Here’s a terrific infographic from Veracode that helps one navigate the candidates’ positions on the complex issue of cybersecurity:
Infographic by Veracode Application Security
Hat tip to Ron Coleman.
Eagle v. Morgan, 2012 WL 4739436 (E.D.Pa. October 4, 2012)
After plaintiff was fired as an executive, her former employer (using the password known by another employee) took over plaintiff’s LinkedIn account. It kept all of plaintiff’s contacts and recommendations but switched out plaintiff’s name and photo with those of the new CEO.
Plaintiff sued in federal court under the Computer Fraud and Abuse Act, the Lanham Act, and a slew of state law claims including identity theft, conversion and tortious interference. The former employer moved for summary judgment on the CFAA and Lanham Act claims. The court granted the motion, but continued to exercise supplemental jurisdiction over the state law claims.
On the CFAA claim, the court found that plaintiff failed to show how the taking over over her account gave rise to a cognizable loss under the CFAA. The kinds of losses she tried to prove, e.g., lost future business opportunities and professional reputation, did not pertain to any impairment or damage to a computer or computer system. Moreover, the court found, plaintiff failed to specify or quantify the damages she alleged.
As for the Lanham Act claim, the court found that there was no likelihood of confusion. It noted that “anyone who navigated to [plaintiff’s] LinkedIn account would be met with [the new CEO’s] name, photograph and new position.” Accordingly, there was no effort to “pass off” the new CEO as plaintiff or to otherwise suggest an endorsement or affiliation.
Though it dismissed all the federal claims, the court kept the pending state law claims. The matter had been before the court for over a year, the judge was familiar with the facts and the parties, and dismissing it so soon before trial would not have been fair.
U.S. v. Mask, 2012 WL 3562034 (N.M.Ct.Crim.App., August 14, 2012)
No doubt Facebook use can be an enemy to marriage — see, for example, this recent article about how Facebook was named in a third of divorce filings in 2011. A recent case from the military courts shows how using Facebook can put a spouse’s very life in peril.
Defendant wife became angry when she accessed her husband’s Facebook account. An argument ensued between defendant and her husband about the content of husband’s Facebook page, which escalated and turned violent. The two struggled, with defendant yanking the modem out of the wall and striking husband. She continued to hit him, causing him to back into the kitchen, where defendant grabbed a knife and stabbed husband in the abdomen, saying, “that’s what you get, mother fucker.”
Husband survived, and wife was tried and convicted of attempted manslaughter. She sought review with the Navy–Marine Corps Court of Criminal Appeals. On appeal the court affirmed the conviction and five year sentence. It held the evidence at trial was sufficient to support the verdict, and that defendant’s Fifth Amendment rights had not been violated.
U.S. v. Meregildon, — F.Supp.2d —, 2012 WL 3264501 (S.D.N.Y. August 10, 2012)
The government suspected defendant was involved in illegal gang activity and secured the assistance of a cooperating witness who was a Facebook friend of defendant. Viewing defendant’s profile using the friend’s account, the government gathered evidence of probable cause (discussion of past violence, threats, and gang loyalty maintenance) which it used to swear out a search warrant.
Defendant argued that the means by which the government obtained the probable cause evidence – by viewing content protected by defendant’s Facebook privacy settings – violated defendant’s Fourth Amendment rights. The court denied defendant’s motion to suppress.
It held that where Facebook privacy settings allowed viewership of postings by friends, the Government could access them through a friend/cooperating witness without violating the Fourth Amendment. The court compared the scenario to how a person loses his legitimate expectation of privacy when the government records a phone call with the consent of a cooperating witness who participates in the call. It held that defendant’s legitimate expectation of privacy ended when he disseminated posts to his Facebook friends because those friends were then free to use the information however they wanted, including sharing it with the government.
According to this news report, a man in Martinsville, Indiana allegedly shot the mother of his 14-month-old daughter after the woman broke up with him through Facebook. Though one should not jump to concluding that Facebook caused this murder, we are left to consider whether the nature of social media communications contributed to the alleged killer’s motivation.
Breaking up is supposed to be a private event. Though we do not know the precise means the woman used to communicate the breakup (was it a private message or an IM, or was it more public like a status update or wall post?), one cannot help but notice the incongruity of using a social media platform to communicate a sensitive matter. Equally intriguing as the breakup is the man’s alleged apology in advance that he posted to Facebook before the murder.
Social media, just like any technology, gives us choices. Stories like this show how, in certain circumstances, human nature may not always be up to the task of making the right decisions when that process is affected by a novel context like the seemingly public context of Facebook.
Bashaw v. Johnson, 2012 WL 1623483 (D.Kan. May 9, 2012)
Some employees filed suit after they learned that their boss — who required them to wear skirts to work — allegedly installed the Cam-u-flage video surveillance app on his iPhone and iPad to surreptitiously capture upskirt shots of plaintiffs at work.
The boss filed a counterclaim under the Computer Fraud and Abuse Act (CFAA), claiming that plaintiffs deleted data from his iDevices without authorization. Plaintiffs moved to dismiss this counterclaim. The court granted the motion.
The court held that the boss failed to allege the nature of his alleged damages within the meaning of the CFAA, and that he failed to sufficiently allege a qualified loss as defined by the statute.
As for damage, the court found that the mere allegation that data had been erased, without identifying which data, did not meet the plausibility requirement to survive a motion to dismiss. (Hmm. I wonder what data the plaintiff-employees would have wanted to delete?)
On the question of loss, the employer alleged that such calculation “would exceed” the CFAA threshold of $5,000. But he did not allege that he actually incurred losses in that amount. He did not mention any investigative or response costs, nor did he allege any lost revenues or other losses due to an interruption in service.
Photo credit: Magic Madzik
Had a great time hosting This Week in Law Episode 150, which we recorded on February 24. (Thanks to Denise Howell for handing over the hosting reins while she was off for the week.) It was a really fun conversation with three very smart panelists — Mike Godwin, Greg Sergienko and Jonathan Frieden. We talked about copyright and free speech, encryption and the Fifth Amendment, and the state of internet privacy.
If you’re not a regular listener or viewer of This Week in Law, I hope you’ll add it to your media diet. I’m on just about every week (sometimes I’m even referred to as a co-host of the show). We record Fridays at 1pm Central (that’s 11am Pacific, 2pm Eastern). The live stream is at http://live.twit.tv and the page with all the past episodes and various subscription options is http://twit.tv/twil.
Court refuses to consider common law invasion of privacy tort to support restraining order under Minnesota statute.
Olson v. LaBrie, 2012 WL 426585 (Minn. App. February 13, 2012)
Appellant sought a restraining order against his uncle, saying that his uncle engaged in harassment by posting family photos of appellant (including one of him in front of a Christmas tree) and mean commentary on Facebook. The trial court denied the restraining order. Appellant sought review with the state appellate court. On appeal, the court affirmed the denial of the restraining order.
It found that the photos and the commentary were mean and disrespectful, but that they could not form the basis for harassment. The court held that whether harassment occurred depended only on a reading of the statute (which provides, among other things, that a restraining order is appropriate to guard against “substantial adverse effects” on the privacy of another). It was not appropriate, the court held, to look to tort law on privacy to determine whether the statute called for a restraining order.
If I left my coat in a taxi that was later impounded because, unknown to me, the driver was transporting heroin in the trunk, would I be left out in the cold?
People who used Megaupload to lawfully store and transfer files are rightfully upset that their stuff is unavailable after last week’s raid. Some groups in other countries say they are going to sue the U.S. government. Would a lawsuit like that get anywhere in a U.S. court?
The Fifth Amendment — best known for its privilege against self-incrimination — says that “private property [shall not] be taken for public use, without just compensation”. (You can impress your legally-trained friends at parties by confidently and casually referring to the Takings Clause.) Does the Takings Clause give innocent Megaupload users a right to be paid the value of the files they are being deprived of while the feds use the servers on which those files are stored to prove their case against Kim Dotcom and company?
Back in 2008, Ilya Somin and Orin Kerr had a conversation on the Volokh Conspiracy discussing this question of whether the Fifth Amendment protects innocent third parties who lose property in a criminal investigation. If you read that commentary you will see that a case over the Megaupload takedown might be tough for a number of esoteric reasons, not the least of which is Supreme Court precedent.
There are some face-value problems with a case like this as well. Has the government taken the property for a “public use”? One could argue that the reason the servers (including the innocent content) were seized was for the so-called public good of going after piracy. But then the innocent content is not being “used” in connection with the prosecution — it just happens to be there.
I do not pretend to know the answers to this inquiry, and I’m relying on sharper Constitutional minds than mine to leave some good comments. (If you know Ilya Somin or Orin Kerr, send them a link to this post!) All I know is that it does not seem fair that users of the cloud should so easily be deprived in the name of law enforcement.
U.S. v. Fricosu, 10-CR-00509 (D. Colo. January 23, 2012)
Pursuant to a warrant, federal agents seized defendant’s laptop from her home. When investigators turned it on, they saw the hard drive’s contents were encrypted using PGP Desktop. Defendant would not voluntarily turn over the password to decrypt the drive, so the Government filed an application under the All Writs Act to require defendant to “assist” in the execution of the search warrant. Defendant objected, asserting her privilege against self-incrimination under the Fifth Amendment.
The court rejected defendant’s arguments, granted the Government’s application and ordered defendant to provide an unencrypted copy of the hard drive. It found that the situation did not implicate defendant’s Fifth Amendment rights.
The Fifth Amendment provides that no person shall be compelled in any
criminal case to be a witness against himself. For the most part, this privilege only covers testimony. But an act that implicitly communicates a statement of fact may be within the purview of the privilege as well. For example, producing a document (or electronic data, for that matter) is an acknowledgment that the material:
The court held that defendant’s Fifth Amendment rights were not implicated because providing an unencrypted copy of the hard drive did not serve to accomplish any of the three points listed above.
The feds had confiscated the computer, so they knew of the location and existence of the computer files. (The court found that the fact that investigators did not know the specific content of any specific files on the computer did not matter.) And as for the authenticity of the computer files, the government would presumably be able to do that in other ways. Among other things, the computer was found in defendant’s bedroom. Information on the screen that showed up when it was turned on contained defendant’s first name. And perhaps most damningly, investigators had a taped phone conversation between defendant and her ex-husband discussing the computer and the fact it was password protected.