JOLT Digest

New Information about Carrier IQ Software Sparks Concerns that Wireless Carriers Have Violated Federal Anti-Wiretapping Laws

By Abby Lauer – Edited by Michael Hoven

Last month, a security researcher from Connecticut published information about a software program installed on some mobile smartphones that may be surreptitiously collecting data about how the phones are used. The software, called Carrier IQ and manufactured by a company of the same name, has been described as hard to detect, hard to remove, and programmed to run by default without the user’s knowledge. The scandal escalated last week when Senator Al Franken sent a letter to Carrier IQ asking for details about the software and the company’s business practices. Privacy analysts are concerned that the software violates the Federal Wiretap Act, as amended by the Electronic Communications Privacy Act, which forbids the intercepting of “wire, oral or electronic communication” and authorizes penalties of $100 per day for each violation. 18 U.S.C. §§ 2511, 2520. Other commentators have suggested that Carrier IQ may also violate the Computer Fraud and Abuse Act. 18 U.S.C. § 1030. So far, at least eight class action lawsuits have been filed against Carrier IQ and various device makers and wireless carriers.

Computerworld provides a general overview of the Carrier IQ software and the recent scandal. For a more detailed analysis of the legal issues, see Forbes, paidContent.org, and Talking Points Memo. (more…)

District Court Requires Warrant for Cell Phone Location Data

By Michael Hoven – Edited by Jonathan Allred

In the Matter of an Application of the United States of America for an Order Authorizing the Release of Historical Cell-Site Information, 10-MC-897 (E.D.N.Y. Aug. 22, 2011)

Slip opinion

The United States District Court of the Eastern District of New York denied the government’s request to order Verizon Wireless to turn over 113 days of customer location data which, according to the government, was relevant to a criminal investigation.

The court held that the Fourth Amendment covered cell phone location data and that law enforcement would need to show probable cause and receive a warrant to access such information. The court decided that cell phone users have a reasonable expectation of privacy that deserves protection from government intrusion. In so holding, the court applied an exception to the third-party-disclosure doctrine that would otherwise give law enforcement access to non-content information (such as location data) that users have already divulged to a third party (such as a service provider), concluding that disclosure of cumulative cell phone location data would be as intrusive as disclosure of the content of cell phone communications.

Ars Technica provides an overview of the case. Techdirt applauds the decision’s protection of cell phone users’ privacy. Wired notes that action by the Supreme Court or the Senate could favor government access over user privacy and limit the effect of the court’s ruling. (more…)

By Emily Hootkins

Federal Judge Overturns $625.5 Million Judgment against Apple

On Monday, U.S. District Judge Leonard Davis reversed an October 2010 decision requiring Apple to pay over $625.5 million in patent infringement damages, CNET news and PC Magazine report. This reversal is the latest decision in a three-year battle between Mirror Worlds and Apple. Last October, a jury handed found Apple liable for infringing Mirror Worlds’ patents with its Cover Flow, Spotlight, and Time Machine software. Judge Davis reversed this decision, holding that there was insufficient evidence to support the patent infringement claims.

Federal Appellate Court Hears Oral Arguments in Music Piracy Case

Computer World and Boston.com report that the U.S. Court of Appeals for the First Circuit heard oral arguments on Monday challenging a damage award for music piracy. This is the first case of its kind to make it to a federal appellate court. In 2009, a jury verdict of $675,000 was entered against Joel Tenenbaum for illegally downloading 30 copyrighted songs. A district judge later reduced that award to $67,500; both the defendant and the plaintiff, the Recording Industry of America, appealed. During Monday’s oral argument, the parties revisited the appropriateness of this damage award. The court should issue a judgment sometime later this year.

Calls for Changes to Electronic Communications Privacy Act

PC World reports that several Democratic members of the U.S. Senate Judiciary Committee have called for changes to the Electronic Communications Privacy Act (“ECPA”). These senators contend that the 25-year-old law is outdated in light of current privacy and national security concerns. According to CNET, ECPA is “notoriously convoluted and difficult even for judges to follow.” Among other provisions, ECPA gives internet users who store data locally more privacy rights than users of cloud-based services.  However, the Justice Department has expressed opposition to the proposed changes in the law.

Stored Communications Act Protects Facebook and MySpace Users’ Private Communications
By Kathryn Freund – Edited by Jad Mills

Crispin v. Christian Audigier, Inc., CV 09-09509-MMM-JEMx (C.D. Cal. May 26, 2010)
Order

The Central District of California reversed and quashed Magistrate Judge McDermott’s order granting a subpoena to obtain private Facebook and MySpace messages and vacated and remanded his order granting a subpoena to obtain Facebook wall postings and MySpace  comments.

Judge Morrow held that private messages sent using Facebook and MySpace fall under the protections of the Stored Communications Act (“SCA”), 18 U.S.C. 2701, which limits the government’s ability to compel Internet service providers to “disclose information in their possession about their customers and subscribers.” He further held that the wall postings and comments also fall under the SCA, but only to the extent that the communications are not public, and remanded to determine the public access allowed under the user’s privacy settings. In so holding, the court provided a detailed analysis of the SCA and noted the difficulty of applying the SCA to modern internet communications.

The Technology & Marketing Law Blog provides an overview of the order and comments on the difficulty of gathering evidence from private Facebook profiles and messages through subpoenas. The Federal Lawyer describes some of the restrictions the SCA places on discovery. (more…)

Ninth Circuit Denies Rehearing En Banc in Quon v. Arch Wireless Text Message Privacy Case
By Debbie Rosenbaum — Edited by Christina Hayes

Quon v. Arch Wireless Operating Co.
Ninth Circuit, No. 07-55282
Order denying rehearing en banc
Opinion concurring in denial of rehearing en banc
Opinion dissenting from denial of rehearing en banc

On January 27, 2009, the Ninth Circuit denied rehearing en banc in Quon v. Arch Wireless, a case decided by a Ninth Circuit panel in June of 2008.  The Ninth Circuit panel held that the City of Ontario, California violated the Fourth Amendment when Ontario Police Department officials audited text messages sent by a department employee. The court also held that Arch Wireless, the city’s service provider, had violated the Stored Communications Act (“SCA”), 18 U.S.C. § 2701-2711, when it disclosed messages to individuals who were not the addressees or intended recipients.

Shaun Martin of the California Appellate Report investigates the politics of the concurring and dissenting opinions.  Martin points out that despite the similarities between Judges Wardlaw and Ikuta (both judges are UCLA Law School graduates, well-recognized women in Southern California, and both practiced for the firm of O’Melveny & Myers), the conflict evident in their opinions amounts to a series of “dueling bench slaps extraordinarie.”

(more…)