U.S. Government Ethics Office Releases Personal Social Media Usage Standards

Earlier this month, the U.S. Office of Government Ethics (OGE) released its Standards of Conduct as Applied to Personal Social Media Usage.  The standards are as follows:

1.  Use of Government Time and Property
This requirement limits the amount of time employees may access their personal social media accounts while working on government business (i.e. while on the job).  In addition, supervisors may not order or ask a subordinate to work on their (the supervisor's) personal social media accounts.  

2. Reference to Government Title or Position & Appearance of Official Sanction
This requirement prohibits employees from using their official titles, position, or any authority associated with their government employment for personal gain.  This rules implies that in certain situations it may be a best practice to post a "clear and conspicuous disclaimer" that the content on one's personal social media account is not sanctioned or endorsed by the government.

3.  Recommending and Endorsing Others on Social Media
Government employees may recommend others on social media platforms such as LinkedIn.  However, in my opinion, supervisors and subordinates should be very careful when endorsing each other on digital platforms because it may create potential legal issues in the future.

4.  Seeking Employment through Social Media
Those seeking employment via digital platforms must conform with all applicable laws and regulations.  Therefore it is imperative to know and understand all rules and regulations when utilizing social media for employment purposes.

5.  Disclosing Nonpublic Information
Employees are prohibited from disclosing non-public information on digital platforms to further their personal interests or the personal interests of others.  The World War II adage, "Loose lips sink ships" is alive and well in the Social Media Age so use caution when posting information online.

6.  Personal Fundraising
Employees are permitted to utilize personal digital accounts to fund raise for non-profit charitable organizations as long as they comply with all appropriate federal rules.  For example, employees should not personally solicit funds from subordinates or prohibited sources.

7.  Official Social Media Accounts
Employees who are authorized to utilize official social media accounts must comply with all applicable laws, rules, regulations, policies, directives, etc...

OGE may issue updates from time to time so it is best to utilize caution when participating in social media.  The bottom line is when in doubt don't post online.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Twitter Quietly Updates Its Terms of Service

According to Mashable, Twitter quietly updated its Terms of Service on Friday in anticipation of new European Data Protection (privacy) laws.  Unfortunately for U.S. users, Twitter's new terms apply to international and not U.S. based users.

An Irish subsidiary was chosen as the location for international user data because it has a reputation for less Internet related regulations.  In other words, other European countries have different beliefs in how data should be protected.  In my opinion, many of Ireland's Internet related regulatory positions are based purely upon economic reasons.

Less regulations may mean more economic development.  For example, I live and work in Montgomery County, Maryland and it has an unfavorable regulatory reputation compared to multiple Northern Virginia counties. Therefore, Fortune 500 companies are more willing to relocate and open subsidiaries in the "business friendly" climate of Virginia.

In general, social media companies are not platforms that are built with privacy by design in mind.  The services provided by Twitter, Facebook, Google, etc... were created to data mine users for behavioral advertising purposes (don't believe any co-founder who states they wanted to make the world a better place, etc....).  Therefore, I do not trust these platforms to handle any sensitive or confidential information/communication.

The European Union is working on stronger data protection regulations because it understands the dangers inherent when companies engage in unfettered collection and data mining of personal information.  It is expected that  Europe will enact stronger data protection laws sometime later this year.  My hope is that the U.S. will follow the EU's lead in trying to create a more private, less discriminatory, and non-monopolistic digital data future.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Fox News Settles 9/11 Social Media Copyright Lawsuit

According to The Hollywood Reporter, Fox News has confidentially settled its 9/11 photo social media lawsuit.  The case commenced soon after September 11, 2013 because Fox News' "Justice with Judge Jeanine" posted on Facebook the iconic photo of three firefighters raising the American flag at the ruins of the World Trade Center without obtaining permission from the copyright holder.   

Copyright issues are becoming more challenging in the Social Media Age.  However, its important to read and understand the terms of service and privacy policy of each platform.  For example, when utilizing Facebook, "you grant us [Facebook] a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License).  Since I don't like these terms I don't post personal photos to my Facebook account.

News organizations must be very careful about monetizing the photographs they see online without obtaining a proper license. For example, in 2013 a jury awarded a photojournalist $1.2 million dollars after Agence France-Presse and Getty Images (and others) utilized photos he posted on Twitter regarding the 2010 Haiti earthquake without obtaining the proper licenses from him. 

The bottom line is that when posting and re-posting content online it is important to understand copyright law issues.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

European Commission: Google's Conduct Infringes on Antitrust Rules

The European Commission (EC) has sent a Statement of Objections (i.e. a formal complaint) against Google for violating European antitrust laws.  In particular, the EC alleges Google “has abused its dominant position in the markets for general internet search services in the European Economic Area (EEA) by systematically favouring its own comparison shopping product in its general search results pages.  The Commission's preliminary view is that such conduct infringes EU antitrust rules because it stifles competition and harms consumers.”

According to the EC’s press release, it has also “formally opened a separate antitrust investigation into Google's conduct [regarding] the mobile operating system Android. The investigation will focus on whether Google has entered into anti-competitive agreements or abused a possible dominant position in the field of operating systems, applications and services for smart mobile devices.”

These announcements have come after an almost five year investigation into Google’s European business practices.  The EC has tried three times to settle this matter to no avail.  New EC Competition Commissioner Margrethe Vestager, reinvigorated the investigation last year when her office requested additional information from various Internet vendors of online services to determine if consumers have been harmed by Google’s behavior and to figure out if Google has utilized its dominant market position to illegally hinder competition.

The EC’s investigation appears to have picked up momentum after The Wall Street Journal recently obtained a confidential 2012 U.S. Federal Trade Commission (FTC) report where key staff recommended suing Google for antitrust violations after finding real harm to consumers and innovation.  While the FTC report focused on Google’s U.S. behavior, the company most likely acted in a similar fashion in the European Union where it controls more than 90% of the Internet search market.

Since the EC opened its antitrust investigation into Google, the company has paid 100s of millions of dollars in fines and settlements due to illegal behavior. For example, in 2011 it paid a $500 million fine for knowingly accepting illegal advertisements from Canadian pharmacies.  Subsequently, it has paid multiple million dollar fines in the United States and in Europe for privacy violations in connection with its Street View data collection project, the deceptive privacy practices in Google's roll out of its Buzz social network, its 2012 privacy policy change, and the Safari hack incident. 

Illegally abusing market position in Internet search (and/or other areas) is intertwined with data collection, usage, and privacy issues because in order to receive the most relevant search results to a search query a search engine must be able to access and process voluminous amounts of data very quickly.  For years, 90% to 96% of Google’s revenue has come from advertising which means it is dependent upon being able to obtain massive amounts of personal information at a low cost to feed its behavioral advertising machine. 

Data dominance also appears to be a growing concern of the EC.  For example, Commissioner Vestager recently stated that she’s studying the U.S.’s “stringent approach to dealing with personal data as a means to payment” in its review of deals.  This appears to signal that regulators are beginning to understand that personal and corporate data issues are intertwined with antitrust matters.

The EC’s announcement that it has also opened up an investigation into whether Google has entered into anti-competitive agreements and/or abused its dominant position in regards to its Android operating system demonstrates that it wants to ensure that consumers are not harmed and that innovation is not stifled by illegal market activities in the growing mobile space.  Last year, The Wall Street Journal and The Information reported that Google’s confidential Android agreements have been “increasing the number of Google apps that must be pre-installed on [each Android] device to as many as 20, placing more Google apps on the home screen or in a prominent icon folder and making Google Search more prominent.” 

Google’s Android contract requirements are very troubling when comparing them to Microsoft’s pre-2002 agreements with PC vendors which “required PC manufacturers to bundle and promote the Internet Explorer Web browser and other software in prominent locations on the computer screen.” Therefore, it doesn’t surprise me that the EC is investigating whether Google’s Android agreements violate antitrust law. 

This enforcement action and the announcement of another investigation into Google’s other market activities demonstrates the need for users of its services to carefully read their contracts with Google and be familiar with their terms of service and troubling world-wide privacy policy.  Google's terms and privacy policy allows for unfettered data mining and profiling of consumer, education, corporate, and government data. Multiple European Data Protection Authorities have already fined Google for its privacy practices and ordered Google to change it privacy policy; unfortunately that has had virtually no effect on its market behavior.

Today’s European Commission announcement is the first step in what may be a long drawn out legal process, which in theory could lead to a fine up to $6.4 billion dollars and require Google to change some of its business practices.  As a long time Google user, my hope is that Google soon begins to once again abide by its corporate motto by not being “evil”.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

 

Facebook faces new class action privacy lawsuit in Austria

A new class action lawsuit has been filed against Facebook in Austria by privacy advocate Max Schrems.  The lawsuit alleges that Facebook has breached EU privacy law due to its privacy practices and involvement in the NSA’s Prism program.

Max Schrems has been a thorn in Facebook's side for years.  He appeared in the documentary "Terms and Conditions May Apply" a couple of years ago where he discussed the data and metadata Facebook had collected on him and others.  Schrems has been advocating against Facebook's data collection practices for years so it will be interesting to follow this case. 

According to The Guardian, Schrems is also fighting to stop security services from gaining access to his personal data held by Facebook and other technology firms.  One of the best ways to stop Facebook and other technology firms from gaining access to his personal data without going through the proper legal channels in his home country is to support U.S. legislation such as the LEADS Act which I have previously discussed. 

The bottom line is that fighting for privacy takes a tremendous amount of time and resources.  Class action lawsuits along with new legislation are some of the arrows in the quiver that may be utilized to better protect our personal privacy and safety.  Its imperative that an international framework on how to resolve the digital privacy challenges of our times is created to ensure that these issues are provided the necessary attention.    

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Maryland's Student Data Privacy Act of 2015 Is Needed

The Internet and broadband access has led to many innovations in how we teach our children. During the past 10 years, K-12 schools have implemented new and exciting technologies that will help students learn and be prepared for life inside and outside of the workforce. Unfortunately, privacy law has not kept up with the technology that is being utilized by our schools because the primary student privacy law, the Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 and it has not been updated to account for all of the new digital activities and metadata that is being created by students on school contracted digital platforms.

Earlier today, I testified again on behalf of a Maryland bill (HB 298) that would help better protect students' digital privacy without hampering educational technology companies with burdensome regulations.  Maryland's HB 298 is based upon California's landmark Student Online Personal Information Protection Act (SOPIPA or SB 1177).  I testified with the sponsor of the bill along with other advocates and some of my written testimony is as follows:

"House Bill 298 as passed by the House of Delegates is a positive piece of legislation that will help protect the personal privacy and safety of Maryland students and their families.  Three federal privacy statutes address student information that may be collected by and from schools:  The Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA).

FERPA was enacted in 1974 when student records were housed in filing cabinets.  This statute is essentially a confidentiality law designed to protect student paper records.  Forty years ago, schools didn’t have personal computers and Internet access.  FERPA was not designed to protect digital student information.  COPPA focuses on the online collection of personal information directly from children younger than 13 years old without parental consent.  The PPRA primarily address the use of certain types of data collected from in-school surveys as well as some marketing activities.   

FERPA covers “educational records” such as transcripts that were originally kept in a school principal or central district office.  The statute specifically carves out an exemption for “directory information” such as a student’s name, address, date of birth, telephone number, age, sex, and weight.  This 1974 definition of “educational records” and the directory information exclusion no longer makes sense in 2015.  Much of the data gathered and utilized by electronic based services is outside the scope of FERPA’s existing definition. 

As an example, the metadata gathered from a learning app used by a child in school is not considered an “educational record” and would not be protected by FERPA.  Under FERPA, the app maker and other third parties such as digital advertising networks may utilize the information obtained from our children’s use of school contracted online digital technologies.  This data which may include information regarding health, sexual orientation, religion, race, etc… may then be utilized by third parties to discriminate against our children when they apply to colleges, for jobs, insurance, etc…              

  

Absent stronger privacy protections for online student content, our children’s privacy will be compromised and innovative learning tools and educational technologies will face increased parent skepticism and opposition.  HB 298 as passed by the House of Delegates helps assuage parent’s fears while not stifling industry innovation.  HB 298 is modeled after California’s widely applauded Student Online Personal Information Act (SOPIPA) that has been called a “landmark” student data privacy bill by the highly regarded K-12 focused publication Education Week.    

Due to the well balanced approach that HB 298 takes, I am asking for your support of this legislation as it passed in the House of Delegates."  

Google and Facebook's representatives were lobbying to add amendments that would gut the bill's privacy protections for our children. Behind the scenes, these two companies appeared to be not just the two primary opponents of this bill but of other similar bills around the country (watch/listen to the testimony).  Google's behavior is not surprising since it has been caught by Politico spending hundreds of thousands of dollars to lobby against privacy bills that would better protect the personal privacy of students and their families around the country. Facebook's participation in this process appears to demonstrate that it wants to enter the education market. Due to Facebook's agreements with data brokers and its troubling privacy practices and policies, student data should not be entrusted on their platform.

The bottom line is that if you care about student privacy and cyber safety, our laws need to catch up with the technology that is being deployed.  To support Maryland's Student Data Privacy Act of 2015 please reach out to the senators on the Education, Health & Environmental Affairs Committee to voice your support.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Radio Shack's Proposed Sale Of Customer Data Violates Its Privacy Policy

Radio Shack is on life support and will soon no longer exist in its current format.  Its unfortunate that a store I grew up going to with my grandfather will soon be out of business.  Its last great hurrah was its awesome Super Bowl ad that brought back its glory days from the 1980's. 

Radio Shack is losing so much money that it has resorted to selling one of its most prized assets.  Its customers' personal information.  What is most disturbing is that despite its long stated privacy promise that "[w]e will not sell or rent your personally identifiable information to anyone at any time," this promise may be ignored in bankruptcy court. 

Last year, an educational technology company ConnnectEDU tried to sell the millions of records it had accumulated on young children and the FTC stepped in and fought to require it to honor its privacy promises.  My hope is that the FTC joins Texas regulators in fighting to protect Radio Shack's customers' personal information.  Personally Identifiable Information is extremely valuable and its a very positive step that regulators are beginning to understand the importance of requiring companies to honor their privacy commitments to its customers or users. 

I don't want data brokers to learn about all of the cool things I use to make with my late grandfather.  Its none of their damn business! 

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

New York Times Facebook Content Deal Is A Threat To Personal Privacy

The New York Times is one of the world's most respected news organizations and one of the most popular destinations for news on the Internet.  However, I was dismayed to read in The New York Times that it may strike a deal to house some of its content inside Facebook.

This is a very troubling development for not just the media landscape but also for the freedom of thought and expression.  The ramifications of this potential deal will erode the privacy of The New York Times' readers and it will enable data brokers and their clients to create richer profiles of those who read the paper via Facebook due to Facebook's troubling deal with multiple data brokers.

When a New York Times reader utilizes Facebook to access articles, this information will be sent to Facebook's data broker partners who will insert this content into a user's digital dossier.  This data may be utilized by banks, insurance companies, employers, etc... to discriminate against people for reading about certain topics.  For example, when someone reads a lot of articles about their race, sexual orientation, health issue, religion, etc.. this data will be tracked and a data broker may provide it to one of their clients who may utilize it to decide on whether a reader is a good fit for a job. 

While ad networks and other digital tracking platforms already combine every digital morsel about users they can find, being able to track users from their personal Facebook account creates a new level of data purity that from a privacy standpoint is very troubling.  I don't want data brokers to be able to track everything that I read on The New York Times and combine that information with other personal characteristics about myself.

Due to Facebook's troubling privacy policy and practices, I do not utilize it for personal communications and I have no plans on doing so in the future.  I urge The New York Times and others who may be thinking about hosting their content on Facebook to think about these important privacy issues before finalizing any deal that may harm their users' in unanticipated ways.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

WSJ: Key FTC staff wanted to sue Google after finding ‘real harm to consumers and to innovation’

The Wall Street Journal has uncovered a never before released bombshell report that "concluded in 2012 that Google Inc. used anti-competitive tactics and abused its monopoly power in ways that harmed Internet users and competitors."  These revelations are very troubling and raise serious questions about Google's business practices that appear to warrant further investigation.

The unreleased 160-page report concluded that Google’s “conduct has resulted—and will result—in real harm to consumers and to innovation in the online search and advertising markets.”  This internal document was apparently released due to a FOIA request and appears to have not been intended for public consumption.    

According to Yelp's vice president of public policy Luther Lowe, “This document appears to show that the FTC had direct evidence from Google of intentional search bias."  The FTC received testimony from some of the largest technology companies and the evidence compiled appears very troubling.

The bottom line is that the tech business is extremely cut throat and some companies may do almost anything to obtain market share and dominance.  That may include "acting evil" and intentionally harming consumers and stifling innovation for corporate profit.

Copyright 2015 by Shear Law, LLC All rights reserved.

Warrants Should Be Required For Email Access

Last week, I attended the International Association of Privacy Professional’s Washington DC conference and I was impressed with the topics that were discussed.  The keynotes by journalist Glenn Greenwald and Harvard Professor Michael Sandel were top notch and so were all of the sessions that I attended. 

One panel that I found interesting was titled, “Search Warrants vs. Privacy Laws: Can They Live Together”.  The session was moderated by Professor Peter Swire of Georgia Tech and included Bruce Brown, the Executive Director of the Reporter’s Committee for Freedom of the Press; Nuala O’Connor, President of the Center for Democracy and Technology; and Andrew Pincus a partner at the international law firm of Mayer Brown. 

At first glance, this topic sounds boring and highly legalistic.  However, the issues that were discussed affects everyone who utilizes email, has a cloud based storage account, or other digital based service.  One of the questions discussed during the panel was should a warrant be required for an Internet Service Provider (ISP) to turn over an email or other digital content to law enforcement?  The answer to this question is important because under the Electronic Communications Privacy Act (ECPA) which was enacted in 1986, the government may read any email without a warrant that is more than 180 days old.     

ECPA was written approximately 8 years before The Today Show and other national media outlets started to cover the Internet or the “Information Superhighway”.  The way we communicate has drastically changed in the past 30 years.  For example, instead of sending traditional U.S. postal service mail many people send emails and utilize messaging apps and other digital technologies because these platforms are generally less expensive and faster.  Since our old school traditional paper correspondence is protected from the government absent a warrant shouldn’t our digital communications have the same protections?

Last year, in Riley v. U.S. the Supreme Court ruled 9-0 that we have an expectation of privacy in the Digital Age and that the police are generally required to obtain a warrant to search a personal digital device.  This case built upon the 2012 U.S. v. Jones case that ruled a warrant was required to place a GPS tracker onto a car.  Following the reasoning in both of these Supreme Court cases, a California federal district court ruled last week that police need a warrant to obtain access to one’s cell phone location or GPS data. 

These recent cases have signaled that we still have an expectation of privacy despite new forms of digital communications and surveillance techniques. Unfortunately, an ongoing matter that has major privacy and public policy implications has not followed the Supreme Court’s lead in recognizing the importance of establishing clear digital privacy rights. 

In Microsoft v. U.S., the company is arguing that the government must obtain a warrant or other court order in the host country of where a digital communication is located even though the company may have the capability of providing access to the document from the United States.  On page 36 of 73 in the U.S. response [that was filed on 3/9/15] to Microsoft's argument that the government must obtain a warrant to obtain access to an email it states, [b]ecause the emails sought in this investigation are now more than 180 days old the plain language of the SCA [Stored Communications Act of ECPA] would authorize the government to use a subpoena to compel disclosure of everything it sought pursuant to the Warrant."  

The government's argument is disconcerting; however, so far the courts have ruled that a warrant is not needed for emails older than 180 days.  The government's interpretation of the SCA that emails older than 180 days do not need a warrant to be turned over demonstrates that more education is needed about these issues. 

In general, the government is required to obtain a warrant or have exigent circumstances (i.e. occurs when people are in imminent danger, when evidence may be destroyed, or when a suspect is on the run) to be able to gain entrance into your tangible property (i.e. your home, or car, etc..) so it should be required to obtain a warrant to gain access to your digital property (i.e. your email account, cloud storage, etc...).   

As a hedge against the courts continuing to follow an outdated and unconstitutional law (the SCA), its time to support a long overdue legislative fix to the situation.  The bipartisan Law Enforcement Access to Data Stored Abroad  Act (LEADS Act) follows a common sense philosophy that by properly balancing law enforcement’s need to obtain access to digital data with our privacy.  The Act would update the SCA of ECPA to account for the changes in technology that have occurred during the past 30 years and how we communicate with each other. 

In general, it takes time before the law catches up with the capabilities of technology.  This is true across many industries.  However, we must not forget that we still have an expectation of privacy in the Digital Age and now is the time to stand up for that right.  If it becomes law, the LEADS Act will signal to the rest of the world that the U.S. is serious about taking a leadership role in protecting the privacy rights of Internet users not just here but also around the globe.

Copyright 2015 by Shear Law, LLC All rights reserved.

White House Releases Disappointing Consumer Privacy Draft Bill

Privacy in school, at home, and at work has become a very hot topic over the past several years due to the increased amount of our everyday activities that are being digitized.  Earlier today, The White House released an administration discussion draft of the President's vision for enhanced consumer privacy protections.  Unfortunately, the proposal appears to fall short. 

According to Jeff Chester of the Center for Digital Democracy, the draft is "a big victory for the tech industry because it really sidelines the FTC and removes it as an effective force."  Alvaro Bedoya, director of the Center on Privacy and Technology at Georgetown's law school believes that Obama's bill may preempt state laws, in favor of letting companies collect what they want as long as they maintain some level of transparency.  These concerns are very real and demonstrates that The White House needs to rethink its approach. 

The FTC also weighed in and stated, "[w]e are pleased that the Administration has made consumer privacy a priority, and this legislative proposal provides a good starting point for further discussion. However, we have concerns that the draft bill does not provide consumers with the strong and enforceable protections needed to safeguard their privacy. We look forward to working with Congress and the Administration to strengthen the proposal.”

I agree with above sentiments and hope this draft spurs a robust conversation on digital privacy and technology.  Absent stronger privacy protections, digital platform users will be discriminated against based upon their age, race, religion, sex, sexual orientation, physical/mental impairments, etc....There needs to be not only mandatory industry transparency but also stronger regulation on data collection and utilization practices.  Federal legislation should be a floor and not a ceiling for privacy protections and the FTC needs to be provided enhanced regulatory enforcement powers.

I want my children to grow up with the same expectation of privacy I had as a kid and I don't want them to fear that their emails, Internet searches, and digital activity will be utilized to create robust profiles about them which will affect their schooling, career prospects, and ability to obtain insurance, etc...

I fight for our digital privacy because it is the right thing to do.  I encourage those who believe we have an expectation of privacy in the Digital Age to contact The White House and their federal and state lawmakers to tell them to make stronger digital privacy protections a priority this year. 

Copyright 2015 by Shear Law, LLC All rights reserved.

Maryland's Student Data Privacy Act of 2015

Last fall, California enacted what Education Week called a "landmark" student-data privacy law (SB 1177).  This was passed because some educational technology companies were caught abusing their access to personal student data. 

As a parent, the digital privacy of my children is very important.  I don't want an educational technology vendor using my kids' school created digital data for behavioral advertising or for profiling purposes that may be utilized to discriminate against them in the future.  The Family Educational Educational Rights and Privacy Act (FERPA) was enacted in 1974 and has not kept up with the innovative digital learning technologies that are becoming more widely available for our students. 

Today, schools utilize cloud-based technologies, apps, and other digital services to teach our children.  Unfortunately, metadata created from these platforms is not considered an educational record under FERPA and thus not protected from the prying eyes of advertisers and others who covet this rich information.  Therefore, students and their families need stronger legal privacy protections.  Absent more robust student privacy laws, our children's privacy and safety will be compromised and innovative learning and educational technologies will face increased parent skepticism and opposition. 

Maryland, a state that has vied with California to be a national leader in digital privacy protection recently introduced the Student Privacy Act of 2015.  The bill is modeled after California's groundbreaking SB 1177.  Mark Schneiderman, senior director of education policy for the Software & Information Industry Association said California's SB 1177 "seems to generally strike the right balance".  Thus, the SIIA should hold the same position on Maryland's student data privacy act. 

Last month, President Obama gave a historic speech at the FTC about his privacy agenda for the last two years of his term.  In regards to student privacy the President stated: "But we’ve already seen some instances where some companies use educational technologies to collect student data for commercial purposes, like targeted advertising.  And parents have a legitimate concern about those kinds of practices.

So, today, we’re proposing the Student Digital Privacy Act. That's pretty straightforward.  We’re saying that data collected on students in the classroom should only be used for educational purposes -— to teach our children, not to market to our children. We want to prevent companies from selling student data to third parties for purposes other than education.  We want to prevent any kind of profiling that outs certain students at a disadvantage as they go through school."

Congress is also concerned about student privacy issues.  On February 12, 2015, it held a hearing entitled, "How Emerging Technology Affects Student Privacy".  The testimony during the hearing demonstrated that FERPA needs to be updated.  While my hope is that one day Congress passes stronger student privacy legislation, I am not optimistic in the short term due to all of the acrimony on Capitol Hill. 

Until this occurs, states such as Maryland must fill this void and step up to protect the digital privacy and cyber security of our kids. 

Copyright 2015 by Shear Law, LLC All rights reserved.

Law Enforcement Access To Data Stored Abroad Act Introduced

Late last week, Sen. Orrin Hatch of Utah introduced the Law Enforcement Access To Data Stored Abroad Act (LEADS Act) which would require law enforcement to obtain a warrant under the Electronic Communication Privacy Act (ECPA) to obtain the content of subscriber communications from an electronic communications or cloud computing service.  According to Sen. Hatch, the legislation would "strengthen privacy in the digital age and promote trust in US technologies worldwide by safeguarding data stored abroad, while still enabling law enforcement to fulfill its important public safety mission".

The LEADS Act appears to have been introduced in response to an ongoing federal court case that required a U.S. email service provider to turn over customer emails that are stored in Ireland in response to a U.S. warrant instead of going through the proper legal channels in Ireland.  This ruling was very troubling because it disregarded European digital privacy laws.  Unless this decision is reversed, it may encourage foreign countries to ignore U.S. privacy laws when demanding access to their citizens digital content that is located in the U.S.    

The passage of the LEADS Act is needed not only to better protect digital privacy, but also from a business perspective.  According to The New York Times, the U.S. cloud computing industry may lose tens of billions of dollars in business because international companies and governments have lost confidence in U.S. technology companies due to the NSA surveillance programs that Edward Snowden exposed in 2013.  Forrester Research has indicated that these losses could be as high as $180 billion dollars for U.S. based firms.

As a lawyer who focuses on privacy and cyber security matters, I have seen some of my clients change their communication habits based upon the information obtained from the NSA documents leaked by Snowden.  Even though I am a proponent of utilizing cloud platforms, due to the troubling state of our digital privacy protections and an increase in hacking incidents, I have been encouraging some of my clients to conduct more business in person and/or on the phone until the U.S. enacts stronger digital privacy laws.  In some instances, I am advising clients to go "old school" and send more physical packages via personal courier or a trusted commercial parcel service.

Unless there are digital exigent circumstances, the government should generally be required to obtain a warrant to access our electronic communications.  Since law enforcement officials generally need a warrant to search our physical homes and businesses, the same standard should apply to our digital homes and businesses.

The LEADS Act is a sensible bill that will help protect online privacy and bring digital public policy into the 21st century.  With more of our personal and business communications occurring digitally, it is imperative that our electronic communications receive the same protections as our "old school" pen and paper documents.

Copyright 2015 by Shear Law, LLC All rights reserved.  

Student Forced To Change Schools Because His Social Media Activity Indicated His Sexual Orientation

The Social Media Age has drastically changed how we interact with others and how we express ourselves.  For example, we may connect professionally on LinkedIn, like a product or service on Facebook, or we may film videos about our thoughts and activities and post them on YouTube.  These platforms were not available to us just 15 years ago.

While the Social Media Age has created tremendous new opportunities to do business, communicate with others, and express ourselves, there is also a dark side to all of this sharing and connectedness. Its plain old discrimination.  According to The Daily Mail, a Texas teen was told to delete his YouTube account and other social media accounts because it showed what the school alleged stated was a  "sinful" lifestyle.  This so called "sinful" lifestyle was that the teenager was gay.  Instead of deleting his social media accounts the student transferred to another school.     

This situation is very troubling and further demonstrates the need for students to have stronger privacy protections in the Social Media Age.  While it may be easy to identify a student based upon seeing them in a video uploaded to YouTube or other digital platforms, absent a student being required to authenticate their personal social media accounts it may be difficult to identify their Facebook or Twitter accounts because anyone can create a fake account.    

The bottom line is that students deserve stronger personal digital legal protections in the Social Media Age and schools should not be required to become the Social Media Police.  Maryland's  HB 210:  Educational Institutions-Personal Electronic Account-Privacy Protection which was introduced by State Senator Ronald Young would go a long way in achieving these goals.  The bill would help protect the personal digital privacy of students while at the same time providing schools a legal liability shield against claims that they have a legal duty to police their students' personal digital behavior.

To support MD HB 210 I urge you to reach out to Senator Young's office for more information. 

Copyright 2015 by Shear Law, LLC All rights reserved.

Emoji Evidence Important in Silk Road Trial

Have you ever sent a text or email with an emoji?  For those who don't know what an emoji is, it is a small picture that helps demonstrate an emotion.  Some examples include a smiley face or a frown that is included at the end of a text or inside of an email. 

An emoji or emoticon should only be inserted after carefully weighing the potential legal consequences.  Every time you insert a smiley face or frown in a text or email you need to realize that it may be utilized as digital evidence.  An emoticon may create tremendous legal liability for the sender.

For example, during the Silk Road trial emoji evidence has become an important issue.  While video and phone call/audio recordings have been introduced as evidence during legal proceedings for years, digital evidence is now coming into its own.  During the past 15 years, emails, text messages, and other digital created data has grown in importance.  This change has occurred since we now communicate more and more on digital platforms.

The bottom line is that not only may written or spoken words may come back to haunt someone in a legal proceeding but also alleged emotions based upon an emojis or other symbols.  Therefore, it is imperative to be very careful when utilizing emoticons and/or symbols on digital platforms.  

Copyright 2015 by Shear Law, LLC All rights reserved.