Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Suggested Additional Assignments
Field Work: Cookies and Internet Functionality
Have students block their web browsers from accepting cookies and record how it changes their online
experience.
Research: Online Safety
Ask students what steps they take to protect both their privacy online and the security of their computer.
They should consider options such as providing incorrect personal information; software-based
protections (e.g., the Windows Security Center or Zone Alarm); hardware-based protections (e.g., cable
modems or routers utilizing Network Address Translation and firewalls); and Internet-based protections
(e.g., anonymous remailers).
Research: Electronic Privacy
Shortly before the class on cyberlaw, visit the websites http://www.privacy.org or http://www.epic.org and
assign one or two of the articles for class discussion.
Field Work: Spam
Ask students to count how many spam messages they receive in a week. If students have more than one
e-mail account, ask them to track which account receives more spam. Are some Internet Service Providers
(ISP) better than others at blocking spam? Have students noticed any decrease in the amount of spam they
receive since passage of the Can-Spam Act in 2003? Have they noticed any change in the nature of the
spam they receive?
Field Work: Phishing
Phishing is a fast-growing crime that involves sending fraudulent e-mails directing the recipient to enter
personal information on a website that is an illegal imitation of a legitimate site. Ask students to print out
a phishing e-mail they have received. How obvious is it that the message is illegitimate?
Chapter Overview
Chapter Theme
Computers and the Internet—cyberspace—together comprise one of the great technological developments
of modern times. They have changed the way we learn, conduct business, seek entertainment, make
friends, enjoy our families, and generally lead our lives. The law in this area is so young and unformed
that oftentimes we must ask not only, “What is the law?” but also, “What should the law be?”
Privacy
Tracking Tools
Because our interactions with a computer often take place in isolation (sitting alone at home, at work or in
a café), the experience feels private. It is not, but consumers often are unaware of who has access to their
information.
Before there were cookies, the Internet had no memory. If a person visited an Internet site at 8:00 PM,
moved on to another site, and returned to the first site at 8:15 PM, the site would consider her a first-time
visitor. Websites started using cookies to identify repeat visitors, to keep track of their personal
information, and remember that they had been there before. Sites quickly began using cookies for other
purposes, often secretly keeping track of more detailed personal information. Web advertisers also
installed tracking cookies on users’ computers to monitor their browsing habits and shopping preferences
and compile databases of information useful to marketers.
Ask students who completed the fieldwork on cookies to report what they found. Many will report that
the experience of not accepting cookies so hobbled their site visits as to make the Internet almost
unusable. How can users maintain their privacy and still use the Internet? Experts recommend installing a
sweeper security program that regularly checks a computer’s hard drive for invasive cookies.
Research: Online Safety
Ask students who completed this assignment to list their responses. Prepare a chart to keep track of how
many students use each type of protection (informal, software-based, hardware-based, Internet-based, and
other), and how many students use nothing except what has been provided by default on their computer or
network. Have they had problems with invasions of privacy or damage to their computers?
Research: Electronic Privacy
This would be a good time to discuss articles from http://www.privacy.org or http://www.epic.org.
Regulation of Online Privacy
Self-Regulation
In an effort to forestall government regulation, several marketing trade groups issued their own report
“Self-Regulatory Principles for Online Behavioral Advertising.” These principles require websites that
use tracking tools to provide notice of data collection that is “clear, prominent, and conveniently located.”
In addition, the websites must permit consumers to opt out of tracking, with only a few clicks. However,
websites rarely comply with these principles.
The First Amendment
The First Amendment to the Constitution protects free speech, including derogatory Internet postings that
do not violate other laws.
You Be The Judge: Juzwiak v. John/Jane Doe1
Facts: Juzwiak was a tenured teacher at Hightstown High School in New Jersey. He received three
e-mails from someone who signed himself “Josh,” with the address, “Josh Hartnett jharthat@yahoo.com
.” The teacher did not know anyone of that name. These e-mails said:
Subject line: “Hopefully you will be gone permanently"
Text: "We are all praying for that. Josh”
Subject line: "I hear Friday is 'D' day for you"
Text: "I certainly hope so. You don't deserve to be allowed to teach anymore. Not just in Hightstown but
anywhere. If Hightstown bids you farewell I will make it my lifes (sic) work to ensure that wherever you
look for work they know what you have done."
Subject line: "Mr. Juzwiak in the Hightstown/East Windsor School System."
Text: It has been brought to my attention and I am sure many of you know that Mr. J is reapplying for his
position as a teacher in this town. It has further been pointed out that certain people are soliciting
supporters for him. This is tantamount to supporting the devil himself. I am not asking anyone to speak
out against Mr. J but I urge you to then be silent as we cannot continue to allow the children of this school
system nor the parents to be subjected to his evil ways. Thank you. Josh
It seems that this third e-mail was sent to other people, but it was not clear to whom.
Because Juzwiak did not know who “Josh” was, he filed a complaint against John/Jane Doe, seeking
damages for intentional infliction of emotional distress. As part of the lawsuit, he served a subpoena on
1 415 N.J. Super. 442; 2 A.3d 428; 2010 N.J. Super. LEXIS 154, SUPERIOR COURT OF NEW JERSEY, APPELLATE
DIVISION, 2010.
Yahoo!, asking it to reveal “Josh’s” identity. When Yahoo! notified “Josh” of the lawsuit, he asked the
court to quash the subpoena.
In a court hearing, Juzwiak testified that the threatening e-mails had severely disrupted his life, causing
deep anger and depression as well as insomnia that had impaired his ability to concentrate and function
effectively. In addition, this emotional stress had exacerbated his back problems and caused him to lose
20 pounds. Although he had already been taking anti-depressants, a psychiatrist prescribed four additional
drugs for depression, anxiety and insomnia, which were not effective in reducing his symptoms. Juzwiak
also stated that he had thoughts of hurting himself and the entire episode had consumed his life for several
months.
When the trial court refused to issue the subpoena against Yahoo!, Juzwiak appealed.
You Be the Judge: Should the trial court have issued the subpoena? Which interest is more important:
“Josh’s” first amendment right to free speech or Juzwiak’s protection from harassing e-mails?
Argument for “Josh”: Free speech is the first, and most important, right in the Bill of Rights. To ensure
a vibrant marketplace of ideas, the First Amendment protects not only open but also anonymous speech.
Sometimes speakers must be allowed to withhold their identities to protect themselves from harassment
and persecution.
Nothing in these messages was a realistic threat to the teacher’s safety. “Hopefully you will be gone
permanently” could easily mean “Hope you will move out of town.” Juzwiak reported these e-mails to the
police, but they took no action. Presumably they would have done so if there had been any real threat.
Nor did these e-mails constitute an intentional infliction of emotional distress. They were not so extreme
and outrageous as to be utterly intolerable in a civilized community. “Josh” did not accuse Juzwiak of
vile or criminal acts. The language was not obscene or profane. In short, if Juzwiak is going to teach high
school, he needs to develop a thicker skin and a better sense of humor.
Argument for Juzwiak: The right to speak anonymously is not absolute. “Josh” requires protection from
harassment? That is an absurd argument.
These e-mails contained death threats: "Hopefully you will be gone permanently" and “I hear Friday is 'D'
day for you.” Juzwiak was frightened enough to go to the police. He suffered serious physical and
emotional harm. These e-mails are not entitled to the protection of the First Amendment.
Furthermore, the e-mails constituted intentional infliction of emotional distress. They were extreme
and outrageous conduct designed to cause harm. They achieved their goal.
In balancing the rights in this case, why would the court protect “Josh,” who has set out to cause
harm, over the innocent teacher?
Holding: The New Jersey appellate court held that a plaintiff who fails to make out a claim of
intentional infliction of emotional distress based on anonymous, offensive e-mails can’t compel the
sender’s ISP to reveal his or her identity.
Question: Did Juzwiak prove his claim for intentional infliction of emotional distress?
The Fourth Amendment
The Fourth Amendment to the Constitution prohibits unreasonable searches and seizures by the
government. The Fourth Amendment applies to computers.
Case: United States of America v. Angevine2
Facts: Oklahoma State University provided Professor Eric Angevine with a computer linked to the
University network, and through it to the Internet. Angevine used this computer to download over 3,000
pornographic images of young boys. After viewing the images and printing some of them, he deleted the
files. Tipped off by Professor Angevine’s wife, police officers seized the computer and turned it over to a
police computer expert who retrieved the pornographic files that the professor had deleted.
The Oklahoma State University computer policy states that:
The contents of all storage media owned or stored on University computing facilities are
the property of the University.
Employees cannot use University computers to access obscene material.
The University reserves the right to view or scan any file or software stored on a
computer or passing through the network, and will do so periodically to audit the use of
University resources. The University cannot guarantee confidentiality of stored data.
System administrators keep logs of file names, which may indicate why a particular data
file is being erased, when it was erased, and what user identification has erased it.
The trial court held that federal agents did not need a warrant to search Professor Angevine’s office
computer because he had no expectation of privacy. The judge sentenced him to fifty-one months in
prison for “knowing possession of child pornography.” The professor appealed.
Issue: Did Professor Angevine have a reasonable expectation of privacy in his office computer?
Excerpts from Judge Brorby’s Decision: Oklahoma State University policies and procedures prevent
its employees from reasonably expecting privacy in data downloaded from the Internet onto University
computers. The University computer-use policy reserved the right to randomly audit Internet use and to
monitor specific individuals suspected of misusing University computers. The policy explicitly cautions
computer users that information flowing through the University network is not confidential either in
transit or in storage on a University computer. These office practices and procedures should have warned
reasonable employees not to access child pornography with University computers.
While Professor Angevine did attempt to erase the child pornography, the University computer policy
warned system administrators kept file logs recording when and by whom files were deleted. Moreover,
given his transmission of the pornographic data through a monitored University network, deleting the
files alone was not sufficient to establish a reasonable expectation of privacy.
Holding: Professor Angevine did not have a reasonable expectation of privacy. Oklahoma State’s policies
clearly indicated that information flowing through the University network was not confidential either in
transit or in storage on a University computer.
Question: How did the police find this illegal material?
Question: Did the police obtain a search warrant before conducting this search?
Questions: Then why wasn’t this search illegal under the 4th Amendment? Why didn’t the court hold
this evidence to be inadmissible under the exclusionary rule?
Question: The court held that the police did not need a warrant to search Professor Angevine’s
computer because he did not have a reasonable expectation of privacy there.
2 281 F.3d 1130, 2002 U.S. App. LEXIS 2746 United States Court of Appeals for the Tenth Circuit, 2002.
Question: Was the court right? Was Professor Angevine unreasonable in assuming that his University
computer was private?
Answer: Yes, because the University policy had been very clear that:
Question: But Professor Angevine erased the material. Couldn’t you argue that he has a reasonable
expectation in deleted material?
Answer: The University policy explicitly stated that network administrators audited transmissions
Question: Under what circumstances would Professor Angevine have had a reasonable expectation of
privacy?
Answer: Presumably, if he had conducted his search through a private ISP (not connected with the
Case: United States of America v. Warshak3
Facts: Steven Warshak owned Berkeley Premium Nutraceuticals, Inc. a company that sold herbal
supplements. The company had only been modestly successful until it began to market Enzyte, a
supplement that promised to increase masculine endowment. At its peak, Berkeley had annual sales of
around $250 million.
As is the case with all such products, Enzyte was a fraud. Advertisements quoted surveys that had never
been conducted and doctors who did not exist. As a result, customers typically did not buy the product a
second time. Warshak had a solution to this problem – an auto-ship program. A man would order a free
sample, providing his credit card to pay for the shipping. Berkeley would then automatically send him
more product, and, of course, charge his credit card.
Without obtaining a search warrant first, a federal prosecutor asked Warshak’s ISP for copies of his
e-mails. Based on the evidence contained in these 25,000 e-mails, Warshak was convicted of mail, wire,
and bank fraud and sentenced to 25 years in prison. He appealed on the grounds that the government had
violated the Fourth Amendment by obtaining e-mails without a search warrant. He argued that he had had
a reasonable expectation of privacy.
Issue: Did Warshak have a reasonable expectation of privacy in his e-mails?
Excerpts from Justice Boggs’ Decision: Warshak plainly manifested an expectation that his e-mails
would be shielded from outside scrutiny. [H]is entire business and personal life was contained within the
e-mails seized. Given the often sensitive and sometimes damning substance of his e-mails, we think it
highly unlikely that Warshak expected them to be made public, for people seldom unfurl their dirty
laundry in plain view. Therefore, we conclude that Warshak had a subjective expectation of privacy in the
contents of his e-mails.
The next question is whether society is prepared to recognize that expectation as reasonable. This
question is one of grave import and enduring consequence, given the prominent role that e-mail has
assumed in modern communication. Since the advent of e-mail, the telephone call and the letter have
waned in importance, and an explosion of Internet-based communication has taken place. People are now
able to send sensitive and intimate information, instantaneously to friends, family, and colleagues half a
world away. Lovers exchange sweet nothings, and businessmen swap ambitious plans, all with the click
of a mouse button. Commerce has also taken hold in e-mail. Online purchases are often documented in
e-mail accounts, and e-mail is frequently used to remind patients and clients of imminent appointments.
3 631 F.3d 266; 2010 U.S. App. LEXIS 25415 UNITED STATES COURT OF APPEALS FOR THE SIXTH CIRCUIT, 2010.
In short, "account" is an apt word for the conglomeration of stored messages that comprises an e-mail
account, as it provides an account of its owner's life. By obtaining access to someone's e-mail,
government agents gain the ability to peer deeply into his activities.
[T]he Fourth Amendment must keep pace with the inexorable march of technological progress, or its
guarantees will wither and perish. While a letter is in the mail, the police may not intercept it and
examine its contents unless they first obtain a warrant based on probable cause. If we accept that an
e-mail is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel
a commercial ISP to turn over the contents of an e-mail without triggering the Fourth Amendment.
E-mails must pass through an ISP's servers to reach their intended recipient. Thus, the ISP is the
functional equivalent of a post office or a telephone company. [T]he police may not storm the post office
and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine
recording of a telephone call—unless they get a warrant, that is. It only stands to reason that, if
government agents compel an ISP to surrender the contents of a subscriber's e-mails, those agents have
thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant
requirement.
Accordingly, we hold that a subscriber enjoys a reasonable expectation of privacy in the contents of
e-mails that are stored with, or sent or received through, a commercial ISP. The government may not
compel a commercial ISP to turn over the contents of a subscriber's e-mails without first obtaining a
warrant based on probable cause.
Question: Why is this case notable?
Answer: It is the first court from a United States Circuit Court of Appeals to explicitly hold that there
The FTC
Section 5 of the FTC Act prohibits unfair and deceptive acts or practices. The Federal Trade Commission
(FTC) applies this statute to online privacy policies.
Electronic Communications Privacy Act of 1986 (ECPA)
The ECPA prohibits unauthorized interception or disclosure of wire and electronic communications or
unauthorized access to stored communications. These are the major provisions of the ECPA:
Any intended recipient of an electronic communication has the right to disclose it.
ISPs are generally prohibited from disclosing electronic messages to anyone other than
the addressee, unless this disclosure is necessary for the performance of their service or for the
protection of their own rights or property.
An employer has the right to monitor workers’ electronic communications if (1) the
employee consents, (2) the monitoring occurs in the ordinary course of business, or (3) the
employer provides the computer system (in the case of e-mail).
The government has the right to access electronic communication if it first obtains a
search warrant or court order.
You Be The Judge: Scott v. Beth Israel Medical Center, Inc.4
Facts: Beth Israel Medical Center (BI) e-mail policy stated:
All information and documents created, received, saved or sent on the Medical Center’s computer of
communications systems are the property of the Medical Center. Employees have no personal privacy
right on any material created, received, saved or sent using Medical Center communication or
4 2007 N.Y. Misc. LEXIS, Supreme Court of New York, 2007.
computer systems. The Medical Center reserves the right to access and disclose such material at any
time without prior notice.
Dr. Norman Scott was head of the orthopedics department at BI. His contract with the hospital
provided for $14 million in severance pay if he was fired without cause. BI did fire Scott and the question
was whether it was for cause or not. In preparation for a lawsuit against BI, Scott used the hospital’s
computer system to send e-mails to his lawyer. Each of these e-mails included the following notice:
This message is intended only for the use of the Addressee and may contain information that is
privileged and confidential. If you are not the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited. If you have received this communication
in error, please erase all copes of the message and its attachments and notify us immediately.
BI Obtained copies of all of Scott’s e-mails. It notified him that it had copies of the e-mails to his
lawyer. No one at BI had read the e-mails, but they intended to do so.
Communications between lawyers and their clients are generally protected, but a client waives that
privilege if he publicly discloses the information. When Scott requested that the e-mails be returned to
him unread, BI refused. Scott filed a motion seeking the return of the documents.
You Be The Judge: Did Scott have a right to privacy in e-mails he sent to his lawyer using the BI
system?
Holding: No, Scott’s motion was denied. BI’s e-mail policy that stated employees had no privacy interest
in any material sent or received on its computer systems diminished any expectation of confidentiality in
the e-mails. Although Scott claimed that he was unaware of the policy, the court held that he had
constructive notice, if not actual notice of it, as BI disseminated its policy to each employee in 2002 and
provided Internet notice. The effect of BI’s e-mail policy is to have the employer looking over your
shoulder each time you send an e-mail. In other words, the otherwise privileged communication between
Scott and his lawyer would not have been made in confidence because of the BI policy. According to the
court, BI, like other employers, has the right to regulate its workplace including the usage of its computers
and resources. BI's policy allows for monitoring. Although BI acknowledges that it did not monitor Dr.
Scott's e-mail, it retains the right to do so in the e-mail policy.
Question: Which provision of the Electronic Communication Privacy Act applies to Scott’s e-mails?
Answer: The provision that states an employer has the right to monitor workers’ electronic
Question: Scott was emailing his lawyer, so the content of the e-mails should be privileged by the
attorney-client privilege. Should that trump the employer’s right to monitor his e-mail?
Answer: According to the court, no. Under the ECPA, if the employer owns the computer system
Question: What then is the status of the e-mails Scott wrote to his lawyer?
Answer: Those communications are no longer privileged. A client loses his privilege when he
Question: What should Scott have done differently?
Children’s Online Privacy Protection Act of 1998
The Children’s Online Privacy Protection Act of 1998 (COPPA) prohibits Internet operators from
collecting information from children under 13 without parental permission. It also requires sites to
disclose how they will use any information they acquire.
European Law
The European Union’s e-Privacy Directive requires an opt-in system, under which tracking tools cannot
be used unless the consumer is told how the tools will be used and then specifically grants permission for
their use.
Spam
Spam is officially known as unsolicited commercial e-mail (UCE) or unsolicited bulk e-mail (UBE).
The Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam).
Can-Spam is a federal statute that does not prohibit spam, but regulates it.
