Employee Can’t Be Fired When His Login Credentials Are Used on Shared Computer to Access Porn — DOH v. Litten
[Post by Venkat Balasubramani]
West Virginia Department of Transportation v. Litten, 2013 WL 2662712 (W. Va. Ct. App. June 5, 2013) [pdf]
Litten worked as a mechanic for the West Virginia Dept of Highway. He was fired for accessing porn using a state-provided computer in violation of applicable policy. Apparently, there was a break-room where all employers shared a computer (each employee had individual login identification).
DOH learned that Litten’s login was used for “offensive search engine keywords” — “crotchless,” “blackzilla,” “dildo,” nude” (some of these terms I was not previously aware of; needless to say, image searches of these terms are NSFW). DOH accessed the records associated with Litten’s user-id for a 24 hour period around the time the offenses allegedly occurred. (The court footnotes to the State’s policy, noting that employees have “no reasonable expectation of privacy” while using state-provided computers.)
Relying on the report, which contained search terms, and copies of sexually explicit photos from websites accessed using Litten’s user-id (on three separate occasions), DOH terminated Litten’s employment.
Litten appealed his termination, and a grievance board ruled that he should be reinstated. The appeals court affirmed, finding that even though Litten’s user-id was used to access sexually inappropriate material, there was testimony in the record inconsistent with Litten’s access of the material, i.e., it was more likely that someone else accessed the material using Litten’s user-id.
The court points to testimony that Litten was performing job-related duties on or shortly after the time he allegedly accessed the inappropriate material. Moreover, there was evidence in the record that Litten pinned on the breakroom bulletin board a version of his user name and password that was substantially similar to his actual user name and password. Litten was not fired for failing to safeguard his password, and this evidence supported the possibility that someone else accessed the material using Litten’s password.
Based on all of this evidence, the court says that the DOH did not prove on a “more likely than not basis” that Litten accessed the material.
One judge dissented, saying that Litten’s “circumvention of the network security measures placed the technological resources of the entire State at risk.” [!] The dissenting judge noted that Litten’s principal defense relies on another violation of DOH guidelines: Litten’s failure to safeguard his password and user-id. This judge also notes that Litten’s recordation of time spent working was admittedly not exact, and since Litten, like all employees, took various breaks, he would have more than enough time to perform the searches and access the materials in question while he was allegedly working on various projects. The judge also noted that the DOH computers do not have a mechanism to show when a particular employee logs off from the shared computer. Put all of this together, and for the dissenting judge, the evidence presented by Litten was not inconsistent with his access of the material while on break.
The judges’ differing treatment of whether Litten accessed the material in question raises the perpetual question of how to link computer use to a particular user, and what type of evidence is necessary. Although a login is not an IP address, this case shows that just because a user’s credential accessed certain information, this does not dictate the legal conclusion that the user in question did it. Of course, in this instance, Litten was able to marshal evidence in his favor, such as the shared computer and the password posted on the bulletin board, and without this type of evidence, he would have an uphill road to climb. Perhaps the court was swayed by the fact that Litten was a good employee who did not otherwise have any significant problems. In any event, it was interesting to see that although DOH had Litten’s login and records of inappropriate material accessed through this login, it still couldn’t prove convincingly enough that Litten accessed the materials.