People v. Klapper, — N.Y.S.2d —, 2010 WL 1704796 (N.Y.City Crim.Ct., April 28, 2010)
Let’s hope that’s an overstatement.
A recent case from a criminal court in New York dealt with whether an employer violated the state’s law prohibiting unauthorized use of a computer (Penal Law 156.05). Though the court probably came to the right decision in dismissing the case, it said some puzzling things along the way about internet privacy.
The defendant-boss was alleged to have installed keylogging software on his employee’s work-issued computer. Through those means he acquired the password for the employee’s “personal” email account, and copied some messages from that account.
The court dismissed the case, finding that the prosecution had not alleged that defendant, the computer owner, had notice of any limited access to the computer or the email account. (After all, it was the employer’s computer.) The allegations further failed to allege that the employee had installed a security device to prevent unauthorized access or use.
That last part is a bit puzzling (wouldn’t the password protection on the “personal” email account satisfy that point?). But the real puzzling part of the opinion is how the court essentially destroyed the idea that there’s any hope for an expectation of privacy in internet communications.
Here’s the first paragraph of the opinion:
In this day of wide dissemination of thoughts and messages through transmissions which are vulnerable to interception and readable by unintended parties, armed with software, spyware, viruses and cookies spreading capacity; the concept of internet privacy is a fallacy upon which no one should rely.
Apart from grossly overstating the death of a reasonable expectation of privacy in internet communications, the pronouncement was not needed to dispose of the case. The matter only dealt tangentially with whether the victim had any privacy rights violated. The real analysis was on whether the defendant had notice that access to his employee’s email account was unauthorized.
Though the court was correct on focusing its analysis on that point, i.e., whether the access was authorized, the more general obituary of internet privacy would seem to elminate the need for that proper analysis.
If there’s no internet privacy, why should we even bother to ask ourselves whether access to an account is authorized? If the concept of internet privacy is a “fallacy,” as the court declared, aren’t all our communications open for inspection and review by anyone?