How Much of Your Data can Apple Hand to Law Enforcement?

We are all aware (or at least we should be) that our telecom providers are handing over our data to the police when necessary. Well have you ever wondered just how much and what it takes to get that data? iphone-privacy-2011-04-06-1302104043Apple posted their new guidelines describing what data the company can provide to law enforcement and the processes for requesting that data.

The document breaks it down into two basic types of data: information stored on Apple’s servers and information stored locally on iOS devices.  I have outlined the kinds of data and how they can be obtained in a chart below.

Essentially anything you’ve backed up to or stored on iCloud is available for Apple to provide to law enforcement, including connection logs and IP addresses you’ve used. Additionally a lot of the data associated with your Apple ID is available as well. Therefore, any information you’re providing Apple is available for them to pass along. This is something to consider when deciding if or what to back up on iCloud.  You may want to avoid backing up sensitive company data or private information on iCloud. Some information cannot be avoided, such as anything associated with your Apple ID.

Can they access data on my iOS device???

Yes. Apple can bypass security passcodes on our iOS devices to extract “certain categories of active data,” though it apparently cannot bypass that protection entirely. If provided with a valid search warrant, Apple can hand over SMS messages, pictures and videos, contacts, audio recordings, and your phone’s call history, but it can’t access e-mails, calendar entries, or information from third-party applications. Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage.

Will I know if this is happening?

Maybe. The guidelines state that Apple will “notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself.” Apple will also avoid notifying users if the company “believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment,” though this is entirely up to Apple and not to the law enforcement agencies involved. These notification requirement will help prevent random and unfounded searches.

What is missing?

The policies and capabilities surrounding iCloud Keychain, iMessages and FaceTime calls are unclear and disputed. Apple claims iMessage & Facetime are encrypted but there is some speculation otherwise.

Is this unusual?

No, other tech companies have similar policies. For example, Google provides a similar “Transparency Report” outlining the types of data available to law enforcement. The notification policy is new and several other tech giants, including Facebook and Microsoft, have already indicated that they plan to expand their policies on notifying customers whose data has been requested by law enforcement

 

Where is the Data? Type of Data Means to Obtain Data Restrictions
Information stored on Apple Servers Data Associated with your Apple ID contact inormation obtainable with a subpoena or greater legal process
customer service records
transaction history both in store & online
iTunes gift card information
Data Associated with your iCloud Account connection logs & IP address used Any iCloud information that the user deletes cannot be accessed.
60 days of iCloud mail logs that “include records of incoming and outgoing communications such as time, date, sender e-mail addresses, and recipient e-mail addresses” e-mail logs require a court order or search warrant
any e-mail messages that the user has not deleted requires a search warrant
any other information that can be backed up to iCloud – As of this writing, this list includes contacts, calendars, browser bookmarks, Photo Stream photos, anything that uses the “documents and data” feature (which can include not just word processors but also photo and video apps, games, and data from other applications), and full device backups
Information stored locally on iOS devices SMS messages requires a search warrant – Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage. Cannot access e-mails, calendar entries, or information from third-party applications
pictures and videos
contacts
audio recordings
phone’s call history

Bitcoin: How will this new “currency” affect you?

The other day I was making a purchase online and listed along with the other payment options– pay pal and credit card– was bitcoin…. What’s a bitcoin?  Can you actually use this to make purchases? Is this form of payment secure? How do I get bitcoins?

What is a Bitcoin?
 

A bitcoin is a form of virtual currency that only operates in cyberspace.

A virtual currency can be defined as a type of unregulated, digital money, which is issued and usually controlled by its developers, and used and accepted among the members of a specific virtual community. In 2009, the “Bitcoin” network was launched, introducing a worldwide virtual currency.

Bitcoin permits buyers and sellers to interact anonymously to facilitate instantaneous payments for goods and services, without the involvement of a third-party such as a bank. Bitcoin may be purchased to start but you must “mine” bitcoins. Mining is a resource-intensive processes where miners use special software to solve math problems and are issued a certain number of bitcoins in exchange.  Here are a few interesting facts about Bitcoin:

  • Bitcoin is typically stored on a user’s personal computer or in cloud based accounts called “wallets.”
  • Bitcoin wallets do not meet the UCC’s definition of a deposit account as they are not maintained with a bank.
  • Bitcoin wallets are not insured by the FDIC.​
  • Bitcoin has a high likelihood for extreme value fluctuations.
  • Bitcoin is gaining popularity.
 
The Warning!
On March 11, 2014, FINRA issued an Investor Alert to caution investors of the “significant risks” of buying and speculating in bitcoin and other digital currencies, as well as the risk of fraud and cybercrime related to online bitcoin exchanges and other bitcoin-related service providers.
Specifically, the alert outlines several risks surrounding the usage of and speculating in bitcoin, including:

  • Bitcoin and other digital currencies are not legal tender and if the trust built up among individual users and businesses should vanish, bitcoin would be valueless.
  • Online exchanges that allow users to buy and sell bitcoin and digital wallet services that allow users to store bitcoin are magnets for cyberthieves.
  • Because bitcoin transactions are essentially anonymous, users must take extra care to avoid fraudsters posing as legitimate services.
  • Bitcoin has been used for illicit transactions and such activities could impact users and speculators if an online exchange or service is shut down by law enforcement.
  • Price volatility has been bitcoin’s hallmark in recent years, and there is no uniform value of bitcoin across the various exchanges.

Is bitcoin the future?
Given the variable nature of bitcoin, it’s hard to foresee the future. Many questions remain: How will state or federal legislators regulate the bitcoin system?  Will volatility and data security destroy confidence in bitcoin?  Will bitcoin emerge as a standard payment option, remain a niche product, or otherwise become less interesting, but more predictable under new regulations? Will the average consumers embrace this new currency?

 
​Should Small Business Owners Use Bitcoin?
I would caution against it if your company will not survive the associated risks and building the necessary infrastructure. Accepting bit coin will necessitate updates to refund and exchange policies, calculation of sales tax, when to lock in the rate, etc.  Additionally, users will need to monitor developing regulations and consumer perception of bitcoin.  This volatility can be hard on sellers especially small sellers that rely on every dollar to survive and thrive. 
 
The retailers and other businesses that have announced that they are accepting bitcoin as payment are not established “brand” names that perhaps have a higher risk tolerance. One exception may be Overstock.com.  The major brands may soon follow. We have seen Vegas casinos, and Congressman accepting bitcoin.  But it seems the major brands are waiting to see how legislation develops,how consumer opinion develops, if the value will stabilize, etc before dabbling in a currency that offers little to no stability. The companies using bitcoin are predominately brands that have the benefit of anonymity, are seeking publicity or have a consumer base that is actively using bitcoin and will understand the volatility. Unless you run a tech business that caters to the bitcoin-savy, use caution when exploring new payment options. Your budding company may not bounce back from a dive in the value or new regulations that may emerge. Build a strong brand and strong consumer base then consider taking risks. Bitcoin may not be going away anytime soon but asses legal/regulatory, commercial/financial, and reputational risks before deciding whether to make bitcoin a part of your business.

 

Do Not Track Me… But Cater to Me

We have all become accustomed to having our technology cater to most of our needs in very personal way. However, we all desire to retain a certain amount of privacy.  For example, our cellphones track our every move and click while occasionally make calls – and yet we would be lost without the maps and ability to request anything from “Siri.” Our cable boxes may bring our favorite shows and movies but they also report back to providers all of your family’s television viewing habits.  We all appreciate the convenience that customization provides however that means a loss of privacy….

Why Are We Worried?
The latest buzz word is the The Internet of Things (IoT). What is that? “The Internet of Things” refers to the concept that the Internet is no longer just a global network for people to communicate with one another using computers, but it is also a platform for devices to communicate electronically with the world around them. The result is a global “network of physical objects that contain embedded technology to communicate or interact with people, things, and the external environment. It includes everything from traffic sensors to refrigerators, thermostats, medical devices, and wristwatches that can track or sense the environment and use the data they collect to provide a benefit, or transmit the data to a central repository for analysis, or both.”

This network of objects enables providers of goods and services to use your personal behavior to profile and evaluate your activities and habits.  The Internet of Things will result in increased data collection, amplifying the importance of simplifying choices and giving control to individuals with real-time notices. Transparency will facilitate consumer understanding of the collection, use and sharing of personal data. However, there is a real danger of data being used in unexpected ways. The Internet of Things has created a potential perfect storm of four major information policy concerns: online safety, privacy, security, and intellectual property issues. The goal is to determine what “reasonable” expectations regarding data usage should be, and then manage consumer expectations accordingly. Measures ensuring the network’s resilience to attacks, data authentication, access control and client privacy need to be established.  An ideal framework would consider the underlying technology and involve collaboration on an international scale.

The need to balance reasonable activity on the Internet and use of The Internet of Things with responsible privacy protections is exponentially increasing. This balance is extremely important because the last thing we want is to stifle innovation by over legislating this area.

Laws to Watch
At least 14 states have proposed legislation on the 2014 docket that is intended to increase privacy protection for consumers and limit both government and private sector surveillance via the Internet of Things. At the federal level, several bills are already making their way through Congress.

State
AB370, an amendment to the California Online Privacy Protection Act of 2003 (“CalOPPA”). CalOPPA requires owners of commercial websites and online service providers (“operators”) to conspicuously post a privacy policy. The privacy policy must disclose to consumers, among other things, the categories of personally identifiable information (PII), such as name, hone address, email address, social security number,  the operator collects and with whom the operator shares such information. Operators affected by CalOPPA include website operators and, as interpreted by the California Office of Attorney General, operators of software and mobile apps that transmit and collect PII online.

Federal 
The Black Box Privacy Protection Act is a bill in front of Congress that prohibits the sale of automobiles equipped with event data recorders-unless the consumer can control the recording of information. Additionally, the data collected would belong to the vehicle owner.

The We are Watching You Act is a bill in front of Congress that requires the operator of a video service (such as a DVR or Xbox) to display the message “We are watching you” as part of the programming provided to the consumer prior to the device is collecting visual or auditory information from the viewing area. This is not likely to pass but its a sign of legislation to come.

The Federal Trade Commission (FTC) has this phenomenon on its radar, it hosted an all-day workshop entitled, “Internet of Things: Privacy and Security in a Connected World in November. The FTC has also released a number of reports and guidelines that direct business on how to protect consumer privacy.

International 
With Internet Governance on the forefront of international discussion, international “Internet of Things” legislation is not the priority and likely to be left up to each country to decipher. International collaboration on issues like this early is one out come I hope comes from these Internet Governance talks…. but we’re a long way out from that happening.

The examples listed are a narrow sampling of privacy legislation designed to protect users from unwanted intrusions. Most notably, states have passed a number of laws protecting privacy rights in recent years.

Conclusion
The Internet of Things will bring tremendous new benefits to consumers but we must balance the need for consumer privacy. State, federal and international regulators must work to restrict government and private-sector collection and control of the data IoT will create. In the meantime, make sure you are aware of the information you provide through your IoT. Explore privacy settings and read privacy policies if you are concerned about sharing too much data with providers. Know what your priorities are as it relates to customization and privacy. If you value convenience and do not mind a prying eye or two, if it means a personalized user experience, share your data freely. However, if you value preserving your privacy be proactive about doing so until lawmakers can find the appropriate balance. Do not shun technology just educate yourself.

Why companies should beware of the BYOD movement and how to mitigate potential damage

BYOD (bring your own device) is a buzz word amongst company IT departments and policy makers.  BYOD is an employee-purchased and owned device (i.e., laptop, smartphone, tablet) that is connected to a corporate information network system or otherwise used to conduct company business. A recent Cisco study found that 90% of full-time American workers use their personal smartphones for work purposes. In this cyber age where privacy and cyber security are major concerns for employers and employees alike, BYOD is a proverbial minefield for those unaware of the legal, security and privacy risks.

Emerging BYOD Legal Risks

In this world of telecommuting and start-ups, many companies allow employees to use their own laptops and smartphones. Companies have thereby ended the Apple v. Android, Mac v. PC debates, a win-win for employees and their employees.  This all might sound great for both employers and employees, but as with any new invention, the risks of BYOD policies have not yet been resolved.  Nor have we seen any BYOD policies take center stage of a publicized legal dispute. We have, however, seen disputes arise over storing company data on personal devices. In Barrette Outdoor Living, Inc. v. Michigan Resin Representatives, the Court ordered an employee to pay $35,000 in sanctions for failing to preserve his cellular phone and deleting 270,000 company files from his personal laptop. Even when using a personal device, employees may have a duty to maintain corporate information if their employer goes to trial. Employees may face personal legal liability for actions taken while using their BYOD device.

Understanding BYOD Security Risks

When employees have access to company networks and data through their personal devices, the company becomes increasingly vulnerable to security and legal risks. Companies that allow broad access face the risk of employees to deleting company data and are susceptible to the carelessness of employees and third-party users. These users can be anyone from a child using a parent’s phone to office visitors connecting to the company wi-fi. When BYODs and third-party devices bypass security features normally applied to corporate devices, they are vulnerable to malware—a costly risk, particularly in regard to Android devices. Additionally, BYODs that bypass network security elevate the risk of non-compliance with data privacy laws and regulatory requirements.[1]

Mitigating Security Risks & Maintaining Employee Privacy

The most effective mitigation strategy will couple emerging tools with a BYOD policy to protect company assets and security, examples of which include:

  • Developing a BYOD policy that addresses ownership, password requirements, employee privacy, liability, limitations on access/use, search parameters and what situations trigger which reactions.
  •  Selectively publishing company data to new mobile apps; users get the data they need, and the company has greater control over data security.
  • Requiring device encryption.
  • Installing software to track which documents employees download.
  • Installing technology to wipe only corporate settings, data and apps to protect business assets while leaving personal data and settings intact.
  • Exploring geo-fencing to protect company information and prevent data breach by disabling device features such as the camera within company space.

Use and implementation of these tools will depend on company needs but should be considered to mitigate legal, security and privacy risks.

 

To see more from me on this issue visit: http://techpageone.dell.com/technology/byod-policies-tangle-hr-legal/

Snapchat images may come back to haunt you!

Snapchat is a mobile phone application intended to allow users to send photos to their friends and limit the amount of time for which the photos can be viewed.  Once the allotted viewing time has elapsed, Snapchat is supposed to delete the photos entirely from the recipient’s device as well as from Snapchat’s servers so that it cannot be accessed again. Many users send images to protect their privacy while enjoying the ability to share an image with another for brief intervals. Usually the user places a high value on the claim of permanent deletion following the reveal of the image. Snapchat has even implemented mechanisms to let sends know if recipient’s take screenshots of the images.Snapchat currently reports that its users send 150 million “snaps” per day a sign of its rising popularity. The question is are your snapchats really deleted?

Way back when Snapchat was first launched, Buzzfeed discovered a loophole that allowed cached Snapchat videos to be rewatched on an iOS browser like iFunBox. In response, Snapchat founder Evan Spiegal told Buzzfeed, “The people who most enjoy using Snapchat are those who embrace the spirit and intent of the service. There will always be ways to reverse engineer technology products — but that spoils the fun!”

The Electronic Privacy Information Center (EPIC), a self-described public interest research center focusing on privacy issues and consumer advocacy, filed a complaint with the Federal Trade Commission (FTC) on May 16, alleging that Snapchat’s representations that its users’ photos “disappear forever” once viewed by a recipient are deceptive and likely to mislead consumers.  The complaint alleges violations of Section 5 of the Federal Trade Commission Act and requests the Commission to investigate.

The complaint alleges that Snapchat does not delete a file after its been viewed instead Snapchat adds “.nomedia” extension tot he end of the file name which renders the file unviewable. However, any tech-savvy user could alter the file name by removing the “.nomedia” extension and the files are again viewable.

Since launch, Snapchat has slowly but progressively admitted that the app isn’t actually as privacy-friendly and secure as it’s made out to be. In fact Snapchat recently published a point-by-point blog post going over how it stores and deletes Snapchat data, with the tender warning at the very bottom that says, “If you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted. So … you know … keep that in mind before putting any state secrets in your selfies :)”

Snapchat’s policies do not describe this process and do not advise users that the files are recoverable.  Snapchat’s privacy policy does, however, state that “[a]lthough we attempt to delete image data as soon as possible after the message is received and opened by the recipient. . . we cannot guarantee that the message contents will be deleted in every case “  For example, the policy goes on to state, “users may take a picture of the message contents with another imaging device or capture a screenshot of the message contents on the device screen.”

 
The complaint alleges that Snapchat’s representations to users “that photos sent using its app would be deleted after a user-designated amount of time” are “likely to mislead the reasonable consumer” and that those representations are material.  In addition to asking the FTC to investigate Snapchat’s claims that users’ images are permanently deleted, the complaint asks that the FTC require Snapchat to make improvements to its security practices to successfully delete users’ photos and to cure any deceptive statements about its services.

What does all of this mean for you?

BE CAREFUL!  As I continue to stress when dealing with social media, your content never really goes away! Everything online lives on.  This app is not an exception, at least not yet.

However, there is a lot of skill and effort involved in retrieving these images it is not likely that most recipients will expend the time and energy necessary to recover old images. They are more likely to screenshot the image upon receipt.

Lets be honest, Snapchat is a common medium for sexting and sending other inappropriate content… If you have to send it via Snapchat, can the recipient really be trusted and even more is it worth finding out?
 

Social Networking Online Protection Act: Will this Protect your Social Media Privacy Rights?

Representative Eliot Engel (D-NY) introduced the “Social Networking Online Protection Act,” H.R. 537 to Congress in February.  This bill would be the national version of the social media privacy laws popping up in states nationwide. Increasingly employers and other authority figures have asked employees and others to turn over their username or passwords for their personal accounts. State legislators began introducing legislation in 2012 to prevent employers, colleges, etc. from requesting passwords to personal Internet accounts—including email, banking and social networking sites—in order to get or keep a job or regulate student activity.

Unlike most of those state laws, the bill would also protect passwords to email accounts. Seven states, California, DelawareIllinoisMaryland, Michigan, New Jersey and most recently Utah, currently have social media privacy laws on the books prohibiting requesting or requiring an employee, student or applicant to disclose a user name or password for a personal social media account. California, Illinois, Maryland, Michigan, and Utah laws apply to employers. California, Delaware, Michigan and New Jersey have laws that apply to  academic institutions.

Will this bill solve the privacy issues that occur when an employer or academic institutions requires revealing your password for your personal account?

Limits must be set for how and when authority figures such as employers, coaches, professors, etc, can access private social media information. Anything made public by the user is fair game because that is the information they have elected to present to the world. Reputation and public persona are important to potential and current employers and university officials because that information can affect public perception of them.  Although our online image is important and can provide a lot of information about an individual, the information that’s private should be kept that way.  A private photo album on Facebook can be likened to a photo albums kept at home vs. photos you display at work or in a public album online.  Privacy is a fundamental right and should be preserved.

Lets take a closer look at a few key points of the bill…

Under the federal bill social networking is defined as:

“[A]ny Internet service, platform, or website that provides a user with a distinct account–

“(A) whereby the user can access such account by way of a distinct user name, password, or other means distinct for that user; and

“(B) that is primarily intended for the user to upload, store, and manage user-generated personal content on the service, platform, or website.”

Defining “social networking” or “social media” could be problematic with the discrepancy between the rate of evolution of social media and the rate of evolution of the law.  Maryland’s approach of  focusing on whether the circumstance at hand involves a user name or password, and leaves vague the nature of the account or service to which the user name or password relates might be better for keeping this law relevant long term.

The bill does specify that it must be a personal account preserving and employer’s interest in accounts the own or accounts operated by employees for business purposes.  Employees and students should be careful not to mix business and personal accounts. Accounts where the line between business and personal will be where the limits of this law are fleshed out.

Enactment of the law would curtail the need for more sate laws on the issue and provide uniform protect. Uniform standards make drafting policies a lot easier for employers and universities.  They also help users know the limits of their protection nationwide, there are no worries of where to bring a suit if you feel your privacy rights have been violated in this way.

Some wonder if this is a matter for federal law?  Well, I think the answer lies in the answer tot he question “Whose job is it to protect the privacy rights of American citizen?”

My answer to the question indicates that Congress is well with its bounds.  What do you think?

A Victory for Twitter Users!

We all enjoy when our tweets become popular and travel the globe through retweets. Have you ever wondered what happens to your ownership rights after the tweet is retweeted. Does it now belong to the retweeter? Do you still have a protectable interest? Is it now public?

Well you now have an answer!

Daniel Morel, a Haitian-born photojournalist, was in Port-au-Prince when the big earthquake occurred in 2010. He was one of very few journalists on the ground and was able to take some really powerful pictures of the devastation.  He uploaded and disseminated his photos using his Twitter account and a third-party app called Twitpic. The Twitpic terms of service provide that owners of images retain copyright in them. Twitter’s, like Twitpic’s, terms of service allow users to “retain your rights to any content you… post on or through the services.” Although there were no copyright notices on the images, Morel’s twitter page did include the attributions “Morel” and “by photo morel” next to the images, as well as the copyright notice (c)2010 Twitpic, Inc. All Rights Reserved.”

A Twitter user in neighboring Dominican Republic re-tweeted them and they spread over the internet, without any credit being given to Morel, though the Twitter trail could have been followed if anyone was really interested in seeing who originally posted the pictures. Getty then disseminated them to news outlets including the Washington Post without any accreditation or attempt to find the photographer responsible for the breathtaking images.  Agence France-Presse also downloaded the images, but credited them to its own stringer and sold them to third parties (including Getty Images). AFP, with a certain amount of chutzpah, sought a declaration that it had not infringed Morel’s copyright; he counterclaimed: Agence France Presse v Morel, US Dist LEXIS 5636.

Morel later got credit for his work, winning two World Press Photo awards. The district court in Manhattan found for Morel with respect to his claims of direct infringement. AFP could not establish that it was a third-party beneficiary of Morel’s agreement with Twitpic or that a sub-licence was somehow granted through retweeting, given the clarity of the Twitpic terms of service, which stated that retransmission of images merely granted a licence to use someone else’s images on Twitpic.com or an affiliated site. The judge did think, however, that damages should be limited to a figure based on the number of works infringed, not the number of infringements (which would be much larger, given the number of retweets involved). Issues related to Getty’s knowledge and intent, wilful infringement by AFP and Getty, and contributory or vicarious liability were left for another day, as they turned on questions of fact which could not be decided summarily.

The copyright law governing this case is pretty clear. The person who takes the photo has the copyright and anyone making a commercial use, even a derivative use, of the image is liable for copyright infringement. Any other decision would have severely cripple copyrights and discouraged the use of social media to disseminate work. This curtailment would severely limit innovation because artists and innovators would not have this means of advertising and might slow innovation because of renewed barriers to entry and access. Merely Tweeting your picture does not allow others to use it for commercial gain. The terms of service on sites like Facebook and Twitter allow for their use, they do not provide an opportunity for third parties to capitalize on the works of users.

I would still advise photographers, poets, writers, and anyone posting material they want protected, to include a copyright notice in their bios and each individual photograph or work, if possible. 

A Thin Line Between Love & Hate: Social Media Edition

Social media has invaded our lives! It has become an integral part of our socialization, self promotion, leisure and now our work.  This invasion into our work lives comes with numerous pitfalls. Many of which I’ve discussed on this blog before (Who Owns Your Profile?: Be Careful How & Where You Use Social Media, NLRB Decision #2: Be Careful What You Post on Social Media!, Social Media: Personal Expression or Supplement to Your Resume?, and NLRB Issues First Social Media Decision – What Does this Mean?)

As cases of employees loosing their job because the medium they love has “betrayed” them continue to pop up, I urge you again to be careful what you post. Revealing too much information can get you fired! There is a voyeuristic nature and a desire to share and stay connected in today’s society that has made social media (and reality tv – but that’s a topic for another day) popular. That desire is normal and appropriate within reason. Share about your mall trip and the new clothes you purchased, connect with old and new friends, share photographs but make sure that your social media persona matches your professional persona or you can run into trouble. Remember this information never goes away…

 

Here are a few individuals who have lost their jobs because of the information they’ve posted on the sites they love.  Learn from their mistakes. A Michigan nurse and a Washington barista both lost their jobs because of over-sharing on social media.  The nurse was fired for FMLA fraud after the hospital where she worked saw Facebook pictures of the Mexican vacation she took while still on leave. The barista was fired for using his blog as a forum to insult his customers and boss.

Recently, a tenured New Jersey schoolteacher named Jennifer O’Brien was fired after she vocalized the following opinions about her students on her private Facebook page (from opinion PDF):

I’m not a teacher – I’m a warden for future criminals!

They had a scared straight program in school – why couldn’t [I] bring [first] graders.

Understandably, students’ parents and the principal found her comments offensive, and instantly challenged her continued role as an educator.

In response to being charged with “conduct unbecoming a teacher,” O’Brien argued that her expression should be protected by the First Amendment’s right to free speech. However, free speech only goes so far in the work environment, as defined by the Pickering Test.  Another one bites the dust…

Lessons:
  1. Free speech only goes so far when it comes to your job, especially if you are a public employee.
  2. Review everything before you post. This information is out there forever so make sure it aligns with your current interests and your future interests.  This is especially for true for the generation growing up only knowing the access that comes with phenomena like social media.  Many of these individuals lack the desire for privacy and the awareness of the consequences of over sharing that is important in a professional context.
  3. Some opinions should be kept to yourself or at least not posted on the internet.  Although you are entitled to your opinion, there are consequences for our actions. Make sure that the opinions you state are either uncontroversial or worth taking a stand for.
  4. Check the privacy settings on your social medium. Know what your settings are and who you allow to see your posts. Making accounts widely available is not bad, just act accordingly. Although, “private” accounts are not an excuse to make reckless, defamatory, or inappropriate comments. Your profile or account should always reflect the persona you carry with you every day especially your professional persona.
  5. Always ask yourself “What if my [boss, potential boss, parents, grandparents, children, etc] were to see this post?”  If you would be embarrassed, in trouble, or in any way uncomfortable then maybe you should reconsider posting that item.
Its hard when the things we love turn around and “betray” us. The nice thing about social media is we are in control of our message and as long as we post consciously and in consideration of the big picture social media can remain a safe and fun space to engage with family, friends, and whoever else you decide. Remember there is a thin line between love and hate… Don’t let your actions turn social media from a friend to an enemy.

Good luck!