Category Archives: legislation
Reforming Electronic Privacy Laws
Laura Murphy and Grover Norquist
Before becoming a lawyer, I worked as a political consultant. As a result I am a political junky, mostly in areas that affect the legal profession and internet freedom. I saw commentary on Politico this morning by Grover Norquist, (the man who’s organization is famous for its “tax pledge” most often signed by conservative politicians) and Laura Murphy of the American Civil Liberties Union (strange bedfellows indeed), concerning internet privacy and the Electronic Communications Privacy Act (1986), an issue I have previously addressed on this blog. Norquist is a philosophically a libertarian, so along with tax issues, issues related to protection of privacy rights from government intrusion are important to him. Currently under the now 27 year old ECPA, any email over 180 days old is considered “abandoned”, and for a government agency to have access to those emails, all that is needed is a written statement that the emails are somehow “relevant” to a government investigation. No warrant necessary. I am of the opinion that such broad government power is a violation of 4th Amendment protections against unreasonable searches and seizures. It would be akin to government being able to read your diary entrees that are over 180 days old. Norquist and Murphy address this issue in the article and proposes a solution.
Technology has changed dramatically since 1986. With free, unlimited email storage and high-speed broadband service widely available, we no longer have to download email onto our hard drives. Instead, we indefinitely store our email and other personal effects — private reflections, financial records, photographs and love letters — in the “cloud,” where the power and flexibility of massive servers are available for free or at very low cost….
Our proposal is simple: All private communications and documents stored online with service providers should have the same protections from unreasonable search and seizure as material locally stored. If government agencies want to read emails, they should go to court, show probable cause to believe a crime is being committed and obtain a search warrant just as they would for postal mail and telephone calls.
Congresswoman Crowdsources Legislation on Reddit
Hey, I got a question I need answered! Luckily I decent number of followers on twitter, and friends on facebook. So I’ll just go ahead and put it out there and see if someone can answer. Usually it is something like “I am going to Vegas, what should I do while I am there” (keeping in mind that it will either stay in Vegas or end up on youtube). Or I might be hungry and ask the internet “Should I get Pizza or Mexican”. A bit more risky question would be “What should I wear for Halloween?”. Usually I will get a decent answer that meets my needs. This is an example of an appropriate use of crowdsourcing.
The following use posted on “The Atlantic Wire” is an example of an inappropriate use of crowdsourcing:
Just when you thought Reddit couldn’t become more powerful, Rep. Zoe Lofgren has enlisted the power of the crowd to help her write a new Internet law. It’s right up Reddit’s alley, too. Lofgren’s law will legislate how domain name seizures are handled in the United States, specifically in the cases of copyright infringement, accusations of libel and obscenity.
The new law would apply to cases like that of Kim Dotcom and Megaupload, not to mention the hundreds of cases that the U.S. Department of Justice has pursed with two separate sting operations against suspected violators. Redditors do not like it when the government seizes domain names, which is exactly why Lofgren, a California Democrat, says she wants their help with her new law
For those who really don’t know what Reddit is, it is sort of the Occupy Wall Street of the internet. Not that it blocks traffic, defecates on police cars, and smells like a open sewer hatch. Reddit is the Occupy Wall Street of the internet in the way it conducts its business through a series of up-twinkles and down-twinkles that show which ideas are to dominate the forum. Fairly democratic, but usually the most radical voices are the ones most likely to be heard. It is generally good for discussions on Star Wars, atheism, scientific development, and generally nerd stuff. However, they are not legislators, and while they are very much up on internet related issues, the view point is very narrow as it is not a very diverse demographic. Think of it this way, it is your High School AV club.
Luckily, there weren’t enough up-twinkles for this bid, so it never received a whole lot of traction on Reddit.
Rep. Lofgren should consider the needs of her district, and the population as a whole before she goes and let “the internet” decide what should and should not be a part of legislation that impacts us all.
Privacy in California, Online and on your Phone
Interesting developments on internet related privacy law in California. First, Governor Jerry Brown signed a bill which makes it illegal for employers to require individuals to turn over their password to their email and social media network accounts. Second, Governor Brown vetoes a bill which would require police to obtain a warrant before using cell phone or tablet computer tracking information to find an individual’s location.
Both issues involve an individuals expectation of privacy, and whether or not the information which is made available electronically diminishes that expectation. In my opinion, the reasonable divider between expectation of privacy is built on whether or not the information is made available to someone for commercial or other use.
On the issue of email and social network accounts. I would tend to look at those issues as being two separate items. In general, individuals do have a reasonable expectation of privacy in their own personal email accounts, not so with their work accounts. The content of emails is private, and no one other than the individual who has access to the account has access to that information. It is not used for tracking individuals webviewing or buying habits. The content is not analyzed for commercial use, and individuals are not shown advertisement based on the content of their emails. In otherwords, no one other than the user, uses that information. It is completely private.
In general, social networks are different, even under the strictest privacy settings, information posted on facebook and twitter is made available to (guess who), facebook and twitter. Even under their own privacy rules, social networks can and do use the information you post for commercial use. Often it is for targeting advertising, demographic studies, and other means made available to marketers for targeting and trend analysis purposes. With the signing of this bill, it appears that privacy rights with regards to employers, has been extended to include social networks. However, it has not extended the legal notion of “reasonable expectation of privacy” with regards to the governments ability to track information on social networks, or use it in establishing probable cause.
Same goes for tracking systems on cell phones. Every company you give permission to track your location on your mobile device, uses that information for some commercial purpose. So when you give goolgle maps “permission” to use your location, you may be allowing them to find out where you go and when in order to figure out your habits. This again may be used for targeting purposes.
So guess what, if you give access to a company information for their own use, even though you may think it is private, you have voluntarily dimished your own reasonable expectation of privacy. And, so if companies can use the information, in general that means the government can too.
Jerry Brown Mulls Cyber Crime Legislation in California
When I purchased my first internet law casebook, it was the lightest casebook I ever bought. The subject matter was so new, there was not nearly enough material to fill the book. At the time, the focus of the cases were creating means to use existing “terrestrial” law and apply it to online activity. The debate has turned to whether or not there needs to be a separate set of laws to govern activity on the internet.
Such a debate is now playing out in California, home of Silicon Valley, and Facebook. Governor Jerry Brown has signed a bill into law directing the L.A County Sheriff and the Alemeda County district attorney to monitor the internet to help determine whether or not California needs a new set of state laws to deal with Internet-related crimes. Specifically, they are directed to compile statistics related to identity theft, stalking, child molestation, and other internet related crimes for a period of one year. law From the L.A. Times.
“One of the most effective weapons in the fight against cyber-crime is accurate data and information,” said Evan Westrup, a spokesman for the governor.
State Sen. Ellen Corbett (D-San Leandro) introduced the measure a year after Facebook, Google, Twitter and other companies successfully lobbied to kill legislation she promoted that would have allowed parents to restrict their children’s personal information on social networking sites and limit disclosure of information about adults.
It seems that this bill was largely designed to create a justification for Corbett’s original bill, in order to bolster support and counter act the actions of social media and search engines who worked to kill the bill. It is much easier to build a support base for restrictive legislation if you can show evidence that such a restriction is necessary. In other words, this is a first step towards state governed internet restrictions.
Both GOP and Democrats include anti-PIPA/SOPA in Party Platforms
It appears both the Democrats and the Republicans agree that PIPA/SOPA is a bad idea, a conclusion they probably came to when the internet blew up earlier this year in the wake of both pieces of legislation working their way through congress. Now it seems that both parties have decided to oppose the measures in their respective party platforms.
First it was the Republicans, spearheaded by Senator Marco Rubio R-Fla, who has been at the forefront of this issue since this past January, and played a large influence in forming the plank on the GOP platform. From the Washington Post:
GOP adopts Internet freedom plank: Part of the platform the Republican party adopted Tuesday night included language to protect Internet freedom, something that lawmakers and interest groups on both sides of the aisle have been calling for in recent months….
The Republican plank is focused on removing regulation around technology businesses, as well as language that would protect personal data online from the government. The platform language also says that the party will “resist any effort” to move Internet governance away from its current multistakeholder model in favor of international or “intergovernmental” organizations.
President Obama has also come out in favor of including and Anti-SOPA/PIPA plank on the Democratic Party platform after it was included on the GOP platform. From deathandtaxes:
Yesterday, during his Reddit AMA, President Obama stepped up and joined the call for internet freedom, saying that it would also be in the DNC’s platform at the upcoming Democratic National Convention, and writing, “Internet freedom is something I know you all care passionately about; I do too. We will fight hard to make sure that the internet remains the open forum for everybody.”
Where the two parties differ is over the issue of Net Neutrality, with Democrats supporting Net Neutrality and Republicans opposing it Net Neutrality is the principal that government should regulate internet service providers by preventing the ISP’s from limiting bandwidth as a means of edging out competitors. It is a major sticking point between those who want internet regulation to keep the internet open for consumers, and those who feel that ISP’s should not be regulated.
No matter how you look at it, Net Neutrality is government regulation of the internet, even if it is merely regulating the actions of ISP’s. As much as it appears like a good thing on the surface, it opens the door for more government regulation of online activity. If this is the major conflict related to internet regulation, I for one, welcome the debate.
In Illinois, Employers Can’t Ask for Your Facebook Password
… At least before you get hired.
This issue was addressed some months ago, in the news. Around the same time I was asked the same question by a reader.
Thanks to a new law signed by Governor Pat Quinn, it appears that an potential employer can no longer ask you for your facebook, or any other social media password in a job interview or as a condition of hire.
From ABC News:
Gov. Pat Quinn signed the law Wednesday at the Illinois Institute of Technology, where several students lamented that online snooping by bosses has caused some to lose out on jobs and forced others to temporarily deactivate their online profiles.
Illinois is only the second state to have such a law on the books, and it leaves no exceptions — even for openings that require thorough background checks.
I believe that this law is a step in the right direction for privacy concerns. However it does bring up some interesting questions. Does a person have a reasonable expectation of privacy in what they put on facebook? If so, what are the limitations?
I ask this primarily because of other areas of law, such as tort, where there exists a strong legal standard for privacy particularly in the home. Social Media is a different game all together. Some items you post on facebook can only be seen by “friends” others by “friends of friends”, still others, “everyone”. So where does the reasonable expectation come in? Secondarily, is the reasonable expectation of privacy dimished if a person has say “1,000″ friends, as opposed to a dozen? What about those who open their pages to subscribers? These questions will likely be answered through the courts, so only time will tell.
The internet is still the wild west in the legal profession.
There was really a law against lying on the Internet?
This morning, I came across an article on Fox News about the Rhode Island legislature repealing a law that made it a crime to lie on the internet. The law, which was passed in the prodigy dominated internet era back in 1989, made lying on the internet punishable by up to a $500 fine and 1 year in prison. Criminal lawyers know this type of punishment as the highest punishment you can get with a crime that is just a misdemeanor.
In 1989 this might have made a little sense since the only people using the internet for anything other than looking at an encyclopedia and maybe some shopping, were government officials and the military. It may have at one time been necessary to enforce honesty in internet communications. However, I don’t think it was ever really enforced because there is no way the law would pass first amendment scrutiny in the courts. Still, this is a law that I am sure everyone in America broken. Here is a list of things that would qualify as a crime under this law.
- Posting an older picture of yourself on facebook, claiming it was new.
- Shedding 10lbs off your weight in a dating profile
- Claiming to have worked with Mario van Peebles on a TV show when you were just an extra (actually that would probably be O.K.)
- Photoshopping yourself in your profile picture
- Every single World of Warcraft avatar
- Being a politician who’s political speech just happened to have been posted online
- Posting a picture of your cat talking in broken English (Cat’s don’t talk… really they don’t)
- Saying you’re in corporate management, when you work the night shift at 7-11
You see how this can get a little hairy? So what “crimes” do you think people routinely commit on the internet?
Obsidian Finance Group v. Cox- A Case every blogger should know.
I recently spoke on a panel discussion on legal issues facing bloggers at BlogCon 2012 in Charlotte, NC, generously sponsored by FreedomWorks, and the Franklin Center for Government and Public Integrity. I intended to discuss a very important case currently being litigated in the United States District Court for the District of Oregon, but ran out of time.
In my opinion, this case shows the need for first amendment issue advocacy on behalf of bloggers, and also expressly shows why it is important for bloggers to have insurance.
The facts of the case are simple. The defendant made statements on her blog which may have been defamatory. The Plaintiff filed a defamation suit against the defendant. The judge dismissed on summary judgment all but one of the issues contained in the complaint (a summary judgment is where a judge rules that there is no issue that needs to be brought to trial, and that as a matter of law, the case is decided in one way or another). On the one issue that remained, the judge ruled very strongly against the first amendment rights of bloggers.
Shield Laws
While the court stated that shield laws did not apply, due to the information being allegedly defamatory, the Court also opined on how shield laws should apply to bloggers.
Defendant contends that she does not have to provide the “source” of her blog post because of the protections afforded to her by Oregon’s Shield Laws. I disagree. First, although defendant is a self-proclaimed “investigative blogger” and defines herself as “media,” the record fails to show that she is affiliated with any newspaper, magazine, periodical, book, pamphlet, news service, wire service, news or feature syndicate, broadcast station or network, or cable television system. Thus, she is not entitled to the protections of the law in the first instance.
So, shield laws do not apply to bloggers because they are not “media” because they are not affiliated with any newspaper, magazine, periodical, book, pamphlet, news service, etc. etc. This is an important factor to think about. Is it a requirement under the law to be “affiliated” with a news service to be considered “media”? This is particularly interesting because the law cited in the previous paragraph states that the “Medium of Communication” is broadly defined, and is not limited to “News papers, magazine, periodical, etc.”. So is the court here narrowing the scope of the definition of “Media” to explicitly exclude bloggers?
Anti-SLAPP and the First Amendment
Oregon has an anti-SLAPP law. The defendant made the mistake of not attaching the anti-SLAPP motion at the outset, however the judge said that this didn’t matter because in this case the First Amendment protections did not apply in the first place. If the plaintiff is a public figure, then in general, the plaintiff has to prove that the defendant had “actual malice” in stating the false or defamatory statement (see. New York Times v. Sullivan, 376 U.S. 254 (1964)). In this case the judge ruled that the plaintiff was not a public person or even a limited public person, so actual malice is not the standard. This is not the important part. If the person is not a public person, then the plaintiff still needs to show that the defendant was at least negligent in their publication of the false or defamatory comment (Gertz v. Welch 418 U.S. 323 (1974)). The court ruled that Cox was not a media defendant, and so Gertz did not apply, therefor not allowed the First Amendment protections afforded to the media.
Defendant fails to bring forth any evidence suggestive of her status as a journalist. For example, there is no evidence of (1) any education in journalism; (2) any credentials or proof of any affiliation with any recognized news entity; (3) proof of adherence to journalistic standards such as editing, fact-checking, or disclosures of conflicts of interest; (4) keeping notes of conversations and interviews conducted; (5) mutual understanding or agreement of confidentiality between the defendant and his/her sources; (6) creation of an independent product rather than assembling writings and postings of others; or (7) contacting “the other side” to get both sides of a story. Without evidence of this nature, defendant is not “media.”
Again, we have the court applying a test to define what is and what is not considered “media”. The court stated that the defendant showed no evidence to define her as media. But, should she have to? Shouldn’t the court rule in favor of First Amendment protections, and leave it to the defense to prove in front of a jury that she is somehow “not” media? How can this be a ruling as a matter of law?
Need for Advocacy
Cases like this are likely to come up, and judges are likely to rule in the very same matter. This is why bloggers need advocates. They need advocates to reform legislation to specifically mention “bloggers” as media because the nature of media is changing, and the courts are slow to recognize this. With the shuttering of many small market newspapers and the shift of the remaining groups away from expensive investigative reporting, it has been up to bloggers and online media groups to pick up the slack. They cannot do it alone, there needs to be cohesion amongst bloggers to protect their first amendment rights. There needs to be active advocacy on behalf of bloggers.
Need for Insurance
As I stated last week at BlogCon, bloggers need insurance, and this case is a prime example of why. Originally the defendant defended herself pro se, and I speculate she did so because she could not afford legal representation. This was largely a mistake and she lost largely because she did not have the necessary legal training. But more importantly the amount in controversy is $2.5 Million. $1.5 Million to the Finance Group, and $1 million to the named plaintiff. This types of lawsuits have the potential to render many bloggers destitute for merely exercising their first amendment rights. Insurance could have the effect of both helping to pay litigation costs, and making payouts in the event the defendant loses. Like I stated before, insurance programs for bloggers are in development. In the mean time, bloggers need to check to see if they are covered under their existing insurance programs
The entire court opinion can be read here.
New Legislation Replaces Dead SOPA and Dying PIPA
First there was the cumbersome named and even more cumbersome acronym, Comba
ting Online Infringement and Counterfeits Act (COICA). This bill died in committee. Then there was the more simply named and Stop Online Piracy Act (SOPA) and its brother in the Senate, Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA- originally PROTECT IP). SOPA was referred to committee on the House floor, PIPA was placed into permanent suspended animation in the Senate.
Now comes the Cyber Intelligence Sharing and Protection Act (CISPA). It doesn’t have the teeth of COICA, nor the cool acronym of SOPA and PIPA, but could it pass? It seems that every new version of this bill erodes the power and control of the federal government in exchange for either greater support or less opposition by corporate interests and digital rights advocates.
There are differences between SOPA and CISPA. First, CISPA does not put onus of enforcement on internet service providers. Under SOPA, ISP’s were required to strangle bandwidth from sites suspected of violating copyright. Instead the responsibility for protecting copyright is on the copyright holders themselves. CISPA also does not create a necessarily antagonistic relationship between internet companies and the government. Instead it encourages information sharing for the sake of increased cyber security. While shifting balance between privacy and cyber security will always be controversial, it may be necessary given the increase in cyber attacks over the past five years.
It maintains to be seen whether or not this bill can attain what SOPA and COICA couldn’t, enough bi-partisan support to pass and amend the national security act.
Federal Laws take aim at Amazon Tax Issues
Sorry I have not been writing for a while. Skyles Law Group is getting off to a great start, and I have been preparing to move offices. This, combined my obligations to actually practice law, means I have not had any time to blog, and there has been a lot of news lately. I have not been writing about the changes in ICANN , or the legislative activities involving PROTECT-IP and SOPA, (aka. Lucifer and Beelzebub), even though they have been in the news lately. This will change.
Continuing with previous themes, there has been developments in the Federal Amazon Law. The Venerable Declan McCullagh over at CNET has written a comprehensive article on the subject. In short, while Amazon.com has endorsed one of the two bills going through congress, others are not on board and are preparing to fight. Here is an exherpt.
“It (Ebay) is the largest retailers that are growing,” Cohen will tell a House of Representatives committee tomorrow, according to remarks obtained by CNET. “And not surprisingly, those giant retailers are lined up united in proposing a change in remote sales tax law.”…
eBay’s remarks represent an escalation in the war of words between it, Amazon.com, and big box retailers. An excerpt from Cohen’s (Tod Cohen, Ebay’s General Counsel) remarks:
The largest retailer on the Internet, Amazon, is a business with a national network of facilities, and is growing fastest. The giant “Brick & Click” retailers are also growing their market share online. In short, while small business retailers are active online and are adopting technology, they are not winning the race under the status quo…
The face of retail has changed dramatically over the past four decades. At the heart of the story has been the expanding dominance of giant retailers at the expense of small business. Giants have grown more dominant in retail; small independent retailers have been pushed to the edges. To illustrate, big-box discount retailers accounted for 42 percent of total retail sales in 1987. As of July 2010, their market share had jumped to 87 percent… The retail giants make up 18 of the Top 25 retail websites today…
The article addresses the main problem with the state Amazon laws, namely the Quill decision. It accurately states however, that Congress could step in, and that is exactly what Congress is doing in this case. More to come I am sure.
James Skyles
