Tag: privacy

February 9, 2012 Employment, Privacy

Teacher fired over Facebook post gets her job back

Court invokes notion of “contextual integrity” to evaluate social media user’s online behavior.

Rubino v. City of New York, 2012 WL 373101 (N.Y. Sup. February 1, 2012)

The day after a student drowned at the beach while on a field trip, a fifth grade teacher updated her Facebook status to say:

After today, I am thinking the beach sounds like a wonderful idea for my 5th graders! I HATE THEIR GUTS! They are the devils (sic) spawn!

Three days later, she regretted saying that enough to delete the post. But the school had already found out about it and fired her. After going through the administrative channels, the teacher went to court to challenge her termination.

The court agreed that getting fired was too stiff a penalty. It found that the termination was so disproportionate to the offense, in the light of all the circumstances, that it was “shocking to one’s sense of fairness.” The teacher had an unblemished record before this incident, and what’s more, she posted the content outside of school and after school hours. And there was no evidence it affected her ability to teach.

But the court said some things about the teacher’s use of social media that were even more interesting. It drew on a notion of what scholars have called “contextual integrity” to evaluate the teacher’s online behavior:

[E]ven though petitioner should have known that her postings could become public more easily than if she had uttered them during a telephone call or over dinner, given the illusion that Facebook postings reach only Facebook friends and the fleeting nature of social media, her expectation that only her friends, all of whom are adults, would see the postings is not only apparent, but reasonable.

So while the court found the teacher’s online comments to be “repulsive,” having her lose her job over them went too far.

February 1, 2012 Copyright, Defamation, Miscellaneous, Privacy, Right of Publicity, Section 230, Trademarks

Six interesting technology law issues raised in the Facebook IPO

Patent trolls, open source, do not track, SOPA, PIPA and much, much more: Facebook’s IPO filing has a real zoo of issues.

The securities laws require that companies going public identify risk factors that could adversely affect the company’s stock. Facebook’s S-1 filing, which it sent to the SEC today, identified almost 40 such factors. A number of these risks are examples of technology law issues that almost any internet company would face, particularly companies whose product is the users.

(1) Advertising regulation. In providing detail about the nature of this risk, Facebook mentions “adverse legal developments relating to advertising, including legislative and regulatory developments” and “the impact of new technologies that could block or obscure the display of our ads and other commercial content.” Facebook is likely concerned about the various technological and legal restrictions on online behavioral advertising, whether in the form of mandatory opportunities for users to opt-out of data collection or or the more aggressive “do not track” idea. The value of the advertising is of course tied to its effectiveness, and any technological, regulatory or legislative measures to enhance user privacy is a risk to Facebook’s revenue.

(2) Data security. No one knows exactly how much information Facebook has about its users. Not only does it have all the content uploaded by its 845 million users, it has the information that could be gleaned from the staggering 100 billion friendships among those users. [More stats] A data breach puts Facebook at risk of a PR backlash, regulatory investigations from the FTC, and civil liability to its users for negligence and other causes of action. But Facebook would not be left without remedy, having in its arsenal civil actions under the Computer Fraud and Abuse Act and the Stored Communications Act (among other laws) against the perpetrators. It is also likely the federal government would step in to enforce the criminal provisions of these acts as well.

(3) Changing laws. The section of the S-1 discussing this risk factor provides a laundry list of the various issues that online businesses face. Among them: user privacy, rights of publicity, data protection, intellectual property, electronic contracts, competition, protection of minors, consumer protection, taxation, and online payment services. Facebook is understandably concerned that changes to any of these areas of the law, anywhere in the world, could make doing business more expensive or, even worse, make parts of the service unlawful. Though not mentioned by name here, SOPA, PIPA, and do-not-track legislation are clearly in Facebook’s mind when it notes that “there have been a number of recent legislative proposals in the United States . . . that would impose new obligations in areas such as privacy and liability for copyright infringement by third parties.”

(4) Intellectual property protection. The company begins its discussion of this risk with a few obvious observations, namely, how the company may be adversely affected if it is unable to secure trademark, copyright or patent registration for its various intellectual property assets. Later in the disclosure, though, Facebook says some really interesting things about open source:

As a result of our open source contributions and the use of open source in our products, we may license or be required to license innovations that turn out to be material to our business and may also be exposed to increased litigation risk. If the protection of our proprietary rights is inadequate to prevent unauthorized use or appropriation by third parties, the value of our brand and other intangible assets may be diminished and competitors may be able to more effectively mimic our service and methods of operations.

(5) Patent troll lawsuits. Facebook notes that internet and technology companies “frequently enter into litigation based on allegations of infringement, misappropriation, or other violations of intellectual property or other rights.” But it goes on to give special attention to those “non-practicing entities” (read: patent trolls) “that own patents and other intellectual property rights,” which “often attempt to aggressively assert their rights in order to extract value from technology companies.” Facebook believes that as its profile continues to rise, especially in the glory of its IPO, it will increasingly become the target of patent trolls. For now it does not seem worried: “[W]e do not believe that the final outcome of intellectual property claims that we currently face will have a material adverse effect on our business.” Instead, those endeavors are a suck on resources: “[D]efending patent and other intellectual property claims is costly and can impose a significant burden on management and employees….” And there is also the risk that these lawsuits might turn out badly, and Facebook would have to pay judgments, get licenses, or develop workarounds.

(6) Tort liability for user-generated content. Facebook acknowledges that it faces, and will face, claims relating to information that is published or made available on the site by its users, including claims concerning defamation, intellectual property rights, rights of publicity and privacy, and personal injury torts. Though it does not specifically mention the robust immunity from liability over third party content provided by 47 U.S.C. 230, Facebook indicates a certain confidence in the protections afforded by U.S. law from tort liability. It is the international scene that gives Facebook concern here: “This risk is enhanced in certain jurisdictions outside the United States where our protection from liability for third-party actions may be unclear and where we may be less protected under local laws than we are in the United States.”

You have to hand it to the teams of professionals who have put together Facebook’s IPO filing. I suppose the billions of dollars at stake can serve as a motivation for thoroughness. In any event, the well-articulated discussion of these risks in the S-1 is an interesting read, and can serve to guide the many lesser-valued companies out there.

January 31, 2012 Privacy

On the radio: Mobile devices and the Fourth Amendment

I was honored to be a guest on this morning’s episode of Oregon Public Broadcasting’s show Listen Out Loud, talking with host Dave Miller about the recent case of Schlossberg v. Solesbee.

Listen to the interview here:
MP3

We talked about the Fourth Amendment and, more specifically, the exceptions to the warrant requirement for searches made incident to lawful arrests. Some courts have given special treatment to mobile devices when considering whether the information contained on them may be searched without a warrant, because of the vast amounts of personal information that is present.

January 24, 2012 Computer Crime, Privacy

Ordering defendant to decrypt hard drive did not violate her Fifth Amendment rights

U.S. v. Fricosu, 10-CR-00509 (D. Colo. January 23, 2012)

Pursuant to a warrant, federal agents seized defendant’s laptop from her home. When investigators turned it on, they saw the hard drive’s contents were encrypted using PGP Desktop. Defendant would not voluntarily turn over the password to decrypt the drive, so the Government filed an application under the All Writs Act to require defendant to “assist” in the execution of the search warrant. Defendant objected, asserting her privilege against self-incrimination under the Fifth Amendment.

The court rejected defendant’s arguments, granted the Government’s application and ordered defendant to provide an unencrypted copy of the hard drive. It found that the situation did not implicate defendant’s Fifth Amendment rights.

The Fifth Amendment provides that no person shall be compelled in any
criminal case to be a witness against himself. For the most part, this privilege only covers testimony. But an act that implicitly communicates a statement of fact may be within the purview of the privilege as well. For example, producing a document (or electronic data, for that matter) is an acknowledgment that the material:

  • exists
  • is in the possession or control of the producer
  • is authentic (i.e., is what it purports to be)

The court held that defendant’s Fifth Amendment rights were not implicated because providing an unencrypted copy of the hard drive did not serve to accomplish any of the three points listed above.

The feds had confiscated the computer, so they knew of the location and existence of the computer files. (The court found that the fact that investigators did not know the specific content of any specific files on the computer did not matter.) And as for the authenticity of the computer files, the government would presumably be able to do that in other ways. Among other things, the computer was found in defendant’s bedroom. Information on the screen that showed up when it was turned on contained defendant’s first name. And perhaps most damningly, investigators had a taped phone conversation between defendant and her ex-husband discussing the computer and the fact it was password protected.

January 23, 2012 Privacy

Supreme Court: GPS device attached to car was an unconstitutional search

U.S. v. Jones, 565 U.S. ___ (2012)

Decision looks to 18th century sensibilities on the sanctity of personal property to resolve modern day legal problem occasioned by technology.

Today the Supreme Court issued its opinion in U.S. v. Jones, which addresses the question of whether it was a “search or seizure” under the Fourth Amendment when the police attached a GPS tracking device to a drug suspect’s car. The information gathered from the device was used to convict defendant and send him to prison for life.

An originalist kind of opinion

Justice Scalia authored an opinion (which four other justices, including Roberts and Thomas, joined) holding that the placement of the GPS device on defendant’s car was a “physical intrusion [which] would have been considered a ‘search’ within the meaning of the Fourth Amendment when it was adopted.” Because the device was placed on the car outside the scope of the warrant authorizing it (after the warrant’s expiration and outside its geographic jurisdiction), defendant’s Fourth Amendment rights were violated.

Property is key

Key to Court’s opinion was the Fourth Amendment’s close connection to property. Historically, Fourth Amendment jurisprudence has been tied to the concept of common-law trespass. Later cases, such as Katz v. United States, 389 U.S. 347 (1967) deviated from that approach, looking more to a personal interest, namely one’s “reasonable expectation of privacy.”

Reasonable expectation of privacy does not matter here

The Government had argued that there was no search here because defendant had no reasonable expectation of privacy in the underbody of his car, nor in the information about the public places he went. The court rejected that argument. Instead, it observed that “[a]t bottom, we must ‘assur[e] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.”

This “at bottom” analysis meant looking to the property interest defendant had (as informed by principles of common law trespass). By attaching the device to defendant’s car, the officers encroached on a protected area.

Open questions about information tracking

The case involved more than the mere transmission of electronic signals. In dicta, the court noted that in cases that do not involve physical intrusion, the Katz “reasonable expectation of privacy” analysis would apply. And the court was able to skirt the thorny question of whether the pervasive gathering of information while assisted by technology (something that it would take an army of agents and vehicles to accomplish) would be unconstitutional:

It may be that achieving the same result through electronic means, without an accompanying trespass, is an unconstitutional invasion of privacy, but the present case does not require us to answer that question.

Many commentators have observed that the case bears similarities to United States v. Knotts, 460 U. S. 276 (1982) which involved a location-transmitting “beeper” that was placed in a canister of chloroform, which made its way into the defendant’s trunk. In Knotts, the Court held that the gathering of location information in such a fashion did not violate the Fourth Amendment. The Jones case is different — in Knotts, the cops were not reponsible for placing the canister into the vehicle. Here, the cops actually had to encroach on defendant’s property (and even changed the batteries on the device at a later date).

The Court’s decision comes as a relief to those who worried about the Orwellian-like consequences of a Government victory. It appears that all of us — including the Justices of the Supreme Court themselves — are free from indiscriminate government surveilance of this sort. It will be interesting to go back and watch This Week in Law Episode 137, where we discussed this case and its issues.

What do you think? Was the court correct in looking at 18th century doctrines to solve a 21st century problem? Let’s have a conversation below.

January 22, 2012 Privacy

Cops violated Fourth Amendment in warrantless search of digital camera

Schlossberg v. Solesbee, 2012 WL 141741 (D.Or. January 18, 2012)

Plaintiff was being questioned by defendant police officer when defendant noticed plaintiff was using a digital camera to capture the exchange. The cop got enraged and took the camera away. He arrested plaintiff and looked through the files on the camera without getting a warrant.

So plaintiff filed a civil rights lawsuit. Before trial, the court asked the parties to file briefs on whether plaintiff’s Fourth Amendment rights were violated. The court found that the warrantless search of the camera was an unlawful search incident to an arrest, thereby violating the Fourth Amendment.

In its decision, the court noted that cases which have allowed warrantless searches of electronic devices incident to arrest established a dangerous new rule, namely, that any citizen committing even the most minor arrestable offense is at risk of having his or her most intimate information viewed by an arresting officer. The court recounted the case of some cops who, in a warrantless search of a drunk driving suspect’s cell phone, found and shared some naked photos of the suspect’s girlfriend. See Newhard v. Borders, 649 F.Supp.2d 440 (W.D. Va 2009).

The court disagreed with the rationale of previous cases that held electronic devices such as phones and cameras were like “closed containers” and were thereby subject to warrantless searches. It found that warrantless searches of electronic devices are not reasonable when they are incident to a valid arrest absent a showing that the search is necessary to:

  • prevent the destruction of evidence
  • ensure officer safety, or
  • address other exigent circumstances

The court further found that all electronic devices should be subject to this broad protection — police should not have to distinguish between laptops, traditional cell phones, smart phones and cameras before deciding whether to proceed with a search of the device incident to arrest.

In sum, the court found that because plaintiff had a high expectation of privacy in his camera’s contents, defendant should not have reviewed its contents in a search incident to the arrest. He should have gotten a warrant instead.

So what do you think? Did the court get this one right?

January 15, 2012 Contracts

Wedding photographer not responsible for risque photos of bride posted online

Bostwick v. Christian Oth, Inc., 2012 WL 44065 (N.Y.A.D. 1 Dept. January 10, 2012)

Plaintiff bride logged onto her wedding photographer’s website and saw photos of herself wearing only underwear. She emailed an employee of the photographer, who promised to take the offending photos down. But they remained on the website even after plaintiff shared the online password with her family and friends.

So she sued the photographer for breach of contract, fraud and concealment, and negligent infliction of emotional distress. The trial court threw the case out on summary judgment. Plaintiff sought review, but the appellate court affirmed.

Breach of contract

The court found that defendant was authorized by agreement to post the photos. Defendant owned the copyright in the photos and otherwise had the right to put the proofs online. Any demand by plaintiff that the photos be taken down did not serve to revoke any of defendant’s rights, as plaintiff never had the rights to make such a determination to begin with. Moreover, the court found that because the agreement between the parties had an integration clause which provided that any amendments had to be in writing, the subsequent communications between plaintiff and defendant’s employee did not serve to amend the contract. (This decision by the court is puzzling, as the communications about taking the photos down were apparently by email. Other New York courts have held emails sufficient to amend written contracts.)

Fraud and concealment

To have been successful on her fraud and concealment claim, plaintiff was required to show, among other things, that she reasonably relied on defendant’s statement that the underwear photos had been taken offline before she gave the password to her friends and family. The court found in favor of defendant on this point because plaintiff could have checked to see whether the photos were actually taken down before she allowed others to access the photos. What’s more, the court found that the failure to take the photos down was not “concealment” but merely an oversight.

Negligent infliction of emotional distress

Despite its sympathy with plaintiff, and an acknowledgment that having others see the photos would be embarrassing and upsetting, the court found that plaintiff failed to establish a case of negligent infliction of emotional distress. This part of the case failed because plaintiff did not show that she had been exposed to an unreasonable risk of bodily injury or death. There was nothing in the record to cause plaintiff to fear that she was exposed to physical harm.

November 17, 2011 Anonymity, Computer Crime, Copyright, Privacy, Section 230

Video: my appearance on the news talking about isanyoneup.com

Last night I appeared in a piece that aired on the 9 o’clock news here in Chicago, talking about the legal issues surrounding isanyoneup.com. (That site is definitely NSFW and I’m not linking to it because it doesn’t deserve the page rank help.) The site presents some interesting legal questions, like whether and to what extent it is shielded by Section 230 of the Communications Decency Act for the harm that arises from the content it publishes (I don’t think it is shielded completely). The site also engages in some pretty blatant copyright infringement, and does not enjoy safe harbor protection under the Digital Millennium Copyright Act.

Here’s the video:

September 29, 2011 Employment, Privacy

Employer did not violate employee’s privacy by accessing personal laptop

Sitton v. Print Direction, Inc., — S.E.2d —, 2011 WL 4469712 (Ga.App. September 28, 2011)

A Georgia court held that an employee using a personal laptop to conduct business for a competitor did not have an invasion of privacy claim when his employer busted him at work using the laptop to send email.

Plaintiff-employee worked for a printing company. His wife also owned a printing business. On the side, plaintiff would broker printing jobs, sending them to his wife’s company. He would bring his own laptop to work and use that to conduct business for his wife’s company while at work for his employer.

One day, the boss came into plaintiff’s office (apparently when plaintiff was not in the room) and saw that the computer screen on plaintiff’s computer showed a non-work related email account, with messages concerning the brokering of print jobs to the wife’s company. The boss printed out the email messages.

Plaintiff sued, claiming, among other things, common law invasion of privacy and violation of a provision of the Georgia Computer Systems Protection Act. The case went to trial, and plaintiff lost. In fact, he ended up having to pay almost $40,000 to his employer on counterclaims for breach of loyalty. Plaintiff sought review of the trial court’s decision. On appeal, the court affirmed.

The appellate court affirmed the trial court’s finding that the boss’s access to plaintiff’s computer did not constitute common law invasion of privacy based upon an intrusion upon plaintiff’s seclusion or solitude, or into his private affairs. The court held that the boss’s activity was “reasonable in light of the situation” because:

  • He was acting in order to obtain evidence in connection with an investigation of improper employee behavior,
  • The company’s interests were at stake, and
  • He had “every reason” to suspect that plaintiff was conducting a competing business on the side, as in fact he was.

To bolster this holding, the court cited from a Georgia Supreme Court case that said, “[T]here are some shocks, inconveniences and annoyances which members of society in the nature of things must absorb without the right of redress.”

August 31, 2011 Privacy

Sexy MySpace photos stay out of evidence

Webb v. Jessamine County Fiscal Court, 2011 WL 3652751 (E.D. Ky. August 19, 2011)

Plaintiff filed a civil rights lawsuit against the local jail and other governmnet officials after she gave birth while incarcerated. She claimed, among other things, that the jail’s failure to get her proper medical care before and during the delivery caused her extreme humiliation, mental anguish and emotional distress.

The defendants tried an extremely bizarre and highly questionable tactic — they sought to use provocative photos purportedly copied from plaintiff’s MySpace profile, to demonatrate that it is “less probable that [plaintiff] would experience humiliation and mental anguish by being in a jail cell while delivering a baby.” Defendants claimed that the photos were “of such a nature that a reasonable person would be embarrassed if such photographs were placed in public view.”

In other words, defendants argued that because plaintiff would post photos like that of herself online, she did not have the dignity to be free from being ignored or called a child and a liar during labor.

The court granted plaintiff’s motion in limine, excluding the photos from evidence. It found that the photos were irrelevant:

Although the appearance of provocative photos online may cause some humiliation, it bears no relation at all to the extreme humiliation and mental anguish a woman forced to go through labor on her own in a jail cell would bring.

The court also found that the defendants had not properly authenticated the photos, i.e., had not provided enough supporting evidence to show that they actually were of plaintiff. The photos that the defendants offered bore “no indicia of authenticity, such as a web address or a photo of these images on the public MySpace account from which Defendants claim they originated.”

Scroll to top