Chapter 9 Expectation of Privacy Expectation Of Privacy • What degree of privacy is expected? • Individuals, not corporations • Information on your computer • Information involved in online interactions PgP BUSA331 Chapter14 Expectation of Privacy in Chat Rooms • No expectation of privacy • Multiple people involved in the conversation • Transcript can be saved, printed, logged, archived. • But two party chats? Not clear…lot of cases involve other issues, entrapment… • Chat at work? May be employee deciding whether to report. PgP BUSA331 Chapter 13 Expectation of Privacy in Email • Is your email private? Hardly • What is the nature of digital information? Easily copied and distributed. PgP BUSA331 Chapter14 Email in the Workplace • Employees depend on email to communicate • Employers understand need, but there are possible issues: • • • • • Trade secrets, intellectual property loss Discrimination Harassment Customer lawsuits Unethical behavior, legal exposure-Merrill Lynch investment analyst Henry Blodget • Email-a potential time-bomb? PgP BUSA331 Chapter 13 Email, FRCP • Corporate email is not private correspondence • Email exists on servers, on backups, in archivespotentially indefinitely • Should corporations regularly purge old email? • Acceptable if following a policy • Not acceptable if trying to destroy evidence • FRCP standard for email deletion- part of routine, good-faith operation. PgP BUSA331 Chapter 13 Company Data Policy • Email and other data is discoverable as evidence in litigation • Destroying this data can be obstruction of justice • Unless there is a policy to delete email that is a routine, good faith operation PgP BUSA331 Chapter 13 Email, and Employers • Can employers read employee personal email stored on corporate computers? • Employer Issues: • • • • • • • Business confidentiality Client confidentiality Legal policy compliance (HIPAA) Legal securities compliance Illegal misrepresentation of false claims Prevention of sexual harassment lawsuits Company image PgP BUSA331 Chapter 13 Email, Employers and Employees • Many employers monitor email • Employers have fired employees for email misuse • Issue- Is there a reasonable expectation of privacy at work? Most courts say no! PgP BUSA331 Chapter 13 Workplace Privacy, Best Practices • Employers should have a policy manual • Require new hires to read and sign • Employer must follow the policy • NLRB issue-employers cannot allow personal use of corporate email system while prohibiting other uses (union-related) PgP BUSA331 Chapter 13 Workplace Privacy, Portable Devices • Depends on who owns device and pays for service• Other factors include: • Employer Policy • Practices-past and present, court may infer policy • State Tort Law • State Statutes • Electronics Communications Privacy Act • Fourth Amendment PgP BUSA331 Chapter 13 Workplace Privacy, Monitoring • Keystroke loggers • Scanning email attachments (images, resumes, confidential data…) • Electronic cards/locks pinpoint time and location • Who watches the watchmen? • Accidental actions. (whitehouse.com vs .gov) don’t go there! PgP BUSA331 Chapter 13 Workplace- Government, FOI • Government employee emails can be access under open meeting or freedom of information laws! • 1996-US creates ‘electronic reading rooms’ to create online index of frequently requested materials • What about government employee using private email to discuss government matters? • Be mindful of who can access your email, computer files! PgP BUSA331 Chapter 13 Workplace Email Issues • Hackers with sniffer programs • Reply to all, not sending ‘bcc’, wrong address • ISP employees have access PgP BUSA331 Chapter 13 Employer Monitoring Summary • Most cases are Invasion of Privacy • Most cases allow employers to monitor employee internet use and email in the workplace • Key issue-were employees informed in advance? PgP BUSA331 Chapter 13 Internet Service Providers, Gmail • ECPA covers-wire, oral or electronic communications • ECPA allows ISPs to access emails stored on system • Some courts interpret this to allow companies to monitor employee’s email • ECPA may not be adequate for internet era, where is line between privacy and protecting the business? • Federal Wiretap Act predates internet, not well applied in ‘Councilman’ where court allowed email interception by competitor. • Email Privacy Act, bill would have reversed Councilman, but appellate court did so • Google Gmail-targeted ads and no delete! PgP BUSA331 Chapter 13 Law Enforcement Officials • Warrants or subpoenas give state and federal agents access to email • Government entity can request that ISP retain records (logs) for 90 days under the ‘Electronic Communication Transactional Records Act of 1996’ • Research the FBI ‘Carnivore’ program • USA PATRIOT and NSLs-National Security Letters (unconstitutional now) • Foreign Intelligence Surveillance Court-FBI served ISP that mistook warrant for one account as for all! PgP BUSA331 Chapter 13 Litigation • Discovery-legal process requiring document production • Covers emails, instant messages • Is lawsuit reasonably forseeable? Don’t delete! • Litigation Hold! Notify employees, preserve datahave a procedure in place • Spoilation-bad faith destruction of evidence PgP BUSA331 Chapter 13 Expectation of Privacy in Email • Craigslist ad used to solicit private facts? • Tort – public disclosure of private facts, elements met, could perpetrator have been sued? PgP BUSA331 Chapter14 Expectation of Privacy After Death • Dead customers, release email to soldier’s parents? • Yahoo, Corporal Ellsworth death, PR nightmare • New clause in will? Inherit someone’s email username/password? PgP BUSA331 Chapter14 Social Networks • FaceBook Beacon program, broadcast your purchases, oops… • Is there a different privacy norm for social network users than for the general public? PgP BUSA331 Chapter14 Hard Drive Privacy • 4th Amendment protects you from ‘unreasonable searches and seizures by the government’ • Work, no; but personal….yes, perhaps… • Technicians stealing private photos • Circuit City technician finding child porn during servicing • US customs seizes computer after finding nude women pix, doing further investigation finding child porn… • US customs finding child porn on laptop, but drive encrypted, court ordered him to decrypt PgP BUSA331 Chapter14 Government Reach @ Border • Should the government be allowed to copy and retain the entire contents of a hard drive that may contain personal info? • Legal, financial, medical information??? • Review of computer files vs forensic examination • Does a password protected file mean you have something to hide? • What is ‘reasonable suspicion’? PgP BUSA331 Chapter 13 Encryption, th 5 Amendment • Can defendant be required to provide decrypted evidence? • Standard seems to be yes, if the government proves that there is incriminating evidence on the drives by other means. • Otherwise, it appears that you cannot make someone incriminate themselves… PgP BUSA331 Chapter 13 Spycams • In 2010 2,300 students with school-owned laptops contained program to • pinpoint location based on MAC address • Take screen shots of visited websites • Take pictures using webcam! Student charged with taking drugs using webcam pictures. Invasion of privacy! PgP BUSA331 Chapter 13 Spycam 2 • Stolen laptop with LoJack software records keystrokes and photos of user naked during chat • Invasion of privacy • Not known if plaintiff knew whether laptop was stolen. PgP BUSA331 Chapter 13 Spycam 3 • Leased laptop with monitoring • Is this a violation of ECPA, CFAA? • 420,000 customers had been vicitms, not told of monitoring • FTC settled with 7 rent-to-own companies PgP BUSA331 Chapter 13 Spycam disaster • Roommate spying • Leads to intimate revelation • Victim commits suicide • Perpetrator convicted of: • • • • Invasion of privacy Evidence tampering (deleting tweets, IM) Hate crime 10 year prison sentence PgP BUSA331 Chapter 13 File-sharing • Pair of artists stole 10,000 private photos from 100 hard drives on computers with mis-configured file sharing software, and made them available on website without knowledge or consent, compensation or copyright releases. • If you use personal PC for business use it could be confiscated and all (business and personal) content could be exposed! PgP BUSA331 Chapter 13 Expectation of Privacy in Web Posts • NY court held no expectation of privacy in restricted fb posts. (being used as evidence against defendant) • Banks can turn over records to government without customer permission or notification. • This has happened at least 24 times since 2008 on social network sites. PgP BUSA331 Chapter 13 Expectation of Privacy in Search History • Should a victim be compelled to turn over search records in rape case that would indicate she had been searching for the legal definition of rape online after the event? PgP BUSA331 Chapter 13 Expectation of Privacy in SmartPhones • Do police need a search warrant to search a smart phone? Courts divided. • Is a warrantless search • ‘preserving evidence’? • ‘incident to a lawful arrest’? • Or is it unconstitutional and only allowed if police officer’s safety is at risk, or an emergency? PgP BUSA331 Chapter 13 GPS Tracking • Courts say if you do not want to be tracked turn-off your phone!? But you did not consent to share info. • Montana passed law requiring state government to obtain warrant to track smart phone via GPS. Will other states follow? PgP BUSA331 Chapter 13