Facebook "Unfriending" May Create Legal Liability

Be careful whom you Facebook "friend" and "unfriend" because this act may have legal consequences.  An employment law case originating in Australia recently mentioned Facebook "Unfriending" in one of its decisions as a point of contention and it wouldn't surprise me if this issue gains more legal significance in similar cases around the world.

According to Wired UK, Australia's Fair Work Commission recently stated that that "unfriending" a work colleague showed a "lack of emotional maturity".  Did the commission declare the act bullying?  No; however, the fact that this was even mentioned demonstrates that the issue was on the minds of the commission's members and that it may play a larger role in future decisions.  

This new development demonstrates the importance of creating reasonable digital policies and training and continually educating employees about online issues.  The bottom line is that every digital mouse click and character posted may have legal repercussions.  Therefore, its imperative to ensure that the legal issues inherent are understood before you "friend" or "unfriend" people on Facebook and other electronic platforms.  

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.     

Did Volkswagen Violate the Computer Fraud and Abuse Act?

I was very troubled to learn that Volkswagen has been intentionally misleading consumers, governments, and other industry members about its cars' emissions.  This was obviously an attempt engineered to steal market share away from its competitors, harm consumers, and mislead governments about its practices.  As a former Volkswagen owner, I am outraged by this behavior.

When I recently took my car to have its bi-annual emissions inspection in Maryland, I wondered if the inspection was still really needed because I was under the impression that all cars today adhere to the EPA's emissions standards.  Obviously, Volkswagen's intentionally reckless and illegal behavior will ensure that state emissions testing programs will continue on for years to come.
    
There are potential FTC Article 5 unfair and deceptive trade practice and state consumer protection violations here.  In addition, it wouldn't surprise me if there are multi-billion dollar class action lawsuits filed.  However, one legal issue that has been largely overlooked is that it appears Volkswagen hacked its own car software for monetary gain.

Investigative Journalist Bob Sullivan was the first reporter to discuss the hacking issue in the proper context.  In a recent article he stated, the "Volkswagen story should be the beginning of some really serious soul searching, perhaps even a turning point for the Internet of Things.  It’s inevitable: our light bulbs, toasters, door bells, and our cars will all communicate some day soon.  We need a rock-solid ethic — not just laws, but a social morality — that machines should never do things unless people know all about them."

Did Volkswagen violate the Computer Fraud and Abuse Act by intentionally accessing software without car owners' knowledge or consent?  Did it also violate multiple state computer access/hacking laws?

While its too soon to speculate on all of the fallout that will occur, I believe this matter will bring more attention to computer/digital crimes, the Internet of Things, and the privacy and cyber security issues inherent.  My hope is that federal and state authorities make an example out of Volkswagen so other companies are less inclined to follow the same path.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.  

Cybersecurity Alert: Porn App Blackmails Users

As a former New Yorker, I loved the Broadway musical "Avenue Q".  There are some Broadway shows that have widespread appeal because they are a microcosm of our society.  The production had many memorable musical numbers; however, one that is timeless is "The Internet is for Porn."

In 2013, more people visited porn websites than Twitter, Amazon, and Netflix combined.  In other words, Avenue Q's "The Internet is For Porn" still resonates with audiences more than 12 years after it was introduced.  Not only have Broadway writers taken note of society's love affair with porn so have hackers and criminals.  

According to CNN, a porn app called, "Adult Player", "secretly takes your photo and locks you out of your digital device and demands $500 to unlock it.  This activity is known as ransomware and it is becoming a growing challenge.  Criminals have even successfully targeted police departments and law firms with these schemes.

To avoid becoming a victim of this type of crime, it is imperative to be careful what you download.  Even if something appears to be legitimate it may be a phishing expedition by a criminal enterprise. Therefore, if an email attachment or link looks suspicious delete it.  If someone really wants to get in touch with you they will figure out a way to do so.    

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.  

Back To School Student Privacy Issues

Since its back to school time, I thought it would be productive to discuss some digital privacy issues that parents and students should be thinking about.  During this time of the year, student privacy is hot because back to school means filling out Family Educational Rights and Privacy Act (FERPA) forms.  I filled one out over the weekend and I thought about what type of information I want to keep private and what was best for the school to share about my child (and our family) with other parents and the public.  For each parent or guardian, this is a personal decision and there are no wrong answers.  What may work for one family may not work for others.

On another note, be careful about what information you post about your children on various social media platforms.  In particular, be mindful that neither Facebook nor Google are "friends" of children's privacy.  Last year, it was uncovered in federal court that Google was scanning student emails for advertising purposes and I witnessed both Facebook and Google lobbying against stronger student digital data privacy laws in the state of Maryland.  With Facebook's new found interest in the education market, parents should be particularly leery about allowing their children's data to be "friends" with Facebook's data mining machine.

The bottom line is that parents should discuss these and other digital privacy issues with their children as soon as they start utilizing digital devices.  Its never too early to educate your kids about the virtual world that will affect their physical world.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.  

U.S. Dept. Of Justice v. Microsoft: The Fight For Digital Privacy

Last week, the U.S.government issued new guidance regarding when and how federal law enforcement may deploy cell phone site simulators (i.e. stingray technology) that collect consumer mobile phone/digital device data.  In general, the U.S. Department of Justice (DOJ) will now require federal officials obtain a warrant to deploy these technologies and utilize the data collected.  This change in policy signals that the U.S. government is beginning to understand that it must create reasonable rules and procedures regarding the collection and usage of digital evidence that adheres to the principles of the Fourth Amendment. 

While the federal government has changed its policy regarding the use of cell site simulators, I am perplexed that it hasn’t changed its position about some other digital data privacy issues. For example, in a New York City federal appeals courtroom later this week the DOJ will be squaring off against Microsoft in a matter about digital privacy law that has tremendous international ramifications.  In short, the federal government wants to be able to require U.S. based companies to turn over digital data that is held in foreign based servers without being required to follow the evidence collection laws of the countries where the data is located.  This position is very troubling and goes against well-established national and international law regarding the collection and usage of evidence. 

In general, to obtain physical evidence law enforcement must follow the laws of the jurisdiction where it is located.  In some circumstances jurisdiction occurs by citizenship.  However, here the data is located outside the U.S. and the user (DOJ target) doesn't appear to be American.  Under these facts, I question the DOJ's theory as to why it has the legal authority to obtain the requested information without the cooperation of the government of Ireland.  

The DOJ is arguing that data stored in digital clouds should be treated differently than evidence stored in physical filing cabinets.  Interestingly, the DOJ has so far won its flawed argument in federal court so Microsoft has taken its fight to the federal second circuit  court of appeals.  

Multiple academics (i.e. here and here) have previously written about this case (and so have I) because it sounds like a law school final exam.  For non-lawyers this means that the law is not clear on how to handle this specific situation.  If general jurisprudence on how to handle physical evidence is followed, the DOJ would be required to contact law enforcement agencies in the country (in this case it is Ireland) where the digital data is located.  However, since this is technology, and the information requested is stored in the cloud the courts are grappling with how to handle these issues.

DOJ is claiming (among other things) that since Microsoft (i.e. or other technology providers) has legal control over its servers in Ireland it should be required to turn over the data requested without going through the legal process in Ireland.  With this same argument, a foreign government could in turn claim that it doesn’t have to follow U.S. law when demanding access to U.S. consumer digital data located in the U.S. if the server provider has operations in that foreign country.

If the DOJ wins its legal argument, in addition to foreign governments making the same access demands to digital accounts located in the U.S., a win may also encourage U.S. tech companies to change the legal structure of their foreign subsidiaries to be able to legitimately claim that they do not have the authority to access and/or turn over customer data located in a foreign country.  This may lead to many high paying jobs being transferred from the U.S. to other countries to oversee the operations of these new legal entities. 

Amicus briefs from not only other technology companies, but also from civil rights groups, academic scholars, and privacy advocates supporting Microsoft's position demonstrate that this case is more than just about protecting the bottom line of the U.S. cloud industry. This case goes to the heart of the proper way to handle unique digital law and public policy issues.  Whether its through the federal courts, or via congressional action such as the Law Enforcement Access To Data Stored Abroad (LEADS) Act, or other similar legislation, the U.S. must set an example and take a leadership role on how to properly balance lawful access with personal privacy.  

Regardless of the outcome of this case, it is imperative that a broad international discussion occur on how to handle this and similar burgeoning digital law and public policy issues.  

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.