Month: May 2012

May 30, 2012 Privacy

Is there a constitutional right of privacy in a family member’s autopsy photos?

Marsh v. County of San Diego, — F.3d —, 2012 WL 1922193 (9th Cir. May 29, 2012)

Yes, there is now. At least in the Ninth Circuit. Since the defendant was found to be not liable for violation of that right because of qualified immunity, an appeal is unlikely and the ruling will probably stand.

autopsy table

Background

When defendant Coulter retired from the district attorney’s office, he kept a photocopy of an autopsy photo (of a 2-year old boy with head injuries) from one of the cases he tried in 1983. What’s even more bizarre is that defendant turned over the photo and a memo to a newspaper and television station.

When the mother of the deceased little boy who appeared in the photo heard about this, she sued the district attorney and the county for violation of her due process rights under the Fourteenth Amendment of the United States Constitution.

The trial court threw out the case on summary judgment. Plaintiff sought review with the Ninth Circuit. Though the court found defendant was not liable for a constitutional violation because of qualified immunity, it held that plaintiff had a constitutionally protected right to privacy over her child’s death images.

Due Process

The Due Process Clause of the Fourteenth Amendment to the U.S. Constitution has been held to protect “a right of personal privacy, or a guarantee of certain areas or zones of privacy.” Carey v. Population Servs. Int’l, 431 U.S. 678, 684 (1977) (quoting Roe v. Wade, 410 U.S. 113, 152 (1973)). This privacy right is of two types: (1) the individual interest in avoiding disclosure of personal matters, and (2) the interest in independence in making certain kinds of important decisions concerning, for example, family relationships and child rearing.

In this case, the court observed that other courts, including the Supreme Court, had recognized a common law (but not constitutional) protection against the disclosure of a deceased family member’s death scene photos. But this case was the first time a court held that protection against public disclosure of such photos was a constitutionally protected right under substantive due process.

The court noted that “the well-established cultural tradition acknowledging a family’s control over the body and death images of the deceased has long been recognized at common law.” Because such sensibility is so deeply-rooted in our culture, the test for both types of substantive due process were met in this case. Protecting the interest would serve to avoid the disclosure of the graphic details of a family member’s tragic death (which reveals much about the manner of death and extent of suffering). In the context of a child’s autopsy photos, the right of a parent to determine the “care, custody and control” of the child is protected by a federal privacy right against public disclosure.

State Law – Procedural Due Process

The court held that plaintiff’s procedural due process rights were violated by the disclosure of the autopsy photo. California has a statute — Cal.Civ.Proc.Code § 129 — that codifies the state’s public policy against the reproduction of post-mortem photos for improper purposes. This served to create a liberty interest in plaintiff that could not be taken away without due process. The court found that plaintiff had sufficiently alleged a claim of violation of the statute and, therefore, a deprivation of a state-created liberty interest.

Photo credit: atluxity under this license.

May 24, 2012 Uncategorized

Should a person who sends a text to a distracted driver be responsible for the ensuing wreck?

There is an interesting personal injury case pending in New Jersey that highlights an interesting question about responsible use of SMS technology. A guy allegedly hit a motorcycle, severely injuring its two riders, because he was distracted by a text his girlfriend had sent. The motorcycle riders sued the girlfriend who sent the text.

girl sending text message

Even the plaintiffs’ lawyer admits (in this interview) that most people would not be willing to pin responsibility on someone who was not present to cause an accident and injury. But because of the unique facts, namely, that she apparently knew her boyfriend was driving, she became “electronically present” with him in the vehicle.

One of the things the plaintiffs will have to show is that the text proximately caused the accident. In New Jersey, the jury (if the case gets that far) will be asked to find whether the plaintiffs’ injuries are so connected with the negligent actions of the girlfriend that it is reasonable to hold her responsible. Answering that will require the jury to examine whether it was foreseeable that her sending the text would cause that wreck.

What do you think?

Photo credit Ed Yourdon under this license.

May 23, 2012 Trade Secrets

IBM’s Siri ban underscores important business concern over trade secrets

IBM doesn’t let its employees use Siri, out of concern Apple may store and use sensitive IBM data. This decision on IBM’s part underscores an important business concern that companies of all sizes — not just behemoths like IBM — either have or should have.

internet anonymity

Apple’s data usage policy that governs how it treats Siri inquiries says that Apple can use the information it collects to, among other things, improve the service. That’s a pretty broad grant of authority. Because the system that makes Siri available is so complex and multifaceted, Apple could reasonably justify extracting and using the information contained in just about any question people ask Siri. When that information comes from another major player in the competitive space, the implications of the appropriation of proprietary information become obvious.

IBM’s big concern is likely focused squarely on the protection of its trade secrets. State law provides the contours of trade secrets law, so the elements vary from state to state. But in general, a company can enforce its exclusive rights to possess and use information that (1) gives that company a competitive advantage, and (2) which is subject to efforts to keep secret. That latter part — keeping the information secret — is a big reason for nondisclosure agreements, password protected servers, and sensible restrictions on employee use of third party technologies (like social media and search tools like Siri).

Evan Brown is a Chicago technology and intellectual property attorney, representing businesses and individuals in a variety of situations, including matters dealing with the identification and protection of confidential business information.

Photo credit: Spec-ta-cles under this license.

May 22, 2012 Anonymity, Defamation, First Amendment

Does the constitution protect anonymity?

Yes, the constitution protects one’s right to speak anonymously, but only to a certain extent. The question of one’s First Amendment right to speak anonymously comes up pretty often in situations where a plaintiff seeks to unmask the identity of someone who is alleged to have committed an illegal act against the plaintiff online. Most often it is a plaintiff seeking to unmask an online critic in a defamation lawsuit.

internet anonymity

In 1995, the U.S. Supreme Court held in McIntyre v. Ohio Elections Commission that a state statute prohibiting the distribution of anonymous campaign literature was unconstitutional. The court said that “an author’s decision to remain anonymous, like other decisions concerning omissions or additions to the content of a publication, is an aspect of the freedom of speech protected by the First Amendment.” 514 U.S., at 342.

One would be hard pressed to overstate the importance of anonymous speech. Three and a half decades before the McIntyre decision, the Supreme Court observed that “[p]ersecuted groups and sects from time to time throughout history have been able to criticize oppressive practices and laws either anonymously or not at all.” Talley v. California, 362 U.S. 60, 64 (1960). And “[t]he loss of First Amendment freedoms, for even minimal periods of time, unquestionably constitutes irreparable injury.” Elrod v. Burns, 427 U.S. 347, 373 (1976).

But free speech protection has its limits. A person does not have a First Amendment right to defame another. So when one party seeks to “de-anonymize” another using the court system, the judge must strike a balance between the plaintiff’s right to seek redress and the defendant’s interest (if any) in remaining anonymous.

Courts have come up with a variety of balancing tests. Though different courts have come up with different ways of conducting the analysis, the test always involves looking at the strength of the facts the plaintiff puts in his or her initial filing. The more likely it appears there is real defamation, for example, the less likely the anonymous speech will be protected. If the strength of those allegations gets beyond a certain tipping point, the risk of an anonymous free speech violation becomes outweighed by the need for the plaintiff to get relief for the unprotected, unlawful speech.

Evan Brown is a Chicago technology and intellectual property attorney, representing businesses and individuals in a variety of situations, including matters dealing with online anonymity and anonymous speech.

Photo credit: petter palinder under this license.

May 21, 2012 Copyright, Privacy

Social media legal best practices: some problems and solutions with uploading photos and tagging people

Facebook, Flickr, 500px and mobile sharing applications such as Instagram have replaced the hard copy photo album as the preferred method for letting others see pictures you have taken. Now photos are easy to take and easy to share. This easiness makes a number of legal questions potentially more relevant.

Embarrassing photos

Let’s be honest — every one of us has been in photos that we do not want others to see. It may be just bad lighting, an awkward angle, or something more sinister such as nudity or drug use, but having a photo like that made public would cause embarrassment or some other type of harm. Sometimes the law affords ways to get embarrassing photos taken down. To the same extent the law can help, the one posting the embarrassing photo puts himself at risk for legal liability.

Invasion of privacy. If someone takes a picture of another in a public place, or with a bunch of other people, the subject of the photo probably does not have a right of privacy in whatever he or she is doing in the photo. So the law will not be helpful in getting that content off the internet. But there are plenty of situations where the subject of a photo may have a privacy interest that the law will recognize.

  • “Intrusion upon seclusion,” as its name suggests, is a legal claim that one can make when someone has intentionally intruded — physically or otherwise — upon their solitude or seclusion. Surreptitiously taken photos of a person in her own home, or in a place where she expected privacy (e.g., in a hotel room or dressing room) would likely give rise to an unlawful intrusion upon seclusion.
  • “Publication of private facts” is another form of invasion of privacy. A person commits this kind of invasion of privacy by publishing private, non-newsworthy facts about another person in a way that would be offensive to a reasonable person. Posting photos of one’s ex-girlfriend engaged in group sex would be considered publication of private facts. Posting family pics of one’s nephew when he was a kid would not.

Photoshop jobs

Some people enjoy using Photoshop or a similar advanced photo editing application to paste the head of one person onto the body of another. (Reddit has an entire category devoted to Photoshop requests.) This can have drastic, negative consequences on the person who — through this editing — appears to be in the photo doing something he or she did not and would not do. This conduct might give rise to legal claims of infliction of emotional distress and defamation.

Infliction of emotional distress. We expect our fellow members of society to be somewhat thick-skinned, and courts generally do not allow lawsuits over hurt feelings. But when it’s really bad, the law may step in to help. One may recover for infliction of emotional distress (sometimes called “outrage”) against another person who acts intentionally, and in a way that is extreme and outrageous, to cause emotional distress that is severe. Some states require there to be some associated physical harm. A bride who sued her photographer over the emotional distress she suffered when the photographer posted pictures of her in her underwear lost her case because she alleged no fear that she was exposed to physical harm.

Defamation. A person can sue another for defamation over any “published” false statement that harms the person’s reputation. Some forms of defamation are particularly bad (they are called defamation per se), and are proven when, for example, someone falsely states that a person has committed a crime, has engaged in sexually immoral behavior, or has a loathsome disease. A realistic Photoshop job could effectively communicate a false statement about someone that is harmful to his or her reputation.

Copied photos

Since copying and reposting images is so easy, a lot of people do it. On social media platforms, users often do not mind if a friend copies the photos from last night’s dinner party and reuploads them to another account. In situations like these, it’s simply “no harm, no foul.” Technically there is copyright infringement going on, but what friend is going to file a lawsuit against another friend over this socially-acceptable use? The more nefarious situations illustrate how copyright can be used to control the display and distribution of photos.

In most instances, the person who takes a photo owns the copyright in that photo. A lot of people believe that if you appear in a photo, you own the copyright. That’s not true unless the photo is a self portrait (e.g., camera held at arm’s length and turned back toward the person, or shot into the mirror), or unless the person in the photo has otherwise gotten ownership of the copyright through a written assignment (a much rarer situation).

A person who finds that his or her copyrighted photos have been copied and reposted without permission has a number of options available. In the United States, a quick remedy is available under the notice and takedown provisions of the Digital Millennium Copyright Act. The copyright owner sends a notice to the platform hosting the photos and demands the photos be taken down. The platform has an incentive to comply with that demand, because if it does, it cannot be held responsible for the infringement. Usually a DMCA takedown notice is sufficient to solve the problem. But occasionally one must escalate the dispute into copyright infringement litigation.

Some other things to keep in mind

With the protections afforded by free speech and the difficulties involved in winning an invasion of privacy or infliction of emotional distress lawsuit, one can get away with quite a bit when using photos in social media. One court has even observed that you do not need a person’s permission before tagging him or her in a photo.

A person offended by the use of a photo by him or of him may have recourse even in those situations where it is not so egregious as to give him a right to sue. Social media platforms have terms of service that prohibit users from harassing others, imitating others, or otherwise engaging in harmful conduct. The site will likely remove content once it is made aware of it. (I have sent many requests to Facebook’s legal department requesting content to be removed — and it has been removed.) The norms of social media communities play an important role in governing how users treat one another, and that principle extends to the notions of civility as played out through the use of photos online.

Evan Brown is a Chicago technology and intellectual property attorney. He advises businesses and individuals in a wide range of situations, including social media best practices. 

Photo credit: AForestFrolic

May 21, 2012 Anonymity, Copyright

Court tosses copyright claims against 244 accused BitTorrent infringers

Digital Sins, Inc. v. John Does 1–245, 2012 WL 1744838 (S.D.N.Y. May 15, 2012)

Plaintiff Digital Sins filed a copyright lawsuit against 245 anonymous BitTorrent users. The court dismissed the case against all but one of the unknown John Does, finding that the defendants had been improperly joined in one lawsuit. The judge observed that “there is a right way and a wrong way to litigate [copyright infringement claims], and so far this way strikes me as the wrong way.”

Federal Rule of Civil Procedure 20(a)(2) provides that defendants can be joined into one case if, for example, the plaintiff’s right to relief arises out of the same transaction, occurrence, or series of transactions or occurrences, or if there is any question of law or fact common to all defendants.

In this case, the court found that those requirements had not been met. Plaintiff’s allegations that the defendants merely commited the same type of violation in the same way, did not satisfy the test for permissive joinder under Rule 20. There was no basis, according to the court, to conclude that any of the defendants was acting other than independently when he or she chose to access the BitTorrent protocol.

The court went on to find that having all the defendants joined in one action would not give rise to any valid judicial economy. Any such economy from litigating all the cases in a single action would only benefit plaintiff, by not having to pay separate filing fees to sue each defendant. Moreover, trying 245 separate cases in which each of 245 different defendants would assert his own separate defenses under a single umbrella would be unmanageable.

Photo credit: nshontz

May 18, 2012 Governance, Miscellaneous, Privacy

Are network neutrality and freedom from government surveillance incompatible?

The FBI would like to see Congress amend CALEA (the Communications Assistance for Law Enforcement Act). FBI director Mueller recently testified that his agency wants legislation that will assure internet service providers “have the capability and the capacity to respond” to court orders allowing the eavesdropping on a person’s internet communications.

CALEA currently requires that telecommunications companies expeditiously make their equipment, facilities, and services available to the government for wiretapping. Presumably, federal law enforcement would like to see this expanded to bind ISPs and other non-telecom entities.

We see a similar division of the world into telecom and non-telecom in the discussion of network neutrality. Many in favor of network neutrality laud the FCC’s efforts to bring ISPs into the agency’s scope of power to help ensure those providers of internet infrastructure do not discriminate on the basis of content source.

But do you see the potential problem here? If an individual is in favor of network neutrality and also wary of overzealous government wiretapping, he or she must be careful to not allow advocacy of federal power in one arena (enforcing network neutrality) to bleed over, even by analogy, to advocay of federal power in the other arena (surveillance). Participants in these discussions are advised to keep the ideological origins of the respective positions in mind.

May 17, 2012 Privacy

Is transparency the best norm for user privacy?

Discussions about how companies handle privacy are metadiscussions, because data use policies provide information about information, namely, how platforms collect, use and share it. It’s easy to come up with platitudes when operating in such an abstract realm. People like the catchy norm of “transparency.” It suggests that our dignitary ills are cured when we know how companies such as Facebook use the information about us that they hoard.

But transparency as a norm suffers from a hobbling flaw when put into practice — it is antithetical to the proprietary interests companies hold dear and which the law protects. At a fundamental level, the exploitation of big datasets is how most online social platforms make money. Granular knowledge about the user equals more targetedness of the ad. Targeted-er ads can be sold at a premium. The fact that a platform can collect so much information about a user is one thing. The method for the information’s use is another. It’s the face of the latter aspect into which transparency flies.

No company that has invested substantially in developing effective methods for utilizing its collected data is going to have an authentic incentive to lift the hood on its data-utilizing methods. The protection of the law of trade secrets would evaporate in any instance where a company were to do that.

Any reluctance to transparency on the part of the platform betrays this misalignment of incetives between platform and user. Calling on transparency as the norm will only exacerbate the misalignment. What people are actually looking for when they call for transparency are reasons to trust. The metadiscussion needs a new pathway to get to trust, because the path that transparency affords is, ironically, blocked.

Photo credit: motoyen

May 15, 2012 Computer Crime, Privacy

Alleged voyeur boss cannot pursue Computer Fraud and Abuse Act claim

Bashaw v. Johnson, 2012 WL 1623483 (D.Kan. May 9, 2012)

Some employees filed suit after they learned that their boss — who required them to wear skirts to work — allegedly installed the Cam-u-flage video surveillance app on his iPhone and iPad to surreptitiously capture upskirt shots of plaintiffs at work.

The boss filed a counterclaim under the Computer Fraud and Abuse Act (CFAA), claiming that plaintiffs deleted data from his iDevices without authorization. Plaintiffs moved to dismiss this counterclaim. The court granted the motion.

The court held that the boss failed to allege the nature of his alleged damages within the meaning of the CFAA, and that he failed to sufficiently allege a qualified loss as defined by the statute.

As for damage, the court found that the mere allegation that data had been erased, without identifying which data, did not meet the plausibility requirement to survive a motion to dismiss. (Hmm. I wonder what data the plaintiff-employees would have wanted to delete?)

On the question of loss, the employer alleged that such calculation “would exceed” the CFAA threshold of $5,000. But he did not allege that he actually incurred losses in that amount. He did not mention any investigative or response costs, nor did he allege any lost revenues or other losses due to an interruption in service.

Photo credit: Magic Madzik

May 11, 2012 Governance, Miscellaneous, Privacy, Spam

Why be concerned with social media estate planning?

The headline of this recent blog post by the U.S. government promises to answer the question of why you should do some social media estate planning. But the post falls short of providing a compelling reason to plan for how your social media accounts and other digital assets should be handled in the event of your demise. So I’ve come up with my own list of reasons why this might be good both for the individual and for our culture:

Security. People commit identity theft on both the living and the dead. (See, for example, the story of the Tennessee woman who collected her dead aunt’s Social Security checks for 22 years.) While the living can run credit checks and otherwise monitor the use of their personal information, the deceased are not so diligent. Ensuring that the dataset comprising a person’s social media identity is accounted for and monitored should reduce the risk of that information being used nefariously.

Avoiding sad reminders. Spammers have no qualms with commandeering a dead person’s email account. As one Virginia family knows, putting a stop to that form of “harassment” can be painful and inconvenient.

Keeping social media uncluttered. This reason lies more in the public interest than in the interest of the deceased and his or her relatives. The advertising model for social media revenue generation relies on the accuracy and effectiveness of information about the user base. The presence of a bunch of dead peoples’ accounts, which are orphaned, so to speak, dilutes the effectiveness of the other data points in the social graph. So it is a good thing to prune the accounts of the deceased, or otherwise see that they are properly curated.

Preserving our heritage for posterity. Think of the ways you know about your family members that came before you. Stories and oral tradition are generally annotated by photo albums, personal correspondence and other snippets of everyday life. Social media is becoming a preferred substrate for the collection of those snippets. To have that information wander off into the digital ether unaccounted for is to forsake a means of knowing about the past.

How big a deal is this, anyway? This Mashable article commenting on the U.S. government post says that last year about 500,000 Facebook users died. That’s about 0.0006% of the user base. (Incidentally, Facebook users seem much less likely to die than the general population, as 0.007% of the world’s entire population died last year. Go here if you want to do the math yourself.)

I say it’s kind of a big deal, but a deal that’s almost certain to get bigger.

Scroll to top