JOLT Digest

Written by Heather Whitney
Edited by Kassity Liu
Editorial Policy

United States v. Jones (U.S. Jan. 23, 2012)
2012 WL 171117; No. 10-1259

In a hotly anticipated decision, the Supreme Court unanimously found that the Government’s warrantless attachment of a Global Positioning System (GPS) tracking device to a vehicle to monitor its movement constituted a Fourth Amendment violation. While unanimous in judgment, the Court split on both its underlying reasoning and with regards to whether the tracking amounted to a search at all. The Court also did not reach the question of whether the search was reasonable. Due to the Court’s fractured analysis, it remains unclear when the Government must obtain a warrant to track a vehicle’s movements, particularly in the case of short-term monitoring. In concurrence, Justice Alito also suggests that if the public views the losses of privacy brought on by new technologies as inevitable, his Katz analysis would be different in future cases.  (more…)

By Susanna Lichter

Google Privacy Revisions Stir Debate
Google announced a new privacy policy last Monday, raising the concerns of privacy advocates, the Washington Post reports. The policy will allow the web giant to collect information across Google services including search, Gmail and YouTube. Google alleges that the changes will “provide, maintain, protect and improve” Google’s functionality as well as generate “more relevant search results and ads” for users. So far the policy has received mixed reviews. Digital rights organizations like Common Sense Media criticized the policy, calling it “frustrating and a little frightening,” and suggesting the inability to opt out of the policy may violate the company’s agreement with the FTC. However, the Telegraph reports that Viviane Reding, the European Commissioner for Justice, who advocates for laws on Internet privacy and data protection, made a statement praising the policy and commending Google’s forward thinking.

Facebook Prepares for IPO Filing
The WSJ reports that Facebook might file for an initial public offering as early as this week in what could be one of the biggest debuts for a U.S. company ever. The 7 year old website, which boasts 800 million members and was famously founded in a Harvard College dorm room, could raise as much as $10 billion and be valued upwards of $100 billion. According to the WSJ, Facebook Chief Executive Mark Zuckerburg had been reluctant to go public, fearing it would pose a distraction to the staff. Likely another factor that has kept the young company from going public is the public disclosure requirements. However, as the company fast approaches 500 shareholders, at which point the company would have to publicly report financial information anyway, public disclosure seems inevitable. Morgan Stanley is expected to underwrite the deal, beating out Goldman Sachs who appeared to have the edge on the underwrite a year ago. Morgan Stanley is the leader in Internet stock underwrites with clients including Groupon and LinkedIn Corp.

Feds Arrest Megaupload Execs, Anonymous Retaliates
Seven executives connected to the popular file sharing website Megaupload were arrested last week and the website was shuttered, Wired.com reports. The individuals were indicted on charges including criminal copyright infringement, conspiracy to commit money laundering and racketeering. The government says that the company facilitated in excess of $500 million in harm to copyright holders. Hacker collective “Anonymous” claimed responsibility for retaliatory attacks on the websites of the Justice Department, Recording Industry Association of America, and Universal Music that occurred shortly after Megaupload was taken down. Megaupload’s controversial founder, Kim Schmitz, aka Kim Dotcom, was among the arrests. The site’s chief executive, Swizz Beatz, was not implicated.

Written by Susanna Lichter
Edited by Laura Fishwick
Editorial Policy

“CyberPatrol, ” “SniperSpy,” and “IamBigbrother” are the names of keyloggers that might be installed on your office computer. These easy to use and inexpensive hardware or software devices record keystrokes and allow a monitor to access email, and other password-protected accounts of an unsuspecting typist. Employers are using keyloggers more often in the workplace to oversee employees without their knowledge. Managers argue that computer surveillance is important to ensure productivity, but alternative tools like website blockers, remote desktop access and time audits allow employers to determine whether an employee deviated from her task without risking the same breach of trust or employee humiliation associated with keyloggers.

Although keyloggers facilitate a major invasion of privacy, they are legal in many jurisdictions. There is currently no federal law that has been interpreted to prohibit their surreptitious use. The Electronic Communications Privacy Act (ECPA), which includes the Federal Wiretap Act (FWA) and the Stored Communication Act (SCA), could potentially prevent keystroke theft, but thus far the protections it offers have not been extended to keyloggers. However, there is evidence that this may soon change. Several recent cases have suggested a broader interpretation of the ECPA than what has previously been held. Additionally, in the absence of a consensus about federal law prohibiting keyloggers, some courts have interpreted state statutes to protect the public from having their strokes stolen. The conflict of interpretations between jurisdictions leaves people in many states vulnerable to invasive employer spying. It also creates a lack of clarity for employers and employees regarding what is considered lawful conduct. The surreptitious use of keyloggers should be subjected to wider regulation by state or federal law. In a few cases courts have diverged from precedent and adopted this position.  (more…)

New Information about Carrier IQ Software Sparks Concerns that Wireless Carriers Have Violated Federal Anti-Wiretapping Laws

By Abby Lauer – Edited by Michael Hoven

Last month, a security researcher from Connecticut published information about a software program installed on some mobile smartphones that may be surreptitiously collecting data about how the phones are used. The software, called Carrier IQ and manufactured by a company of the same name, has been described as hard to detect, hard to remove, and programmed to run by default without the user’s knowledge. The scandal escalated last week when Senator Al Franken sent a letter to Carrier IQ asking for details about the software and the company’s business practices. Privacy analysts are concerned that the software violates the Federal Wiretap Act, as amended by the Electronic Communications Privacy Act, which forbids the intercepting of “wire, oral or electronic communication” and authorizes penalties of $100 per day for each violation. 18 U.S.C. §§ 2511, 2520. Other commentators have suggested that Carrier IQ may also violate the Computer Fraud and Abuse Act. 18 U.S.C. § 1030. So far, at least eight class action lawsuits have been filed against Carrier IQ and various device makers and wireless carriers.

Computerworld provides a general overview of the Carrier IQ software and the recent scandal. For a more detailed analysis of the legal issues, see Forbes, paidContent.org, and Talking Points Memo. (more…)

By Marsha Sukach

FCC and CTIA Announce Plan to Reduce “Bill Shock”

The FCC, the wireless communications association CTIA, and Consumers Union have announced a plan to help customers avoid “bill shock,” or the discovery of unexpected charges that consumers must pay when they exceed their monthly voice, data, and text limits. The FCC identified bill shock as a major problem, CNET reports, with many complaints from consumers who were surprised to find additional charges on their bill. A year ago, the FCC proposed adopting a regulation forcing wireless providers to send alerts to consumers, but this regulation was heavily opposed in the industry. Instead, under the current deal, wireless providers covering 97 percent of users have agreed to provide consumers with alerts voluntarily, according to the Washington Post. The new alerts will begin within 18 months, and will include wireless phone and tablet services, CNET explains.

Verisign Wants Authority to Shut Down Websites Without a Court Order

Verisign, the company that manages .com and .net registrations, wants the power to shut down websites on the request of law enforcement, TIME reports. Verisign filed a request with ICANN, the nonprofit that oversees the Internet’s domain name system, to “allow the denial, cancellation or transfer” of domain name registrations to comply with “laws, government rules or requirements, requests of law enforcement or other governmental quasi-governmental agency, or any dispute resolution process.” The policy is aimed largely at taking down sites that harbor malware, launch phishing attacks, or are otherwise used to launch attacks across the Internet, reports Ars Technica. However, the language does not indicate that the proposed policy will be limited to such cases, and some experts worry that this authority would create an opportunity for abuse by law enforcement.

Amazon’s Kindle Fire Raises Privacy Concerns

Amazon’s coming tablet, the Kindle Fire, is raising privacy concerns with its new Silk browser, ZDNet reports. While Silk may provide faster browsing, funneling all user activity through Amazon’s own servers, it can also track everything that a user does on the web, and create a permanent record of those activities. In Congress, there has been unease on both sides of the aisle, as well as a demand for answers, according to Ars Technica. Rep. Ed Markey (D-MA), co-Chair of the Congressional Bi-Partisan Privacy Caucus, wrote a letter to Amazon CEO Jeff Bezos inquiring about the nature of the information that Amazon plans to collect, how it plans to use the information, and the level of control that customers will have over their data. When Amazon first introduced the Fire, writes the New York Times, it drew a distinction between activity on its own site, which is individually tracked with the user’s permission, and activity on the rest of the internet, which would be aggregated but not linked to users’ identities. Concerns remain, but EFF concludes that it is generally satisfied with Silk’s privacy design, saying that users can easily turn off cloud acceleration mode, and that the safeguards create sufficient protection.