August 14, 2012 Computer Crime, Privacy

No Fourth Amendment violation when government looked at Facebook profile using friend’s account

U.S. v. Meregildon, — F.Supp.2d —, 2012 WL 3264501 (S.D.N.Y. August 10, 2012)

The government suspected defendant was involved in illegal gang activity and secured the assistance of a cooperating witness who was a Facebook friend of defendant. Viewing defendant’s profile using the friend’s account, the government gathered evidence of probable cause (discussion of past violence, threats, and gang loyalty maintenance) which it used to swear out a search warrant.

What you do on Facebook is almost guaranteed to come back and bite you in the ass.

Defendant argued that the means by which the government obtained the probable cause evidence – by viewing content protected by defendant’s Facebook privacy settings – violated defendant’s Fourth Amendment rights. The court denied defendant’s motion to suppress.

It held that where Facebook privacy settings allowed viewership of postings by friends, the Government could access them through a friend/cooperating witness without violating the Fourth Amendment. The court compared the scenario to how a person loses his legitimate expectation of privacy when the government records a phone call with the consent of a cooperating witness who participates in the call. It held that defendant’s legitimate expectation of privacy ended when he disseminated posts to his Facebook friends because those friends were then free to use the information however they wanted, including sharing it with the government.

Photo credit: Flickr user Poster Boy NYC under this Creative Commons license.

July 11, 2012 Computer Crime

Did a Facebook breakup cause a murder?

According to this news report, a man in Martinsville, Indiana allegedly shot the mother of his 14-month-old daughter after the woman broke up with him through Facebook. Though one should not jump to concluding that Facebook caused this murder, we are left to consider whether the nature of social media communications contributed to the alleged killer’s motivation.

public breakup

Breaking up is supposed to be a private event. Though we do not know the precise means the woman used to communicate the breakup (was it a private message or an IM, or was it more public like a status update or wall post?), one cannot help but notice the incongruity of using a social media platform to communicate a sensitive matter. Equally intriguing as the breakup is the man’s alleged apology in advance that he posted to Facebook before the murder.

Social media, just like any technology, gives us choices. Stories like this show how, in certain circumstances, human nature may not always be up to the task of making the right decisions when that process is affected by a novel context like the seemingly public context of Facebook.

Photo courtesy Flickr user Unlisted Sightings under this license.

July 10, 2012 Employment, Privacy

Reading a non-friend’s comment on Facebook wall was not a privacy invasion

Sumien v. CareFlite, 2012 WL 2579525 (Tex.App. July 5, 2012)

Plaintiff, an emergency medical technician, got fired after he commented on his coworker’s Facebook status update. The coworker had complained in her post about belligerent patients and the use of restraints. Here is plaintiff’s comment:

Yeah like a boot to the head…. Seriously yeah restraints and actual HELP from [the police] instead of the norm.

After getting fired, plaintiff sued his former employer for, among other things, “intrusion upon seclusion” under Texas law. That tort requires a plaintiff to show (1) an intentional intrusion, physical or otherwise, upon another’s solitude, seclusion or private affairs that (2) would be highly offensive to a reasonable person.

The trial court threw out the case on summary judgment. Plaintiff sought review with the Court of Appeals of Texas. On appeal, the court affirmed the summary judgment award.

The court found plaintiff failed to provide any evidence his former employer “intruded” when it encountered the offending comment. Plaintiff had presented evidence that he misunderstood his co-worker’s Facebook settings, did not know who had access to his co-worker’s Facebook Wall, and did not know how his employer was able to view the comment. But none of these misunderstandings of the plaintiff transformed the former employer’s viewing of the comment into an intentional tort.

Read Professor Goldman’s post on this case.


Photo credit: Flickr user H.L.I.T. under this license.

July 9, 2012 Contracts, Copyright, DMCA

DMCA takedown notices are not just for content

Apple using the DMCA to stop early sales of iOS 6.

The infamous Digital Millennium Copyright Act takedown process gets quite a bit of press when content owners such as movie studios and record companies use it to take infringing copies of films or music offline. The safe harbor provisions of the DMCA are at the heart of content-distribution platforms’ defenses against infringement occasioned by users of the platform. (Think Viacom v. YouTube.)

Apple reminds us, however, that the DMCA gives all copyright owners — not just those who own copyrights in content — a mechanism for getting infringing works off the internet. According to this piece on Engadget, Apple has been contacting hosting providers of sites that offer unauthorized copies of the forthcoming iOS 6 for sale.

So the DMCA, acting in the name of copyright protection, provides a remedy for software providers to keep the clamps on parties who may have access to software for their own use (in this case, iOS developers) but go outside the bounds of such use and offer the technology for sale to others.

July 3, 2012 Privacy

Can you snoop if someone has forgotten to log out?

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Need assistance? Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases.

Marcus v. Rogers, 2012 WL 2428046 (N.J.Super.A.D. June 28, 2012)

The answer to that question may depend on whether you knowingly exceed your authorization. A New Jersey court recently held that a defendant was within the bounds of the law when he accessed and printed a co-worker’s personal email after the coworker left the computer without signing out of her account.

can you snoop the email account left on the screen when someone forgets to log out

One morning when defendant, a teacher, sat down in the computer room of the school where he worked to check his email, he bumped the mouse of the computer next to him when he sat his drink down. That stopped the screen saver on the other machine, revealing the inbox of a coworker’s Yahoo account. Defendant saw that some of the emails’ subjects mentioned him, so he clicked on them, printed them out, and later used them at an adminstrative meeting to further some points in a work dispute.

The coworkers whose email communications defendant had accessed in this way sued him for violation of New Jersey’s equivalent of the Stored Communications Act (N.J.S.A. 2A:156A–27). The plaintiffs moved for summary judgment on their claim, but the court let the question go to the jury. That jury found defendant had not violated the statute.

Plaintiffs appealed the denial of their motion for summary judgment. On appeal, the court affirmed, holding that the jury properly got the question to consider.

Under the New Jersey statute, a plaintiff has a cause of action if, among other things, another person knowingly:

  • accesses without authorization a facility through which an electronic communication service is provided, or
  • exceeds an authorization to access that facility

The court briefly discussed whether the term knowingly applies both to “access without authorization” and “exceeds an authorization”. It held that it does.

Then the court went on to evaluate whether the jury should have gotten the question in the first place.

The court held that as a matter of law, defendant did not access the email account without authorization. Because the “index to the inbox” of the co-worker’s Yahoo account was displayed on the screen when the coworker left the computer, defendant did not access the “facility” without authorization. The accessing of the facility had been accomplished by coworker. There was no evidence of hacking or other unauthorized access to her account.

As for whether defendent exceeded his authorized access, the court held that the lower court properly submitted the question to the jury. The court held that the facts could not preclude a jury finding that defendant did not exceed his authorized access. Indeed, six of the seven deliberating jurors found that defendant had not exceeded his authorization. And all of the jurors found that the coworker had provided “tacit authorization” for him to access the account. (The case does not specify what that evidence of tacit authorization was.)

So the jury’s finding that defendant did not exceed his authorized access stood.

An obvious pro-tip from the case is to remember to log out of shared computers. But the decision is potentially relevant to contexts other than email accounts on desktop computers. Does a person who finds another’s mobile device have the right to rummage through all the accounts (e.g., social media, email, dating sites) that the phone’s owner is logged into? This case underscores that the answer will be, frustratingly, “it depends.” It’s best to put some facts into play — like even the simple requirement of a 4-digit password — to establish contours for authorization which, when exceeded, are clear.

June 28, 2012 Uncategorized

Social media angle on SCOTUS healthcare decision

I’ve seen three interesting social media issues arise in the hours following the Supreme Court’s decision this morning on Obamacare:

1. Premature enunciation and the ensuing bruhaha

In a rush to report on the extremely complex decision, CNN’s website briefly stated that the healthcare law had been overturned. [Screenshot] Folks on Twitter were quick to pounce, and it still seems to be kind of flying under the radar that FOX News’ side-scrolling ticker got it wrong too. The comparisons to Dewey Defeats Truman are obvious. The picture below by @garyhe captures this notion visually.

But there are a couple important differences in modern and social media versus the 1940s.

Because of the faster means to get the word out, there is even more pressure for a media outlet to be the first. (The same kind of pressure, felt by a humble blogger like me to be among the first to analyze the issues herein is making it difficult for me to type right.) And members of mainstream media are not just competing against other mainstream media participants. As @roncoleman tweeted, “[t]he central role of @SCOTUSblog in this discussion is the truly historical event occurring today.” (@SCOTUSblog’s coverage of the decision was driven largely by the work of 81-year-old Lyle Denniston.)

And it’s easy to forget that mistakes in reporting can easily be undone. Unlike the paper in the Dewey Defeats Truman situation, which had to literally stop the presses, reset the type, print out new stacks of papers and physically deliver them hours later, the CNN website was changed immediately with little human effort. And the fact that CNN got it wrong couldn’t have harmed anyone, given that there were millions of commentators on Twitter to instantly lampoon it, thereby drawing attention to the error.

2. It’s not just law professors who can be constitutional scholars

@jonathanwpeters observed the profundity of how the discourse on Twitter had become erudite by simply noting: “June 28, 2012: the day that “Commerce Clause” trended on Twitter.” But maybe that eruditeness is just a facade. @jbtaylor gives us a warning: “Brace yourself. Everyone on Twitter is about to become a Constitutional scholar.”

3. Everyone’s a comedian and all the world’s a comedy club

Probably the best part of the social media response to the decision is the humor. Here are a few of my favorite tweets that look at the farcical side of this:

  • “Remember when John Roberts botched the President’s swearing-in on Inauguration Day? I think they’re all good now.” (by @johnsberman)
  • “I felt a sudden disturbance in the Law, as if millions of nascent law review articles cried out, and were suddenly silenced.” (by @timhwang)
  • “Tea Party just turned into a massive kegger as the last spare change has gone to buy all the beer left in St. Louis ‪#wow‬ (by @mimizhusband)
  • “Now that that’s over who wants to grab a Coke and watch some porn” – Clarence Thomas (by @platypusjones)
June 12, 2012 Litigation

Court says insurance company should have used social media to track down its insured

Cotto v. Universal Underwriters Ins. Co., 2012 WL 2093331 (Mass.App.Ct. June 12, 2012)

Failure to consult Myspace and Facebook kills defense in insurance coverage case.

Plaintiff sued defendant insurance company after the insurance company refused to pay a judgment against its insured — plaintiff’s former friend and driver of the car in an accident that injured plaintiff. The insurance company claimed that because its insured was uncooperative, it did not have to pay. The trial court agreed with the insurance company and threw the case out on summary judgment. Plaintiff sought review with the Appeals Court of Massachusetts. On appeal, the court reversed and remanded.

At issue was whether the insurance company had exercised due diligence in locating its insured. The court held that summary judgment was improper because the court was unable to conclude, as matter of law, that the insurance company carried its burden of proving that it exercised due diligence.

In evaluating the (lack of) efforts the insurance company had undertaken, the court observed that although there was evidence in the record that the insured had Myspace and Facebook accounts, there was nothing to indicate the insurance company or its investigators consulted these sites. Given the insureds “youth and transient lifestyle,” and the “importance of social media sites as centers of communication and sources of information,” the court found that a reasonable trier of fact could conclude that the insurance company could have done more to locate its insured.

May 30, 2012 Privacy

Is there a constitutional right of privacy in a family member’s autopsy photos?

Marsh v. County of San Diego, — F.3d —, 2012 WL 1922193 (9th Cir. May 29, 2012)

Yes, there is now. At least in the Ninth Circuit. Since the defendant was found to be not liable for violation of that right because of qualified immunity, an appeal is unlikely and the ruling will probably stand.

autopsy table

Background

When defendant Coulter retired from the district attorney’s office, he kept a photocopy of an autopsy photo (of a 2-year old boy with head injuries) from one of the cases he tried in 1983. What’s even more bizarre is that defendant turned over the photo and a memo to a newspaper and television station.

When the mother of the deceased little boy who appeared in the photo heard about this, she sued the district attorney and the county for violation of her due process rights under the Fourteenth Amendment of the United States Constitution.

The trial court threw out the case on summary judgment. Plaintiff sought review with the Ninth Circuit. Though the court found defendant was not liable for a constitutional violation because of qualified immunity, it held that plaintiff had a constitutionally protected right to privacy over her child’s death images.

Due Process

The Due Process Clause of the Fourteenth Amendment to the U.S. Constitution has been held to protect “a right of personal privacy, or a guarantee of certain areas or zones of privacy.” Carey v. Population Servs. Int’l, 431 U.S. 678, 684 (1977) (quoting Roe v. Wade, 410 U.S. 113, 152 (1973)). This privacy right is of two types: (1) the individual interest in avoiding disclosure of personal matters, and (2) the interest in independence in making certain kinds of important decisions concerning, for example, family relationships and child rearing.

In this case, the court observed that other courts, including the Supreme Court, had recognized a common law (but not constitutional) protection against the disclosure of a deceased family member’s death scene photos. But this case was the first time a court held that protection against public disclosure of such photos was a constitutionally protected right under substantive due process.

The court noted that “the well-established cultural tradition acknowledging a family’s control over the body and death images of the deceased has long been recognized at common law.” Because such sensibility is so deeply-rooted in our culture, the test for both types of substantive due process were met in this case. Protecting the interest would serve to avoid the disclosure of the graphic details of a family member’s tragic death (which reveals much about the manner of death and extent of suffering). In the context of a child’s autopsy photos, the right of a parent to determine the “care, custody and control” of the child is protected by a federal privacy right against public disclosure.

State Law – Procedural Due Process

The court held that plaintiff’s procedural due process rights were violated by the disclosure of the autopsy photo. California has a statute — Cal.Civ.Proc.Code § 129 — that codifies the state’s public policy against the reproduction of post-mortem photos for improper purposes. This served to create a liberty interest in plaintiff that could not be taken away without due process. The court found that plaintiff had sufficiently alleged a claim of violation of the statute and, therefore, a deprivation of a state-created liberty interest.

Photo credit: atluxity under this license.

May 24, 2012 Uncategorized

Should a person who sends a text to a distracted driver be responsible for the ensuing wreck?

There is an interesting personal injury case pending in New Jersey that highlights an interesting question about responsible use of SMS technology. A guy allegedly hit a motorcycle, severely injuring its two riders, because he was distracted by a text his girlfriend had sent. The motorcycle riders sued the girlfriend who sent the text.

girl sending text message

Even the plaintiffs’ lawyer admits (in this interview) that most people would not be willing to pin responsibility on someone who was not present to cause an accident and injury. But because of the unique facts, namely, that she apparently knew her boyfriend was driving, she became “electronically present” with him in the vehicle.

One of the things the plaintiffs will have to show is that the text proximately caused the accident. In New Jersey, the jury (if the case gets that far) will be asked to find whether the plaintiffs’ injuries are so connected with the negligent actions of the girlfriend that it is reasonable to hold her responsible. Answering that will require the jury to examine whether it was foreseeable that her sending the text would cause that wreck.

What do you think?

Photo credit Ed Yourdon under this license.

May 23, 2012 Trade Secrets

IBM’s Siri ban underscores important business concern over trade secrets

IBM doesn’t let its employees use Siri, out of concern Apple may store and use sensitive IBM data. This decision on IBM’s part underscores an important business concern that companies of all sizes — not just behemoths like IBM — either have or should have.

internet anonymity

Apple’s data usage policy that governs how it treats Siri inquiries says that Apple can use the information it collects to, among other things, improve the service. That’s a pretty broad grant of authority. Because the system that makes Siri available is so complex and multifaceted, Apple could reasonably justify extracting and using the information contained in just about any question people ask Siri. When that information comes from another major player in the competitive space, the implications of the appropriation of proprietary information become obvious.

IBM’s big concern is likely focused squarely on the protection of its trade secrets. State law provides the contours of trade secrets law, so the elements vary from state to state. But in general, a company can enforce its exclusive rights to possess and use information that (1) gives that company a competitive advantage, and (2) which is subject to efforts to keep secret. That latter part — keeping the information secret — is a big reason for nondisclosure agreements, password protected servers, and sensible restrictions on employee use of third party technologies (like social media and search tools like Siri).

Evan Brown is a Chicago technology and intellectual property attorney, representing businesses and individuals in a variety of situations, including matters dealing with the identification and protection of confidential business information.

Photo credit: Spec-ta-cles under this license.

Scroll to top