I am definitely having fun with my Cyberspace Law class this term. The course concludes this December so I have the rest of the year to immerse myself into a synergistic subject area. It is widely held that in general, lawyer’s knowledge about computers, and predictions they make about new technology, are highly likely to be false. The blind do not make good trailblazers. The law is always reactive concerning technology it seems and lawyers in my experience are far from technologically savvy which is where someone with my expertise comes in with comparable billing rates. 😉
There has been some interesting movement in the courts, particularly in California within the Stored Communications Act space. Specifically, the District Court for the Central District of California, in its Crispin decision, has indicated that content posted to social media personal spaces such as Facebook’s “walls,” if marked private, could be entitled to protection. The challenge is that even if the Stored Communications Act applies to private messaging and private postings on social media sites, this does not necessarily mean that any and all communications and content shared through social media sites is blocked entirely from discovery by potential litigants or other interested parties such as prospective employers. As you would expect, many social networking sites assert that the Stored Communications Act precludes them from having to comply with subpoenas requesting documents which is nonsense if you look at the issue logically.
To make matters a bit worse, even if your personal information is not publicly available on a social networking sites, the Stored Communications Act still does not preclude “lawful access” to such information. A clever litigant or savvy security professional assisting counsel might take the direct approach and seek the information directly from you or the custodial party under Rule 34 of the Federal Rules of Civil Procedure, which could help force an unwilling party to provide “lawful consent” to the disclosure of electronic communications held by third parties such as Facebook or MySpace. In a recent decision, see Kathleen Romano v. Steelcase Inc. and Educational & Institutional Cooperative Services Inc., a New York court ordered a plaintiff in a personal injury case to grant defendant’s access to her current and historical Facebook and MySpace pages, even where the information was not publicly available. Relying on such sites’ warnings emphasizing that information designated “private” may not remain so, the court held that there is no expectation of privacy, no matter what privacy settings were used.
Now a word to the wise. Here is where someone who is technically savvy really pays dividends to the litigant’s attorney or to your spouse’s private investigator. When solving a problem or a puzzle, we sometimes need to approach it from different perspectives right? Think about it for a moment, what other avenues might I have to discover content that is posted on private spaces on these social media sites? Even when content that is marked as “private” on the various social networking services, the same information may be found in person’s email in-box right? Because social media sites frequently send updates to end users through email or text messages regarding other people’s postings, comments, and messages, those users’ email accounts frequently contain copies of otherwise “private” social media messages. We suddenly have a much wider attack vector to get the information we desire! I say attack vector deliberately because identity thieves will target your email in-box looking for user names, account names, information and passwords to steal from you.
Even if the information sought is not readily accessible, consider whether it can be construed as something other than an “electronic communication.” One exception to the Stored Communications Act is the disclosure of “customer records”—that is, “a record or other information pertaining to a subscriber to or customer of such service”—to any person other than a governmental entity. A good example of this would be if your employer wants to know when and how long you were using a particular social media site to defend itself against your wrongful termination suit or if it is building a case against you for a termination event. The dates and times at which an individual accessed a social networking site are not “content” within the meaning of the Stored Communications Act and are therefore not subject to the Stored Communications Act’s protections against disclosure. Obviously this is another wide open attack vector that the technically savvy supporting party to the litigant should be aware of and exploit.
We should certainly expect corporate policies will be updated to make prosecution easier. Laws are evolving and being aware of your rights and how those (intended-unintended) loopholes affect you. Lawyers will continue to need competent and well-credentialed technologists to assist them in pointing out the stones to turn over. Fascinating stuff as far as I am concerned.
A clever person will pursue alternate paths to obtain the desired end result. Look before you leap.
For more information about the Stored Communications Act, visit my EFF pals and read all about it here: http://ilt.eff.org/index.php/Privacy:_Stored_Communications_Act