Computer Forensics and Legal Technology Blog

Today, The Washington Post has published an editorial entitled, Search and Replace, arguing that Congress needs to set the rule for how border agents can delve into travelers’ laptops.  The Post points out that the Department of Homeland Security has expanded the the broad discretion of the border exception to domestic travelers’ laptop computers and other electronic devices, noting that two federal appeals courts have upheld the same.

Given the confidential nature of client data, privileged data,¹ corporate intellectual property and personal data and given the numerous data breaches that have occurred because of mishandling by government agencies, both data encryption and routine data backups (to a separate repository) seem well advised.

__________________

¹ This could include, for example, attorney client privilege, work product privilege, Privacy Protection Act privilege (for journalists), inter alia.

Alan Gura, who argued and won the Heller case, characterized the project as “a powerful source” that helped him track down documents. Opposing counsel, Thomas Goldstein, said the project was important in the effort to “get the constitutional history right.”

Some commentators, such as the blawg Overlawyered.com (here), have opined:

The PCAOB has generated endless red tape. Its rules micromanaging companies’ internal controls, which require auditors to examine such minute details as which employee has access to which computer password, cost the American economy billions of dollars, contributing to an overall price tag for Sarbanes-Oxley of at least $35 billion a year.

On the other hand, the research firm, Glass, Lewis& Co., found that, in 2003, 4 % of all listed U.S. firms restated their reported earnings to correct mistakes. Under Sarbanes-Oxley, which imposed stricter scrutiny, that number increased in 2006 to nearly 12 %. Since then, it has edged down, as companies have improved their internal financial controls.  Some argue that’s good for investors and good for management, too, because CEOs make better decisions when they have more accurate financial information to work with.

The Washington Post (here) reports that, if the lawsuit prevails, the entire Act would fall, because it lacks a “severability” clause –if one of its provisions is found to be unconstitutional, the whole law would be stricken.

Update: After doing some further research, it seems the Washington Post article wasn’t entirely clear that the district court case was already decided against plaintiffs on summary judgment.

Although the court found that plaintiffs Beckstead & Watts had standing as to the Motions to Dismiss, it reached the merits on all three constitutional claims.

The memorandum decision is here.  The appeal docket is here.

As to the Appointments Clause, the district court concluded that PCAOB members are, in fact, inferior officers and, to the extent that plaintiffs claimed PCAOB members should have been appointed by the SEC Chairman (rather than by the entire Commission), plaintiffs lacked standing.

As to the Separation of Powers doctrine, the court noted that the Supreme Court has never held that the Constitution requires the President to maintain direct removal power over inferior officers and here the President has not been “completely stripped” of his ability to remove PCAOB members, because SEC Commissioners can be removed by the President for cause can be removed by the SEC “for good cause shown”

As to the non-delegation doctrine, the court found that legislative delegation effected by the Act is squarely within the bounds of modern non-delegation doctrine, because the auditing, quality control, and ethics standards the PCAOB applies “must either be ‘required by [the] Act or the rules of the Commission or necessary or appropriate in the public interest or for the protection of investors.”  (citing 15 U.S.C. § 7213(a)(1)).  The court declared that the foregoing are “intelligible” standards that the Supreme Court has acknowledged in “various statutes authorizing regulation in the public interest.”

Note the entry of appearance by Ken Starr on behalf of the plaintiff-appellants.

According to Robert Boback, chief executive of the company hired by Wagner to help contain the data breach and interviewed by The Post, such security breaches aren’t uncommon. About 40 to 60 percent, he said, of all data leaks take place outside companies’ secured networks –usually as a result of employees or contractors installing file-sharing software on company computers.

An interesting inference this Post article is that one settlement outcome of litigation arising over data breaches may include a determinate period of free credit monitoring (provided by firms such as FirstAdvantage) for class members whose data has been compromised.

Historically, prosecutors have argued that, once a recipient accesses his messages –whether they be email or texts–, the message is no longer in “electronic storage” as the SCA defines it, an argument the Ninth Circuit rejected.  Thus, if an archived message was created as a backup copy of an electronic communication sent through an Electronic Communications Service, that copy continues to receive ECS protection, even if it was downloaded, read and “has expired in the normal course” such that the copy is no longer performing any archival/backup purpose.  For the same reason, even if an employer pays for the use of third party text or email service, the employer cannot obtain copies of messages from the provider without the recipient’s permission.

Additionally, the Ninth Circuit addressed whether text messages are protected by the Fourth Amendment, insofar as prosecutors often argue that, because email and text messages are stored by third parties that have the ability to read them, senders and recipients have no expectation of privacy in those messages and thus are entitled to no constitutional protection from unreasonable searches and seizures.  The Ninth Circuit rejected this view, joining the Sixth Circuit in Warshak v. US, holding that text messages are akin to letters or packages, and are protected even though the shipper could open them.

Further, the panel considered the effect of acceptable use policies, monitoring policies or other terms of service that state that the service provider or employer reserves the right to monitor or audit the messages. While those policies may give employers or service providers the right to read messages, the question was whether law enforcement could, therefore, do so as well. The Ninth Circuit panel applied its ruling in United States v. Heckenkamp, which held that a student did not lose his reasonable expectation of privacy in information stored on his computer, despite a university policy that authorized the university to access his computer in limited circumstances while connected to the university’s network. The Court rejected the argument that user consent to access for some purposes destroyed the expectation of privacy for every purpose, including warrantless or unreasonable government searches.  (Note: Compare this outcome to the “abandonment theory” applied by a Pennsylvania court, which held that consent given to a third-party PC repair service to install a DVD player (including testing associated therewith) constituted a waiver of expectation of privacy for every purpose – Click here).

In a decision issued in Utah Lighthouse Ministry (UTLM) v. Foundation for Apologetic Info. & Research (FAIR), the Tenth Circuit examined the issue of whether hyperlinking can render a non-commercial opinion, critical or parody Website liable for infringement under the Lanham Act.  The resulting holdings afforded Website parodies (such as, e.g., People Eating Tasty Animals (PETA))¹ some protection.

Following the Ninth Circuit’s reasoning in Bosley Medical Institute v. Kremer, the Tenth Circuit concluded that, because the parody Website in question contained critical commentary as well as links to articles critical of plaintiffs and, because the links to plaintiffs’ Web site were to its homepage and not directly to its bookstore, the “roundabout path” to the advertising or commercial use of others was simply “too attentuated” to invoke the trademark protections of the Lanham Act.

_______________________________
¹ This example appeared in n.5 of the Tenth Circuit’s opinion.

Some time ago, I posted a story concerning a border exception to the warrant requirement, where a border agent inspected a laptop and discovered contraband (click here).  From the Ninth Circuit, U.S. v. Arnold, we have a similar underlying fact situation, except that the question before the court concerns the reasonableness of the intrusion:  In its April 21st opinion, the Court held that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border.  The Court found unavailing defandant’s numerous arguments –some bearing stretch marks– such as that “laptop computers are fundamentally different from traditional closed containers,” and analogizes them to “homes” ² and the “human mind.”³ Consequently, the Court reversed the trial court’s suppression order, thereby permitting prosecution to proceed.

________________

¹ See, generally, United States v. Montoya de Hernandez, 473 U.S. 531 (1985).

² Under the border search exception, the government may conduct routine searches of persons entering the United States without probable cause, reasonable suspicion, or a warrant.  For Fourth Amendment purposes, an international airport terminal is the “functional equivalent” of a border.

³ Defendant’s analogy of a laptop to a home was based on a conclusion that a laptop’s capacity allows for the storage of personal documents in an amount equivalent to that stored in one’s home.

⁴ Defendant urged that a laptop is like the “human mind” because of its ability to record ideas, e-mail, internet chats and web-surfing habits.

A Dallas woman has sued Blockbuster over its participation in Facebook’s Beacon marketing program.  According to the complaint, the woman rented videos from Blockbuster, who passed along her rental info to Facebook, who then distributed the rental info on the Internet through its Beacon system. The plaintiff alleges that this was a violation of the Video Privacy Protection Act, 18 U.S.C. § 2710 (summary).

This is a fascinating glimpse into the types of privacy issues that may arise when companies jump into the “next big thing” — here, social networking — without fully considering potential adverse effects. This case will be closely watched by other players in this area (e.g., MySpace), as well as their partner companies.

The respondent-attorney attempted to file a bankruptcy case by submitting paper pleadings rather than e-filing. The bankruptcy court sent Respondent an order advising that petitions and other pleadings must be filed electronically. The court ordered Respondent to attend the required training, pass the examination, and obtain a login name and password within 30 days. Respondent failed to comply with the order.

Subsequently, Respondent attempted to file another (separate) bankruptcy case. A bankruptcy judge advised Respondent in writing that he was not permitted to file a bankruptcy case using paper pleadings and that all pleadings must be filed electronically.

Respondent not only failed to obtain a log in name and password and failed to file the case to comport with court rules, but also did not return the advanced fee after discharge.

The dicsiplinary Memorandum Opinion is here.

Hat tip to The Legal Profession Blog for this story.

____________

¹Pursuant to a rule change, the United States Bankruptcy Court required that all pleadings be filed electronically. In order to file electronic pleadings with the bankruptcy court, an attorney must have a login name and password.