Here’s My Invite, so Friend Me, Maybe? Changing Notions of Privacy in Social Media

Posted on Categories Business Regulation, Labor & Employment Law, Privacy Rights, Public, Tort Law1 Comment on Here’s My Invite, so Friend Me, Maybe? Changing Notions of Privacy in Social Media

I first want to take a moment to thank the Marquette Law School Blog editorial faculty for inviting me to be the alumni blogger this month. I have enjoyed the content the MULS blog has offered since its inception, and I am honored to now be a part of it.

I primarily practice in management-side, labor and employment law in Wisconsin, but I have a special interest in how social media interacts with these practice areas. My posts will focus on various ways that social media collides with the law in this respect and others.

As a side note, I not only observe social media but I am a user, too. You can follow me on Twitter @jesse_dill. I typically Tweet about developments dealing with labor and employment law, Milwaukee, and the occasional grumblings about how my favorite teams are not meeting my perfectly reasonable (read: exceedingly high) expectations.

Social media services like Facebook, Twitter, LinkedIn, FourSquare, Instagram, and the like have quickly become the hot topic in my line of work because of their widespread use among employers and employees. Whether an employer wants to utilize a service for recruiting purposes or try to regulate its use by employees in the workplace, a host of fascinating issues arise while attempting to apply old legal theories to these new devices. Continue reading “Here’s My Invite, so Friend Me, Maybe? Changing Notions of Privacy in Social Media”

The Proper Procedure for Facebook Discovery, Part I

Posted on Categories Civil Procedure, Computer Law, Privacy Rights, Public3 Comments on The Proper Procedure for Facebook Discovery, Part I

An individual is involved in a civil lawsuit against someone — a tort suit, an employment discrimination suit, a civil rights suit — and the opposing party requests production of everything in his or her Facebook account during discovery. The individual refuses, or produces some material but not others, and the requesting party moves to compel. How should the court respond?

This situation is coming up increasingly frequently, and it appears to be confounding in many cases for everyone involved — judges, attorneys, and the parties themselves. Many individual litigants are no doubt surprised by such requests; not being familiar with the ordinary rules of discovery, they may not have realized that suing someone, or being sued, means that all relevant documents must be turned over — which might include every half-witted Facebook post or photograph pertaining to some issue germane to the lawsuit (such as, e.g., the plaintiff’s emotional well-being). Businesses have lived for years with the knowledge that a single wayward email from the CEO can sink a lawsuit; now individuals are experiencing the litigation effects when every decision or even fleeting thought is permanently recorded and archived. And destroying relevant material after the prospect of litigation becomes clear just makes matters worse.

But individual parties are not the only ones surprised by the interaction between civil discovery rules and social networking materials. Judges and attorneys often seem not to know exactly how to categorize the materials on a site like Facebook: is it all one relevant document? Multiple documents? How should the material be produced? Can the material be sought directly from the site via subpoena? Is the material shielded from discovery in any way? This confusion has led in some instances to court orders I’ve criticized as requiring overly broad production of social networking materials, with parties unnecessarily compelled to turn over entire accounts or even, in some cases, passwords to those accounts so opposing counsel can peruse them at will.

By and large most of those cases have been state cases, but federal courts are starting to issue opinions on social networking discovery as well. Over at Eric Goldman’s Technology & Marketing Law Blog, Venkat Balasubramani points to a recent decision from a magistrate judge in the District of Nevada, Thompson v. Autoliv ASP, Inc., No. 09-cv-01375, 2012 U.S. Dist. LEXIS 85143 (D. Nev. June 20, 2012). In Thompson, the judge ordered production of 5 years’ worth of Facebook and MySpace posts, photographs, and other materials to opposing counsel for its review. On a quick read Thompson might appear to fit into the category of overbroad decisions, but, despite an insufficient number of caveats in the opinion for my taste, I don’t believe it is.

I want to spend this post detailing exactly what’s wrong with an order compelling production of an entire social networking account, and why I think courts issuing such orders are going off the rails. Continue reading “The Proper Procedure for Facebook Discovery, Part I”

Can a Prospective Employer Request Facebook Login Information?

Posted on Categories Computer Law, Privacy Rights, Public3 Comments on Can a Prospective Employer Request Facebook Login Information?

I’ve been remiss in posting on the recent stories about potential employers requesting social networking login information in job interviews, but I see that noted cybercrime expert Orin Kerr, a law professor at George Washington University, was on C-SPAN’s Washington Journal this morning, and his comments in the first few minutes of this recording basically sum up what I had to say on this issue: it’s unclear, but such activity may be prohibited by federal law. I just have one additional point to add: although the specific policy result here may seem obvious, the larger question of when use of a dodgily-obtained password violates unauthorized access statutes is actually a much more difficult one.

The civil case Orin refers to in the recording is Pietrylo v. Hillstone Restaurant Group, No. 06-5754 (FSH), 2009 WL 3128420, 2009 U.S. Dist. LEXIS 88702 (D.N.J. Sept. 25, 2009). In Pietrylo, the District of New Jersey upheld a jury verdict against the defendant employer under the Stored Communications Act, 18 U.S.C. § 2701, which prohibits any person from “intentionally access[ing] without authorization a facility through which an electronic communication service is provided . . . and thereby obtain[ing], alter[ing], or prevent[ing] authorized access to a wire or electronic communication while it is in electronic storage in such system.” Pietrylo and other employees participated in a private chat group on MySpace in which they were critical of Hillstone management. One of the managers requested that one of the participants give him her password, which she did, on the reasonable supposition that she “felt that [she] probably would have gotten in trouble” if she refused. Continue reading “Can a Prospective Employer Request Facebook Login Information?”

New Law Review Comments Cover Social Networking, Wind Farms, Deceptive Trade Practices Act, Open Records Law, and Purchase Money Security Interests

Posted on Categories Computer Law, Criminal Law & Process, Environmental Law, First Amendment, Intellectual Property Law, Legal Scholarship, Marquette Law School, Privacy Rights, Wisconsin Law & Legal System, Wisconsin Supreme Court1 Comment on New Law Review Comments Cover Social Networking, Wind Farms, Deceptive Trade Practices Act, Open Records Law, and Purchase Money Security Interests

Now available online, the recently published student comments in the Marquette Law Review cover a wide range of topics.  They include Nathan Petrashek’s comment on the impact of online social networking on Fourth Amendment privacy.  Since social networking sites like Facebook and MySpace attract both criminals (e.g., sexual predators, identity thieves) and the police who investigate them, the question whether users have a reasonable expectation of privacy in their voluntary disclosures under the well-established Katz test is poised to become a significant issue in the near future.  Petrashek relies on Fourth Amendment doctrine, as well as the First Amendment right of association and good public policy, to argue that user content should be shielded from police scrutiny in the absence of a warrant.

Meanwhile, Marvin Bynum’s Golden Quill-winning comment addresses the feasibility of establishing offshore wind farms in Lakes Michigan and Superior.  Continue reading “New Law Review Comments Cover Social Networking, Wind Farms, Deceptive Trade Practices Act, Open Records Law, and Purchase Money Security Interests”

NASA v. Nelson and Public Employee Informational Privacy

Posted on Categories Constitutional Interpretation, Labor & Employment Law, Privacy RightsLeave a comment» on NASA v. Nelson and Public Employee Informational Privacy

4United States Supreme Court 112904 Yesterday, the United States Supreme Court heard oral argument in the public employee informational privacy case of NASA v. Nelson (oral tanscript here). Rather than reinvent the wheel on this one, I want to direct reader’s to Prof. Lior Strahilevitz’s (Chicago Law) excellent analysis of the oral argument on PrawfsBlawg.

Here are some highlights: 

Having read the transcript, it seems likely that the Court will reverse the Ninth Circuit and hold that the government may ask open-ended questions as part of a security clearance process for government employees. Beyond that, though, very little is clear . . . .

Continue reading “NASA v. Nelson and Public Employee Informational Privacy”

Can You Be Forced to Turn Over Your Social Network Passwords in a Civil Case?

Posted on Categories Civil Procedure, Computer Law, Privacy Rights7 Comments on Can You Be Forced to Turn Over Your Social Network Passwords in a Civil Case?

Let’s say you’re the plaintiff in a civil case against a neighbor, an employer, or a company you’ve done business with. One of the many pains of litigation is the discovery process–the process whereby each side collects information that it believes will help it win the case. Discovery can come in many forms, such as conducting depositions (sworn testimony from witnesses), requesting documents, or even requesting permission to visit a site and look around.

But let’s say that you have a Facebook account. The other side believes that some of your Facebook communications might be relevant to the case, so they specifically request access to your account. You refuse, and the issue goes to the court to sort out (if you’re in federal court, under Rule 37, for those of you playing at home). How should the court rule? Specifically, what should the court order you to do? Do you have to give the password for your account over to a party that, to put it mildly, you are probably not on the best of terms with?

Surprisingly, at least one court has said yes [Update: see comments below], and I believe similar requests are being made in courts all around the country. I believe this is a deeply disturbing development and is the result of either a failure to understand social networking technology, the rules of civil procedure, or both. Continue reading “Can You Be Forced to Turn Over Your Social Network Passwords in a Civil Case?”

Intimate Associations and Public Employment

Posted on Categories Civil Rights, Labor & Employment Law, Privacy RightsLeave a comment» on Intimate Associations and Public Employment

Sexharass FirehelmetIn the past, I have written about my belief that public employees’ rights to sexual privacy should enjoy the same protection afforded First Amendment rights to speech and religion.

So far, courts have been unreceptive to my claims that post-Lawrence v. Texas, the right to sexual privacy represents a heightened constitutional right which should lead only to employer interference with that right if the employer has a legitimate and substantial justification for so doing.  The most recent example of courts’ lack of receptivity to this argument comes from the Eleventh Circuit yesterday.  Continue reading “Intimate Associations and Public Employment”

Supreme Court Takes Public Employee Informational Privacy Case

Posted on Categories Civil Rights, Labor & Employment Law, Privacy Rights, U.S. Supreme CourtLeave a comment» on Supreme Court Takes Public Employee Informational Privacy Case

4United States Supreme Court 112904 The United States Supreme Court granted cert today in the public employee privacy case of NASA v. Nelson, No. 09-530 (petition for cert here). The case will consider whether NASA, a federal agency, violated the informational privacy rights of employees, who worked in non-sensitive contract jobs, by asking certain invasive questions during background investigations.

General Kagan, for the government, filed the petition for cert and is asking the Court to overturn the 9th Circuit decision which directed a district court to issue a preliminary injunction on behalf of contract workers at NASA’s Jet Propulsion Laboratory (JPL) operated by the California Institute of Technology under a contract with the federal government.  The General maintains that the privacy expectations of the employees are minimal because they have are in the government employment context, these are standard background forms that the government is using, and the Privacy Act of 1974 protects this information from disclosure to the public.

The case was originally brought in 2007 by twenty-eight scientists and engineers employed as contractors at JPL on behalf of a potential class of 9,000 employees that NASA classifies as low-risk employees. Questions included in the background check ask about “any treatment or counseling” for illegal drug use, and forms issued to references seek “adverse information” about the workers’ employment, residence, and activities regarding violations of the law, financial integrity, abuse of alcohol or drugs, mental or emotional stability, general behavior, and “other matters.”

This will be an interesting case for a number of reasons. Continue reading “Supreme Court Takes Public Employee Informational Privacy Case”

Does Google Buzz Violate COPPA?

Posted on Categories Computer Law, Privacy RightsLeave a comment» on Does Google Buzz Violate COPPA?

Google Buzz logoDanielle Citron over at Concurring Opinions invited me to write a guest post expanding on a comment I wrote yesterday on her post on the Google Buzz story. I’m reposting it here with more of the links enabled, which got lost in translation:

Google’s new social networking service, Google Buzz, has obviously been all over the news lately, in part for various complaints about Google’s privacy practices. Those complaints have focused on the way in which Buzz, enrollment in which was automatic for Gmail users, initially defaulted to effectively sharing users’ email contacts with the public. EPIC has filed a complaint with the FTC arguing that this combination of automatic enrollment and “opt-out” of information-sharing was an unfair or deceptive trade practice in violation of Section 5 of the FTC Act.

But that’s not what caught my attention in Danielle’s post. What really set off alarm bells in my head was Danielle’s recounting how her children and their friends, all under the age of 13, suddenly had their Gmail accounts turned into Google Buzz accounts, and then proceeded to upload all sorts of information about themselves using the service. That raises the prospect that Google Buzz, by collecting such information without getting the appropriate parental consent, violated the Children’s Online Privacy Protection Act, or COPPA. I haven’t seen any discussion of this issue anywhere else.

COPPA is one of the few privacy statutes with real bite: it has strict rules that require substantial effort to follow, and the FTC has shown itself to be a vigorous enforcer. Indeed, the FTC has gone after two social networking sites for COPPA violations recently, and in one case imposed a fine of $1 million. So is Google violating COPPA? The answer is unclear but there’s definitely risk for Google here. Continue reading “Does Google Buzz Violate COPPA?”

Work Email: “I Always Feel Like … Somebody’s Watching Me”

Posted on Categories Labor & Employment Law, Privacy RightsLeave a comment» on Work Email: “I Always Feel Like … Somebody’s Watching Me”

Bigbortherorwell No, this post is not about the singer Rockwell or that annoying Geico commercial, but about whether you should just assume that your boss monitors your email.

A new Wall Street Journal article suggests that is what exactly may be happening, but now there is some push back from employees and their advocates:

Big Brother is watching. That is the message corporations routinely send their employees about using email.

But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically . . .

In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property.

Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees.

That was what happened in a case earlier this year in New Jersey, when an appeals court ruled that an employee of a home health-care company had a reasonable expectation that email sent on a personal account wouldn’t be read.

To be honest, I don’t think this a new trend at all (though it makes a nice theme in a WSJ story). Since I was practicing management side employment law back in the late 90s, we would advise clients routinely that they had to have clear language in their employee handbooks that employees had no expectation of privacy in their computers, internet browsing, or emails.

Nothing new, but still a good practice for employers to follow if they want to avoid this type of lawsuit.

Hat Tip: Joe Seiner

More Thoughts on Marriage

Posted on Categories Constitutional Interpretation, Human Rights, Political Processes & Rhetoric, Privacy Rights2 Comments on More Thoughts on Marriage

Sean Samis has posted a lengthy response to my post expressing “different” thoughts on the Iowa decision on same-sex marriage. I thank him for his response and, while I think he has got it wrong, he’d get a great grade for his efforts in my Law & Theology seminar or Wisconsin Supreme Court class and so he deserves a response. Given the length of the remarks that I am about to make, I once again thought it better to post separately.

I have come to believe that the underlying presumptions of proponents and opponents of same-sex marriage are almost ontological in their differences about the nature of the law and the way in which it shapes and is shaped by society. We are all hard-wired now days to think of constitutional law as, largely, the mediation between the “rights” of individuals and the “demands” of the state. The former are seen as radically subjective, while the latter are the sum of their legal incidents. The former are not to be judged, and the latter are often examined for their “fit” without regard for their interaction with extralegal norms and institutions.

We also are steeped in an almost eschatological view of the law in which we see the claims of some new “discrete and insular minority” as analogous to those advanced during the civil rights movement and somehow validated by an Hegelian move toward “equality” and progressivism. Continue reading “More Thoughts on Marriage”

Is Congress About to Require Home Users to Keep Wi-Fi Logs?

Posted on Categories Computer Law, Privacy Rights1 Comment on Is Congress About to Require Home Users to Keep Wi-Fi Logs?

According to this breathless story on CNET, sinister congressional forces are afoot attempting to impose a record-keeping requirement on home networks. But as I warn my Internet Law students every year, you just can’t rely on CNET posts on legislative developments, particularly the more sensational the headline. And that turns out to be true here as well. I doubt anyone in Congress actually intends to require home network users to maintain visitor logs. If that unexpected result does come about, it’s because Congress and the courts are miscommunicating. There’s a deeper problem with the relevant statutory language here, but it’s one that’s been around for a while.

Here’s the situation: wrongdoing on the Internet is often difficult to track down, because often the only reliable traces a malfeaser leaves behind is their computer’s IP address. It’s a bit like having someone’s phone number show up on caller ID. But unlike phone numbers, IP addresses often change. If the phone company didn’t keep any track of who had what phone numbers, the police or victims of harassment wouldn’t have any way of using the number to track the perpetrator down. It’s the same with IP addresses. Usually internet access providers keep track of who they assign IP addresses to, but there’s no requirement that they do so. There’s also no requirement that they keep such information for any particular length of time—it’s purely up to them, and storing data costs money, so ISPs purge their logs on a regular basis. So suppose a kidnapper logs into Gmail and sends an email with a ransom demand to the victim’s family. If Google chooses not to keep any access logs, there may be no way for the police to track the kidnapper down, even if the kidnapper took no steps to cover his or her tracks.

Enter the Internet SAFETY Act, yet another in the long line of recent Congressional bills with cutesy acronyms.

Continue reading “Is Congress About to Require Home Users to Keep Wi-Fi Logs?”