Accepting Guest Blog Posts

I have accepted a position that will not allow me to write in 2016. However, I want to continue to provide information on cyber, intellectual property (IP), social media, security, privacy, and technology law and policy to you all.  So…. I am accepting  submissions from guest bloggers!

Please send me your best cyber, IP and tech law and policy posts. Many of this blog’s followers are entrepreneurs, technophiles, tech novices, bloggers, social media user and those intrigued by tech, so please cater your posts to that audience. Please send posts to I will notify you if your post is selected.

Thank you for your submission, in advance, and more importantly, THANK YOU FOR READING!

I hope the readers find previous posts and any information others are able to provide in my absence helpful! And I look forward to returning in 2017!!

Why companies should beware of the BYOD movement and how to mitigate potential damage

BYOD (bring your own device) is a buzz word amongst company IT departments and policy makers.  BYOD is an employee-purchased and owned device (i.e., laptop, smartphone, tablet) that is connected to a corporate information network system or otherwise used to conduct company business. A recent Cisco study found that 90% of full-time American workers use their personal smartphones for work purposes. In this cyber age where privacy and cyber security are major concerns for employers and employees alike, BYOD is a proverbial minefield for those unaware of the legal, security and privacy risks.

Emerging BYOD Legal Risks

In this world of telecommuting and start-ups, many companies allow employees to use their own laptops and smartphones. Companies have thereby ended the Apple v. Android, Mac v. PC debates, a win-win for employees and their employees.  This all might sound great for both employers and employees, but as with any new invention, the risks of BYOD policies have not yet been resolved.  Nor have we seen any BYOD policies take center stage of a publicized legal dispute. We have, however, seen disputes arise over storing company data on personal devices. In Barrette Outdoor Living, Inc. v. Michigan Resin Representatives, the Court ordered an employee to pay $35,000 in sanctions for failing to preserve his cellular phone and deleting 270,000 company files from his personal laptop. Even when using a personal device, employees may have a duty to maintain corporate information if their employer goes to trial. Employees may face personal legal liability for actions taken while using their BYOD device.

Understanding BYOD Security Risks

When employees have access to company networks and data through their personal devices, the company becomes increasingly vulnerable to security and legal risks. Companies that allow broad access face the risk of employees to deleting company data and are susceptible to the carelessness of employees and third-party users. These users can be anyone from a child using a parent’s phone to office visitors connecting to the company wi-fi. When BYODs and third-party devices bypass security features normally applied to corporate devices, they are vulnerable to malware—a costly risk, particularly in regard to Android devices. Additionally, BYODs that bypass network security elevate the risk of non-compliance with data privacy laws and regulatory requirements.[1]

Mitigating Security Risks & Maintaining Employee Privacy

The most effective mitigation strategy will couple emerging tools with a BYOD policy to protect company assets and security, examples of which include:

  • Developing a BYOD policy that addresses ownership, password requirements, employee privacy, liability, limitations on access/use, search parameters and what situations trigger which reactions.
  •  Selectively publishing company data to new mobile apps; users get the data they need, and the company has greater control over data security.
  • Requiring device encryption.
  • Installing software to track which documents employees download.
  • Installing technology to wipe only corporate settings, data and apps to protect business assets while leaving personal data and settings intact.
  • Exploring geo-fencing to protect company information and prevent data breach by disabling device features such as the camera within company space.

Use and implementation of these tools will depend on company needs but should be considered to mitigate legal, security and privacy risks.


To see more from me on this issue visit:

Security Risks & the Healthcare Roll Out

Anticipation of the healthcare roll-out tomorrow, October 1, 2013, has sparked heated debate and concern over costs, employer rescission of benefits, and questions about the Health Insurance Marketplace. One question, raised by the FTC and other stakeholders, remains to be fully addressed: What security measures will be put in place to protect Marketplace consumers from identity theft?

The new Health Insurance Marketplace allows you to fill out an application and see all the health plans available in your area. While all insurance plans are offered by private companies, the Marketplace is run by either your state or the federal government. As designed, consumers create an account online or over the phone with a “navigator.”  Under the Affordable Care Act (ACA), the government is training additional customer service professionals to help consumers “navigate” the Health Insurance Marketplace. To create an account, participants must provide their personal data such as household size, income, passport, address, and potentially a social security number for every member of the household that needs coverage. 

What measures are being taken to dispose of information gathered by customer service professionals? What safeguards are in place to prevent identity theft? Scammers are already calling consumers and pretending to be navigators to gather their personal information.  How will consumers know the difference?

​How to protect yourself in the interim:

  • Do not give personal information to cold calls or emails from navigators or others representing themselves as part of the Marketplace.
  • ​If you call-in or seek help in person, ask navigators what the internal policy is on handling your personal information. 
  • Share the least amount of information necessary when shopping for health plans.

For more information about the healthcare roll out visit

Update October 1, 2013: The government has released the following on avoiding consumer fraud

iPhone Touch ID hacked already??

YAY! iPhones are more secure…. or are they? The new iPhone 5s touts a security feature currently unheard of in the mobile phone space, finger print access or Touch ID. Will this added security feature make the iPhone a leader in mobile security?The Chaos Computer Club – a Germany-based group of computer hackers – claims to have fooled Apple’s Touch ID fingerprint technology, which debuts on the new iPhone 5s. The YouTube video demonstrating the trick is entitled “hacking iphone 5S touchID” (and is  being reported by some organizations similarly although not quite “hacking”). Do consumers really have anything to worry about?


In a blog post describing the procedure, Chaos Computer Club says:

A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.

The one minute video shows someone using their index finger to register Touch ID on a newly set-up iPhone 5s. Once the setup has been completed, they then apply a tape to their middle finger which, presumably, contains a transfer of the index fingerprint. That unlocks the phone.

The process is tedious and a bit complex for the average person so this isn’t a procedure that someone is likely to casually reproduce just for the sake of unlocking your phone. ​

Frank Rieger, spokesperson for the CCC explained saying, ​‘We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can’t change and that you leave everywhere every day as a security token.​’

Apple maintains its fingerprint lock technology “provides a very high level of security,” and the iPhone maker’s website says there is a one in 50,000 chance of two fingerprints being alike.

Apple says the fingerprint lock is just for convenience, and that a passcode should be used to provide additional security.

​Beyond someone taking your phone long enough to hack it there are additional concerns. Lets start with law enforcement. ​A suspect’s smart phone is a potential wealth of information, but a suspect cannot be compelled to disclose the passcode. Fingerprints, however, may be taken against a suspect’s will or on file with the police department. How will this access to the ability to unlock the phone be used to bypass regulations on access to passcodes?

Most of us aren’t hiding illegal information on our phones or leaving our phones alone long enough to have our fingerprints copied and our phones unlocked. However, the iPhone has only been out for less than a week…  How will this further develop? What additional concerns will be uncovered? Does this make you nervous? Or is this just as secure as the simple easily decipherable 4-digit passcode of iPhones past? Will bad actors be able to hack your phone and access a copy of your fingerprint and use for their purposes?

​If you are concerned about security I suggest that you use both Touch ID and a passcode to secure your iPhone.​

Instant Message Banter or Contract Formation?

Contract formation tends to be misidentified as a tedious process with lots of drafts, exchanging paper and signing of a final deal. However, it’s not as formal as most people think. As a ruling by a federal court in Florida demonstrated you can make or modify a contract with a few words transmitted by instant message (IM).

Because a signed formal document isn’t essential for a legally effective contract parties must be cautious about exchanging promises and the discussions they engage in outside of formal negotiations. Only certain kinds of contracts need to be in writing. Other contracts can be formed orally or through a course of dealing or exchange of forms. Contract formation requires: one party to make an offer, the other party must accept the offer, and consideration (something of value, must be exchanged). That’s it! That combination of requirements can happen orally or in writing. Not to mention, that as technology evolves, the definition of a writing expands to include all forms of communication such as emails, text messages and instant messages.

iChat Crazy

In the case at hand, Smoking Everywhere Inc. sells electronic cigarettes. It contracted with CX Digital Media Inc., in August 2009, for Internet advertising, agreeing to pay $45 for each completed sale it obtained through CX Digital’s Internet ads, for up to 200 sales per day.

One month later, Smoking Everywhere’s vice president for advertising engaged in an instant message conversation, during the course of a full workday, with an account manager at CX Digital. Toward the end of the day, after discussing the testing of new ads and new URLs, these messages were passed back and forth, within a stream of IMs over a two-hour period:

Account manager: We can do 2000 orders/day by Friday if I have your blessing.
Advertising VP: NO LIMIT.
Account manager: awesome!

Following this dialog, CX Digital stopped using the 200 sales/day limit, and began making an average of 1,200 referrals per day. When CX Digital billed Smoking Everywhere for the higher volume, however, Smoking Everywhere refused to pay.

The court held that the IM exchange demonstrated the clear intent to remove the prior daily referral limits, and thereby modified the contract:

A close reading of the instant messages and careful consideration of the behavior of the parties during the conversation indicate clear assent on the part of both parties to stop sending traffic to the ‘old’ ecig link and to begin sending the traffic to the two new URLs.

This two-word contract change resulted in $1,235,655 in damages.

Bottom line: Be careful with all informal communications such as text message, instant message, tweets, Facebook comments, etc. You can easily form a binding contract through the course of conversation.

Written contracts are the currency of business dealings, and although many companies insert clauses that say contracts cannot be modified without a signed writing (signed by authorized representatives). Business representatives increasingly engage in informal communications, in the short time after their conversation, CX acted in reliance of the modification, and as a result Smoking Everywhere ended up in a binding agreement.

Both in your professional and personal life be careful every time you engage in an exchange of “promises.” The last thing you want to do is bind yourself or your employer to an agreement. Employees with positions that are easily perceived to have decision-making power should be especially careful. If you are discussing terms of an existing contract or a potential sale or service be very clear that you are not forming a contract and that you are merely negotiating potential terms.

Snapchat images may come back to haunt you!

Snapchat is a mobile phone application intended to allow users to send photos to their friends and limit the amount of time for which the photos can be viewed.  Once the allotted viewing time has elapsed, Snapchat is supposed to delete the photos entirely from the recipient’s device as well as from Snapchat’s servers so that it cannot be accessed again. Many users send images to protect their privacy while enjoying the ability to share an image with another for brief intervals. Usually the user places a high value on the claim of permanent deletion following the reveal of the image. Snapchat has even implemented mechanisms to let sends know if recipient’s take screenshots of the images.Snapchat currently reports that its users send 150 million “snaps” per day a sign of its rising popularity. The question is are your snapchats really deleted?

Way back when Snapchat was first launched, Buzzfeed discovered a loophole that allowed cached Snapchat videos to be rewatched on an iOS browser like iFunBox. In response, Snapchat founder Evan Spiegal told Buzzfeed, “The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service. There will always be ways to reverse engineer technology products — but that spoils the fun!”

The Electronic Privacy Information Center (EPIC), a self-described public interest research center focusing on privacy issues and consumer advocacy, filed a complaint with the Federal Trade Commission (FTC) on May 16, alleging that Snapchat’s representations that its users’ photos “disappear forever” once viewed by a recipient are deceptive and likely to mislead consumers.  The complaint alleges violations of Section 5 of the Federal Trade Commission Act and requests the Commission to investigate.

The complaint alleges that Snapchat does not delete a file after its been viewed instead Snapchat adds “.nomedia” extension tot he end of the file name which renders the file unviewable. However, any tech-savvy user could alter the file name by removing the “.nomedia” extension and the files are again viewable.

Since launch, Snapchat has slowly but progressively admitted that the app isn’t actually as privacy-friendly and secure as it’s made out to be. In fact Snapchat recently published a point-by-point blog post going over how it stores and deletes Snapchat data, with the tender warning at the very bottom that says, “If you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted. So … you know … keep that in mind before putting any state secrets in your selfies :)”

Snapchat’s policies do not describe this process and do not advise users that the files are recoverable.  Snapchat’s privacy policy does, however, state that “[a]lthough we attempt to delete image data as soon as possible after the message is received and opened by the recipient. . . we cannot guarantee that the message contents will be deleted in every case “  For example, the policy goes on to state, “users may take a picture of the message contents with another imaging device or capture a screenshot of the message contents on the device screen.”

The complaint alleges that Snapchat’s representations to users “that photos sent using its app would be deleted after a user-designated amount of time” are “likely to mislead the reasonable consumer” and that those representations are material.  In addition to asking the FTC to investigate Snapchat’s claims that users’ images are permanently deleted, the complaint asks that the FTC require Snapchat to make improvements to its security practices to successfully delete users’ photos and to cure any deceptive statements about its services.

What does all of this mean for you?

BE CAREFUL!  As I continue to stress when dealing with social media, your content never really goes away! Everything online lives on.  This app is not an exception, at least not yet.

However, there is a lot of skill and effort involved in retrieving these images it is not likely that most recipients will expend the time and energy necessary to recover old images. They are more likely to screenshot the image upon receipt.

Lets be honest, Snapchat is a common medium for sexting and sending other inappropriate content… If you have to send it via Snapchat, can the recipient really be trusted and even more is it worth finding out?

Social Networking Online Protection Act: Will this Protect your Social Media Privacy Rights?

Representative Eliot Engel (D-NY) introduced the “Social Networking Online Protection Act,” H.R. 537 to Congress in February.  This bill would be the national version of the social media privacy laws popping up in states nationwide. Increasingly employers and other authority figures have asked employees and others to turn over their username or passwords for their personal accounts. State legislators began introducing legislation in 2012 to prevent employers, colleges, etc. from requesting passwords to personal Internet accounts—including email, banking and social networking sites—in order to get or keep a job or regulate student activity.

Unlike most of those state laws, the bill would also protect passwords to email accounts. Seven states, California, DelawareIllinoisMaryland, Michigan, New Jersey and most recently Utah, currently have social media privacy laws on the books prohibiting requesting or requiring an employee, student or applicant to disclose a user name or password for a personal social media account. California, Illinois, Maryland, Michigan, and Utah laws apply to employers. California, Delaware, Michigan and New Jersey have laws that apply to  academic institutions.

Will this bill solve the privacy issues that occur when an employer or academic institutions requires revealing your password for your personal account?

Limits must be set for how and when authority figures such as employers, coaches, professors, etc, can access private social media information. Anything made public by the user is fair game because that is the information they have elected to present to the world. Reputation and public persona are important to potential and current employers and university officials because that information can affect public perception of them.  Although our online image is important and can provide a lot of information about an individual, the information that’s private should be kept that way.  A private photo album on Facebook can be likened to a photo albums kept at home vs. photos you display at work or in a public album online.  Privacy is a fundamental right and should be preserved.

Lets take a closer look at a few key points of the bill…

Under the federal bill social networking is defined as:

“[A]ny Internet service, platform, or website that provides a user with a distinct account–

“(A) whereby the user can access such account by way of a distinct user name, password, or other means distinct for that user; and

“(B) that is primarily intended for the user to upload, store, and manage user-generated personal content on the service, platform, or website.”

Defining “social networking” or “social media” could be problematic with the discrepancy between the rate of evolution of social media and the rate of evolution of the law.  Maryland’s approach of  focusing on whether the circumstance at hand involves a user name or password, and leaves vague the nature of the account or service to which the user name or password relates might be better for keeping this law relevant long term.

The bill does specify that it must be a personal account preserving and employer’s interest in accounts the own or accounts operated by employees for business purposes.  Employees and students should be careful not to mix business and personal accounts. Accounts where the line between business and personal will be where the limits of this law are fleshed out.

Enactment of the law would curtail the need for more sate laws on the issue and provide uniform protect. Uniform standards make drafting policies a lot easier for employers and universities.  They also help users know the limits of their protection nationwide, there are no worries of where to bring a suit if you feel your privacy rights have been violated in this way.

Some wonder if this is a matter for federal law?  Well, I think the answer lies in the answer tot he question “Whose job is it to protect the privacy rights of American citizen?”

My answer to the question indicates that Congress is well with its bounds.  What do you think?

Should Judges be able to Use Social Media?

“Should judges be able to use social media?”
When I first posed this question my answer was a resounding yes. As long as they’re operating within professional bounds why not be able to enjoy the medium that has taken the world by storm. Such a perspective might even be beneficial when making decisions that will increasingly incorporate social media.

My answer tot his question became less clear when I heard the story of a Judge caught sending improper IMs to his wife during court. Is this wrong? Well at first glance, no. He’s chatting with his wife which in this day and age is to be commended in and of itself. However, as you continue to think through the issue a bigger problem presents itself. When the judge presiding over your case is so distracted by sexual messages to his wife, are you being afford a fair trial? This is where my opinion changes and I decided to explore details of this story.

A New Mexico judge, Eugenio Mathis of Las Vegas, N.M., admitted that he had engaged in “excessive and improper” instant messaging with his wife, but denied that any communications included intimations of courthouse sex, the Albuquerque Journal reports. The Santa Fe New Mexican and the Associated Press also have stories on Mathis’ subsequent resignation.

According to the Albuquerque Journal:

A thick packet of chat logs, presumably between Mathis and his wife, were filed at the Supreme Court as part of the Judicial Standards Commission’s petition to discipline Mathis.

In the messages, the chatters talk about dinner plans, flirt, ask each other how their day is going, discuss paying bills and gossip about their co-workers at court.

The log shows someone making a comment about making “hanky panky” while someone tests the court’s alarm system.

“Don’t come knocking if the jury room is rockin’,” one message reads.

It can be difficult to determine from the logs who is saying what, but one such interaction appears to show the chatters joking about denying a juror’s request to be excused to attend a funeral.

The problem with this, according to the Supreme Court filings by the Judicial Standards Commission, is that these conversations take place over the state court’s instant messaging service in violation of a computer and Internet use policy.

In the motion, Mathis also admitted to violating the code of conduct by making “judicial statements” about pending cases, referring to a petitioner in a name change case as “weird” and failing to cooperate with other judges “in the proper and orderly administration of court business.”

One of these comments included referring to parties in a domestic violence hearing as acting crazy.

When you accept the role of judge you are held to a higher standard, not only by virtue of the job but according to the ethical and moral standards to you swear to uphold. We’ve all gotten bored at work or wanted to have notwork-related conversation but as a judge you are not afforded such a luxury.  Beyond that you open up the proceeding to additional scrutiny. Any party to a proceeding he was trying during these messages has grounds to petition for a mistrial.The American Bar Association (ABA) recently released a formal opinion discussing the use of social media by judges.  See American Bar Association, “Judge’s Use of Electronic Social Networking Media,” Formal Op. 462 (Feb. 21, 2013).  In short, the ABA stated that a judge may use social media, but like other offline contacts and professional relationships, he or she must comply with applicable ethical rules and not engage in any behavior that would undermine the integrity or impartiality of the court.  This judge definitely crossed this line and is unfortunately suffering the consequences.
In my opinion, judges should be able to use social media but the degree of use, time of use, and computer used should be well thought out. Sometime we must sacrifice certain luxuries for our dreams and maybe social media use is one of the luxuries that must be sacrificed to pursue our passions.When using social media be aware of the obligations of your position and determine if the risks outweigh the benefits or at least modify your use accordingly.  Even judges can get in trouble for social media & internet use. This should be a warning to everyone. Keep your social media use to minimum at work and especially on your work computer.

What do you think? Should judges be able to use social media??

A Thin Line Between Love & Hate: Social Media Edition

Social media has invaded our lives! It has become an integral part of our socialization, self promotion, leisure and now our work.  This invasion into our work lives comes with numerous pitfalls. Many of which I’ve discussed on this blog before (Who Owns Your Profile?: Be Careful How & Where You Use Social Media, NLRB Decision #2: Be Careful What You Post on Social Media!, Social Media: Personal Expression or Supplement to Your Resume?, and NLRB Issues First Social Media Decision – What Does this Mean?)

As cases of employees loosing their job because the medium they love has “betrayed” them continue to pop up, I urge you again to be careful what you post. Revealing too much information can get you fired! There is a voyeuristic nature and a desire to share and stay connected in today’s society that has made social media (and reality tv – but that’s a topic for another day) popular. That desire is normal and appropriate within reason. Share about your mall trip and the new clothes you purchased, connect with old and new friends, share photographs but make sure that your social media persona matches your professional persona or you can run into trouble. Remember this information never goes away…


Here are a few individuals who have lost their jobs because of the information they’ve posted on the sites they love.  Learn from their mistakes. A Michigan nurse and a Washington barista both lost their jobs because of over-sharing on social media.  The nurse was fired for FMLA fraud after the hospital where she worked saw Facebook pictures of the Mexican vacation she took while still on leave. The barista was fired for using his blog as a forum to insult his customers and boss.

Recently, a tenured New Jersey schoolteacher named Jennifer O’Brien was fired after she vocalized the following opinions about her students on her private Facebook page (from opinion PDF):

I’m not a teacher – I’m a warden for future criminals!

They had a scared straight program in school – why couldn’t [I] bring [first] graders.

Understandably, students’ parents and the principal found her comments offensive, and instantly challenged her continued role as an educator.

In response to being charged with “conduct unbecoming a teacher,” O’Brien argued that her expression should be protected by the First Amendment’s right to free speech. However, free speech only goes so far in the work environment, as defined by the Pickering Test.  Another one bites the dust…

  1. Free speech only goes so far when it comes to your job, especially if you are a public employee.
  2. Review everything before you post. This information is out there forever so make sure it aligns with your current interests and your future interests.  This is especially for true for the generation growing up only knowing the access that comes with phenomena like social media.  Many of these individuals lack the desire for privacy and the awareness of the consequences of over sharing that is important in a professional context.
  3. Some opinions should be kept to yourself or at least not posted on the internet.  Although you are entitled to your opinion, there are consequences for our actions. Make sure that the opinions you state are either uncontroversial or worth taking a stand for.
  4. Check the privacy settings on your social medium. Know what your settings are and who you allow to see your posts. Making accounts widely available is not bad, just act accordingly. Although, “private” accounts are not an excuse to make reckless, defamatory, or inappropriate comments. Your profile or account should always reflect the persona you carry with you every day especially your professional persona.
  5. Always ask yourself “What if my [boss, potential boss, parents, grandparents, children, etc] were to see this post?”  If you would be embarrassed, in trouble, or in any way uncomfortable then maybe you should reconsider posting that item.
Its hard when the things we love turn around and “betray” us. The nice thing about social media is we are in control of our message and as long as we post consciously and in consideration of the big picture social media can remain a safe and fun space to engage with family, friends, and whoever else you decide. Remember there is a thin line between love and hate… Don’t let your actions turn social media from a friend to an enemy.

Good luck!

Do you deserve overtime pay for that email???

How many times have you answered an email after hours?  Is there such thing as “after hours”?  In today’s mobile society, the blessing and curse of smartphones and email is the level of accessibility. Employers are able to capitalize on this accessibility and reach new heights of productivity. When the amount of time an employee is inaccessible is decreased to maybe the time they are sleeping, companies experience increased productivity and near 24/7 operation.  Why not take full advantage?

Great for them not necessarily for us. Now that this level of accessibility is the norm, it is hard to set limits on when you can and cannot be reached without potentially limiting your upward mobility within the company. In this hyper competitive job market, we all know that the smallest things can make the largest difference. No one can afford to lose their competitive edge because they refused to answer an email after 6pm.

Sgt. Jeffrey Allen is suing the City of Chicago for answering his “required to use” department Blackberry when he’s off-duty.  And he’s not the first. Jason Swart and Justin Foley, officers in Yorktown Police Department’s K-9 Unit, have sued the Town of Yorktown for additional overtime incurred while caring for their police dogs.

These suits bring up an interesting conundrum that we often face because the law is always significantly behind technology.  Employment & labor laws do address this kind of issue. One email should not qualify for overtime especially if it is a brief and easy response; but at what point does responding to emails and phone calls outside of working hours violate the rights of employees? How do you quantify the number of emails that result in an hour of overtime or the depth of thought necessary when responding? Can an employee charge for every tenth of an hour used or should they wait until they’ve done at least 30 minutes of outside work?  And what will be the response of employers? Is the chance for overtime worth sacrificing a salary and likely having your base pay cut to account for potential overtime?  If you begin to nickel and dime your employer, will they adopt the same approach? How will that manifest itself? Decreased flexibility? Strict time requirements for assignments? Less incentives?

This could become a hot button issue as technology continues to penetrate the lives of employees and as employers seek to control such use both inside and outside the office.

What do you think?