Accepting Guest Blog Posts

I have accepted a position that will not allow me to write in 2016. However, I want to continue to provide information on cyber, intellectual property (IP), social media, security, privacy, and technology law and policy to you all.  So…. I am accepting  submissions from guest bloggers!

Please send me your best cyber, IP and tech law and policy posts. Many of this blog’s followers are entrepreneurs, technophiles, tech novices, bloggers, social media user and those intrigued by tech, so please cater your posts to that audience. Please send posts to thedigitalcounselor@gmail.com. I will notify you if your post is selected.

Thank you for your submission, in advance, and more importantly, THANK YOU FOR READING!

I hope the readers find previous posts and any information others are able to provide in my absence helpful! And I look forward to returning in 2017!!

Recent Virginia Case Carries Major Implications for Fingerprint Passcodes and Self-Incrimination

This article was originally published in the Spring 2015 issue of the Virginia Bar Association YLC Docket Call.

The ever-evolving technological landscape constantly elicits new and interesting questions of law. Privacy and data security are areas of contention and confusion for many. Why?  Because privacy limits are unclear because the reach of technology outpacing the evolution of the law. As cell phones have advanced, they have become essential to everyday life and are no longer merely phone used to make and receive calls. Cell phones are minicomputers filled with personal, and mostly private, information including calendars, alarm clocks, books, videos and photos. People store everything from grocery lists to banking information in phones. How do the laws that govern phones solely to make and receive calls apply to these new multifaceted devices? Courts and lawmakers are slowly answering that question.

In Reily v. California, the Supreme Court shed some light on privacy limits regarding cell phones.[1] The Court held that the police generally may not, without a warrant, search digital information on a cellphone seized from an individual who has been arrested. The Court characterized cell phones as minicomputers filled with massive amounts of private information, which distinguished them from the traditional items that can be seized from an arrestee’s person, such as a wallet. This ruling is a necessary stride towards deciphering how the Fourth Amendment applies in this digital age but leaves a lot of unanswered questions.

After obtaining a warrant to search a phone how will officers access the contents? Can officers compel the accused to provide one’s passcode or fingerprint? Existing laws do not apply smoothly and presents an interesting question: Is producing one’s passcode or fingerprint to allow access to digital information on a smartphone testimonial communication subject to the Fifth Amendment privilege against self-incrimination?[2] This was the question answered in the Virginia case Commonwealth of Virginia v. Baust.[3]

In Commonwealth of Virginia v. Baust, the defendant David Baust was indicted on charges of assault.[4] The victim alleged that video of the assault was on Baust’s smartphone.[5] The police obtained and executed a search warrant, retrieving (among other items) the smart phone.[6] However, the phone was “locked” and could only be entered using a passcode or fingerprint.[7] The court decided to review each method of entry separately under the Fifth Amendment and arrived at two different conclusions.

The court held that fingerprints and passcodes are different in the eyes of law because of the testimonial nature of providing a passcode, which violates the accused’s right not to incriminate him or herself. The Judge explained that Baust could not be compelled to provide his passcode to access the smartphone, but could be compelled to produce his fingerprint to access the phone.[8] Producing the passcode would require the defendant to divulge knowledge—information from his own mind, placing it in the testimonial realm.[9] However, he concluded that a personal fingerprint does not require any similar knowledge—it is equivalent to a key that fits into a lock.[10]

This legal distinction will have a major impact on smartphone users, especially as providers market the increased security of these alternate access mechanisms. Your fingerprint is advertised as a more secure method for accessing tour phone but presents vulnerability if ever compelled to provide access to your phone. The legal differences may not be clear to users, as the passcode and the fingerprint are functionally equivalent. Should they really be distinguished under the law? Is there a distinction between telling police a passcode and typing in the passcode so that police may gain access to a phone? By typing the code, the individual does not have to provide any knowledge (testimony) directly to the police, although still providing access to data that is potentially criminally incriminating. Is the outcome or the means more important, because although not a verbal testimony providing a fingerprint or writing a passcode may lead to criminally incriminating information?

This decision raises a lot of questions and determining privacy rights in our technology will only get more complex as technology continues to evolve. The court is being charged to assess the functional and technological implications of new technology and create laws with those perspectives in mind. This is a difficult balance. Consistency will also be important to citizens as they seek to protect themselves within the bounds of these laws.

Most immediately, in Virginia, you should protect your phone using a passcode, not your fingerprint.

 

 

[1] 134 S. Ct. 2473, 2477 (2014).

[2] Commonwealth of Virginia v. Baust, No. CR14-1439, at 2 (Va. 2d Cir. Ct. Oct. 28, 2014).

[3] Id. at 1.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id. at 4.

[9] Id. at 5.

[10] Id.

Quick Tip: Sign A Pre-Nup With Your Business Partner

Co-founder disputes are common in the business world, whether in television production, restaurants, real estate,or tech start-ups. With the staggering amount of money that can be at stake in today’s tech companies, founders should exercise caution. The best of friends and the most cohesive of partnerships can end in a bitter legal battle unexpectedly. A recent Los Angeles Times article, titled “Co-founder feuds at L.A .tech start-ups show how handshake deals can blow up,” recounts several telling tales of business start-up angst. The article analyzes recent tech-based businesses that began with a handshake and ended with relationship-ending conflict.

Entrepreneurs should consider entering into a prenuptial (“prenup”) agreement to avoid such a dispute. A prenup establishes the property and financial rights of each spouse in the event of a divorce. Figuring out how to divide property and assets should a company or partnership dissolve may be a smart way to start a business. Consult counsel and think through all the potential issues.

How Much of Your Data can Apple Hand to Law Enforcement?

We are all aware (or at least we should be) that our telecom providers are handing over our data to the police when necessary. Well have you ever wondered just how much and what it takes to get that data? iphone-privacy-2011-04-06-1302104043Apple posted their new guidelines describing what data the company can provide to law enforcement and the processes for requesting that data.

The document breaks it down into two basic types of data: information stored on Apple’s servers and information stored locally on iOS devices.  I have outlined the kinds of data and how they can be obtained in a chart below.

Essentially anything you’ve backed up to or stored on iCloud is available for Apple to provide to law enforcement, including connection logs and IP addresses you’ve used. Additionally a lot of the data associated with your Apple ID is available as well. Therefore, any information you’re providing Apple is available for them to pass along. This is something to consider when deciding if or what to back up on iCloud.  You may want to avoid backing up sensitive company data or private information on iCloud. Some information cannot be avoided, such as anything associated with your Apple ID.

Can they access data on my iOS device???

Yes. Apple can bypass security passcodes on our iOS devices to extract “certain categories of active data,” though it apparently cannot bypass that protection entirely. If provided with a valid search warrant, Apple can hand over SMS messages, pictures and videos, contacts, audio recordings, and your phone’s call history, but it can’t access e-mails, calendar entries, or information from third-party applications. Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage.

Will I know if this is happening?

Maybe. The guidelines state that Apple will “notify its customers when their personal information is being sought in response to legal process except where providing notice is prohibited by the legal process itself.” Apple will also avoid notifying users if the company “believes that providing notice could create a risk of injury or death to an identifiable individual or group of individuals or in situations where the case relates to child endangerment,” though this is entirely up to Apple and not to the law enforcement agencies involved. These notification requirement will help prevent random and unfounded searches.

What is missing?

The policies and capabilities surrounding iCloud Keychain, iMessages and FaceTime calls are unclear and disputed. Apple claims iMessage & Facetime are encrypted but there is some speculation otherwise.

Is this unusual?

No, other tech companies have similar policies. For example, Google provides a similar “Transparency Report” outlining the types of data available to law enforcement. The notification policy is new and several other tech giants, including Facebook and Microsoft, have already indicated that they plan to expand their policies on notifying customers whose data has been requested by law enforcement

 

Where is the Data? Type of Data Means to Obtain Data Restrictions
Information stored on Apple Servers Data Associated with your Apple ID contact inormation obtainable with a subpoena or greater legal process
customer service records
transaction history both in store & online
iTunes gift card information
Data Associated with your iCloud Account connection logs & IP address used Any iCloud information that the user deletes cannot be accessed.
60 days of iCloud mail logs that “include records of incoming and outgoing communications such as time, date, sender e-mail addresses, and recipient e-mail addresses” e-mail logs require a court order or search warrant
any e-mail messages that the user has not deleted requires a search warrant
any other information that can be backed up to iCloud – As of this writing, this list includes contacts, calendars, browser bookmarks, Photo Stream photos, anything that uses the “documents and data” feature (which can include not just word processors but also photo and video apps, games, and data from other applications), and full device backups
Information stored locally on iOS devices SMS messages requires a search warrant – Devices must be running iOS 4 or newer, must be “in good working order,” and must be provided directly to Apple’s headquarters along with an external storage drive twice the size of the iOS device’s internal storage. Cannot access e-mails, calendar entries, or information from third-party applications
pictures and videos
contacts
audio recordings
phone’s call history

US to Relinquish Control of the Internet?

On Friday, the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) announced it is giving up control of a system that directs Internet traffic and Web addresses. As a result, Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit organization charged with managing the Internet, is tasked to convene global stakeholders to develop a proposal to transition the current role played by NTIA in the coordination of the Internet’s domain name system (DNS). This announcement came as a surprise to many but a coalition of nations has been calling for the US to relinquish control of the Internet for at least the last nine months. Politically this takes the US out of the line of fire but practically what does this do for the culture of the Internet?

Why is this important to you? Because it may change the Internet as you know it….

What exactly was the US Doing?

NTIA is the Executive Branch agency that advises the President on telecommunications and information policy issues. NTIA’s programs and policymaking focus largely on expanding broadband Internet access and adoption in America. NTIA controls the DNS which essentially converts the web addresses (URLs) we type in to the search bar into the correct IP address to retrieve the website you requested. Whether you are accessing a Web site or sending e-mail, your computer uses DNS to look up the domain name you’re trying to access. This system is essential to the functionality and security of the Internet.

If not the US, then who?
This contract to control DNS has allowed the U.S. government to exert what some claim is too much influence over the Internet. technology that plays such a pivotal role in society and the economy. So if not the US, then who with the world feel comfortable wielding that power and influence?

There’s a meeting, ICANN 49, March 23 in Singapore and the future of the Internet is at the top of the agenda.

According to Lawrence Strickling, assistant secretary at the Commerce Department, “[The department] will not accept a proposal that replaces the NTIA’s role with a government-led or intergovernmental solution.” Does that leave ICANN or a similar organization to maintain the DNS?

Why should you care?
Because this could mean a very different Internet…

While companies like Verizon applaud the moveITIF and other organizations have argued before that U.S. government oversight has played an essential role in maintaining the security, stability, and openness of the Internet and in ensuring that ICANN satisfies its responsibilities in effectively managing the Internet’s DNS. Without the U.S. government’s presence some lawmakers and members of the tech industry have expressed concern that relinquishing control of IANA will open up the Internet to threats from other governments that seek to censor it.  This could mean a very different Internet.

Are their concerns justified? No one really knows right now but what we can surmise is that the Internet is in for some changes in the years to follow the change of control. Many countries have dealt with privacy and censorship in ways different from that of the US. How will ICANN deal with these conflicting views democratically and ensure Internet users from all economies and sovereign nations will be represented and heard? Will the standards of openness and free flow of information embraced today remain the baseline? Does the “global multistakeholder community” NTIA is referring to exist? What is the legal jurisdiction for both ICANN and this new multistakeholder body?

There are no answers to these questions because so little is known about whats to come. I look forward to the information and ideas that flow from the ICANN meeting next week.  The questions need to be among those at the top of the list.

Do Not Track Me… But Cater to Me

We have all become accustomed to having our technology cater to most of our needs in very personal way. However, we all desire to retain a certain amount of privacy.  For example, our cellphones track our every move and click while occasionally make calls – and yet we would be lost without the maps and ability to request anything from “Siri.” Our cable boxes may bring our favorite shows and movies but they also report back to providers all of your family’s television viewing habits.  We all appreciate the convenience that customization provides however that means a loss of privacy….

Why Are We Worried?
The latest buzz word is the The Internet of Things (IoT). What is that? “The Internet of Things” refers to the concept that the Internet is no longer just a global network for people to communicate with one another using computers, but it is also a platform for devices to communicate electronically with the world around them. The result is a global “network of physical objects that contain embedded technology to communicate or interact with people, things, and the external environment. It includes everything from traffic sensors to refrigerators, thermostats, medical devices, and wristwatches that can track or sense the environment and use the data they collect to provide a benefit, or transmit the data to a central repository for analysis, or both.”

This network of objects enables providers of goods and services to use your personal behavior to profile and evaluate your activities and habits.  The Internet of Things will result in increased data collection, amplifying the importance of simplifying choices and giving control to individuals with real-time notices. Transparency will facilitate consumer understanding of the collection, use and sharing of personal data. However, there is a real danger of data being used in unexpected ways. The Internet of Things has created a potential perfect storm of four major information policy concerns: online safety, privacy, security, and intellectual property issues. The goal is to determine what “reasonable” expectations regarding data usage should be, and then manage consumer expectations accordingly. Measures ensuring the network’s resilience to attacks, data authentication, access control and client privacy need to be established.  An ideal framework would consider the underlying technology and involve collaboration on an international scale.

The need to balance reasonable activity on the Internet and use of The Internet of Things with responsible privacy protections is exponentially increasing. This balance is extremely important because the last thing we want is to stifle innovation by over legislating this area.

Laws to Watch
At least 14 states have proposed legislation on the 2014 docket that is intended to increase privacy protection for consumers and limit both government and private sector surveillance via the Internet of Things. At the federal level, several bills are already making their way through Congress.

State
AB370, an amendment to the California Online Privacy Protection Act of 2003 (“CalOPPA”). CalOPPA requires owners of commercial websites and online service providers (“operators”) to conspicuously post a privacy policy. The privacy policy must disclose to consumers, among other things, the categories of personally identifiable information (PII), such as name, hone address, email address, social security number,  the operator collects and with whom the operator shares such information. Operators affected by CalOPPA include website operators and, as interpreted by the California Office of Attorney General, operators of software and mobile apps that transmit and collect PII online.

Federal 
The Black Box Privacy Protection Act is a bill in front of Congress that prohibits the sale of automobiles equipped with event data recorders-unless the consumer can control the recording of information. Additionally, the data collected would belong to the vehicle owner.

The We are Watching You Act is a bill in front of Congress that requires the operator of a video service (such as a DVR or Xbox) to display the message “We are watching you” as part of the programming provided to the consumer prior to the device is collecting visual or auditory information from the viewing area. This is not likely to pass but its a sign of legislation to come.

The Federal Trade Commission (FTC) has this phenomenon on its radar, it hosted an all-day workshop entitled, “Internet of Things: Privacy and Security in a Connected World in November. The FTC has also released a number of reports and guidelines that direct business on how to protect consumer privacy.

International 
With Internet Governance on the forefront of international discussion, international “Internet of Things” legislation is not the priority and likely to be left up to each country to decipher. International collaboration on issues like this early is one out come I hope comes from these Internet Governance talks…. but we’re a long way out from that happening.

The examples listed are a narrow sampling of privacy legislation designed to protect users from unwanted intrusions. Most notably, states have passed a number of laws protecting privacy rights in recent years.

Conclusion
The Internet of Things will bring tremendous new benefits to consumers but we must balance the need for consumer privacy. State, federal and international regulators must work to restrict government and private-sector collection and control of the data IoT will create. In the meantime, make sure you are aware of the information you provide through your IoT. Explore privacy settings and read privacy policies if you are concerned about sharing too much data with providers. Know what your priorities are as it relates to customization and privacy. If you value convenience and do not mind a prying eye or two, if it means a personalized user experience, share your data freely. However, if you value preserving your privacy be proactive about doing so until lawmakers can find the appropriate balance. Do not shun technology just educate yourself.

New gTLD Timelines

ICANN
New gTLD timeline

ICANN has released two new timelines for when we can expect the launch of the first new gTLDs (the part of the URL behind the “.” such as “.com” or “.mobi”).

The launch of these new gTLDs will have a lasting and significant effect on the way we use and operate the Internet. This fact is why new gTLDs have yet to launch. The industry is a buzz with the pros and cons of every aspect of this change. The confusion of consumers, protecting intellectual property, domain name approvals, potential monopolies, privacy, and other business concerns are on the forefront.  No interest group wants things to remain the same but with competing interests and priorities carving out new policy has been slower than anticipated.

I encourage consumers to remain aware of this development. This will develop the way we consume online information.   I will continue to write about the developments. Also visit some of my previous posts such as Will You Be Confused When the New gTLDs Launch?  Visit ICANN’s site on new gTLDs for developments.

What are you concerned about? Are you interested in hearing more about the effect this will have on businesses and families?

 

A Victory for Twitter Users!

We all enjoy when our tweets become popular and travel the globe through retweets. Have you ever wondered what happens to your ownership rights after the tweet is retweeted. Does it now belong to the retweeter? Do you still have a protectable interest? Is it now public?

Well you now have an answer!

Daniel Morel, a Haitian-born photojournalist, was in Port-au-Prince when the big earthquake occurred in 2010. He was one of very few journalists on the ground and was able to take some really powerful pictures of the devastation.  He uploaded and disseminated his photos using his Twitter account and a third-party app called Twitpic. The Twitpic terms of service provide that owners of images retain copyright in them. Twitter’s, like Twitpic’s, terms of service allow users to “retain your rights to any content you… post on or through the services.” Although there were no copyright notices on the images, Morel’s twitter page did include the attributions “Morel” and “by photo morel” next to the images, as well as the copyright notice (c)2010 Twitpic, Inc. All Rights Reserved.”

A Twitter user in neighboring Dominican Republic re-tweeted them and they spread over the internet, without any credit being given to Morel, though the Twitter trail could have been followed if anyone was really interested in seeing who originally posted the pictures. Getty then disseminated them to news outlets including the Washington Post without any accreditation or attempt to find the photographer responsible for the breathtaking images.  Agence France-Presse also downloaded the images, but credited them to its own stringer and sold them to third parties (including Getty Images). AFP, with a certain amount of chutzpah, sought a declaration that it had not infringed Morel’s copyright; he counterclaimed: Agence France Presse v Morel, US Dist LEXIS 5636.

Morel later got credit for his work, winning two World Press Photo awards. The district court in Manhattan found for Morel with respect to his claims of direct infringement. AFP could not establish that it was a third-party beneficiary of Morel’s agreement with Twitpic or that a sub-licence was somehow granted through retweeting, given the clarity of the Twitpic terms of service, which stated that retransmission of images merely granted a licence to use someone else’s images on Twitpic.com or an affiliated site. The judge did think, however, that damages should be limited to a figure based on the number of works infringed, not the number of infringements (which would be much larger, given the number of retweets involved). Issues related to Getty’s knowledge and intent, wilful infringement by AFP and Getty, and contributory or vicarious liability were left for another day, as they turned on questions of fact which could not be decided summarily.

The copyright law governing this case is pretty clear. The person who takes the photo has the copyright and anyone making a commercial use, even a derivative use, of the image is liable for copyright infringement. Any other decision would have severely cripple copyrights and discouraged the use of social media to disseminate work. This curtailment would severely limit innovation because artists and innovators would not have this means of advertising and might slow innovation because of renewed barriers to entry and access. Merely Tweeting your picture does not allow others to use it for commercial gain. The terms of service on sites like Facebook and Twitter allow for their use, they do not provide an opportunity for third parties to capitalize on the works of users.

I would still advise photographers, poets, writers, and anyone posting material they want protected, to include a copyright notice in their bios and each individual photograph or work, if possible. 

Should Judges be able to Use Social Media?

“Should judges be able to use social media?”
When I first posed this question my answer was a resounding yes. As long as they’re operating within professional bounds why not be able to enjoy the medium that has taken the world by storm. Such a perspective might even be beneficial when making decisions that will increasingly incorporate social media.

My answer tot his question became less clear when I heard the story of a Judge caught sending improper IMs to his wife during court. Is this wrong? Well at first glance, no. He’s chatting with his wife which in this day and age is to be commended in and of itself. However, as you continue to think through the issue a bigger problem presents itself. When the judge presiding over your case is so distracted by sexual messages to his wife, are you being afford a fair trial? This is where my opinion changes and I decided to explore details of this story.

A New Mexico judge, Eugenio Mathis of Las Vegas, N.M., admitted that he had engaged in “excessive and improper” instant messaging with his wife, but denied that any communications included intimations of courthouse sex, the Albuquerque Journal reports. The Santa Fe New Mexican and the Associated Press also have stories on Mathis’ subsequent resignation.

According to the Albuquerque Journal:

A thick packet of chat logs, presumably between Mathis and his wife, were filed at the Supreme Court as part of the Judicial Standards Commission’s petition to discipline Mathis.

In the messages, the chatters talk about dinner plans, flirt, ask each other how their day is going, discuss paying bills and gossip about their co-workers at court.

The log shows someone making a comment about making “hanky panky” while someone tests the court’s alarm system.

“Don’t come knocking if the jury room is rockin’,” one message reads.

It can be difficult to determine from the logs who is saying what, but one such interaction appears to show the chatters joking about denying a juror’s request to be excused to attend a funeral.

The problem with this, according to the Supreme Court filings by the Judicial Standards Commission, is that these conversations take place over the state court’s instant messaging service in violation of a computer and Internet use policy.

In the motion, Mathis also admitted to violating the code of conduct by making “judicial statements” about pending cases, referring to a petitioner in a name change case as “weird” and failing to cooperate with other judges “in the proper and orderly administration of court business.”

One of these comments included referring to parties in a domestic violence hearing as acting crazy.

When you accept the role of judge you are held to a higher standard, not only by virtue of the job but according to the ethical and moral standards to you swear to uphold. We’ve all gotten bored at work or wanted to have notwork-related conversation but as a judge you are not afforded such a luxury.  Beyond that you open up the proceeding to additional scrutiny. Any party to a proceeding he was trying during these messages has grounds to petition for a mistrial.The American Bar Association (ABA) recently released a formal opinion discussing the use of social media by judges.  See American Bar Association, “Judge’s Use of Electronic Social Networking Media,” Formal Op. 462 (Feb. 21, 2013).  In short, the ABA stated that a judge may use social media, but like other offline contacts and professional relationships, he or she must comply with applicable ethical rules and not engage in any behavior that would undermine the integrity or impartiality of the court.  This judge definitely crossed this line and is unfortunately suffering the consequences.
In my opinion, judges should be able to use social media but the degree of use, time of use, and computer used should be well thought out. Sometime we must sacrifice certain luxuries for our dreams and maybe social media use is one of the luxuries that must be sacrificed to pursue our passions.When using social media be aware of the obligations of your position and determine if the risks outweigh the benefits or at least modify your use accordingly.  Even judges can get in trouble for social media & internet use. This should be a warning to everyone. Keep your social media use to minimum at work and especially on your work computer.

What do you think? Should judges be able to use social media??

Who Runs the Internet?

I know a lot of you are confused or have questions about exactly how the internet is run.  ICANN has released a graphic that aims to provide a high-level view of how the internet is run. Quoting from the document:

No One Person, Company, Organization or Government Runs the Internet
The Internet itself is globally distributed computer network comprised of many voluntary interconnected autonomous networks. Similarly, its governance is conducted by a decentralized and international multi-stakeholder network of interconnected autonomous groups drawing from civil society, the private sector, governments, the academic and research communities, and national and international organizations. They work cooperatively from their respective roles to create shared policies and standards that maintain the Internet’s global interpretability for the public good.

Who Runs the Internet? Graphic designed to provide a high-level view from ICANN (Click to Enlarge)