Chapter 13 - Winona State University

advertisement
Chapter 9
Expectation of Privacy
Expectation Of Privacy
• What degree of privacy is expected?
• Individuals, not corporations
• Information on your computer
• Information involved in online interactions
PgP BUSA331 Chapter14
Expectation of Privacy in Chat
Rooms
• No expectation of privacy
• Multiple people involved in the conversation
• Transcript can be saved, printed, logged, archived.
• But two party chats? Not clear…lot of cases involve
other issues, entrapment…
• Chat at work? May be employee deciding whether
to report.
PgP BUSA331 Chapter 13
Expectation of Privacy in Email
• Is your email private? Hardly
• What is the nature of digital information? Easily
copied and distributed.
PgP BUSA331 Chapter14
Email in the Workplace
• Employees depend on email to communicate
• Employers understand need, but there are possible
issues:
•
•
•
•
•
Trade secrets, intellectual property loss
Discrimination
Harassment
Customer lawsuits
Unethical behavior, legal exposure-Merrill Lynch
investment analyst Henry Blodget
• Email-a potential time-bomb?
PgP BUSA331 Chapter 13
Email, FRCP
• Corporate email is not private correspondence
• Email exists on servers, on backups, in archivespotentially indefinitely
• Should corporations regularly purge old email?
• Acceptable if following a policy
• Not acceptable if trying to destroy evidence
• FRCP standard for email deletion- part of routine,
good-faith operation.
PgP BUSA331 Chapter 13
Company Data Policy
• Email and other data is discoverable as evidence in
litigation
• Destroying this data can be obstruction of justice
• Unless there is a policy to delete email that is a
routine, good faith operation
PgP BUSA331 Chapter 13
Email, and Employers
• Can employers read employee personal email
stored on corporate computers?
• Employer Issues:
•
•
•
•
•
•
•
Business confidentiality
Client confidentiality
Legal policy compliance (HIPAA)
Legal securities compliance
Illegal misrepresentation of false claims
Prevention of sexual harassment lawsuits
Company image
PgP BUSA331 Chapter 13
Email, Employers and Employees
• Many employers monitor email
• Employers have fired employees for email misuse
• Issue- Is there a reasonable expectation of privacy
at work? Most courts say no!
PgP BUSA331 Chapter 13
Workplace Privacy, Best Practices
• Employers should have a policy manual
• Require new hires to read and sign
• Employer must follow the policy
• NLRB issue-employers cannot allow personal use of
corporate email system while prohibiting other
uses (union-related)
PgP BUSA331 Chapter 13
Workplace Privacy, Portable
Devices
• Depends on who owns device and pays for service• Other factors include:
• Employer Policy
• Practices-past and present, court may infer policy
• State Tort Law
• State Statutes
• Electronics Communications Privacy Act
• Fourth Amendment
PgP BUSA331 Chapter 13
Workplace Privacy, Monitoring
• Keystroke loggers
• Scanning email attachments (images, resumes,
confidential data…)
• Electronic cards/locks pinpoint time and location
• Who watches the watchmen?
• Accidental actions. (whitehouse.com vs .gov) don’t
go there!
PgP BUSA331 Chapter 13
Workplace- Government, FOI
• Government employee emails can be access under
open meeting or freedom of information laws!
• 1996-US creates ‘electronic reading rooms’ to
create online index of frequently requested
materials
• What about government employee using private
email to discuss government matters?
• Be mindful of who can access your email, computer
files!
PgP BUSA331 Chapter 13
Workplace Email Issues
• Hackers with sniffer programs
• Reply to all, not sending ‘bcc’, wrong address
• ISP employees have access
PgP BUSA331 Chapter 13
Employer Monitoring Summary
• Most cases are Invasion of Privacy
• Most cases allow employers to monitor employee
internet use and email in the workplace
• Key issue-were employees informed in advance?
PgP BUSA331 Chapter 13
Internet Service Providers, Gmail
• ECPA covers-wire, oral or electronic communications
• ECPA allows ISPs to access emails stored on system
• Some courts interpret this to allow companies to monitor
employee’s email
• ECPA may not be adequate for internet era, where is line
between privacy and protecting the business?
• Federal Wiretap Act predates internet, not well applied in
‘Councilman’ where court allowed email interception by
competitor.
• Email Privacy Act, bill would have reversed Councilman, but
appellate court did so
• Google Gmail-targeted ads and no delete!
PgP BUSA331 Chapter 13
Law Enforcement Officials
• Warrants or subpoenas give state and federal
agents access to email
• Government entity can request that ISP retain
records (logs) for 90 days under the ‘Electronic
Communication Transactional Records Act of 1996’
• Research the FBI ‘Carnivore’ program
• USA PATRIOT and NSLs-National Security Letters
(unconstitutional now)
• Foreign Intelligence Surveillance Court-FBI served
ISP that mistook warrant for one account as for all!
PgP BUSA331 Chapter 13
Litigation
• Discovery-legal process requiring document
production
• Covers emails, instant messages
• Is lawsuit reasonably forseeable? Don’t delete!
• Litigation Hold! Notify employees, preserve datahave a procedure in place
• Spoilation-bad faith destruction of evidence
PgP BUSA331 Chapter 13
Expectation of Privacy in Email
• Craigslist ad used to solicit private facts?
• Tort – public disclosure of private facts, elements
met, could perpetrator have been sued?
PgP BUSA331 Chapter14
Expectation of Privacy After Death
• Dead customers, release email to soldier’s parents?
• Yahoo, Corporal Ellsworth death, PR nightmare
• New clause in will? Inherit someone’s email
username/password?
PgP BUSA331 Chapter14
Social Networks
• FaceBook Beacon program, broadcast your
purchases, oops…
• Is there a different privacy norm for social network
users than for the general public?
PgP BUSA331 Chapter14
Hard Drive Privacy
• 4th Amendment protects you from ‘unreasonable
searches and seizures by the government’
• Work, no; but personal….yes, perhaps…
• Technicians stealing private photos
• Circuit City technician finding child porn during
servicing
• US customs seizes computer after finding nude women
pix, doing further investigation finding child porn…
• US customs finding child porn on laptop, but drive
encrypted, court ordered him to decrypt
PgP BUSA331 Chapter14
Government Reach @ Border
• Should the government be allowed to copy and
retain the entire contents of a hard drive that may
contain personal info?
• Legal, financial, medical information???
• Review of computer files vs forensic examination
• Does a password protected file mean you have
something to hide?
• What is ‘reasonable suspicion’?
PgP BUSA331 Chapter 13
Encryption,
th
5
Amendment
• Can defendant be required to provide decrypted
evidence?
• Standard seems to be yes, if the government
proves that there is incriminating evidence on the
drives by other means.
• Otherwise, it appears that you cannot make
someone incriminate themselves…
PgP BUSA331 Chapter 13
Spycams
• In 2010 2,300 students with school-owned laptops
contained program to
• pinpoint location based on MAC address
• Take screen shots of visited websites
• Take pictures using webcam!
Student charged with taking drugs using webcam
pictures.
Invasion of privacy!
PgP BUSA331 Chapter 13
Spycam 2
• Stolen laptop with LoJack software records
keystrokes and photos of user naked during chat
• Invasion of privacy
• Not known if plaintiff knew whether laptop was
stolen.
PgP BUSA331 Chapter 13
Spycam 3
• Leased laptop with monitoring
• Is this a violation of ECPA, CFAA?
• 420,000 customers had been vicitms, not told of
monitoring
• FTC settled with 7 rent-to-own companies
PgP BUSA331 Chapter 13
Spycam disaster
• Roommate spying
• Leads to intimate revelation
• Victim commits suicide
• Perpetrator convicted of:
•
•
•
•
Invasion of privacy
Evidence tampering (deleting tweets, IM)
Hate crime
10 year prison sentence
PgP BUSA331 Chapter 13
File-sharing
• Pair of artists stole 10,000 private photos from 100
hard drives on computers with mis-configured file
sharing software, and made them available on
website without knowledge or consent,
compensation or copyright releases.
• If you use personal PC for business use it could be
confiscated and all (business and personal) content
could be exposed!
PgP BUSA331 Chapter 13
Expectation of Privacy in Web Posts
• NY court held no expectation of privacy in
restricted fb posts. (being used as evidence against
defendant)
• Banks can turn over records to government without
customer permission or notification.
• This has happened at least 24 times since 2008 on
social network sites.
PgP BUSA331 Chapter 13
Expectation of Privacy in Search
History
• Should a victim be compelled to turn over search
records in rape case that would indicate she had
been searching for the legal definition of rape
online after the event?
PgP BUSA331 Chapter 13
Expectation of Privacy in
SmartPhones
• Do police need a search warrant to search a smart
phone? Courts divided.
• Is a warrantless search
• ‘preserving evidence’?
• ‘incident to a lawful arrest’?
• Or is it unconstitutional and only allowed if police
officer’s safety is at risk, or an emergency?
PgP BUSA331 Chapter 13
GPS Tracking
• Courts say if you do not want to be tracked turn-off
your phone!? But you did not consent to share info.
• Montana passed law requiring state government to
obtain warrant to track smart phone via GPS. Will
other states follow?
PgP BUSA331 Chapter 13
Download