Facebook's recent decision to eliminate the ability for users to hide from a Timeline search may be a boon to Cyber bullies, stalkers, murders, etc.. who utilize Facebook to harm others. As Forbes noted earlier this year, "the new tool will make Facebook stalking much easier".
Facebook's business model is basically, "we built an online hang out for you to you play in, so go play; however, everything you do in our playroom is subject to our rules and we may change them at anytime so we can better monetize your digital activities." This philosophy is made crystal clear in Facebook's terms and conditions.
Facebook is currently being used by murderers, rapists, criminals, etc.. to commit unlawful acts. For example, a model was killed last year after her stalker lured her to her death utilizing Facebook. In 2010, a rapist used Facebook to create a fake profile so he stalk an ex-girlfriend. Earlier this year, a murderer connected with his victim through Facebook to kidnap and kill a teenager.
The bottom line is that Facebook should do more to protect its users' privacy. This policy change may be perceived as one that does not protect the privacy of its users. Perception becomes reality. One simple way for users to perceive that Facebook still cares about its users' privacy is to enable users to be able to hide from a Timeline search.
While Facebook has generally been immune from defections due to its privacy policies could this be the tipping point that changes its users' perception about the social network?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, October 11, 2013
Wednesday, October 2, 2013
Court: Fake Social Media Profiles Of Teachers By Students Ok
In the Social Media Age, the old adage that "sticks and stones can break my bones, but names can never harm me" is more important than ever. In a recent case, an assistant middle school principal sued 5 students and their parents because the students allegedly created fake social media profiles of him that were not flattering.
The assistant middle school principal claimed that the students violated the federal Computer Fraud and Abuse Act. The court dismissed one of the students from the lawsuit and it would not surprise me if the court dismisses the rest of the plaintiff's claims soon. While the plaintiff may have a stronger case suing under another theory, I believe the students and their parents have a strong First Amendment defense that may defeat most if not all potential claims.
Last year, North Carolina enacted a law that makes it unlawful for students to:
While North Carolina's law has good intentions, I would find it hard to believe that it does not violate the First Amendment. It would not surprise me if a federal court eventually rules that this law is unconstitutional.
The bottom line is that schools need to do a better job of educating their students, teachers, and administrators about digital issues.
The assistant middle school principal claimed that the students violated the federal Computer Fraud and Abuse Act. The court dismissed one of the students from the lawsuit and it would not surprise me if the court dismisses the rest of the plaintiff's claims soon. While the plaintiff may have a stronger case suing under another theory, I believe the students and their parents have a strong First Amendment defense that may defeat most if not all potential claims.
Last year, North Carolina enacted a law that makes it unlawful for students to:
Use a computer or computer network to do any of the following:
(1) With the
intent to intimidate or torment a school employee, do any of the following:
a. Build a fake
profile or Web site.
b. Post or
encourage others to post on the Internet private, personal, or sexual
information pertaining to a school employee.
c. Post a real or
doctored image of the school employee on the Internet.
While North Carolina's law has good intentions, I would find it hard to believe that it does not violate the First Amendment. It would not surprise me if a federal court eventually rules that this law is unconstitutional.
The bottom line is that schools need to do a better job of educating their students, teachers, and administrators about digital issues.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Saturday, September 28, 2013
Will the European Union Ban Data Mining of Student School Content?
To lower costs and increase efficiencies a growing number of educational institutions are transitioning from utilizing internal servers to external cloud based services. Well known technology companies such as Amazon,
Google, HP, IBM, Microsoft, and Oracle are
competing to become the go-to cloud service provider for schools.
Milton
Friedman, a famous economist, popularized the phrase, "there ain't no such thing
as a free lunch". In other words, one always has to pay for a
good or service, whether by exchanging money or giving up something of value. During the past decade, a growing number of digital companies have
adopted a model where they offer their services for free in the hope that their
platform gains widespread acceptance. In
return, those utilizing these services pay for the service by giving up their
personal privacy by accepting agreements that enable service providers to
monetize their personal information.
Education
budgets in some European member states have been slashed during the past
several years due to the economic downturn.
Some cloud computing providers appear to be capitalizing on these deep budget cuts as part of
their pitch to governments and educational institutions. Unfortunately, some digital service
providers do not have the best intentions because strong privacy protections are not built
into the design of some of their platforms.
These companies may require schools to execute agreements that do not properly protect the personal data of students. For example, Sweden's data protection authority recently ordered a school district to stop utilizing Google Apps for Education because the service contract didn't comply with Sweden's Data Protection Act. In other words, Google's agreement with a municipality in Stockholm did not provide the proper safeguards to protect student data.
These companies may require schools to execute agreements that do not properly protect the personal data of students. For example, Sweden's data protection authority recently ordered a school district to stop utilizing Google Apps for Education because the service contract didn't comply with Sweden's Data Protection Act. In other words, Google's agreement with a municipality in Stockholm did not provide the proper safeguards to protect student data.
The
model UK Google Apps For
Education Agreement,
states, "Customer agrees that Google may serve advertisements (“Ads“)
in connection with the Service to End Users who are not designated by Customer
as enrolled students." Does this
clause mean that teachers, administrators, and almuni are served ads? Since students most likely are utilizing
school provided email to communicate with their teachers and teachers may discuss student matters with administrators via email are teacher-student
and administrator-student, and teacher-administrator emails data mined and monetized by Google?
Another troubling agreement clause states, "Customer agrees that any
revenue generated by Google from the Ads or otherwise derived by Google from
the Services will be retained by Google and will not be subject to any revenue
sharing." Does this indicate
that in addition to serving ads based upon teacher-student/administrator-student/teacher-administrator digital interactions, the information contained in these emails may be
monetized in other forms not necessarily mentioned in the agreement?
SafeGov.org recently
released a report about cloud computing and student privacy. The organization conducted "in-depth
interviews with over a dozen
representatives of European Data Protection Authorities (DPAs) as well
as a number of European Commission officials involved in the development of
data protection policy." Their
report found, "wide support for the idea that vulnerable data subjects
such as school children deserve special protection."
SafeGov.org's findings stated that some cloud providers may be offering schools services that
were initially built for the consumer behavioral advertising market and that
these services do not appear to have privacy by design built into their architecture. According to SafeGov.org,
"advertising-oriented cloud services may jeopardize the privacy of data
subjects in schools, even when ad-serving is nominally disabled."
Some
major threats to student privacy noted in SafeGov.org's report include:
Lack of privacy
policies suitable for schools: "[C]loud providers may
deliberately or inadvertently force schools to accept policies or terms of
services that authorize user profiling and online behavioral advertising."
Potential for commercial
data mining:
"When school cloud services derive from ad-supported consumer services
that rely on powerful user profiling and tracking algorithms, it may be
technically difficult for the cloud provider to turn off these functions even
when ads are not being served."
User interfaces
that don't separate ad-free and ad-based services: "By
failing to create interfaces that distinguish clearly between ad-based and
ad-free services, cloud providers may lure school children into moving
unwittingly from ad-free services intended for school use (such as email or
online collaboration) to consumer ad-driven services that engage in highly
intrusive processing of personal information (such as online video, social
networking or even basic search)."
Contracts that
don't guarantee ad-free services:
"By using ambiguously worded contracts and including the option to
serve ads in their services, some cloud providers leave the door open to future
imposition of online advertising as a condition for allowing schools to
continue receiving cloud services for free."
SafeGov.org's
findings are very troubling and demonstrate the need for regulators and
lawmakers in the EU to be proactive to protect the personal privacy of our next
generation of leaders. While this report
was based upon research performed in the EU, it would not surprise me if regulators
and lawmakers around the world have similar thoughts and ideas regarding the
need to protect vulnerable groups such as students and children from behavioral advertising. Shouldn't all students and children, regardless of their
geographic location, be afforded the same privacy protections?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, September 27, 2013
France's CNIL: Google Failed To Comply With EU Data Protection Laws Before Enforcement Notice Deadline
The CNIL, France's Data Protection Authority has released a statement that Google has failed to comply with its order set in its enforcement notice to reverse its 2012 privacy policy change. According to the CNIL,
"[o]n the last day of the three-month time period [September 20, 2013] given to Google Inc., the company [Google] contested the reasoning followed by the CNIL, and notably the applicability of the French data protection law to the services used by residents in France. Therefore, it has not implemented the requested changes. In this context, the Chair of the CNIL will now designate a rapporteur for the purpose of initiating a formal procedure for imposing sanctions, according to the provisions laid down in the French data protection law."
On October 15, 2012, I wrote that the CNIL may require Google to reverse its March 2012 privacy policy update that enables it to better monetize its users' personal information. On June 20, 2013, "France's data protection watchdog (CNIL) said Google had broken French law and gave it three months to change its privacy policies or risk a fine of up to 150,000 euros ($200,000)."
While potential fines may be a drop in the bucket to Google's bottom line, it would not surprise me if data protection authorities across the world turn up the heat against Google and utilize all available legal and regulatory avenues to ensure that Google complies with their data protection laws.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
"[o]n the last day of the three-month time period [September 20, 2013] given to Google Inc., the company [Google] contested the reasoning followed by the CNIL, and notably the applicability of the French data protection law to the services used by residents in France. Therefore, it has not implemented the requested changes. In this context, the Chair of the CNIL will now designate a rapporteur for the purpose of initiating a formal procedure for imposing sanctions, according to the provisions laid down in the French data protection law."
On October 15, 2012, I wrote that the CNIL may require Google to reverse its March 2012 privacy policy update that enables it to better monetize its users' personal information. On June 20, 2013, "France's data protection watchdog (CNIL) said Google had broken French law and gave it three months to change its privacy policies or risk a fine of up to 150,000 euros ($200,000)."
While potential fines may be a drop in the bucket to Google's bottom line, it would not surprise me if data protection authorities across the world turn up the heat against Google and utilize all available legal and regulatory avenues to ensure that Google complies with their data protection laws.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, September 23, 2013
New California Law Protects Minors From Digital Mistakes
A new California law is leading the way to protect our children's digital privacy. Earlier today, Gov. Brown signed into SB-568 Privacy: Internet: Minors that will protect the online privacy of those under
18 years of age who reside in the State of California. According to CA Senate President Pro Tem Darrell Steinberg, the bill's sponsor, the legislation "requires all web sites, social media sites and apps to allow anyone under 18 to remove content they posted earlier."
The new law will become effective as of January 1, 2015. It has two main provisions. It seeks to protect minors by generally prohibiting operators of digital platforms (such as web sites, online services, online applications, mobile apps, etc...) from knowingly marketing and advertising to a minor a broad range of products specified in the law. Some of these products may include alcoholic beverages, firearms, ammunition, tobacco products, fireworks, lottery tickets, tattoos, drug paraphernalia. In addition, the new law requires operators of digital platforms to notify minors of their rights to remove content or information they posted and honor their requests to remove such data, subject to specified conditions and exceptions.
California has become the first state to offer greater digital protections to minors than the recently revised Children's Online Privacy Protection Act. While SB-568 is a win for the digital privacy of minors, those under 18 should not use this as an excuse to be reckless about their digital lives. For example, the law does not enable a minor to require a digital platform remove content that another person posts about that minor. In addition, Internet companies are only required to remove publicly available content a minor posts and not data that is not publicly viewable.
While SB-568 may help protect California minors from some digital mistakes that may harm their ability to gain acceptance into the college of their dreams, it should not replace educating our children about these issues.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
The new law will become effective as of January 1, 2015. It has two main provisions. It seeks to protect minors by generally prohibiting operators of digital platforms (such as web sites, online services, online applications, mobile apps, etc...) from knowingly marketing and advertising to a minor a broad range of products specified in the law. Some of these products may include alcoholic beverages, firearms, ammunition, tobacco products, fireworks, lottery tickets, tattoos, drug paraphernalia. In addition, the new law requires operators of digital platforms to notify minors of their rights to remove content or information they posted and honor their requests to remove such data, subject to specified conditions and exceptions.
California has become the first state to offer greater digital protections to minors than the recently revised Children's Online Privacy Protection Act. While SB-568 is a win for the digital privacy of minors, those under 18 should not use this as an excuse to be reckless about their digital lives. For example, the law does not enable a minor to require a digital platform remove content that another person posts about that minor. In addition, Internet companies are only required to remove publicly available content a minor posts and not data that is not publicly viewable.
While SB-568 may help protect California minors from some digital mistakes that may harm their ability to gain acceptance into the college of their dreams, it should not replace educating our children about these issues.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, September 19, 2013
Dead Cyberbullying Victim's Image Used In Facebook Ad
Bullying whether offline or in cyberspace has the potential to cause great pain for its victims and their families. With the increased usage of social media, more bullies are going online to target their victims. Unfortunately, the children's rhyme, "sticks and stones may break my bones, but words will never harm me," is losing some power in today's social media fueled world.
Over the past several years, there have been multiple incidents where online bullying has been a contributing factor in teenagers committing suicide. These tragedies demonstrate the need for parents and teachers to stress the importance that the above children's rhyme is now more important than ever. In addition to better educating our children, social media platforms must do a better job of policing their web sites and making the personal privacy of their users a top priority.
One such example of a social media platform putting profits ahead of personal privacy is when Facebook was recently caught featuring a photo of Canadian teenage Rehtaeh Parsons who killed herself earlier this year. Even though Facebook apologized for allowing this to happen, it demonstrates that most digital platforms are reactive in nature and not proactive when it comes to privacy. While I am generally not a proponent for stricter regulations, this appears to be another example of why stronger digital privacy laws may be needed to protect our children from companies that may be putting profits ahead of privacy.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Over the past several years, there have been multiple incidents where online bullying has been a contributing factor in teenagers committing suicide. These tragedies demonstrate the need for parents and teachers to stress the importance that the above children's rhyme is now more important than ever. In addition to better educating our children, social media platforms must do a better job of policing their web sites and making the personal privacy of their users a top priority.
One such example of a social media platform putting profits ahead of personal privacy is when Facebook was recently caught featuring a photo of Canadian teenage Rehtaeh Parsons who killed herself earlier this year. Even though Facebook apologized for allowing this to happen, it demonstrates that most digital platforms are reactive in nature and not proactive when it comes to privacy. While I am generally not a proponent for stricter regulations, this appears to be another example of why stronger digital privacy laws may be needed to protect our children from companies that may be putting profits ahead of privacy.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Social Media Scam Entangles Miami Heat Star
Athletes and other high profile individuals are constant targets of scams offline and on social media. Earlier this year, Manti Te'o, then a student-athlete with Notre Dame was the target of an elaborate catfishing scheme that almost destroyed his NFL career before he was even drafted. Manti Te'o is not alone in being targeted by con artists who utilize electronic communications. The Miami Heat's Chris Andersen was also recently entangled in a digital scheme that almost destroyed his NBA career and personal life.
These incidents are the tip of the iceberg. I have counseled multiple high profile individuals who have been the target of these scams. Fortunately for most of my clients, they usually contact me before these issues become public knowledge. When I provide services to professional athletes, professional sports teams, college athletic departments, Fortune 500 executives, and other high profile clients, I discuss these type of issues and the importance of limiting one's digital footprint. Unless one is able to authenticate the person with whom they are texting with and/or sending emails/social media messages with I do not recommend communicating with them.
The bottom line is that some people are putting their guard because a growing number of self-styled social media consultants are advocating that high profile individuals should focus on increasing one's social media usage to build one's personal brand and/or their school and/or corporate brand. My philosophy is different. It is about protecting the individual, school, corporation, etc... first. Brand building is a long process that takes years of hard work and a handful of Tweets or Facebook posts won't do it despite what some self-styled social media consultants advocate.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
These incidents are the tip of the iceberg. I have counseled multiple high profile individuals who have been the target of these scams. Fortunately for most of my clients, they usually contact me before these issues become public knowledge. When I provide services to professional athletes, professional sports teams, college athletic departments, Fortune 500 executives, and other high profile clients, I discuss these type of issues and the importance of limiting one's digital footprint. Unless one is able to authenticate the person with whom they are texting with and/or sending emails/social media messages with I do not recommend communicating with them.
The bottom line is that some people are putting their guard because a growing number of self-styled social media consultants are advocating that high profile individuals should focus on increasing one's social media usage to build one's personal brand and/or their school and/or corporate brand. My philosophy is different. It is about protecting the individual, school, corporation, etc... first. Brand building is a long process that takes years of hard work and a handful of Tweets or Facebook posts won't do it despite what some self-styled social media consultants advocate.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, September 18, 2013
4th Circuit Appeals Court: Facebook "Like" Is Protected Free Speech
The Fourth U.S. Circuit Court of Appeals has ruled that "liking" a Facebook page may be protected free speech. In this case,
a Virginia man, Daniel Ray Carter, “Liked” the “Jim Adams for Hampton Sheriff” Facebook page in 2009. The incumbent sheriff learned of his
subordinate’s (Mr. Carter's) “Like” for his opponent and fired Carter
shortly after he won re-election. Mr. Carter sued, and in 2012 a U.S. District judge ruled that "Facebook ‘Likes’ aren’t enough speech to warrant constitutional protection."
To help explain the context of its opinion, the court cited the 1994 case, City of Ladue v. Gilleo, and reasoned that Facebook "likes" are similar to political lawn signs because they are both symbolic expressions. In addition, the court stated the "thumbs-up" symbol may be considered similar to a 1974 case (Spence v. Washington), which held that expression occurs when "there is an intent to convey a particularized message".
This ruling demonstrates that a growing number judges are willing to extend free speech protections that we have in the traditional world to the digital or social media world. The bottom line is that government and private sector employers along with schools need to better understand the issues inherent with social media to avoid social media legal liability.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC All rights reserved.
To help explain the context of its opinion, the court cited the 1994 case, City of Ladue v. Gilleo, and reasoned that Facebook "likes" are similar to political lawn signs because they are both symbolic expressions. In addition, the court stated the "thumbs-up" symbol may be considered similar to a 1974 case (Spence v. Washington), which held that expression occurs when "there is an intent to convey a particularized message".
This ruling demonstrates that a growing number judges are willing to extend free speech protections that we have in the traditional world to the digital or social media world. The bottom line is that government and private sector employers along with schools need to better understand the issues inherent with social media to avoid social media legal liability.
Copyright 2012 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, September 17, 2013
The terms and conditions that apply to the storage of your data are important
The
terms and conditions of a digital service provider are extremely important
because they govern their legal obligations to their customers. Businesses, governments, and schools are
moving from internal
servers to cloud based platforms and with this change in platforms comes
a concern regarding the privacy and security of sensitive corporate,
government, and personal identifiable information.
Clicking "I Agree" when registering for a new digital account/service or when a digital service's policies have been updated may have major legal consequences. The television show South Park made an interesting observation about what may happen when a company changes its terms and conditions in an episode last year titled the Human Centipad. While this episode demonstrated the potential pitfalls of what may happen when you agree to terms and conditions you may not understand, an online British retailer once inserted a clause into its digital agreements that gave it the right to reclaim its customers' immortal souls.
Interestingly, Google declined to be interviewed for TACMA. May Google's refusal to directly answer TACMA's questions serve as an admission that Hoback's film provides an accurate portrayal of Google's privacy policies? For those who question the film's accuracy, The Wall Street Journal recently stated "the breadth of Google's information gathering about Internet users rivals that of any single entity, government, or corporation....Google's privacy policy puts few restrictions on how much it can collect or use."
TACMA publicizes the importance of reading and understanding the terms and conditions of digital platforms. However, is greater awareness about these issues the only solution or are stronger laws and more robust enforcement actions required to protect users from companies that put profits ahead of privacy?
Clicking "I Agree" when registering for a new digital account/service or when a digital service's policies have been updated may have major legal consequences. The television show South Park made an interesting observation about what may happen when a company changes its terms and conditions in an episode last year titled the Human Centipad. While this episode demonstrated the potential pitfalls of what may happen when you agree to terms and conditions you may not understand, an online British retailer once inserted a clause into its digital agreements that gave it the right to reclaim its customers' immortal souls.
Recently,
I attended a showing of a new documentary titled Terms
and Conditions May Apply (TACMA). The film emphasizes the importance of
reading and understanding the terms and conditions of digital platforms. In particular, the documentary explores in-depth the privacy
policies and data collection practices of some of the most popular web based
services that are utilized by businesses, governments, and schools.
TACMA spends a significant amount of time discussing the privacy policies and practices of LinkedIn and Google. As a platform focused on professionals and the corporate market one may think that LinkedIn's terms and conditions would protect the privacy of the data that its professionals and corporate partners post. However, according to TACMA's director, Cullen Hoback, "LinkedIn's [terms and conditions are] abysmal. It’s the most over-reaching, ridiculous and shouldn’t-be-allowed-to-exist contract out there that I found." This description is not surprising since LinkedIn recently announced that it has lowered its minimum U.S. user age from 18 to 14 years old. This move appears to be designed to enable it to collect a treasure trove of personal information from high school students.
LinkedIn is not alone in requiring users to agree to terms and conditions that may not properly protect the privacy and security of its users. Google's March 2012 privacy policy change eroded the personal privacy of its users in order to enable it to better monetize the data it collects about those who utilize its services. Before Google's consolidated privacy policy became effective, data protection authorities across Europe raised serious concerns about the legality of the change and stated that they would investigate the matter. During the past several months, multiple European data protection authorities have stated that Google's privacy policy change violates data protection laws.
TACMA spends a significant amount of time discussing the privacy policies and practices of LinkedIn and Google. As a platform focused on professionals and the corporate market one may think that LinkedIn's terms and conditions would protect the privacy of the data that its professionals and corporate partners post. However, according to TACMA's director, Cullen Hoback, "LinkedIn's [terms and conditions are] abysmal. It’s the most over-reaching, ridiculous and shouldn’t-be-allowed-to-exist contract out there that I found." This description is not surprising since LinkedIn recently announced that it has lowered its minimum U.S. user age from 18 to 14 years old. This move appears to be designed to enable it to collect a treasure trove of personal information from high school students.
LinkedIn is not alone in requiring users to agree to terms and conditions that may not properly protect the privacy and security of its users. Google's March 2012 privacy policy change eroded the personal privacy of its users in order to enable it to better monetize the data it collects about those who utilize its services. Before Google's consolidated privacy policy became effective, data protection authorities across Europe raised serious concerns about the legality of the change and stated that they would investigate the matter. During the past several months, multiple European data protection authorities have stated that Google's privacy policy change violates data protection laws.
When
TACMA premiered in January of this year at the Sundance Film Festival, the film alleged that Google's
earliest privacy policies were not listed in its publicly available privacy policy
archive. One of Google's earliest privacy policies from December
of 2000 stated, "A
cookie can tell us, [t]his is the same computer that visited Google two days
ago, but it cannot tell us, [t]his person is Joe Smith or even, [t]his person
lives in the United States." This
privacy policy indicates that during its early years Google had a policy in place that respected and protected its users' personal privacy.
However,
by December of 2001, the language
"it [a cookie] cannot tell us, this person is Joe Smith or even, [t]his
person lives in the United States," had been removed from Google's privacy
policy. Eliminating these protections from its privacy policy appears to have
been the turning point when Google stopped making user privacy a top
priority. Updating a privacy policy that removes user anonymity protections may jeopardize
personal privacy and security.
According
to CNET,
TACMA "provides special scrutiny of Google, and argues that the company
bowed to advertiser pressure by removing language from its privacy policy
promising users anonymity unless they willingly gave it up." Regarding Google's privacy policy history, Hoback
stated, "[t]hey [Google] really did care in the beginning quite a lot
about privacy. But when your profit margins come in direct opposition to your
principles, sometimes those principles suffer."
Interestingly, Google declined to be interviewed for TACMA. May Google's refusal to directly answer TACMA's questions serve as an admission that Hoback's film provides an accurate portrayal of Google's privacy policies? For those who question the film's accuracy, The Wall Street Journal recently stated "the breadth of Google's information gathering about Internet users rivals that of any single entity, government, or corporation....Google's privacy policy puts few restrictions on how much it can collect or use."
TACMA publicizes the importance of reading and understanding the terms and conditions of digital platforms. However, is greater awareness about these issues the only solution or are stronger laws and more robust enforcement actions required to protect users from companies that put profits ahead of privacy?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, August 30, 2013
NJ Federal Court: Password Protected Facebook Posts Covered By Stored Communications Act
A New Jersey federal district court recently ruled that non-public Facebook posts are protected by the Stored Communications Act. The decision in Ehling v. Monmouth-Ocean HospitalService Corp., demonstrates that courts are continuing the trend of recognizing that we still have an expectation of privacy in the digital age.
In Ehling, a paramedic working for a hospital made an alleged inappropriate post on her password protected Facebook account. The post was forwarded by one of the paramedic's Facebook friends to management who disciplined the paramedic because of the post. Initially, the paramedic challenged the discipline before the NLRB and lost. Subsequently, the paramedic filed a lawsuit in federal court claiming that management violated the federal Stored Communications Act and the common law invasion of privacy tort.
While the Court granted summary judgment in favor of hospital management on both claims it stated, "The Court finds that, when users make their Facebook wall posts inaccessible to the general public, the wall posts are “configured to be private” for purposes of the SCA. The Court notes that when it comes to privacy protection, the critical inquiry is whether Facebook users took steps to limit access to the information on their Facebook walls. Privacy protection provided by the SCA does not depend on the number of Facebook friends that a user has."
This decision is a huge victory for privacy because it recognizes that employers and schools may not require employees and/or students turn over their digital user names, passwords, or password protected digital content. The bottom line is that employers and schools may not require their employees or students to "Facebook Friend" them as a requirement to keep their scholarship or job unless they are interested in losing a lawsuit.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
In Ehling, a paramedic working for a hospital made an alleged inappropriate post on her password protected Facebook account. The post was forwarded by one of the paramedic's Facebook friends to management who disciplined the paramedic because of the post. Initially, the paramedic challenged the discipline before the NLRB and lost. Subsequently, the paramedic filed a lawsuit in federal court claiming that management violated the federal Stored Communications Act and the common law invasion of privacy tort.
While the Court granted summary judgment in favor of hospital management on both claims it stated, "The Court finds that, when users make their Facebook wall posts inaccessible to the general public, the wall posts are “configured to be private” for purposes of the SCA. The Court notes that when it comes to privacy protection, the critical inquiry is whether Facebook users took steps to limit access to the information on their Facebook walls. Privacy protection provided by the SCA does not depend on the number of Facebook friends that a user has."
This decision is a huge victory for privacy because it recognizes that employers and schools may not require employees and/or students turn over their digital user names, passwords, or password protected digital content. The bottom line is that employers and schools may not require their employees or students to "Facebook Friend" them as a requirement to keep their scholarship or job unless they are interested in losing a lawsuit.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, August 29, 2013
New Jersey Bans NCAA Social Media Monitoring Companies
New Jersey Governor Chris Christie proclaimed that New Jersey employees have an expectation of privacy in the digital age when he signed A2878 into law earlier today. New Jersey has joined the growing number of states that are protecting the personal digital privacy of their employees and students. At least 13 states have enacted similar laws and 36 states along with Congress have introduced bills to protect
NCAA schools, students, employers, employees, etc... from companies that are selling social media monitoring legal liability
time bombs.
Some social media monitoring companies may claim they are a "leader" in social media monitoring and/or in "educating" student-athletes. Does the NSA claim they are monitoring personal digital accounts to educate? No. Therefore, any claim by Varsity Monitor, UDiligence, Fieldhouse Media, etc...that they are monitoring to "educate" is absolute *&%%&*$%.
Varsity Monitor, UDiligence, and Fieldhouse Media each sell social media monitoring services that NCAA schools in at least 13 states may not utilize to track the personal digital accounts of their coaches and/or student-athletes. Schools deploying the social media monitoring services of these companies may be fined hundreds of thousands of dollars, and/or may be sued for violating their student's first and/or fourth amendment rights, and/or may lose millions of dollars in federal funding.
According to Deadspin, Varsity Monitor may have some troubling ethical and legal problems to address. The Courier Journal reported that Varsity Monitor's Centrix Social service was caught last year monitoring University of Kentucky student-athletes for using the terms "Arab" or "Muslim" online. Why did Sam Carnahan, the owner of Varsity Monitor allow this to occur?
According to Time Magazine, UDiligence was monetizing the personal photographs of the student-athletes it was monitoring to advertise its services until it was confronted about this troubling practice. Unfortunately, UDiligence's founder Kevin Long only removed the offending photos from his UDiligence web site but not another one of his company web sites (I have screen shots if he claims otherwise). This demonstrates that schools, student-athletes, and sports related entities should think long and hard before trusting any entity that Mr. Long owns or controls.
The most troubling service may be Fieldhouse Media because it appears to be trying to differentiate itself as having less invasive tactics than the other companies. NCAA athletic departments should not be fooled. It appears that in order for Fieldhouse Media's social media monitoring service to properly work student-athletes need to at least authenticate their social media username(s). Arkansas, California, Delaware, Illinois, Michigan, New Jersey, and New Mexico have generally banned schools from being able to ask a student to verify this information.
Fieldhouse Media's Kevin DeShazo's business practices appear to raise serious ethical questions. For example, last year Mr. DeShazo created a press release announcing his social media monitoring service that quoted me without my cooperation. Did Mr. DeShazo ask for my permission to be quoted in a press release designed to sell his social media monitoring services? No. Why is Mr. DeShazo trying to associate my reputation with a practice that I along with lawyers and risk professional from around the country believe may create tremendous legal and financial risks?
If you perform due diligence on Mr. DeShazo you may find some issues that warrant further explanation. For example, according to his publicly available LinkedIn Profile from last year it states that before he started his social media monitoring firm he had no verifiable social media or NCAA compliance/advisory experience. Interestingly, according to his recent publicly available LinkedIn Profile it now claims that prior to starting his social media monitoring company he was working for a social media marketing firm. If Mr. DeShazo was actually working for a social media marketing company before he started his social media consulting firm why wasn't it listed previously? Why has Mr. DeShazo recently claimed he launched Fieldhouse Media in 2010 (I have screen shots if this is denied) which conflicts with his LinkedIn Profile claims and the information on file with the Oklahoma Secretary of State?
In 2001, George O'Leary, Notre Dame's head football coach resigned five days after being hired because of "inaccuracies" in his published biography. In other words, Mr. O'Leary was caught intentionally misleading NCAA athletic departments about his background. After George O'Leary, Jayson Blair was caught creating a web of lies and was terminated from the New York Times, and then James Frey, the author of "A Million Little Pieces" was caught lying to Oprah.
Anyone that approaches schools to sell services to track personal social media accounts is selling a legal liability time bomb. If a school hires a social media monitoring firm to track the personal digital content of their students or employees and it misses an indication that there may be a crime committed it may cost the school more than $100 million dollars. For proof, just review the Penn State emails regarding the Jerry Sandusky matter. Does a school want to be on the hook for tens or hundreds of millions of dollars in legal liability because it was utilizing a social media monitoring service to track personal digital accounts?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Some social media monitoring companies may claim they are a "leader" in social media monitoring and/or in "educating" student-athletes. Does the NSA claim they are monitoring personal digital accounts to educate? No. Therefore, any claim by Varsity Monitor, UDiligence, Fieldhouse Media, etc...that they are monitoring to "educate" is absolute *&%%&*$%.
Varsity Monitor, UDiligence, and Fieldhouse Media each sell social media monitoring services that NCAA schools in at least 13 states may not utilize to track the personal digital accounts of their coaches and/or student-athletes. Schools deploying the social media monitoring services of these companies may be fined hundreds of thousands of dollars, and/or may be sued for violating their student's first and/or fourth amendment rights, and/or may lose millions of dollars in federal funding.
According to Deadspin, Varsity Monitor may have some troubling ethical and legal problems to address. The Courier Journal reported that Varsity Monitor's Centrix Social service was caught last year monitoring University of Kentucky student-athletes for using the terms "Arab" or "Muslim" online. Why did Sam Carnahan, the owner of Varsity Monitor allow this to occur?
According to Time Magazine, UDiligence was monetizing the personal photographs of the student-athletes it was monitoring to advertise its services until it was confronted about this troubling practice. Unfortunately, UDiligence's founder Kevin Long only removed the offending photos from his UDiligence web site but not another one of his company web sites (I have screen shots if he claims otherwise). This demonstrates that schools, student-athletes, and sports related entities should think long and hard before trusting any entity that Mr. Long owns or controls.
The most troubling service may be Fieldhouse Media because it appears to be trying to differentiate itself as having less invasive tactics than the other companies. NCAA athletic departments should not be fooled. It appears that in order for Fieldhouse Media's social media monitoring service to properly work student-athletes need to at least authenticate their social media username(s). Arkansas, California, Delaware, Illinois, Michigan, New Jersey, and New Mexico have generally banned schools from being able to ask a student to verify this information.
Fieldhouse Media's Kevin DeShazo's business practices appear to raise serious ethical questions. For example, last year Mr. DeShazo created a press release announcing his social media monitoring service that quoted me without my cooperation. Did Mr. DeShazo ask for my permission to be quoted in a press release designed to sell his social media monitoring services? No. Why is Mr. DeShazo trying to associate my reputation with a practice that I along with lawyers and risk professional from around the country believe may create tremendous legal and financial risks?
If you perform due diligence on Mr. DeShazo you may find some issues that warrant further explanation. For example, according to his publicly available LinkedIn Profile from last year it states that before he started his social media monitoring firm he had no verifiable social media or NCAA compliance/advisory experience. Interestingly, according to his recent publicly available LinkedIn Profile it now claims that prior to starting his social media monitoring company he was working for a social media marketing firm. If Mr. DeShazo was actually working for a social media marketing company before he started his social media consulting firm why wasn't it listed previously? Why has Mr. DeShazo recently claimed he launched Fieldhouse Media in 2010 (I have screen shots if this is denied) which conflicts with his LinkedIn Profile claims and the information on file with the Oklahoma Secretary of State?
In 2001, George O'Leary, Notre Dame's head football coach resigned five days after being hired because of "inaccuracies" in his published biography. In other words, Mr. O'Leary was caught intentionally misleading NCAA athletic departments about his background. After George O'Leary, Jayson Blair was caught creating a web of lies and was terminated from the New York Times, and then James Frey, the author of "A Million Little Pieces" was caught lying to Oprah.
Anyone that approaches schools to sell services to track personal social media accounts is selling a legal liability time bomb. If a school hires a social media monitoring firm to track the personal digital content of their students or employees and it misses an indication that there may be a crime committed it may cost the school more than $100 million dollars. For proof, just review the Penn State emails regarding the Jerry Sandusky matter. Does a school want to be on the hook for tens or hundreds of millions of dollars in legal liability because it was utilizing a social media monitoring service to track personal digital accounts?
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, August 21, 2013
Google States in Lawsuit Users Have No Legitimate Expectation of Privacy
The Guardian recently reported that
consumer interest group Consumer Watchdog uncovered
a digital privacy case that may better protect the privacy of school provided
student digital accounts. Fread v. Google was filed on April 29, 2013,
by two university students who allege that Google unlawfully and intentionally
intercepts electronic communications (emails and other data collected by the
service) from their school provided Google Apps For Education accounts. The lawsuit claims that Google's cloud based
school service is utilizing user data in a manner that violates the Electronic
Communications Privacy Act of 1986.
To better understand Google's Apps
for Education program it is essential to read the agreement that Google
requires schools to execute to obtain the service. Google generally offers this program to
secondary or post-secondary schools for free (there may be maintenance and/or
other costs associated with implementation and/or operation of the service). While the default setting
for the U.S.
Google Apps for Education service is one that does not allow for Google to
serve ads, it is troubling that the agreement
provides schools the ability to data mine their students with the “click of a mouse” in the Admin Console.
Why has Google provided schools the ability to behavioral advertise to students based upon their school emails, attachments, uploaded videos and related digital activity? Does the agreement include the ability to behavioral-advertise so cash strapped schools may negotiate an advertising revenue share with Google in the future when they need an easy-to-implement new income stream?
Why has Google provided schools the ability to behavioral advertise to students based upon their school emails, attachments, uploaded videos and related digital activity? Does the agreement include the ability to behavioral-advertise so cash strapped schools may negotiate an advertising revenue share with Google in the future when they need an easy-to-implement new income stream?
Since Google
provides schools the ability to turn on and off the behavioral advertising
function for its school based services it makes me wonder what Google is doing
behind the scenes with student content. Is
Google’s Apps for Education service a Trojan Horse to data mine and erode our
children’s personal privacy and safety? How is this
service able to so easily go in and out of data mining mode with just a "flip of a switch" by a school administrator? Why isn't Google more transparent regarding its data mining capabilities for the services it offers to schools? Does this indicate that Google believes that students don’t have an expectation of privacy when utilizing its school branded services?
It appears that Google presumes that its Apps For Education users don't have an expectation of privacy. To defend its practices, in its motion to dismiss Fread, Google directly quotes from a
1970's case, Smith v. Maryland, 442
U.S. 735, 743-744 (1979), "a person has no legitimate expectation of
privacy in information he voluntarily turns over to third parties". This case was decided before the widespread
adoption of cell phones, email, the cloud, and other digital technologies.
In U.S. v. Jones,
132 S. Ct. 945 (2012), the most recent major privacy case the
Supreme Court has decided, Justice Sotomayor in referencing Smith's central premise that an
individual has no reasonable expectation of privacy in information voluntarily
disclosed to third parties, stated "[t]his approach is ill suited in the
digital age, in which people reveal a great deal of information about
themselves to third parties in the course of carrying out mundane
tasks." Justice Sotomayor's
statement clearly diminishes the central tenet of Smith and her philosophy has resonated recently with state
lawmakers and courts around the country.
State legislatures and the courts
are moving towards recognizing that one has an expectation of privacy in the
digital age. For example, at least 13 states have enacted legislation in the past 15
months that protects employees and students from generally being required to
provide access to their 3rd party created personal digital accounts. Earlier this year, Texas enacted HB 2268 that requires law enforcement to
obtain a warrant before accessing one's personal email accounts or cloud
content. In addition, a federal district court in Minnesota recently
stated that students have an expectation of privacy regarding their personal
electronic accounts. These news laws and
court rulings demonstrate that our courts and legislatures firmly acknowledge
that we have an expectation of privacy despite third parties storing our
content.
Google's actions speak louder than
its words. In 2010, Google listed its privacy principles and they
included: "Develop products that
reflect strong privacy standards and practices; Make the collection of personal
information transparent; and Give users meaningful choices to protect their
privacy". If Google practiced its privacy principles it would be more transparent about how it processes student data and it would strictly prohibit data mining in its Google Apps For Education Agreements.
Fread raises some important issues about student privacy in the
digital age. It demonstrates the need
for school technology providers to make their users' personal privacy a top
priority. Unfortunately, it appears that absent court guidance and/or
Department of Education rules that ban the data mining of school sanctioned
digital accounts, some cloud providers may continue to put profits ahead of the
need for privacy in an educational setting. Until technology providers
are legally banned from data mining school provided digital accounts, students
and parents/guardians must be informed of the risks associated with utilizing
school provided digital services that may erode personal privacy and put our
children's safety at risk.
Copyright 2013 by the Law Office of
Bradley S. Shear, LLC All rights reserved.
Tuesday, August 20, 2013
Doctor sued for $1.5 million for allegedly photographing patient without consent and posting on Facebook
According to ABC News in Chicago, a former Northwestern University student has claimed that after she was admitted to Northwestern Memorial Hospital a doctor took photos of her without her consent and posted them online. This is not the first time that it has been alleged that an employee in the medical field has posted online photos of patients without their consent. Unfortunately, this will not be the last time either.
The doctor allegedly posted photographs of the patient on Instagram and Facebook with "attached statements of commentary" about the patients condition. The plaintiff is claiming invasion of privacy and infliction of emotional distress. If these allegations are proven true, it would not surprise me that the hospital and/or doctor may be liable for more than the $1.5 million dollars that the complaint requests.
This type of behavior has no place in the medical profession. Hospitals need to ensure that they have the proper policies in place and that their employees are trained regularly to ensure their employees fully understand these issues. Spending money on preventative training is a lot less expensive than defending and/or losing a lawsuit.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
The doctor allegedly posted photographs of the patient on Instagram and Facebook with "attached statements of commentary" about the patients condition. The plaintiff is claiming invasion of privacy and infliction of emotional distress. If these allegations are proven true, it would not surprise me that the hospital and/or doctor may be liable for more than the $1.5 million dollars that the complaint requests.
This type of behavior has no place in the medical profession. Hospitals need to ensure that they have the proper policies in place and that their employees are trained regularly to ensure their employees fully understand these issues. Spending money on preventative training is a lot less expensive than defending and/or losing a lawsuit.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, August 14, 2013
Illinois Enacts Right To Privacy in the School Setting Act
Illinois has recently become the 2nd state in the country to enact social media privacy legislation that provides protection to the personal digital accounts of K-12 and post-secondary students. Michigan was the first state to enact social media privacy protections for K-12 and post-secondary students last year. Multiple other states across the country have enacted social media privacy laws that protect post-secondary school students.
The Right to Privacy in the School Setting Act was enacted because of several troubling social media related situations in Illinois. For example, there was an incident where an Illinois public middle school violated the constitutional rights of several students by requiring some students to turn over their Facebook and email usernames and passwords.
Unfortunately, this aspect of the act is very troubling and will have unintended consequences:
Section 10. Prohibited inquiry.
(d) This Section does not apply when a post-secondary school has reasonable cause to believe that a student's account on a social networking website contains evidence that the student violated a school disciplinary rule or policy.
Northwestern University will be required to change its student-athlete social media policy before 1/1/2014 due to the new law. Northwestern's Online Soical Networking Student-Athlete policy states, "You must provide full access to members of your coaching staff and/or selected members of the Athletics Department for any and all personal online networking pages." and "You must fully participate in any system developed by your coaching staff to assist in self-monitoring your teammates' personal online networking pages (e.g., buddy system)." This language clearly violates the new law.
As a parent of young children, I would never turn over the passwords of their personal digital accounts absent a warrant and/or a court order and I believe this law is poorly drafted. Does this law violate the Stored Communications Act and/or a student's first and/or 4th amendment? Time will tell.
The bottom line is that K-12 and post-secondary schools must ensure they do not create social media policies that violate state/federal laws and/or our Constitution. Its ironic that social media was intended to expand the freedom of speech; unfortunately, the reality is that some institutions that don't like the messages being created are using social media to curtail free speech rights.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
The Right to Privacy in the School Setting Act was enacted because of several troubling social media related situations in Illinois. For example, there was an incident where an Illinois public middle school violated the constitutional rights of several students by requiring some students to turn over their Facebook and email usernames and passwords.
Unfortunately, this aspect of the act is very troubling and will have unintended consequences:
Section 10. Prohibited inquiry.
(d) This Section does not apply when a post-secondary school has reasonable cause to believe that a student's account on a social networking website contains evidence that the student violated a school disciplinary rule or policy.
Northwestern University will be required to change its student-athlete social media policy before 1/1/2014 due to the new law. Northwestern's Online Soical Networking Student-Athlete policy states, "You must provide full access to members of your coaching staff and/or selected members of the Athletics Department for any and all personal online networking pages." and "You must fully participate in any system developed by your coaching staff to assist in self-monitoring your teammates' personal online networking pages (e.g., buddy system)." This language clearly violates the new law.
As a parent of young children, I would never turn over the passwords of their personal digital accounts absent a warrant and/or a court order and I believe this law is poorly drafted. Does this law violate the Stored Communications Act and/or a student's first and/or 4th amendment? Time will tell.
The bottom line is that K-12 and post-secondary schools must ensure they do not create social media policies that violate state/federal laws and/or our Constitution. Its ironic that social media was intended to expand the freedom of speech; unfortunately, the reality is that some institutions that don't like the messages being created are using social media to curtail free speech rights.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, August 13, 2013
CA School District Lodi Implements Unconstitutional Student Social Media Policy
Colleges and high schools across the country are implementing unconstitutional social media policies that are requiring state legislatures, Congress, and the courts to show them the error of their ways. For example, Utah State and Northwestern University implemented clearly unconstitutional social media policies directed at their student-athletes. Due to these policies, Utah and Illinois enacted legislation banning these schools' social media policies.
The Lodi Unified School District in California recently enacted a student social media policy that infringes on the 1st amendment rights of those who participate in extracurricular activities. This new policy covers student-athletes, student newspaper reporters, band members, chess club members, the glee club, the lesbian, gay, bisexual and transgender club, etc... The policy clearly violates the First Amendment. As Tinker v. Des Moines states, "students do not shed their constitutional rights to freedom of speech or expression at the schoolhouse gate."
In addition to violating the First Amendment, this new policy violates California Education Code Section 48907 that protects students' free speech rights in California. The bottom line is that K-12 schools and post-secondary schools must be more aware of the policies that their administrators are implementing to ensure they don't create tremendous legal liability.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
The Lodi Unified School District in California recently enacted a student social media policy that infringes on the 1st amendment rights of those who participate in extracurricular activities. This new policy covers student-athletes, student newspaper reporters, band members, chess club members, the glee club, the lesbian, gay, bisexual and transgender club, etc... The policy clearly violates the First Amendment. As Tinker v. Des Moines states, "students do not shed their constitutional rights to freedom of speech or expression at the schoolhouse gate."
In addition to violating the First Amendment, this new policy violates California Education Code Section 48907 that protects students' free speech rights in California. The bottom line is that K-12 schools and post-secondary schools must be more aware of the policies that their administrators are implementing to ensure they don't create tremendous legal liability.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Subscribe to:
Posts (Atom)