Most employees would be outraged to discover that their boss had made photocopies of papers in their desk drawers or routinely listened in on their phone conversations. That kind of uninvited prying would widely be considered unethical, if not illegal.

But a Southern California woman, in a groundbreaking lawsuit that brings a new twist to the debate over workplace rights, is charging that her former employer engaged in the computer age equivalent of such actions, turning himself into something of an electronic peeping Tom.

In the suit, 32-year-old Alana Shoars claims a manager at Epson America Inc. routinely read electronic messages and memos that employees exchanged with outsiders -- correspondence everyone assumed was confidential. Fired for insubordination earlier this year, an angry Shoars now is pursuing her unusual invasion-of-privacy case in the courts.

Although she singles out electronic mail -- the mechanism for speeding messages and documents from computer to computer -- Shoars's case sheds new light on broader privacy concerns confronting employees in the waning days of the paper-based office. Increasingly, legal experts predict, employers will be grappling with how to apply the ethos that evolved during the age of paper, pen and the U.S. mail to the indispensable fixtures of the electronic office -- the fax, the personal computer, the automated phone and electronic mail.

Quickly catching on to its conveniences, more than 8 million Americans correspond regularly today by electronic mail, up from fewer than 500,000 a decade ago. At the National Aeronautics and Space Administration, more than half of the 23,000 employees use E-mail, as the service is known, whether to keep track of travel plans or to share scientific data with universities and contractors. At computer maker Hewlett-Packard Co., 85,000 users worldwide send the equivalent of 9 million pages a month over E-mail.

And in Santa Monica, Calif., which runs the nation's only electronic town hall, an E-mail system sucks in several hundred comments each month from citizens complaining about everything from potholes to police patrols.

"E-mail started out as an alternative to the telephone ... {to} eliminate 'telephone tag' and cut down on long-distance calls," said Ned Cooper, an official in Martin Marietta Corp.'s information systems group.

"Now we're finding that it's a way of life."

Finding a Balance Much of the privacy debate centers on the question of which elements in any typical office belong to a company and which to an employee.

Lining up at one extreme are those who believe that desks and file cabinets, as well as telephones and electronic mail, are provided solely for business use. Therefore, almost anything stored in the desk or uttered over the phone is the property of the company.

At the other pole are the people who say employees should expect nearly as much confidentiality at work as at home. They believe workers should feel at ease using a phone or electronic message to bad-mouth the boss, as many co-workers do, never expecting their words to go beyond the intended recipient.

Balancing the extremes is the key to achieving both privacy and practicality. "You want to be able to formulate a policy that gives the company certain rights but it doesn't create a chilling effect on your employees. You might do something bad to morale," said Janet Pioli, an attorney at Helene Curtis Inc., the Chicago-based personal care products firm.

In trying to formulate such policy, Pioli has found the situation complicated by, among other things, the hybrid nature of E-mail.

Like the telephone, E-mail provides an electronic means by which to send a message. But a telephone conversation ends when the parties hang up. E-mail, much like a written letter, typically is stored for some time, as Oliver North discovered when his electronic messages were retrieved from White House computers.

To complicate matters further, the way E-mail is set up sends mixed signals about its confidentiality. Typically, a user needs one or more passwords to gain access to his or her E-mail. Requiring passwords suggests privacy. But the messages often are stored on a centralized computer, where technicians are likely to have access to their contents. And in some companies, that access might extend to the corporate office.

With E-mail, "higher managers are now starting to monitor first- and second-level professionals," said Lewis Maltby, coordinator of an American Civil Liberties Union task force on the workplace. "Snooping is starting to work its way up the corporate hierarchy."

Actually, few experts believe electronic eavesdropping is widespread -- that bosses are routinely perusing workers' computerized files any more than they randomly rifle through desk drawers. In fact, fishing expeditions through E-mail are thought to be rare.

But cases like Shoars suggest the practice may occur.

Epson America, the U.S. arm of the Japanese computer maker, had hired Shoars in March 1989 to train its employees in the use of E-mail. The company used E-mail both to communicate within its Torrance, Calif., facility and with outsiders, in the latter case through an international E-mail network run by MCI Communications Corp.

After several months on the job, according to the class-action suit, Shoars discovered that her boss had placed an "unauthorized and illegal" tap onto the system at the connection point to the outside world, enabling the company to capture and later read from printouts all the E-mail entering and leaving the Torrance facility.

She was stunned. "My policy and procedure is you don't read anything that isn't addressed to you," said Shoars, who recently was hired as an E-mail administrator at Warner Bros. Inc. "The way it was marketed to {employees} was as a secure system."

Shoars questioned the practice, and shortly thereafter was fired. Ironically, Shoars said Epson cited as proof of "insubordination" something she had written in an outgoing E-mail message.

Epson spokesman Scot Edwards would not discuss details of the case but flatly denied allegations that the company routinely monitored E-mail and said the firm violated no laws. Epson recently has reminded employees that while "it is clearly not our policy to indiscriminately read E-mail," certain computer operators may be exposed to data and therefore "we can't guarantee privacy."

Legal experts say Shoars faces a tough battle in trying to apply to a new technology the fuzzy patchwork of guidelines affecting office privacy.

Legal Limitations Although the Constitution implicitly guarantees certain rights to privacy at home or on the street, these rights do not necessarily extend into the workplace. Still, courts have found that workers are afforded a certain degree of privacy at work.

That so-called "reasonable expectation of privacy" varies from case to case. Blatantly personal matters, like a phone call home or a purse stashed in a drawer, for example, are likely to be deemed secure from corporate intrusion. Your re'sume' kept in a file drawer or on a computer, however, may not be. And while letters stamped "confidential" could reasonably be expected to be left sealed, the same degree of security likely would not apply to routine mail. Indeed, if an employee were out of town, firms likely could insist that colleagues open the mail and proceed with the business of the day.

When it comes to E-mail communications, Congress tried to draw some lines with a 1986 act that protects the privacy of dispatches sent over public services, like MCI Mail or a similar service offered by US Sprint Communications Co.

On such services, users pay to establish an electronic mailbox. Drawing a parallel to telephone calls, during which citizens generally can expect privacy, lawmakers protected electronic communications from eavesdropping by the government or any unauthorized third party. It is less clear, however, whether the act protects the disclosure of E-mail communications conducted under the auspices of a private employer.

The uncertainty surrounding federal privacy law explains why Shoars's case was brought under California statutes, considered among the most favorable in the nation with respect to workers' rights. For one thing, California is one of only 10 states whose constitution explicitly guarantees people privacy. For another, the state's wiretapping law requires both parties to consent to the monitoring of phone calls, a stricter standard than federal provisions. It is that California two-party consent restriction that is cited in Shoars's suit.

Against the murky legal backdrop, attorneys generally advise companies to draw up their own policies regarding how much privacy employees can expect at work. The policies should clearly define the scope of company property and outline any monitoring it intends to do, whether to prevent abuse or evaluate employees' work habits.

For the time being, E-mail remains new enough on the corporate scene that few companies have developed formal, or even informal, policies regarding its use. And there is no legal precedent to draw upon.

"The difficult question, which is just beginning to be explored, is what reasonable expectation of privacy the employee ought to have vis-a`-vis the employer with regard to communications made on behalf of the employer," said David Johnson, a Washington attorney specializing in computer law. "It's a complicated question."

Some experts say a company could make a strong case for advising employees not to expect confidentiality on an E-mail system. They say its contents should be considered company property, even more so than a desk or locker. "Clearly, you can't put your wallet into a computer," said Alan Carlson, an attorney with a San Francisco-based law firm that represents companies in employment matters.

But in many companies, where the E-mail system doubles as a recreational network for running the Super Bowl pool or trading gossip, employees are likely to view their password-protected mailbox as strictly private.

Even taking a middle ground, assuming that some company access is acceptable, there is the sticky question of who that privileged company representative might be -- the computer system operator, a user's boss, only the company president?

Shoars's case may be the first legal test of these issues, though for a brief time earlier this year it looked as if the city of Colorado Springs would pave the way. A political brouhaha erupted there after it was disclosed that Mayor Robert Isaac was monitoring what other city council members believed were their private person-to-person E-mail messages. Some council members were outraged, but no legal action ensued.

According to city attorney James Colvin, the mayor countered that he didn't knowingly read private mail, but had merely asked a secretary to routinely supply him with printouts of all E-mail traveling on the city's system. That just happened to include private memos sent among city council members because the computer system operators had failed to install electronic safeguards that would prevent E-mail designated as "private" from being divulged.

Colvin believes Isaac's actions do not fall under the 1986 act in part because Congress made it a crime to "intentionally" intercept electronic transmissions.

Epilogue Isaac may not be the only one using "intent" as a defense.

A reporter called Digital Equipment Corp. recently to discuss the firm's use of E-mail and associated privacy policies. The interview was conducted on a three-way conference call, with two Digital officials at separate locations.

When the interview ended, the reporter neglected to immediately hang up, in the process overhearing words not intended for her consumption. Thinking they were alone, the two Digital officials launched into a crisp critique of her reporting technique.

The moral: To protect against eavesdroppers of any variety, you can't beat a walk through the park.