District Court Holds that Defendant Cannot Refuse to Decrypt Hard Drive under Fifth Amendment
By Brittany Horth – Edited by Abby Lauer

U.S. v. Fricosu, No. 10-CR-00509 (D. Colo. Jan. 23, 2012)
Slip Opinion hosted by Internet Cases

Judge Robert E. Blackburn of the United States District Court for the District of Colorado granted the government’s motion to compel Ramona Camelia Fricosu to provide an unencrypted copy of her hard drive for evidentiary purposes. The court considered whether the act of producing the unencrypted hard drive was privileged and not whether the contents of the hard drive were privileged.

Judge Blackburn held that the Fifth Amendment is not implicated by requiring Fricosu to provide the government with the unencrypted contents of her laptop pursuant to a valid search warrant.  He reasoned that Fricosu was not being compelled to self-incriminate because the government had already met its burden of proof by demonstrating that it knew of the location and existence of the relevant computer files and it knew that Fricosu was the sole or primary user of the laptop.  Additionally, the government offered immunity to Fricosu, under which it could not use her production of the unencrypted contents against her. The production of the unencrypted hard drive could thus not be incriminating in and of itself.

Time Techland provides a brief overview of the case. Internet Cases features a concise analysis of Judge Blackburn’s reasoning. The Electronic Frontier Foundation, who filed an amicus brief in the case, criticizes the court for “dodg[ing] the question of whether requiring Fricosu to type a passphrase into the laptop would violate the Fifth Amendment” and failing to recognize the potential testimonial value of the encrypted data. CNet News summarizes the long-debated issue of whether a defendant can legally be compelled to decrypt his or her computer files as well as the likelihood that the debate will continue.  (more…)

By Susanna Lichter

Google Privacy Revisions Stir Debate
Google announced a new privacy policy last Monday, raising the concerns of privacy advocates, the Washington Post reports. The policy will allow the web giant to collect information across Google services including search, Gmail and YouTube. Google alleges that the changes will “provide, maintain, protect and improve” Google’s functionality as well as generate “more relevant search results and ads” for users. So far the policy has received mixed reviews. Digital rights organizations like Common Sense Media criticized the policy, calling it “frustrating and a little frightening,” and suggesting the inability to opt out of the policy may violate the company’s agreement with the FTC. However, the Telegraph reports that Viviane Reding, the European Commissioner for Justice, who advocates for laws on Internet privacy and data protection, made a statement praising the policy and commending Google’s forward thinking.

Facebook Prepares for IPO Filing
The WSJ reports that Facebook might file for an initial public offering as early as this week in what could be one of the biggest debuts for a U.S. company ever. The 7 year old website, which boasts 800 million members and was famously founded in a Harvard College dorm room, could raise as much as $10 billion and be valued upwards of $100 billion. According to the WSJ, Facebook Chief Executive Mark Zuckerburg had been reluctant to go public, fearing it would pose a distraction to the staff. Likely another factor that has kept the young company from going public is the public disclosure requirements. However, as the company fast approaches 500 shareholders, at which point the company would have to publicly report financial information anyway, public disclosure seems inevitable. Morgan Stanley is expected to underwrite the deal, beating out Goldman Sachs who appeared to have the edge on the underwrite a year ago. Morgan Stanley is the leader in Internet stock underwrites with clients including Groupon and LinkedIn Corp.

Feds Arrest Megaupload Execs, Anonymous Retaliates
Seven executives connected to the popular file sharing website Megaupload were arrested last week and the website was shuttered, Wired.com reports. The individuals were indicted on charges including criminal copyright infringement, conspiracy to commit money laundering and racketeering. The government says that the company facilitated in excess of $500 million in harm to copyright holders. Hacker collective “Anonymous” claimed responsibility for retaliatory attacks on the websites of the Justice Department, Recording Industry Association of America, and Universal Music that occurred shortly after Megaupload was taken down. Megaupload’s controversial founder, Kim Schmitz, aka Kim Dotcom, was among the arrests. The site’s chief executive, Swizz Beatz, was not implicated.

Written by Susanna Lichter
Edited by Laura Fishwick
Editorial Policy

“CyberPatrol, ” “SniperSpy,” and “IamBigbrother” are the names of keyloggers that might be installed on your office computer. These easy to use and inexpensive hardware or software devices record keystrokes and allow a monitor to access email, and other password-protected accounts of an unsuspecting typist. Employers are using keyloggers more often in the workplace to oversee employees without their knowledge. Managers argue that computer surveillance is important to ensure productivity, but alternative tools like website blockers, remote desktop access and time audits allow employers to determine whether an employee deviated from her task without risking the same breach of trust or employee humiliation associated with keyloggers.

Although keyloggers facilitate a major invasion of privacy, they are legal in many jurisdictions. There is currently no federal law that has been interpreted to prohibit their surreptitious use. The Electronic Communications Privacy Act (ECPA), which includes the Federal Wiretap Act (FWA) and the Stored Communication Act (SCA), could potentially prevent keystroke theft, but thus far the protections it offers have not been extended to keyloggers. However, there is evidence that this may soon change. Several recent cases have suggested a broader interpretation of the ECPA than what has previously been held. Additionally, in the absence of a consensus about federal law prohibiting keyloggers, some courts have interpreted state statutes to protect the public from having their strokes stolen. The conflict of interpretations between jurisdictions leaves people in many states vulnerable to invasive employer spying. It also creates a lack of clarity for employers and employees regarding what is considered lawful conduct. The surreptitious use of keyloggers should be subjected to wider regulation by state or federal law. In a few cases courts have diverged from precedent and adopted this position.  (more…)

The Harvard Journal of Law & Technology recently released its Fall 2011 issue, now available online.  Jane Yakowitz, author of “Tragedy of the Data Commons” has written an abstract of her article for the Digest, presented below.

- The Digest Staff

JOLT Print Preview: Tragedy of the Data Commons
Jane Yakowitz

The data that fuels most of the quantitative health and policy research in this country is publicly available data that has undergone some sort of anonymization process. This is the data commons, and unwittingly, we are all in it. Our tax returns, medical records, and school records, among other things, seed its pastures and facilitate a wide range of empirical studies.

In theory the data commons gives us the best of both worlds by allowing researchers to test hypotheses and produce generalizable results without exposing anybody’s personal information. But in practice, we all shoulder some risk that a bad actor might use auxiliary information to reidentify us, and discover our private information. The looming policy question, raised by Paul Ohm and the Federal Trade Commission, is whether current data privacy policies in the United States strike the right balance between the risks of reidentification attacks and the utility of data-sharing. Paul Ohm and other scholars believe the risk is too high, that we need stronger privacy laws to protect data subjects. This article comes to the exact opposite conclusion: the utility of public research data is so great, and the realistic risks so small, that the law should foster the sharing of anonymized data.  (more…)

The Harvard Journal of Law & Technology recently released its Fall 2011 issue, now available online.  Sonia K. McNeil, author of “Privacy and the Modern Grid” has written an abstract of her article for the Digest, presented below.

- The Digest Staff

JOLT Print Preview: Privacy and the Modern Grid
Sonia K. McNeil

The American electrical grid is in bad shape. Because of chronic underinvestment in research and development, a digital nation now relies on an infrastructure created before the invention of microprocessors that is beginning to show its age. Power quality problems and system disturbances cost the United States nearly $150 billion each year, regional blackouts aggravate and endanger millions of residents, and structural insecurities tempt hackers and terrorists around the globe.

To address these problems, the modern grid is being transformed from an outmoded, centralized network dominated by energy producers to a flexible, decentralized system that is more secure, more reliable, and better able to respond to and interact with consumers. The updated “smart grid” will permit “a two-way flow of electricity and information” in near-real time, creating an adaptive, interactive energy matrix. For consumers, the most visible part of the smart grid will be “smart meters,” advanced electrical meters that collect highly granular data on individual electricity consumption and allow users to monitor and remotely control their electrical use in response to fluctuating energy prices. At the level of an individual home, the goal is to use data to encourage consumers to conserve energy by showing them its cost as they consume it, rather than days or weeks later in an energy bill. System-wide, this information will be harnessed to spur economic growth, conserve the environment, increase electrical service reliability, strengthen national security, and develop derivative technologies.  (more…)