JOLT Digest

Written by Susanna Lichter
Edited by Laura Fishwick
Editorial Policy

“CyberPatrol, ” “SniperSpy,” and “IamBigbrother” are the names of keyloggers that might be installed on your office computer. These easy to use and inexpensive hardware or software devices record keystrokes and allow a monitor to access email, and other password-protected accounts of an unsuspecting typist. Employers are using keyloggers more often in the workplace to oversee employees without their knowledge. Managers argue that computer surveillance is important to ensure productivity, but alternative tools like website blockers, remote desktop access and time audits allow employers to determine whether an employee deviated from her task without risking the same breach of trust or employee humiliation associated with keyloggers.

Although keyloggers facilitate a major invasion of privacy, they are legal in many jurisdictions. There is currently no federal law that has been interpreted to prohibit their surreptitious use. The Electronic Communications Privacy Act (ECPA), which includes the Federal Wiretap Act (FWA) and the Stored Communication Act (SCA), could potentially prevent keystroke theft, but thus far the protections it offers have not been extended to keyloggers. However, there is evidence that this may soon change. Several recent cases have suggested a broader interpretation of the ECPA than what has previously been held. Additionally, in the absence of a consensus about federal law prohibiting keyloggers, some courts have interpreted state statutes to protect the public from having their strokes stolen. The conflict of interpretations between jurisdictions leaves people in many states vulnerable to invasive employer spying. It also creates a lack of clarity for employers and employees regarding what is considered lawful conduct. The surreptitious use of keyloggers should be subjected to wider regulation by state or federal law. In a few cases courts have diverged from precedent and adopted this position.  (more…)

The Harvard Journal of Law & Technology recently released its Fall 2011 issue, now available online.  Jane Yakowitz, author of “Tragedy of the Data Commons” has written an abstract of her article for the Digest, presented below.

- The Digest Staff

JOLT Print Preview: Tragedy of the Data Commons
Jane Yakowitz

The data that fuels most of the quantitative health and policy research in this country is publicly available data that has undergone some sort of anonymization process. This is the data commons, and unwittingly, we are all in it. Our tax returns, medical records, and school records, among other things, seed its pastures and facilitate a wide range of empirical studies.

In theory the data commons gives us the best of both worlds by allowing researchers to test hypotheses and produce generalizable results without exposing anybody’s personal information. But in practice, we all shoulder some risk that a bad actor might use auxiliary information to reidentify us, and discover our private information. The looming policy question, raised by Paul Ohm and the Federal Trade Commission, is whether current data privacy policies in the United States strike the right balance between the risks of reidentification attacks and the utility of data-sharing. Paul Ohm and other scholars believe the risk is too high, that we need stronger privacy laws to protect data subjects. This article comes to the exact opposite conclusion: the utility of public research data is so great, and the realistic risks so small, that the law should foster the sharing of anonymized data.  (more…)

The Harvard Journal of Law & Technology recently released its Fall 2011 issue, now available online.  Sonia K. McNeil, author of “Privacy and the Modern Grid” has written an abstract of her article for the Digest, presented below.

- The Digest Staff

JOLT Print Preview: Privacy and the Modern Grid
Sonia K. McNeil

The American electrical grid is in bad shape. Because of chronic underinvestment in research and development, a digital nation now relies on an infrastructure created before the invention of microprocessors that is beginning to show its age. Power quality problems and system disturbances cost the United States nearly $150 billion each year, regional blackouts aggravate and endanger millions of residents, and structural insecurities tempt hackers and terrorists around the globe.

To address these problems, the modern grid is being transformed from an outmoded, centralized network dominated by energy producers to a flexible, decentralized system that is more secure, more reliable, and better able to respond to and interact with consumers. The updated “smart grid” will permit “a two-way flow of electricity and information” in near-real time, creating an adaptive, interactive energy matrix. For consumers, the most visible part of the smart grid will be “smart meters,” advanced electrical meters that collect highly granular data on individual electricity consumption and allow users to monitor and remotely control their electrical use in response to fluctuating energy prices. At the level of an individual home, the goal is to use data to encourage consumers to conserve energy by showing them its cost as they consume it, rather than days or weeks later in an energy bill. System-wide, this information will be harnessed to spur economic growth, conserve the environment, increase electrical service reliability, strengthen national security, and develop derivative technologies.  (more…)

Written by Laura Fishwick
Edited by Adam Lewin
Editorial Policy

Introduction

The most recent U.S. Supreme Court case to address the legality of school-imposed punishment for student expression was more than forty years ago in Tinker v. Des Moines Indep. Cmty. Sch. Dist., 393 U.S. 503 (1969). In that seminal case, the Supreme Court found that a state’s interest in maintaining its educational system can justify limitations on students’ First Amendment rights to the extent necessary to maintain an effective learning environment. Id. In Tinker, school officials suspended students for wearing black arm bands to protest the Vietnam War. Articulating the standard still used by courts today,[1] the Court held that a school may regulate student speech or expression if school officials can reasonably conclude that such speech caused or is likely to cause a “material and substantial” disruption to school activities. Id. at 513 (finding no substantial disruption because the protests were non-violent and did not interfere with class activities).

Tinker and subsequent Supreme Court cases have not addressed whether a school may regulate student speech that occurs off campus or online and is not connected to a school event, but that nonetheless causes disruption on campus or in the classroom. Further complicating the analysis of on campus, off campus, and online speech are additional factors such as the location where recorded activity takes place before it is posted online, and the location of the computer used to upload data onto the Internet. This comment explores the recent lower court decisions applying the Tinker standard to school-enforced limits on student speech made on the Internet. In cases of off campus or online speech, some courts have responded to the fact that Tinker involved on campus speech by requiring the school to show a substantial nexus between the speech and the school before applying Tinker. Beyond the nexus inquiry, courts move onto Tinker and examine the intensity of on campus discussions surrounding the expression, the burden the expression places on the administration, and whether the expression contains violent content.  (more…)