thesereasons, employers may decide to implement workplace policiesrequiring employees to cooperate with corporate investigations byunlocking their cellphones when asked, at the risk of puttingemployees in a tough situation: cooperate and possibly incriminateyourself, or invoke your Fifth Amendment rights and possibly loseyour job. If an employer chooses to go this route, it should keepin mind that it may have statutory obligations (under theCalifornia Consumer Privacy Act, for example, see 11 CCR 999.305(f)) to notify employees that the company maydisclose their personal information to law enforcementi.e.,by compelling employees to unlock their phones when asked. Thiscould soften the blow of the employer's policy, but it mightnot assuage an employee's fear of having to choose between hisjob and his Fifth Amendment rights.

***

In addition to its implications for corporate investigations,employers may have another reason to care about the split betweenthe courts regarding compelled decryption. In jurisdictions wherelaw enforcement officers currently can compel individualsto unlock their mobile devices, employers might be wonderingwhether and how any confidential business information present onthe device might be protected from disclosure during aninvestigation into the employee's individualwrongdoing. As anyone with a smartphone (i.e., almost everyone) iswell aware, separating personal from work files on the device isoften not as easy as labeling folders in a safe "Work"and "Personal." Downloaded files are commingled into asingle "downloads" folder, personal and work calls allappear in the same log, and your email is likely a singleapplication on your phone containing both your personal and workmailboxes.

This is where the Fourth Amendment and company policies come in.Like the Fifth Amendment considerations underlying compelleddecryption, Fourth Amendment law is rapidly developing as to whatfolders, applications, and files government agents can search onelectronic devices under any given search warrant. In our next blogpost, we'll talk about these developments and provide ourthoughts on what policies employers might put into place to protecttheir confidential business data while we await clear guidance fromthe courts on whether law enforcement officers can compelindividuals to unlock their smartphones, and about which files,folders, and applications they can search once they gain access toa device.

The content of this article is intended to provide a generalguide to the subject matter. Specialist advice should be soughtabout your specific circumstances.

Link:
BYOD Policies And Criminal Investigations: What Happens To Company Information And Employees When Law Enforcement Seeks Access To Personal Devices...