‘Click’ . . . You Just Agreed To Sell Your Privacy

Posted on Categories Computer Law, Privacy Rights, PublicLeave a comment» on ‘Click’ . . . You Just Agreed To Sell Your Privacy

We have all gone to a website and, in accessing the website’s services, have agreed to “terms and conditions” that include a litany of policies, including privacy policies governing how the company maintaining the website will use our personal information obtained while accessing the website. And let’s be honest, even as attorneys or soon-to-be-attorneys, many of us usually do not actually take the time to read the laundry list of items we are agreeing to just so we can obtain a 20% coupon.  I know I’m guilty of regularly clicking “I agree” without reading every term and condition.

cartoon image of a desktop computerWhile we may think our assent to a website’s terms and conditions has little effect on our everyday life, our agreement does in fact matter, and not just for us but also for the company maintaining the website.  For example, one such specific website that most, if not all, of us have used is Facebook. While, again, we likely have not paid very close attention to Facebook’s privacy policies such as its data and cookie policies, those policies explain that Facebook uses cookies or browser fingerprinting to identify users and track what third-party websites users browse.  This use of cookies or browser fingerprinting is why you see ads for products or services that are, or at least should be, most relevant to you.  Indeed, these processes are why I now regularly see ads for Nintendo products when on Facebook after having searched for and purchase Nintendo’s handheld 3DS video game system for my ten year old son. Continue reading “‘Click’ . . . You Just Agreed To Sell Your Privacy”

The Supreme Court Considers Google Street View

Posted on Categories Computer Law, Privacy Rights, Public3 Comments on The Supreme Court Considers Google Street View

Google Street View CarAll of the interest in the Supreme Court tomorrow is likely to be focused on Hobby Lobby and, to a lesser extent, Harris v. Quinn. But I’ll be watching something that happens before either of those decisions is announced. I’ll be looking to see if the Supreme Court granted cert in the StreetView case. I hope the answer is no.

The StreetView case — Google v. Joffe — is one that I’ve blogged extensively about over the past year. See Part I, Part II; see also my coverage of the Ninth Circuit opinion, Google’s petition for rehearing, and the filing of Google’s cert. petition.) Briefly, Google’s StreetView cars intercepted the contents of transmissions from residential wi-fi routers whose owners had not turned on encryption. A number of class actions have been filed claiming that the interceptions were violations of the federal Wiretap Act. Google moved to dismiss them, arguing that radio communications (like wi-fi) basically have to be encrypted to be protected by the Wiretap Act. The district court and the Ninth Circuit disagreed, holding that the exception Google points to applies only to traditional AM/FM radio broadcasts.

Although I disagree with the Ninth Circuit’s reasoning and would find it professionally advantageous if the Supreme Court decided to take the case, I hope it denies cert. Here’s why. Continue reading “The Supreme Court Considers Google Street View”

Google Files Cert. Petition in Street View Case

Posted on Categories Computer Law, Privacy Rights, Public1 Comment on Google Files Cert. Petition in Street View Case

Google Street View CarI noted back in October that Google had hired “noted Supreme Court advocate Seth Waxman” as it was preparing its petition for rehearing in the Street View case, “indicating perhaps how far they intend to take this.” (For background, see my earlier posts Part I, Part II, after the panel decision, and on the petition for rehearing.) My suspicions were accurate — after losing again at the rehearing stage in late December, Google has now filed a petition for certiorari, asking the Supreme Court to reverse the Ninth Circuit.

Google’s petition primarily makes the same substantive arguments it made in its petition for rehearing. The Ninth Circuit in the decision below adopted what I’ve called the “radio means radio” approach — “radio communications” in the Wiretap Act means only communications that you can receive with, you know, an ordinary AM/FM radio. I’ve argued that that is mistaken, and Google unsurprisingly agrees with me. Google provides three reasons why the Ninth Circuit’s interpretation cannot be sustained. Continue reading “Google Files Cert. Petition in Street View Case”

A History of the Mug Shot

Posted on Categories Criminal Law & Process, Legal History, Privacy Rights, Public4 Comments on A History of the Mug Shot

Al Capone mugshotSome of the very earliest photographs from the late 1830s are of alleged and/or convicted criminals, and law enforcement officials used photographs of criminals in Belgium as early as the 1840s to track down wrong-doers.  In Paris, a clerk in the Prefecture of Police Office originated the “mug shot” as we usually imagine it — two shots side by side, with one shot being a frontal shot and the other being a profile.

This so-called “Bertillon System” was displayed at the Chicago World’s Fair in 1893, and it quickly caught on with American urban police departments.  It was an age of science, and some thought of the mug shot as a useful component in “scientific law enforcement.”  Indeed, there are surviving efforts by police departments to superimpose photographs of certain types of criminals on top of one another.   We could then, theoretically, have distilled images of, to note only two of many possibilities, the typical pickpocket or typical forger.

In the present, mug shots are still with us, but we now live in an era in which the market rather than science is seen by many as our savior.  It is possible to round up mug shots from public records and post them regardless of whether the pictured individuals have been prosecuted and/or convicted.  Continue reading “A History of the Mug Shot”

What the Heck Is Drawbridge?

Posted on Categories Computer Law, Privacy Rights, Public1 Comment on What the Heck Is Drawbridge?

scaredy catYou won’t find out from this New York Times front-page story from yesterday, which is disappointingly long on alarmism but scarce on details, a phenomenon all too frequent in privacy reporting. In the third sentence — immediately after anthropomorphizing smartphones — the story tells us that “advertisers, and tech companies like Google and Facebook, are finding new, sophisticated ways to track people on their phones and reach them with individualized, hypertargeted ads.” Boy, that sounds bad — exactly what horrible new thing have they come up with now?

The third paragraph tells us only what privacy advocates fear. The fourth mentions the National Security Agency. The fifth quotes privacy scholar Jennifer King saying that consumers don’t understand ad tracking.

The sixth paragraph finally gives us a specific example of the “new, sophisticated ways” advertisers and tech companies are “track[ing] people on their phones”: Drawbridge. What does Drawbridge do? It’s “figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected.” But this doesn’t tell us much. There are more and less innocuous ways to accomplish the goal of tracking users across devices. On the innocent end of the scale, a website could make you sign into an account, which would allow it to tell who you are, no matter what computer you use. On the malevolent end of the scale, it could hack into your devices and access personal information that is then linked to your activity. The key question is, how is Drawbridge getting the data it is using to track users, and what is in that data? Continue reading “What the Heck Is Drawbridge?”

Google Calls in the Cavalry in the Street View Case

Posted on Categories Computer Law, Privacy Rights, Public1 Comment on Google Calls in the Cavalry in the Street View Case

satellite-antennae-618125-mI do intend to get back to my four-part series on whether Google’s collection of information from residential Wi-Fi networks violated the Wiretap Act. That issue is being litigated in the Northern District of California in a consolidated class action of home wireless network users, and the earlier posts in my series examined the plaintiffs’, Google’s, and the district court’s arguments on this issue. See Part I; Part II. Since I wrote the first two posts, the Ninth Circuit weighed in, affirming the district court’s denial of Google’s motion to dismiss, allowing the plaintiffs to proceed with their complaint.

Since that post, there’s been another development: Google has filed a petition for rehearing and rehearing en banc. And they’ve brought in a bigger gun to do so — noted Supreme Court advocate Seth Waxman — indicating perhaps how far they intend to take this. Google has two basic arguments for why a rehearing should be granted. First, Google attacks what I called the panel’s “radio means radio” interpretation of the term “radio communications” — “radio communications” means “stuff you listen to on a radio” — is unworkable. Second, Google argues that the panel should never have reached the issue of whether wi-fi communications are “readily accessible to the general public” under an ordinary-language approach to that term, because that question involves disputed issues of fact. In the rest of this post I’ll review these two arguments. Continue reading “Google Calls in the Cavalry in the Street View Case”

Ninth Circuit Rejects Google Wi-Fi Argument

Posted on Categories Computer Law, Privacy Rights, PublicLeave a comment» on Ninth Circuit Rejects Google Wi-Fi Argument

car radio dial tnTime, and the Ninth Circuit, wait for no man. You may recall that I was halfway through my four-part series on the arguments in Joffe v. Google, the “Wi-Spy” case in which Google’s Street View cars intercepted and stored data captured from residential wireless networks. Google argued that that activity did not violate the Wiretap Act, because the Wiretap Act does not apply at all to Wi-Fi. There’s an exception in the Wiretap Act for “electronic communications readily accessible to the general public,” and the Act defines “readily accessible” for “radio communications” to mean that the communications must be encrypted or otherwise protected. Wi-Fi is broadcast over radio, and the plaintiffs did not set up encryption. Here’s Part I and Part II if you want to read more.

Earlier today, the Ninth Circuit issued its decision: the district court’s denial of Google’s motion to dismiss is affirmed; the exception does not apply. The Ninth Circuit essentially signed on to the district court’s “radio means radio” approach: Continue reading “Ninth Circuit Rejects Google Wi-Fi Argument”

Why Google’s Wi-Spy Argument Is Stronger Than It First Appears

Posted on Categories Computer Law, Privacy Rights, PublicLeave a comment» on Why Google’s Wi-Spy Argument Is Stronger Than It First Appears

Google Street View Car(This is Part 2 of 4 posts on the issue of whether the Wiretap Act bars interception of unencrypted wi-fi signals. See Part I.)

When we last tuned in I was explaining the arguments in the Google “Wi-Spy” case, involving Google’s Street View vehicles’ interception of home wireless network transmissions. Google argues that unencrypted wireless network transmissions are not protected by the Wiretap Act. Forget to set your wi-fi password? Then all of your network communications are free for the taking by your neighbor, local hacker, or multi-national conglomerate driving down the street. Sure, that sounds counter-intuitive, Google might admit, but the Wiretap Act is a counter-intuitive statute (they’ve got that part right, at least).

The plaintiffs argue that Google is simply engaged in lawyer games, willfully contorting the statute in order to save its bacon. There’s a provision in the Wiretap Act that (roughly speaking) defines unencrypted communications to be publicly accessible, but it only applies to radio communications. And, the plaintiffs argue, “radio communications . . . readily accessible to the general public” is only used in one place in the statute, a provision that talks only about “governmental, law enforcement, civil defense, private land mobile, or public safety communications system[s].” Home wireless routers clearly aren’t any of those. The exception that Google needs refers to “electronic communication[s] . . . readily accessible to the general public.” There’s no definition for that use of “readily accessible,” however, so the ordinary English reading will have to suffice.

The district court didn’t take quite the same tack as the plaintiffs. Continue reading “Why Google’s Wi-Spy Argument Is Stronger Than It First Appears”

Six Words in August

Posted on Categories Computer Law, Privacy RightsLeave a comment» on Six Words in August

Google Street View CarGoogle’s been catching a lot of privacy flak recently. Just this week, various news organizations picked up the story that Google had filed a brief back in June arguing that sending emails to someone else waives any reasonable expectation of privacy as to the content of those emails. I think the furor that has erupted is somewhat overblown, but that’s not what I want to focus on right now.

Rather, I want to focus on a different Google privacy argument from June. My post last week mentioned Google’s argument to the Ninth Circuit that the Wiretap Act does not protect unencrypted wi-fi signals. This argument has a lot of practical significance. Although the number is dwindling, many people still have unencrypted home wireless networks. Wi-fi hotspots, such as those found in coffee shops and airports, are often unencrypted. And many devices emit all sorts of unencrypted information on a regular basis, which an unscrupulous individual or company could use to track people. If Google is correct, all of that tracking and snooping would be be legally in the clear, at least as far as the Wiretap Act is concerned. The oral argument was two months ago, so a decision could come down at any time.

I began this post as a quick explanation of why I think Google’s argument is mistaken. I’d read the relevant statutory language probably a dozen times or more, and I thought Google’s interpretation was simply wrong. But the Wiretap Act is so convoluted that it is dangerous to draw conclusions without thoroughly mapping out a path through all the definitions and exceptions and exceptions to definitions. After having done that for this post, I don’t think Google’s argument is quite so wrong-headed anymore. But (insert dramatic twist musical cue here) I now believe it should ultimately fail anyway, for a reason I haven’t seen anyone mention–either because it’s eluded everyone else, or because it is so obviously wrong no one has bothered. Caveat emptor.

Much like the Wiretap Act itself, this post is going to be long and detailed, so I’ve broken it up into four (!) parts. In this part, I’ll explain the Ninth Circuit litigation and the basic arguments of the parties. In Part II, I’ll explain why I think Google’s arguments are stronger than an initial read might suggest. In Part III, I’ll make a foray into the legislative history to try to figure out how the Wiretap Act got the way it is. Finally in Part IV, I’ll explore whether Google should still lose based on a close look at how wi-fi actually works. Continue reading “Six Words in August”

Illinois Prohibits Employers From Seeking Social Networking Passwords

Posted on Categories Business Regulation, Computer Law, Labor & Employment Law, Privacy Rights, PublicLeave a comment» on Illinois Prohibits Employers From Seeking Social Networking Passwords

On August 1, 2012, Illinois Governor Pat Quinn signed into law a bill that prohibits employers from requesting or requiring employees or prospective employees from providing “any password or other related account information” to gain access to the individual’s social networking account. Ill. Public Act 097-0875. By enacting the legislation, Illinois joins Maryland as states that prohibit employers from obtaining social media account password information. The law amends the Illinois Right to Privacy in the Workplace Act, 820 ILCS 55, and is effective January 1, 2013.

Illinois’ new social media legislation confirms that employers maintain the right to create lawful workplace policies that regulate the use of computer equipment, e-mail, and internet use. Moreover, the law also allows employers to monitor employee use of the employer’s electronic equipment and e-mail. Employers also may still obtain publicly available information concerning employees or prospective employees under the new law.

As part of the Right to Privacy in the Workplace Act, the law is subject to investigation and enforcement by the Illinois Department of Labor. Potential damages under the law include reasonable attorney’s fees if the violation is found to be willful and knowing.

This legislation comes in response to public criticism of reported incidences of employers seeking social media account password information for purposes of evaluating position applicants. Illinois employers who currently engage in such practices should be aware that any hiring policy or practice that requires applicants or employees to reveal such information will be a violation of Illinois law after the end of the calendar year.

Cross-posted to General Counselor.

 

Here’s My Invite, so Friend Me, Maybe? Changing Notions of Privacy in Social Media

Posted on Categories Business Regulation, Labor & Employment Law, Privacy Rights, Public, Tort Law1 Comment on Here’s My Invite, so Friend Me, Maybe? Changing Notions of Privacy in Social Media

I first want to take a moment to thank the Marquette Law School Blog editorial faculty for inviting me to be the alumni blogger this month. I have enjoyed the content the MULS blog has offered since its inception, and I am honored to now be a part of it.

I primarily practice in management-side, labor and employment law in Wisconsin, but I have a special interest in how social media interacts with these practice areas. My posts will focus on various ways that social media collides with the law in this respect and others.

As a side note, I not only observe social media but I am a user, too. You can follow me on Twitter @jesse_dill. I typically Tweet about developments dealing with labor and employment law, Milwaukee, and the occasional grumblings about how my favorite teams are not meeting my perfectly reasonable (read: exceedingly high) expectations.

Social media services like Facebook, Twitter, LinkedIn, FourSquare, Instagram, and the like have quickly become the hot topic in my line of work because of their widespread use among employers and employees. Whether an employer wants to utilize a service for recruiting purposes or try to regulate its use by employees in the workplace, a host of fascinating issues arise while attempting to apply old legal theories to these new devices. Continue reading “Here’s My Invite, so Friend Me, Maybe? Changing Notions of Privacy in Social Media”

The Proper Procedure for Facebook Discovery, Part I

Posted on Categories Civil Procedure, Computer Law, Privacy Rights, Public3 Comments on The Proper Procedure for Facebook Discovery, Part I

An individual is involved in a civil lawsuit against someone — a tort suit, an employment discrimination suit, a civil rights suit — and the opposing party requests production of everything in his or her Facebook account during discovery. The individual refuses, or produces some material but not others, and the requesting party moves to compel. How should the court respond?

This situation is coming up increasingly frequently, and it appears to be confounding in many cases for everyone involved — judges, attorneys, and the parties themselves. Many individual litigants are no doubt surprised by such requests; not being familiar with the ordinary rules of discovery, they may not have realized that suing someone, or being sued, means that all relevant documents must be turned over — which might include every half-witted Facebook post or photograph pertaining to some issue germane to the lawsuit (such as, e.g., the plaintiff’s emotional well-being). Businesses have lived for years with the knowledge that a single wayward email from the CEO can sink a lawsuit; now individuals are experiencing the litigation effects when every decision or even fleeting thought is permanently recorded and archived. And destroying relevant material after the prospect of litigation becomes clear just makes matters worse.

But individual parties are not the only ones surprised by the interaction between civil discovery rules and social networking materials. Judges and attorneys often seem not to know exactly how to categorize the materials on a site like Facebook: is it all one relevant document? Multiple documents? How should the material be produced? Can the material be sought directly from the site via subpoena? Is the material shielded from discovery in any way? This confusion has led in some instances to court orders I’ve criticized as requiring overly broad production of social networking materials, with parties unnecessarily compelled to turn over entire accounts or even, in some cases, passwords to those accounts so opposing counsel can peruse them at will.

By and large most of those cases have been state cases, but federal courts are starting to issue opinions on social networking discovery as well. Over at Eric Goldman’s Technology & Marketing Law Blog, Venkat Balasubramani points to a recent decision from a magistrate judge in the District of Nevada, Thompson v. Autoliv ASP, Inc., No. 09-cv-01375, 2012 U.S. Dist. LEXIS 85143 (D. Nev. June 20, 2012). In Thompson, the judge ordered production of 5 years’ worth of Facebook and MySpace posts, photographs, and other materials to opposing counsel for its review. On a quick read Thompson might appear to fit into the category of overbroad decisions, but, despite an insufficient number of caveats in the opinion for my taste, I don’t believe it is.

I want to spend this post detailing exactly what’s wrong with an order compelling production of an entire social networking account, and why I think courts issuing such orders are going off the rails. Continue reading “The Proper Procedure for Facebook Discovery, Part I”