United States v. Ziegler ( 2006 )

                  FOR PUBLICATION
UNITED STATES COURT OF APPEALS
FOR THE NINTH CIRCUIT
UNITED STATES OF AMERICA,                   No. 05-30177
Plaintiff-Appellee,
v.                            D.C. No.
CR-03-00008-RFC
JEFFREY BRIAN ZIEGLER,
OPINION
Defendant-Appellant.

Appeal from the United States District Court
for the District of Montana
Richard F. Cebull, District Judge, Presiding
Argued and Submitted
March 6, 2006—Seattle, Washington
Filed August 8, 2006
Before: Diarmuid F. O’Scannlain, Barry G. Silverman, and
Ronald M. Gould, Circuit Judges.
Opinion by Judge O’Scannlain
9073
9076                  UNITED STATES v. ZIEGLER
COUNSEL
David F. Ness, Assistant Federal Defender, Great Falls, Mon-
tana, argued the cause for the defendant-appellant. Anthony
R. Gallagher, Federal Defender, District of Montana, was on
the briefs.
Marcia Hurd, Assistant United States Attorney, Billings,
Montana, argued the cause for the plaintiff-appellee. William
W. Mercer, United States Attorney, District of Montana, was
on the brief.
OPINION
O’SCANNLAIN, Circuit Judge:
We must determine whether an employee has an expecta-
tion of privacy in his workplace computer sufficient to sup-
press images of child pornography sought to be admitted into
evidence in a criminal prosecution.
I
A
Frontline Processing (“Frontline”), a company that services
Internet merchants by processing on-line electronic payments,
is located in Bozeman, Montana.1 On January 30, 2001,
Anthony Cochenour, the owner of Frontline’s Internet-service
provider and the fiancé of a Frontline employee, contacted
Special Agent James A. Kennedy, Jr. of the FBI with a tip
that a Frontline employee had accessed child-pornographic
websites from a workplace computer.
1
Although the district court referred to the company as “Front Line,” we
use the single-word formulation which more frequently appears in the
record.
UNITED STATES v. ZIEGLER                       9077
Agent Kennedy pursued the report that day, first contacting
Frontline’s Internet Technology (“IT”) Administrator, John
Softich. One of Softich’s duties at Frontline was to monitor
employee use of the workplace computers including their
Internet access. He informed Kennedy that the company had
in place a firewall, which permitted constant monitoring of
the employees’ Internet activities.2
During the interview, Softich confirmed Cochenour’s
report that a Frontline employee had accessed child pornogra-
phy via the Internet. Softich also reported that he had person-
ally viewed the sites and confirmed that they depicted “very,
very young girls in various states of undress.” Softich further
informed Kennedy that, according to the Internet Protocol
address and log-in information, the offending sites were
accessed from a computer in the office of Appellant Jeffrey
Brian Ziegler, who had been employed by Frontline as direc-
tor of operations since August 2000. Softich also informed
Kennedy that the IT department had already placed a monitor
on Ziegler’s computer to record its Internet traffic by copying
its cache files.3
2
A firewall is a piece of “computer hardware or software that prevents
unauthorized access to private data (as on a company’s local area network
or intranet) by outsider computer users (as of the Internet).” MERRIAM-
WEBSTER’S COLLEGIATE DICTIONARY 471 (11th ed. 2003). It can also be
“programmed to analyze the network traffic flowing between [a] computer
and the Internet”; it then “compares the information it monitors with a set
of rules in its database,” and “[i]f it sees something not allowed . . . the
firewall can block and prevent the action.” NEWTON’S TELECOM DICTIONARY
392 (22nd ed. 2006). Further, “[m]ost firewall programs let you adjust the
rules to allow certain types of data to flow freely back and forth without
interference.” 

cache is “a computer memory with very short access time used for
storage of frequently or recently used instructions or data.” MERRIAM-
WEBSTER’S COLLEGIATE DICTIONARY 171 (11th ed. 2003). “[I]nformation is
cached by placing it closer to the user or user application in order to make
it more readily and speedily available . . . .” NEWTON’S TELECOM
DICTIONARY 189 (22nd ed. 2006).
9078               UNITED STATES v. ZIEGLER
Agent Kennedy next interviewed William Schneider, Sof-
tich’s subordinate in Frontline’s IT department. Schneider
confirmed that the IT department had placed a device in
Ziegler’s computer that would record his Internet activity. He
reported that he had “spot checked” Ziegler’s cache files and
uncovered several images of child pornography. A review of
Ziegler’s “search engine cache information” also disclosed
that he had searched for “things like ‘preteen girls’ and
‘underage girls.’ ” Furthermore, according to Schneider, Fron-
tline owned and routinely monitored all workplace computers.
The employees were aware of the IT department’s monitoring
capabilities.
B
The parties dispute what happened next. According to testi-
mony that Softich and Schneider provided to a federal grand
jury, Agent Kennedy instructed them to make a copy of
Ziegler’s hard drive because he feared it might be tampered
with before the FBI could make an arrest. Agent Kennedy,
however, denied that he directed the Frontline employees to
do anything. According to his testimony, his understanding
was that the IT department had already made a backup copy
of Ziegler’s hard drive. As the government points out, his
notes from the Softich interview say, “IT Dept has backed up
JZ’s hard drive to protect info.” Thinking that the copy had
already been made, Kennedy testified that he instructed Sof-
tich only to ensure that no one could tamper with the backup
copy.
Whatever Agent Kennedy’s actual instructions, the Fron-
tline IT employees’ subjective understanding of that conver-
sation seems evident from their actions during the late
evening of January 30, 2001. Around 10:00 p.m., Softich and
Schneider obtained a key to Ziegler’s private office from
Ronald Reavis, the chief financial officer of Frontline, entered
UNITED STATES v. ZIEGLER                       9079
Ziegler’s office, opened his computer’s outer casing, and
made two copies of the hard drive.4
Shortly thereafter, Michael Freeman, Frontline’s corporate
counsel, contacted Agent Kennedy and informed him that
Frontline would cooperate fully in the investigation. Freeman
indicated that the company would voluntarily turn over
Ziegler’s computer to the FBI and thus explicitly suggested
that a search warrant would be unnecessary. On February 5,
2001, Reavis delivered to Agent Kennedy Ziegler’s computer
tower (containing the original hard drive) and one of the hard
drive copies made by Schneider and Softich. Schneider deliv-
ered the second copy sometime later. Forensic examiners at
the FBI discovered many images of child pornography.
C
On May 23, 2003, a federal grand jury handed down a
three-count indictment charging Ziegler with receipt of child
pornography, in violation of 18 U.S.C. § 2252A(a)(2); posses-
sion of child pornography, in violation of 18 U.S.C.
§ 2252A(a)(5)(B); and receipt of obscene material, in viola-
tion of 18 U.S.C. § 1462.5 At arraignment, Ziegler entered a
plea of not guilty.
Ziegler filed several pretrial motions. At issue here is
Ziegler’s April 23, 2004, motion to suppress the evidence
obtained from the search of Ziegler’s workplace computer.
Ziegler argued that Agent Kennedy, lacking a warrant, vio-
4
Agent Kennedy explained that this cooperation was the reason he did
not pursue a search warrant. He testified, “At this point, counselor, every-
body at Frontline Processing is telling me they’re going to cooperate, so
I’m not going to go in and start serving search warrants on a company if
they’re going to cooperate. I have no desire to do that.”
5
No explanation appears in the record for the two year, three month
interval between delivery of the computer to the FBI and issuance of the
indictment. In any event, Ziegler does not raise any issue regarding such
delay.
9080                   UNITED STATES v. ZIEGLER
lated the Fourth Amendment by directing the Frontline
employees to search his computer. The government argued
that the search was voluntary and therefore private in nature.
On August 10, 2004, the district court held a suppression
hearing at which Agent Kennedy and Schneider testified.6
Agent Kennedy, several times, denied that he instructed Sof-
tich and Schneider to make a copy of Ziegler’s hard drive or
to undertake any search in addition to what the employees had
already done. Schneider, however, again testified that Ken-
nedy directed him to make a copy of the hard drive. Schnei-
der’s account was also reflected in a time-line he had prepared
for Kennedy.7
On September 8, 2004, the district court entered a written
order denying Ziegler’s motion to suppress. Importantly, the
court made the factual finding that “Agent Kennedy contacted
Softich and Schneider on January 30, 2001 and directed them
to make a back-up of Defendant’s computer files” (emphasis
added). However, citing United States v. Simons, 

(4th Cir. 2000), the court ultimately held that Ziegler had
6
The defense also offered the testimony of a computer forensics expert,
but that testimony was not relevant to the motion to suppress.
7
On appeal, the government attempts to reconcile the contradictory
accounts of the January 30, 2001 interview as a case of simple miscom-
munication. It explains that confusion ensued when Schneider told Agent
Kennedy that they were copying Ziegler’s cache files onto a second hard
drive. Kennedy, whom the government characterizes as not particularly
tech-savvy, allegedly understood Schneider to mean that the IT depart-
ment had already made a copy of Ziegler’s entire hard drive. Thus, it sug-
gests that Agent Kennedy’s instructions were only that the IT employees
should secure the copy he thought had already been made.
There is, in short, a factual dispute concerning the extent of the govern-
ment’s involvement in the search and a corresponding legal dispute as to
whether that involvement implicates the Fourth Amendment. See United
States v. Miller, 

, 658 (9th Cir. 1982). However, we need not
address these issues if Ziegler had no reasonable expectation of privacy in
any place searched or any item seized. See, e.g., United States v. Wong,

, 839 (9th Cir. 2003).
UNITED STATES v. ZIEGLER                    9081
no reasonable expectation of privacy in “the files he accessed
on the Internet” and therefore denied Ziegler’s motion.
Ziegler subsequently entered into a written plea agreement
with the government. Pursuant to the agreement, the govern-
ment agreed to dismiss the child pornography counts in
exchange for Ziegler’s agreement to plead guilty to the receipt
of obscene material. The parties conditioned the plea agree-
ment on Ziegler’s ability to appeal the district court’s denial
of the pretrial motions, including the motion to suppress. A
change of plea hearing occurred on September 24, 2004.
On March 4, 2005, the district court sentenced Ziegler to a
two-year term of probation and imposed a fine of $1,000.
Ziegler timely filed a notice of appeal.
II
Ziegler’s sole contention on appeal is that the January 30,
2001 search of his workplace computer violated the Fourth
Amendment and, as such, the evidence contained on the com-
puter’s hard drive must be suppressed.8
A
Ziegler argues that “[t]he district court erred in its finding
that Ziegler did not have a legitimate expectation of privacy
in his office and computer.” He likens the workplace com-
puter to the desk drawer or file cabinet given Fourth Amend-
ment protection in cases such as O’Connor v. Ortega, 

(1987). Ziegler further contends that the Fourth Cir-
cuit’s Simons case is inapposite. Whereas in Simons “the per-
son conducting the search was a network administrator whose
purpose was to search for evidence of employee misconduct,”
8
We review de novo the district court’s denial of Ziegler’s motion to
suppress. United States v. Noushfar, 

, 1447 (9th Cir. 1996).
9082               UNITED STATES v. ZIEGLER
in this case “the search was conducted at the behest of Agent
Kennedy who was undeniably seeking evidence of a crime.”
The government, of course, views the matter quite differ-
ently. It contends that the district court’s ruling was correct—
Ziegler did not have an objectively reasonable expectation of
privacy in his workplace computer. The government explains
in its brief:
Society could not deem objectively reasonable that
privacy interest where an employee uses a computer
paid for by the company; [sic] Internet access paid
for by the company, in the company office where the
company pays the rent . . . . This is certainly even
more so true where the company has installed a
firewall and a whole department of people whose job
it was to monitor their employee’s Internet activity.
As we know, the Fourth Amendment protects people, not
places. Katz v. United States, 

, 351 (1967).
Although it is often true that “for most people, their comput-
ers are their most private spaces,” United States v. Gourde,

, 1077 (9th Cir. 2006) (en banc) (Kleinfeld, J.,
dissenting), the validity of that expectation depends entirely
on its context. Cf. 

(“We have no talis-
man that determines in all cases those privacy expectations
that society is prepared to accept as reasonable.”).
[1] In that vein, a criminal defendant may invoke the pro-
tections of the Fourth Amendment only if he can show that he
had a legitimate expectation of privacy in the place searched
or the item seized. Smith v. Maryland, 

, 740
(1979). This expectation is established where the claimant can
show: (1) a subjective expectation of privacy; and (2) an
objectively reasonable expectation of privacy. See 

389 U.S. at 351, 361); United States v. Shryock, 

, 978 (9th Cir. 2003). It is Ziegler’s burden to prove
UNITED STATES v. ZIEGLER                      9083
both elements. United States v. Caymen, 

, 1199
(9th Cir. 2005) (citation omitted).
B
[2] The threshold question then is whether Ziegler had a
legitimate expectation of privacy in his workplace computer
and the files stored therein.9 If he had no such expectation, we
need not consider whether the Frontline employees acted as
agents of the government so as to implicate Fourth Amend-
ment protections.
1
The government does not contest Ziegler’s claim that he
had a subjective expectation of privacy in the computer. The
use of a password on his computer and the lock on his private
office door are sufficient evidence of such expectation. See
9
Ziegler also urges us to suppress the files found on his computer
because it was located in his private office. Although an employee may
have a legitimate expectation of privacy in his office, here the Frontline
employees did not actually search Ziegler’s office. They did not violate a
privacy expectation in the office generally, such as through “their conduct
of a general search,” Mancusi v. DeForte, 

, 369 (1968), or
video surveillance, see United States v. Taketa, 

, 672-75 (9th
Cir. 1991). Neither did they violate some specific realm of privacy, such
as a desk or file cabinet “given over to [Ziegler’s] exclusive use,”
Schowengerdt v. Gen. Dynamics Corp., 

, 1335 (9th Cir.
1987), in which Ziegler could have kept private papers or effects. See

. Rather, the Frontline employees entered the
office merely to gain access to the computer’s hard drive. As we discuss
below, Frontline policy entitled its personnel to administrative access to
the employees’ computers, and as such, Softich and Schneider’s entry was
an “operational realit[y] of [Ziegler’s] workplace [that] diminished his
legitimate privacy expectations.” 

; see also

(noting that “a valid regulation may defeat an oth-
erwise reasonable expectation of workplace privacy” (citation omitted));
cf. United States v. Blok, 

, 1020-21 (D.C. Cir. 1951) (hold-
ing invalid a search of an employee’s desk because the employer itself was
not empowered to conduct the search).
9084               UNITED STATES v. ZIEGLER
United States v. Bailey, 

, 835 (D. Neb.
2003) (citation omitted).
2
But Ziegler’s expectation of privacy in his workplace com-
puter must also have been objectively reasonable.
a
[3] In United States v. Simons, the case upon which the dis-
trict court relied, the Fourth Circuit reasoned that an employ-
er’s Internet-usage policy—which required that employees
use the Internet only for official business and informed
employees that the employer would “conduct electronic audits
to ensure compliance,” including the use of a firewall—
defeated any expectation of privacy in “the record or fruits of
[one’s] Internet 

, 398. A supervisor had
reviewed “hits” originating from Simons’s computer via the
firewall, had viewed one of the websites listed, and copied all
of the files from the hard drive. 

Despite that the
computer was located in Simons’s office, the court held that
the “policy placed employees on notice that they could not
reasonably expect that their Internet activity would be pri-
vate.” 

[4] As the government suggests, similar circumstances
inform our decision in this case. Though each Frontline com-
puter required its employee to use an individual log-in,
Schneider and other IT-department employees “had complete
administrative access to anybody’s machine.” As noted, the
company had also installed a firewall, which, according to
Schneider, is “a program that monitors Internet traffic . . .
from within the organization to make sure nobody is visiting
any sites that might be unprofessional.” Monitoring was
therefore routine, and the IT department reviewed the log cre-
ated by the firewall “[o]n a regular basis,” sometimes daily if
Internet traffic was high enough to warrant it. Upon their hir-
UNITED STATES v. ZIEGLER               9085
ing, Frontline employees were apprised of the company’s
monitoring efforts through training and an employment man-
ual, and they were told that the computers were company-
owned and not to be used for activities of a personal nature.
Ziegler, who has the burden of establishing a reasonable
expectation of privacy, presented no evidence in contradiction
of any of these practices. Like Simons, he “does not assert
that he was unaware of, or that he had not consented to, the
Internet [and computer] policy.” 

n.8.
b
[5] Other courts have scrutinized searches of workplace
computers in both the public and private context, and they
have consistently held that an employer’s policy of routine
monitoring is among the factors that may preclude an objec-
tively reasonable expectation of privacy. See Biby v. Bd. of
Regents, 

, 850-51 (8th Cir. 2005) (holding that
no reasonable expectation of privacy existed where a policy
reserved the employer’s right to search an employee’s com-
puter for a legitimate reason); United States v. Thorn, 

, 683 (8th Cir. 2004), cert. granted and judgment
vacated on other grounds by 

(2005) (holding
that a public agency’s computer-use policy, which prohibited
accessing sexual images, expressly denied employees any per-
sonal privacy rights in the use of the computer systems, and
provided the employer the right to access any computer in
order to audit its use, precluded any reasonable expectation of
privacy); United States v. Angevine, 

, 1133-35
(10th Cir. 2002) (holding that the employer’s computer-use
policy, which included monitoring and claimed a right of
access to equipment, and the employer’s ownership of the
computers defeated any reasonable expectation of privacy);
Muick v. Glenayre Electronics, 

, 743 (7th Cir.
2002) (“Glenayre had announced that it could inspect the lap-
tops that it furnished for the use of its employees, and this
destroyed any reasonable expectation of privacy . . . .”); Was-
son v. Sonoma County Jr. Coll. Dist., 

,
9086                   UNITED STATES v. ZIEGLER
905-06 (N.D. Cal. 1997) (holding that a policy giving the
employer “the right to access all information stored on [the
employer’s] computers” defeated an expectation of privacy).10
c
[6] To warrant Fourth Amendment protection, an expecta-
tion of privacy must “be one that society is prepared to recog-
nize as ‘reasonable.’ ” 

(Harlan, J.,
concurring). Accordingly, we note that at least one court has
examined the reasonableness of an expectation of privacy in
a workplace computer from the standpoint of “community
norms.” In TBG Ins. Services Corp. v. Superior Court, 

, 

(Cal. Ct. App. 2002),
the California Court of Appeal stated:
We are concerned in this case with the “community
norm” within 21st Century computer-dependent
businesses. In 2001, the 700,000 member American
Management Association (AMA) reported that more
than three-quarters of this country’s major firms
monitor, record, and review employee communica-
tions and activities on the job, including their tele-
phone calls, e-mails, Internet connections, and
computer files. Companies that engage in these prac-
tices do so for several reasons, including legal com-
pliance (in regulated industries, such as
telemarketing, to show compliance, and in other
industries to satisfy “due diligence” requirements),
legal liability (because employees unwittingly
10
We have no trouble distinguishing the cases in which a court has
found a reasonable expectation of privacy in a workplace computer. In
those cases, the employer failed to implement a policy limiting personal
use of or the scope of privacy in the computers, or had no general practice
of routinely conducting searches of the computers. See United States v.
Slanina, 

, 676-77 (5th Cir. 2002), vacated on other grounds
by 

(2002), on appeal after remand 

(5th Cir.
2004) (per curiam); Leventhal v. Knapek, 

, 74 (2d Cir. 2001)
UNITED STATES v. ZIEGLER                    9087
exposed to offensive material on a colleague’s com-
puter may sue the employer for allowing a hostile
workplace environment), performance review, pro-
ductivity measures, and security concerns (protection
of trade secrets and other confidential information).
. . . . For these reasons, the use of computers in the
employment context carries with it social norms that
effectively diminish the employee’s reasonable
expectation of privacy with regard to his use of his
employer’s computers.

96 Cal. App. 4th at 451-52. The court, like the
others cited above, held that workplace policies, including the
employer’s entitlement to monitor usage on an “as needed”
basis, defeated a claim to a reasonable expectation of privacy
in the computer. 

96 Cal. App. 4th at 452-54.
d
Surely, some lament the general lack of privacy in the mod-
ern workplace. See, e.g., Matthew W. Finkin, Employee Pri-
vacy, American Values, and the Law, 72 CHI.-KENT L. REV.
221, 226 (1996) (“[T]o the extent the reasonableness of the
legitimate expectation of privacy is determined on objective
grounds, it would rest upon employer policies, practices, or
assurances in the matter . . . . [T]his bids fair to eviscerate any
claim to privacy at all.” (citation omitted)). But in applying
the Fourth Amendment we take societal expectations as they
are, not as they could or (some think) should be. See United
States v. Silva, 

, 1055 (9th Cir. 2001) (noting
that “[t]he reasonableness of an expectation of privacy is eval-
uated . . . ‘[by reference] to understandings that are recog-
nized and permitted by society’ ” (quoting Rakas v. Illinois,

, 143 n.12 (1978))).
[7] Thus, given the nature of our constitutional inquiry, we
think the California court’s reasoning is compelling. Social
9088                   UNITED STATES v. ZIEGLER
norms suggest that employees are not entitled to privacy in
the use of workplace computers, which belong to their
employers and pose significant dangers in terms of dimin-
ished productivity and even employer liability. Thus, in the
ordinary case, a workplace computer simply “do[es] not pro-
vide the setting for those intimate activities that the [Fourth]
Amendment is intended to shelter from government interfer-
ence or surveillance.” Oliver v. United States, 

,
179 (1984); see also 

(“[T]he abuse of
access to workplace computers is so common (workers being
prone to use them as media of gossip, titillation, and other
entertainment and distraction) that reserving a right of inspec-
tion is so far from being unreasonable that the failure to do so
might well be thought irresponsible.”). Employer monitoring
is largely an assumed practice, and thus we think a dissemi-
nated computer-use policy is entirely sufficient to defeat any
expectation that an employee might nonetheless harbor.
[8] In short, we see no reason to deviate from the reasoning
of the cases cited above. The record evidence in this case
establishes that the workplace computer was company-owned;
Frontline’s computer policy included routine monitoring, a
right of access by the employer, and a prohibition against pri-
vate use by its employees.11 As such, Ziegler had no objec-
tively reasonable expectation of privacy in his workplace
computer and thus no standing to invoke Fourth Amendment
protection.
11
We do not hold that company ownership of the computer is alone suf-
ficient to defeat an expectation of privacy. “Fourth Amendment privacy
interests do not . . . turn on property interests.” 

(citations omitted). As always, the issue depends on what expecta-
tions may reasonably coexist with that ownership. At the least, we con-
sider the combination of above-noted factors sufficient to defeat an
expectation that would confer Fourth Amendment standing. At the same
time, we do not hold that all the foregoing factors are necessary to defeat
an expectation of privacy in a workplace computer.
UNITED STATES v. ZIEGLER            9089
III
[9] Because the copying of the hard drive on Ziegler’s
workplace computer violated no reasonable expectation of
privacy, we need not assess whether an agency relationship
with the FBI existed here, or whether the search was other-
wise reasonable.
AFFIRMED.