978-1285427003 Chapter 32 Lecture Note Part 1

Unlock access to all the studying documents.

View Full Document

Suggested Additional Assignments

Field Work: Cookies and Internet Functionality

Have students block their web browsers from accepting cookies and record how it changes their online

experience.

Research: Online Safety

Ask students what steps they take to protect both their privacy online and the security of their computer.

They should consider options such as providing incorrect personal information; software-based

protections (e.g., the Windows Security Center or Zone Alarm); hardware-based protections (e.g., cable

modems or routers utilizing Network Address Translation and firewalls); and Internet-based protections

(e.g., anonymous remailers).

Research: Electronic Privacy

Shortly before the class on cyberlaw, visit the websites http://www.privacy.org or http://www.epic.org and

assign one or two of the articles for class discussion.

Field Work: Spam

Ask students to count how many spam messages they receive in a week. If students have more than one

e-mail account, ask them to track which account receives more spam. Are some Internet Service Providers

(ISP) better than others at blocking spam? Have students noticed any decrease in the amount of spam they

receive since passage of the Can-Spam Act in 2003? Have they noticed any change in the nature of the

spam they receive?

Field Work: Phishing

Phishing is a fast-growing crime that involves sending fraudulent e-mails directing the recipient to enter

personal information on a website that is an illegal imitation of a legitimate site. Ask students to print out

a phishing e-mail they have received. How obvious is it that the message is illegitimate?

Chapter Overview

Chapter Theme

Computers and the Internet—cyberspace—together comprise one of the great technological developments

of modern times. They have changed the way we learn, conduct business, seek entertainment, make

friends, enjoy our families, and generally lead our lives. The law in this area is so young and unformed

that oftentimes we must ask not only, “What is the law?” but also, “What should the law be?”

Privacy

Tracking Tools

Because our interactions with a computer often take place in isolation (sitting alone at home, at work or in

a café), the experience feels private. It is not, but consumers often are unaware of who has access to their

information.

Before there were cookies, the Internet had no memory. If a person visited an Internet site at 8:00 PM,

moved on to another site, and returned to the first site at 8:15 PM, the site would consider her a first-time

visitor. Websites started using cookies to identify repeat visitors, to keep track of their personal

information, and remember that they had been there before. Sites quickly began using cookies for other

purposes, often secretly keeping track of more detailed personal information. Web advertisers also

installed tracking cookies on users’ computers to monitor their browsing habits and shopping preferences

and compile databases of information useful to marketers.

Ask students who completed the fieldwork on cookies to report what they found. Many will report that

the experience of not accepting cookies so hobbled their site visits as to make the Internet almost

unusable. How can users maintain their privacy and still use the Internet? Experts recommend installing a

sweeper security program that regularly checks a computer’s hard drive for invasive cookies.

Research: Online Safety

Ask students who completed this assignment to list their responses. Prepare a chart to keep track of how

many students use each type of protection (informal, software-based, hardware-based, Internet-based, and

other), and how many students use nothing except what has been provided by default on their computer or

network. Have they had problems with invasions of privacy or damage to their computers?

Research: Electronic Privacy

This would be a good time to discuss articles from http://www.privacy.org or http://www.epic.org.

Regulation of Online Privacy

Self-Regulation

In an effort to forestall government regulation, several marketing trade groups issued their own report

“Self-Regulatory Principles for Online Behavioral Advertising.” These principles require websites that

use tracking tools to provide notice of data collection that is “clear, prominent, and conveniently located.”

In addition, the websites must permit consumers to opt out of tracking, with only a few clicks. However,

websites rarely comply with these principles.

The First Amendment

The First Amendment to the Constitution protects free speech, including derogatory Internet postings that

do not violate other laws.

You Be The Judge: Juzwiak v. John/Jane Doe1

Facts: Juzwiak was a tenured teacher at Hightstown High School in New Jersey. He received three

e-mails from someone who signed himself “Josh,” with the address, “Josh Hartnett jharthat@yahoo.com

.” The teacher did not know anyone of that name. These e-mails said:

Subject line: “Hopefully you will be gone permanently”

Text: “We are all praying for that. Josh”

Subject line: “I hear Friday is ‘D’ day for you”

Text: “I certainly hope so. You don’t deserve to be allowed to teach anymore. Not just in Hightstown but

anywhere. If Hightstown bids you farewell I will make it my lifes (sic) work to ensure that wherever you

look for work they know what you have done.”

Subject line: “Mr. Juzwiak in the Hightstown/East Windsor School System.”

Text: It has been brought to my attention and I am sure many of you know that Mr. J is reapplying for his

position as a teacher in this town. It has further been pointed out that certain people are soliciting

supporters for him. This is tantamount to supporting the devil himself. I am not asking anyone to speak

out against Mr. J but I urge you to then be silent as we cannot continue to allow the children of this school

system nor the parents to be subjected to his evil ways. Thank you. Josh

It seems that this third e-mail was sent to other people, but it was not clear to whom.

Because Juzwiak did not know who “Josh” was, he filed a complaint against John/Jane Doe, seeking

damages for intentional infliction of emotional distress. As part of the lawsuit, he served a subpoena on

1 415 N.J. Super. 442; 2 A.3d 428; 2010 N.J. Super. LEXIS 154, SUPERIOR COURT OF NEW JERSEY, APPELLATE

DIVISION, 2010.

Yahoo!, asking it to reveal “Josh’s” identity. When Yahoo! notified “Josh” of the lawsuit, he asked the

court to quash the subpoena.

In a court hearing, Juzwiak testified that the threatening e-mails had severely disrupted his life, causing

deep anger and depression as well as insomnia that had impaired his ability to concentrate and function

effectively. In addition, this emotional stress had exacerbated his back problems and caused him to lose

20 pounds. Although he had already been taking anti-depressants, a psychiatrist prescribed four additional

drugs for depression, anxiety and insomnia, which were not effective in reducing his symptoms. Juzwiak

also stated that he had thoughts of hurting himself and the entire episode had consumed his life for several

months.

When the trial court refused to issue the subpoena against Yahoo!, Juzwiak appealed.

You Be the Judge: Should the trial court have issued the subpoena? Which interest is more important:

“Josh’s” first amendment right to free speech or Juzwiak’s protection from harassing e-mails?

Argument for “Josh”: Free speech is the first, and most important, right in the Bill of Rights. To ensure

a vibrant marketplace of ideas, the First Amendment protects not only open but also anonymous speech.

Sometimes speakers must be allowed to withhold their identities to protect themselves from harassment

and persecution.

Nothing in these messages was a realistic threat to the teacher’s safety. “Hopefully you will be gone

permanently” could easily mean “Hope you will move out of town.” Juzwiak reported these e-mails to the

police, but they took no action. Presumably they would have done so if there had been any real threat.

Nor did these e-mails constitute an intentional infliction of emotional distress. They were not so extreme

and outrageous as to be utterly intolerable in a civilized community. “Josh” did not accuse Juzwiak of

vile or criminal acts. The language was not obscene or profane. In short, if Juzwiak is going to teach high

school, he needs to develop a thicker skin and a better sense of humor.

Argument for Juzwiak: The right to speak anonymously is not absolute. “Josh” requires protection from

harassment? That is an absurd argument.

These e-mails contained death threats: “Hopefully you will be gone permanently” and “I hear Friday is ‘D’

day for you.” Juzwiak was frightened enough to go to the police. He suffered serious physical and

emotional harm. These e-mails are not entitled to the protection of the First Amendment.

Furthermore, the e-mails constituted intentional infliction of emotional distress. They were extreme

and outrageous conduct designed to cause harm. They achieved their goal.

In balancing the rights in this case, why would the court protect “Josh,” who has set out to cause

harm, over the innocent teacher?

Holding: The New Jersey appellate court held that a plaintiff who fails to make out a claim of

intentional infliction of emotional distress based on anonymous, offensive e-mails can’t compel the

sender’s ISP to reveal his or her identity.

Question: Did Juzwiak prove his claim for intentional infliction of emotional distress?

The Fourth Amendment

The Fourth Amendment to the Constitution prohibits unreasonable searches and seizures by the

government. The Fourth Amendment applies to computers.

Case: United States of America v. Angevine2

Facts: Oklahoma State University provided Professor Eric Angevine with a computer linked to the

University network, and through it to the Internet. Angevine used this computer to download over 3,000

pornographic images of young boys. After viewing the images and printing some of them, he deleted the

files. Tipped off by Professor Angevine’s wife, police officers seized the computer and turned it over to a

police computer expert who retrieved the pornographic files that the professor had deleted.

The Oklahoma State University computer policy states that:

The contents of all storage media owned or stored on University computing facilities are

the property of the University.

Employees cannot use University computers to access obscene material.

The University reserves the right to view or scan any file or software stored on a

computer or passing through the network, and will do so periodically to audit the use of

University resources. The University cannot guarantee confidentiality of stored data.

System administrators keep logs of file names, which may indicate why a particular data

file is being erased, when it was erased, and what user identification has erased it.

The trial court held that federal agents did not need a warrant to search Professor Angevine’s office

computer because he had no expectation of privacy. The judge sentenced him to fifty-one months in

prison for “knowing possession of child pornography.” The professor appealed.

Issue: Did Professor Angevine have a reasonable expectation of privacy in his office computer?

Excerpts from Judge Brorby’s Decision: Oklahoma State University policies and procedures prevent

its employees from reasonably expecting privacy in data downloaded from the Internet onto University

computers. The University computer-use policy reserved the right to randomly audit Internet use and to

monitor specific individuals suspected of misusing University computers. The policy explicitly cautions

computer users that information flowing through the University network is not confidential either in

transit or in storage on a University computer. These office practices and procedures should have warned

reasonable employees not to access child pornography with University computers.

While Professor Angevine did attempt to erase the child pornography, the University computer policy

warned system administrators kept file logs recording when and by whom files were deleted. Moreover,

given his transmission of the pornographic data through a monitored University network, deleting the

files alone was not sufficient to establish a reasonable expectation of privacy.

Holding: Professor Angevine did not have a reasonable expectation of privacy. Oklahoma State’s policies

clearly indicated that information flowing through the University network was not confidential either in

transit or in storage on a University computer.

Question: How did the police find this illegal material?

Question: Did the police obtain a search warrant before conducting this search?

Questions: Then why wasn’t this search illegal under the 4th Amendment? Why didn’t the court hold

this evidence to be inadmissible under the exclusionary rule?

Question: The court held that the police did not need a warrant to search Professor Angevine’s

computer because he did not have a reasonable expectation of privacy there.

2 281 F.3d 1130, 2002 U.S. App. LEXIS 2746 United States Court of Appeals for the Tenth Circuit, 2002.

Question: Was the court right? Was Professor Angevine unreasonable in assuming that his University

computer was private?

Answer: Yes, because the University policy had been very clear that:

Question: But Professor Angevine erased the material. Couldn’t you argue that he has a reasonable

expectation in deleted material?

Answer: The University policy explicitly stated that network administrators audited transmissions

Question: Under what circumstances would Professor Angevine have had a reasonable expectation of

privacy?

Answer: Presumably, if he had conducted his search through a private ISP (not connected with the

Case: United States of America v. Warshak3

Facts: Steven Warshak owned Berkeley Premium Nutraceuticals, Inc. a company that sold herbal

supplements. The company had only been modestly successful until it began to market Enzyte, a

supplement that promised to increase masculine endowment. At its peak, Berkeley had annual sales of

around $250 million.

As is the case with all such products, Enzyte was a fraud. Advertisements quoted surveys that had never

been conducted and doctors who did not exist. As a result, customers typically did not buy the product a

second time. Warshak had a solution to this problem – an auto-ship program. A man would order a free

sample, providing his credit card to pay for the shipping. Berkeley would then automatically send him

more product, and, of course, charge his credit card.

Without obtaining a search warrant first, a federal prosecutor asked Warshak’s ISP for copies of his

e-mails. Based on the evidence contained in these 25,000 e-mails, Warshak was convicted of mail, wire,

and bank fraud and sentenced to 25 years in prison. He appealed on the grounds that the government had

violated the Fourth Amendment by obtaining e-mails without a search warrant. He argued that he had had

a reasonable expectation of privacy.

Issue: Did Warshak have a reasonable expectation of privacy in his e-mails?

Excerpts from Justice Boggs’ Decision: Warshak plainly manifested an expectation that his e-mails

would be shielded from outside scrutiny. [H]is entire business and personal life was contained within the

e-mails seized. Given the often sensitive and sometimes damning substance of his e-mails, we think it

highly unlikely that Warshak expected them to be made public, for people seldom unfurl their dirty

laundry in plain view. Therefore, we conclude that Warshak had a subjective expectation of privacy in the

contents of his e-mails.

The next question is whether society is prepared to recognize that expectation as reasonable. This

question is one of grave import and enduring consequence, given the prominent role that e-mail has

assumed in modern communication. Since the advent of e-mail, the telephone call and the letter have

waned in importance, and an explosion of Internet-based communication has taken place. People are now

able to send sensitive and intimate information, instantaneously to friends, family, and colleagues half a

world away. Lovers exchange sweet nothings, and businessmen swap ambitious plans, all with the click

of a mouse button. Commerce has also taken hold in e-mail. Online purchases are often documented in

e-mail accounts, and e-mail is frequently used to remind patients and clients of imminent appointments.

3 631 F.3d 266; 2010 U.S. App. LEXIS 25415 UNITED STATES COURT OF APPEALS FOR THE SIXTH CIRCUIT, 2010.

In short, “account” is an apt word for the conglomeration of stored messages that comprises an e-mail

account, as it provides an account of its owner’s life. By obtaining access to someone’s e-mail,

government agents gain the ability to peer deeply into his activities.

[T]he Fourth Amendment must keep pace with the inexorable march of technological progress, or its

guarantees will wither and perish. While a letter is in the mail, the police may not intercept it and

examine its contents unless they first obtain a warrant based on probable cause. If we accept that an

e-mail is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel

a commercial ISP to turn over the contents of an e-mail without triggering the Fourth Amendment.

E-mails must pass through an ISP’s servers to reach their intended recipient. Thus, the ISP is the

functional equivalent of a post office or a telephone company. [T]he police may not storm the post office

and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine

recording of a telephone call—unless they get a warrant, that is. It only stands to reason that, if

government agents compel an ISP to surrender the contents of a subscriber’s e-mails, those agents have

thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant

requirement.

Accordingly, we hold that a subscriber enjoys a reasonable expectation of privacy in the contents of

e-mails that are stored with, or sent or received through, a commercial ISP. The government may not

compel a commercial ISP to turn over the contents of a subscriber’s e-mails without first obtaining a

warrant based on probable cause.

Question: Why is this case notable?

Answer: It is the first court from a United States Circuit Court of Appeals to explicitly hold that there

The FTC

Section 5 of the FTC Act prohibits unfair and deceptive acts or practices. The Federal Trade Commission

(FTC) applies this statute to online privacy policies.

Electronic Communications Privacy Act of 1986 (ECPA)

The ECPA prohibits unauthorized interception or disclosure of wire and electronic communications or

unauthorized access to stored communications. These are the major provisions of the ECPA:

Any intended recipient of an electronic communication has the right to disclose it.

ISPs are generally prohibited from disclosing electronic messages to anyone other than

the addressee, unless this disclosure is necessary for the performance of their service or for the

protection of their own rights or property.

An employer has the right to monitor workers’ electronic communications if (1) the

employee consents, (2) the monitoring occurs in the ordinary course of business, or (3) the

employer provides the computer system (in the case of e-mail).

The government has the right to access electronic communication if it first obtains a

search warrant or court order.

You Be The Judge: Scott v. Beth Israel Medical Center, Inc.4

Facts: Beth Israel Medical Center (BI) e-mail policy stated:

All information and documents created, received, saved or sent on the Medical Center’s computer of

communications systems are the property of the Medical Center. Employees have no personal privacy

right on any material created, received, saved or sent using Medical Center communication or

4 2007 N.Y. Misc. LEXIS, Supreme Court of New York, 2007.

computer systems. The Medical Center reserves the right to access and disclose such material at any

time without prior notice.

Dr. Norman Scott was head of the orthopedics department at BI. His contract with the hospital

provided for $14 million in severance pay if he was fired without cause. BI did fire Scott and the question

was whether it was for cause or not. In preparation for a lawsuit against BI, Scott used the hospital’s

computer system to send e-mails to his lawyer. Each of these e-mails included the following notice:

This message is intended only for the use of the Addressee and may contain information that is

privileged and confidential. If you are not the intended recipient, you are hereby notified that any

dissemination of this communication is strictly prohibited. If you have received this communication

in error, please erase all copes of the message and its attachments and notify us immediately.

BI Obtained copies of all of Scott’s e-mails. It notified him that it had copies of the e-mails to his

lawyer. No one at BI had read the e-mails, but they intended to do so.

Communications between lawyers and their clients are generally protected, but a client waives that

privilege if he publicly discloses the information. When Scott requested that the e-mails be returned to

him unread, BI refused. Scott filed a motion seeking the return of the documents.

You Be The Judge: Did Scott have a right to privacy in e-mails he sent to his lawyer using the BI

system?

Holding: No, Scott’s motion was denied. BI’s e-mail policy that stated employees had no privacy interest

in any material sent or received on its computer systems diminished any expectation of confidentiality in

the e-mails. Although Scott claimed that he was unaware of the policy, the court held that he had

constructive notice, if not actual notice of it, as BI disseminated its policy to each employee in 2002 and

provided Internet notice. The effect of BI’s e-mail policy is to have the employer looking over your

shoulder each time you send an e-mail. In other words, the otherwise privileged communication between

Scott and his lawyer would not have been made in confidence because of the BI policy. According to the

court, BI, like other employers, has the right to regulate its workplace including the usage of its computers

and resources. BI’s policy allows for monitoring. Although BI acknowledges that it did not monitor Dr.

Scott’s e-mail, it retains the right to do so in the e-mail policy.

Question: Which provision of the Electronic Communication Privacy Act applies to Scott’s e-mails?

Answer: The provision that states an employer has the right to monitor workers’ electronic

Question: Scott was emailing his lawyer, so the content of the e-mails should be privileged by the

attorney-client privilege. Should that trump the employer’s right to monitor his e-mail?

Answer: According to the court, no. Under the ECPA, if the employer owns the computer system

Question: What then is the status of the e-mails Scott wrote to his lawyer?

Answer: Those communications are no longer privileged. A client loses his privilege when he

Question: What should Scott have done differently?

Children’s Online Privacy Protection Act of 1998

The Children’s Online Privacy Protection Act of 1998 (COPPA) prohibits Internet operators from

collecting information from children under 13 without parental permission. It also requires sites to

disclose how they will use any information they acquire.

European Law

The European Union’s e-Privacy Directive requires an opt-in system, under which tracking tools cannot

be used unless the consumer is told how the tools will be used and then specifically grants permission for

their use.

Spam

Spam is officially known as unsolicited commercial e-mail (UCE) or unsolicited bulk e-mail (UBE).

The Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam).

Can-Spam is a federal statute that does not prohibit spam, but regulates it.