The employee, who was a sheet metal worker and who was also a trade union shop steward, was an authorised user of the employers’ computer with his own password which permitted him entry to the menu containing engineering information. He was accused by the employers of using the identity code and password belonging to an employee of the employers’ wholly owned subsidiary company, which used the same computer, to obtain access to information which could be of use to him in his trade union activities and hostile to the interests of the company. The employee admitted that he had obtained access to unauthorised information but claimed that he had done so by accident. He was summarily dismissed for gross misconduct and on his complaint of unfair dismissal, an industrial tribunal found that the employers were reasonable in concluding that the employee had deliberately gained access to unauthorised information but that they had not given any reasonable ground for their conclusion that his purpose was illegitimate and that his dismissal was therefore unfair.
On the employers’ appeal: —
Held , allowing the appeal, that if an employee deliberately used an unauthorised password in order to enter a computer known to contain information to which he was not entitled, that was of itself gross misconduct which prima facie would attract summary dismissal; that the industrial tribunal had misdirected themselves in law in requiring the employers to show reasonable grounds for believing that the employee had an illegitimate purpose in obtaining access to a particular programme and the case would be remitted to the tribunal for further hearing (post, p. 335A–B , E–G ).
Per curiam. Unauthorised use of or tampering with computers is an extremely serious industrial offence. However it is clearly desirable to reduce into writing rules concerning the access to and use of computers and not only to display them but to leave them near the computers for reference (post, p. 336B–D ).
The following cases are referred to in the judgment:
Parsons (C.A.) & Co. Ltd. v. McLoughlin [1978] I.R.L.R. 65, E.A.T.
Polkey v. A.E. Dayton Services Ltd. [1987] 1 W.L.R. 1147; [1987] I.C.R. 301; [1987] 1 All E.R. 984, C.A.; [1988] A.C. 344 ; [1987] 3 W.L.R. 1153; [1988] I.C.R. 142; [1987] 3 All E.R. 974, H.L.(E.)
No additional cases were cited in argument.
APPEAL from an industrial tribunal sitting at Hereford.
In April 1988, the employee, Michael Joinson, presented a complaint that he had been unfairly dismissed by the employers, Denco Ltd. By a decision sent to the parties on 20 September 1988, the industrial tribunal upheld his complaint. The employers appealed on the ground that the[1991] 1 WLR 330 at 331 industrial tribunal had erred in law in failing to hold that the employee was guilty of gross misconduct because he deliberately used an unauthorised password to gain access to the computer and that his motive was immaterial.
The facts are stated in the judgment.
Brian Watson for the employers.
David Jackson for the employee.
Cur. adv. vult.
14 November. WOOD J. handed down the following judgment of the appeal tribunal. By an originating application of April 1988 Mr. Joinson, the employee, complained that he had been unfairly dismissed by his employers, Denco Ltd. An industrial tribunal sitting at Hereford under the chairmanship of Mr. Bird heard the case on 15 June 1988 and found in his favour. The employers now appeal. The matter came before us on 4 October 1989 at a preliminary hearing, when it was adjourned for full argument inter partes as the industrial members then sitting and those who are now sitting hold the view that it raises important aspects of conduct in the modern industrial world where computers play such a large role.
The industrial tribunal heard a number of witnesses and we have been supplied with admirably clear notes of evidence given by them. There were also a number of exhibits including a statement from the computer manager, Mr. Baker, and several computer print-outs. The industrial tribunal did not express any clear preference for the evidence of one witness rather than another save in connection with an interview and conversations between the employee and Mr. Walker, the manufacturing director, shortly after the crucial events of the night of 2 to 3 March 1988 in which instance they preferred the version given by the applicant. Otherwise, the facts do not seem to be seriously at issue and it is in the interpretation of those facts that the questions lie. The employers, from premises at Hereford, manufacture air drying and conditioning equipment used with computers. They employ some 300 people. Also based at Hereford is a wholly-owned subsidiary which makes raised module floors for computer suites. It is called, Intek Floors Ltd. (“Intek”).
At the relevant time the employee was aged 42. He had worked with the employers since 1967. He was a skilled sheet metal worker. He became a shop steward with the Amalgamated Engineering Union (“A.E.U.”) and had been appointed chairman of the joint representative committee comprising the A.E.U. and three other trade unions. Whilst the employees at the employer company had been represented by trade unions for some time, it was only recently that the A.E.U. had been recognised at Intek. There is nothing to say when that change came about. The employee was someone trusted by management and to whom in the past confidential information had been given — presumably in connection with his trade union responsibilities.
Some time before March 1988, described by the industrial tribunal as “recently,” the employers installed a new computer. Prior to that it was “positively encouraging people to operate the V.D.U. even if their jobs did not strictly require it.” Upon reading the evidence and as we have had it explained to us, the system existing at the beginning of March[1991] 1 WLR 330 at 332 1988 was as follows. The same computer was in use for the employers and Intek. It had some 30 terminals. Within the computer there were a number of different sections or “menus” which were designed to provide all the information which was considered necessary for a particular department or departments within the company. Once a “menu” was on display the user could proceed further under various headings to obtain other and more detailed information. The reasons for the menus were two-fold. First to protect the information against accident, such as power cuts or malfunction, and secondly, for security and confidentiality.
In order to obtain access to a menu a user was required to enter a user identity code, usually the christian name of the authorised user, or where there was a group of authorised users, the christian name of the most senior. The next requirement was to insert the password. One would think it too obvious to need further explanation but a password was issued to limit access to the menus and thereafter the detailed information within it only to those authorised to have and to use it. This whole system was on a “need to know basis” and it was presumably because passwords might become more generally known during daily use within a department that they were changed every four to six weeks.
The system also had a history file built into it. Every single key stroke at any terminal was recorded on that system with the exception of passwords and the printouts were kept for a period of some two to three weeks. By reference to the history file it was possible to reconstruct all steps that were being taken in relation to any matter should this be necessary for the management to know.
The employee was an authorised user of the computer. He was a charge-hand on the night shift and a temporary supervisor. He was in a position of trust and had his own password which permitted him entry to the menu relevant to his position and expertise as a skilled sheet metal worker. This would be in the main engineering information.
To exit from the computer one pressed “two” then “four” then “enter.” This the employee knew as indeed did the other users.
The employee has a daughter — then aged 16. She had recently started training as an employee at Intek. Mrs. Tegwin Morse worked in the wages department at Intek. She and presumably those working with her had a password to gain access to a menu. The employee’s daughter had heard the password and also Mrs. Morse’s identity of “Teg” short for “Tegwin.”
The employee told the industrial tribunal that on 3 March he knew three passwords, including his own and one which he had heard from his daughter within the previous two to three weeks. She had explained during tea time at home that she had been working on the V.D.U. She told her father that the user identity being used was “Teg” and that the password was “Taff.” When told of the user identity the employee knew that this was Mrs. Morse. During that same conversation he in fact told his daugher his own password. We cannot think why.
On the night of 2 to 3 March 1988 the employers were running a major data processing operation on the central system. It was being done overnight because it required considerable computer time. The employee was working on the night shift in charge of the sheet metal workers and it was only that group or department which would have required any information from the computer during the night.
When the senior programmer arrived at the company on the morning of 3 March he called up the history file to ascertain whether the[1991] 1 WLR 330 at 333 appropriate functions had been carried out for the overnight operation. He noted with surprise that other later operations were also shown which appeared to be unauthorised. This matter was brought to the attention of Mr. Baker, the computer manager.
The relevant printout was before the industrial tribunal and it showed that at 03.58 hours Mrs. Morse’s user identity “Teg” had been inserted, followed by a password. The first time that the password was entered it was incorrect and subsequently the correct password “Taff” was inserted. This clearly shows an intent deliberately to obtain access to that menu. Thereafter the menu appeared on the V.D.U. and this showed a choice of 13 operations. Number three was “printlist of customers.” The printout shows that no. 3 button was then pressed followed by the “enter” button. In fact nothing thereafter showed on the V.D.U. because an embargo had been placed on the screen in respect of the list of customers. However, at the master console from which the history file was being recorded a list of customers was in fact printed out. At the end of that operation the user signed off using first “two,” then “four,” and then “enter.” We would only add that of course you can erase if you make a mistake.
Mr. Baker spoke to the manufacturing director, Mr. Walker. He made inquiries of a Mr. Harman, the supervisor and Mr. Lewis, his equivalent on the day shift. He then tried to telephone the employee but the telephone was engaged. The employee learnt that Mr. Walker wished to see him and telephoned on the evening of Thursday 4 March and came in to see him at about 6 p.m.
It was clear from the printout that prior to the entries which gave rise to the inquiries the employee had quite properly and legitimately obtained necessary engineering information from the computer during that night.
At the interview Mr. Walker asked about the entries on the printout to which we have referred above. Initially the employee denied all knowledge. However, it is common ground that within a very short time he admitted to Mr. Walker and to Mr. Harman and the production manager, Mr. Chatterley, who were present, that he had gained access to the Intek file. His case was that he had been reluctant to disclose the fact because the information had come from his daughter; that he had done so by accident; that he had tried to get out; and then had pressed the wrong button.
Later on Friday 4 March the employee was told by Mrs. Griffiths, the personnel manager, that both he and his daughter were suspended on full pay pending further investigation. This surprised him because he had understood from his conversations with Mr. Walker that a less serious view might be taken of the position.
On 8 March he attended a meeting and was interviewed by Mr. Walker, Mr. Carter and Mrs. Griffiths. The employee explained that he was “playing around with the system” but this was not accepted by the management. A meeting was held the following day, Wednesday 9 March, and the employee was told that he was to be dismissed for gross misconduct. He launched an appeal which was heard on Friday 11 March by Mr. Carter; Mr. Walker was again present. His appeal was dismissed. On the following Thursday, 17 March, the local A.E.U. organiser and the area organiser spoke to Mr. Walker and Mrs. Griffiths in the presence of the employee accepting that he had done wrong but asking for leniency. The decision to dismiss was upheld.
[1991] 1 WLR 330 at 334
As set out in paragraph 15 of the industrial tribunal’s reasons the employers’ case was put as follows. They claimed that the decision to dismiss was reasonable for seven reasons:
“1. What the employee did was not considered accidental i.e. he intended to call up on the V.D.U. screen information about Intek. 2. The employee’s daughter had just joined Intek in the marketing department. 3. The employee had no business entering Intek’s password and playing around with Intek data. 4. The Intek company file contained confidential information and other options could have been chosen which also contained confidential information. 5. He used the code/password of Mrs. Morse who was responsible for wages. 6. He was A.E.U. representative for the respondent shop floor and the shop floor at Intek had also recently become members of the A.E.U. 7. It was obvious and clear that confidential information related to Intek and its customers, size of orders, wages and salaries of staff could be useful to the A.E.U. at Intek in negotiations with management.”
Of the seven reasons the industrial tribunal say this in paragraph 17:
“It is implicit in the [employers’] case that they would not have dismissed [the employee] if they had concluded that his action had been accidental or even that he had been playing around out of curiosity. The essence of their case is that he was guilty of gross misconduct because he deliberately attempted to obtain information in order to use it for an illicit purpose hostile to the interests of the company. That, in their view, was a breach of trust. They do not rely on previous warnings as justifying their action. Unless the conduct was gross misconduct it would be unfair to dismiss on that account and the dismissal would, in fact, be in breach of the Acas Code of Practice.”
The tribunal then continue in paragraph 18:
“We think that they were reasonable in concluding that the [employee] had gained access to the Intek file deliberately. He had after all put into the computer Mrs. Morse’s identity code and password. We think that they also reasonably concluded that he had deliberately called up the menu by dialling three and did not do so accidentally while trying to exit, i.e. by pressing two and then four.”
Later in paragraph 21 they say:
The employers argue that their case has been misunderstood. First, it was not necessary that in order to found a dismissal for gross misconduct management should be satisfied that there was a particular motive. It is quite sufficient to prove that an employee has deliberately used an unauthorised password to enter the computer. In fact, in the present case the employee was in a position of trust, knew how to operate the computer and was authorised to use it for some limited purposes.
[1991] 1 WLR 330 at 335
Secondly, the employers argue that if the motive of the employee is in any way material, it would only be that the management entertained a reasonable suspicion that the entry was for an improper motive.
The industrial members are clear in their view that in this modern industrial world if an employee deliberately uses an unauthorised password in order to enter or to attempt to enter a computer known to contain information to which he is not entitled, then that of itself is gross misconduct which prima facie will attract summary dismissal, although there may be some exceptional circumstances in which such a response might be held unreasonable. Basically, this is a question of “absolutes” and can be compared with dishonesty. However, because of the importance of preserving the integrity of a computer with its information it is important that management should make it abundantly clear to its workforce that interfering with it will carry severe penalties. Although it is not necessary to decide the practice in this case, cases may yet arise where evidence will show that the very tampering itself could produce malfunction with consequent damage and loss of information.
An analogy may be drawn with a situation where an employee enters the management offices of a company where he has no right to be, goes into an office, sees a key on the desk which he knows is the key to the filing cabinet which contains information to which he is not entitled and thereafter opens the filing cabinet and takes out a file.
If in the present case it had been material to consider whether there was evidence which in all the circumstances entitled management reasonably to have suspicion about the employee’s motive or purpose, then the present industrial members take the view that there was abundant such evidence. I agree with them.
When considering the issue of motive the industrial tribunal at one point say:
With respect that does not seem to us to be the point. The issue is what did the employee contemplate he might obtain by way of information by using the password of the wages department at Intek — a company by which he was not employed and the only connection with which would have been as a negotiator of pay.
It follows therefore from what we have said that we take a different view from that of the industrial tribunal of what can constitute gross misconduct in this case and also of the analysis of the employers’ argument. The employers have therefore succeeded in showing that there is a flaw in the industrial tribunal’s reasoning. What should we do? Are the facts so clear that we can safely reach our own conclusion on the approach which we have indicated or should the case be remitted?
The industrial tribunal was extremely critical of the security arrangements made by the employers in connection with use of the computer. It may be that in the light of the indications made above another industrial tribunal would take a less serious view. We have in mind a comment made in an earlier decision of this appeal tribunal, C.A. Parsons & Co. Ltd. v. McLoughlin [1978] I.R.L.R. 65. The conduct which was suggested to be gross misconduct in that case was[1991] 1 WLR 330 at 336 fighting and the passage to which we would refer is in the judgment given by Kilner Brown J. where he said, at p. 65, para. 3:
“All instances of fighting in factories raise very grave problems for the employer. There was made at one stage a point that there was nothing in the contract to prevent fighting. Some companies do have rules which specifically forbid it. All three of us here are unanimously of the opinion that in these days it ought not to be necessary for anybody, let alone a shop steward, to have in black and white in the form of a rule that a fight is something which is going to be regarded very gravely by management.”
It must surely be common sense that where a system such as the present has been instituted that the unauthorised use of a password is a very serious matter indeed. If it is not so realised by industry generally then perhaps this case will make it so. Unauthorised use of or tampering with computers is an extremely serious industrial offence. However it is clearly desirable to reduce into writing rules concerning the access to and use of computers and not only to post them but to leave them near the computers for reference.
This industrial tribunal was also by implication somewhat critical of the procedures without reaching a conclusion. It therefore seems to us that the employee should be entitled to re-argue his case on the fresh approach which we have indicated and to seek to persuade a fresh industrial tribunal that the principle of Polkey v. A.E. Dayton Services Ltd. [1987] 1 W.L.R. 1147 applies.
It also seems to us rather too bold a step, upon the assumption that this was a dismissal rendered unfair on procedural grounds, to proceed to the conclusion which may eventually become self-evident that this is not a case where any award should be made: section 74(1) of the Employment Protection (Consolidation) Act 1978.
We are therefore of the view that justice requires that this case be remitted for rehearing in accordance with any directions which may be given by the regional chairman.
Case remitted to industrial tribunal for rehearing.
Solicitors: Shoosmiths & Harrison, Reading; Thorpes, Hereford.
J. W.