Avoiding the Down-Sides of BYOD

POSTED BY Marion Goodsell

The Consumer Electronics Association hailed the bring-your-own-device (BYOD) trend as a key to innovation in 2013. BYOD has long been in practice and has been gaining acceptance from employers, who seek the benefits of lower connectivity costs and increased productivity. However, there are potential legal and operational concerns for both employers and employees as this practice becomes commonplace. Employers must balance the cost savings and increased productivity against concerns over data security and human resources issues. While, employees may be concerned about use-policies, privacy, and uncompensated work-time.

Both the U.S. Department of Commerce and the National Security Agency published extensive reports in 2013, to advise enterprises on data security and creating effective BYOD policies. While carefully crafted policies may provide a firm’s later action in response to a breach of policy, many employees are not aware of the specific contents of a their firm’s use policy, and often have not received any instruction or advising on the policy. Generally mobile devices are perceived as more secure that the typical office p.c., although many are not used with enough security procedures in place. Widespread unsecure behaviors include: connecting to unsecured wireless networks, having no security software installed, failing to encrypt files, or opening them on unsecure devices, and using unsupported internet based services to conduct work.

As companies, and perhaps law firms, seek to secure information, employees should be aware of policies permitting an employer to remotely wipe the device. Given the not insignificant rate of loss and theft of mobile devices, such a security measure would be good stewardship on the part of the company, but also highlights the extent to which the BYOD model permits an employer to access an employee owned device. The convenience to employees may be gained at the expense of their privacy. Depending the contents and implementation of the use policy, employees’ privacy may be safeguarded by state and federal laws, although recovery seems limited.

Finally, employers might be wise to consider who among their staff is included in BYOD and if their use extends beyond their workday. While communication may be batched and restricted to within the workday and the 40 hours per week for certain employees, without such a proactive approach, hourly employees may seek compensation for their off-hours response to email or other work beyond de minimis use. (Allen v. City of Chicago, 2013 U.S. Dist. Lexis 5394 (2013)).

Police Are Keeping Mum About Their Cell-Tracking Technology

POSTED BY Edwin Batista

Police have been using a device called Stingray to intercept phone calls and text messages to aid in their police work. However, privacy issues have been raised due to police refusing to elaborate on the details of their surveillance operation. Little is known about how police use Stingray and the rules they follow when using it even in states with strong open record laws. Efforts to obtain public-records regarding Police use of Stingray have been mostly fruitless.

At about the size of a suitcase, Stingray works by tricking cellphones in its range of operation into identifying themselves and transmitting their data to police rather than the nearest cellphone tower. It is not clear what information Stingray is capable of capturing because documents regarding Stingrays are usually heavily censored. In rare court appearance in 2011, the FBI confirmed that Stingray has the potential to affect innocent users in its area of operation.

Earlier this month the American Civil Liberties Union of Arizona, through one of its journalist, sued the Tucson Police Department, alleging that police had not complied with the State’s public-records law because police did not fully disclose Stingray records.

Awareness of police cell-tracking capabilities through their use of Stingray has spread across the country. News agencies in California, Florida and Philadelphia have been denied police records on Stingray. Attempts to obtain this information have been met with denials and challenges to such request in court. The main issue here is that there is an exception in public-records law that protects trade Secrets. It is through these trade secrets exception and nondisclosure agreements that Police have been able to decline to tell the courts about the use of Stingray.

The recent revelations about the surveillance programs run by the NSA has started a debate regarding the balance between citizen’s privacy and government surveillance policies. The issue of the lack of information on police use of Stingray will not go away and will likely intensify and spread across the country. The fact that police can avoid complying with public-records request by contracting with private companies with trade secrets and nondisclosure agreements must be addressed. In order to maintain our civil liberties and eliminate abuses public agencies need to be more transparent. A balance must be struck between allowing police to use technology to effectively do their job and allowing citizens the ability to make sure police are not abusing their power.

The Emergence or Downfall of Bitcoin?

POSTED BY Kevin Tan

Bitcoin, a cryptocurrency, emerged in 2009 which gives its network participants the ability to make transactions free of any transactional fees that banks and credit card companies would usually require. Furthermore, using bitcoins for international purchases would not subject the parties to the country’s laws or to its regulations. The use of bitcoins has appealed to many small businesses and restaurants worldwide. There are also some established large firms that have accepted bitcoins such as Overstock.com, the Sacramento Kings, Zynga, and Virgin Galactic, among several others. Bitcoins can be bought and sold for many different currencies worldwide from individuals and companies alike.

Bitcoin users do not have to reveal their names. All that is needed is their account number. Because of this fact and the fact that all parties involved are not subject to the conventional transactional fees, to government regulation, or to its laws, Bitcoin users have used bitcoins for various criminal activities: money laundering, Ponzi schemes, purchasing stolen goods, guns, and drugs, among many others. Believing that most of these transactions were done on the server called the Silk Road, the FBI has stepped in by seizing nearly 30,000 bitcoins (currently valued at $25 million) from the server. Having found that these bitcoins were the proceeds of crime, District Judge Oetken announced for the forfeiture of these coins.

In his press release, United States District Attorney Bhara supported Oetken’s holding because it furthered the government’s role in taking out “the profit of crime and signal to those who would turn to the dark web for illicit activity.” Although the holding does support this view, it is very difficult to claim that all activities done on that server were illegal. It is still unclear what sorts of transactions were done here. Furthermore, the money that was left there were there at the end of the transaction- the government did not prove that these coins were to be used to commit a crime or to further a crime. The holding suggests that the government could take money from anyone so long as the money were from the proceeds of crime. This is equivalent to stating that the government could take money from girl scouts for selling their girl scout cookies to a drug dealer because the money obtained from the drug dealer were from the proceeds of selling drugs. This doesn’t sound right.

Profiling “Criminal Aliens”

POSTED BY Hillary Cheng

Immigration and Customs Enforcement (ICE) of the Department of Homeland Security (DHS) is responsible for locating and deporting immigrants who have not complied with laws governing immigrants. These statutes regulate the criminal activity of aliens, their entry into the U.S., their health, their dependence on public welfare, and various other activities related to the national interest. As technology has advanced, ICE has begun to use an electronic biometrics system to track immigrants in the U.S. in conjunction with local law enforcement databases, and they call this program “Secure Communities.” This policy has raised concern among civil liberties advocates including the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU).

The concern over using the biometrics scanning comes down to three main points, which are listed on the ACLU website regarding the Secure Communities policy. First, it deters people from accessing the criminal justice system and receiving equal protection of the laws. Second, it creates the risk of unlawful and extended detentions by local jails. Third, it invites racial profiling by local law enforcement.

The constitutionality of this ICE policy is difficult to assess. Historically, immigrants have received fewer constitutional protections than citizens, and it is unclear how the protection against unreasonable search and seizure apply. The question, then, becomes whether immigrants should be treated differently than American citizens—and why. One side of the debate advocates for a conditional, special status for immigrants where they are bound to certain restrictions or face the penalty of deportation, characterizing immigrants as temporary visitors to the U.S. whose permission can and should be easily revoked. The other side recommends that immigrants be treated no differently from American citizens, especially if these immigrants have grown up in the U.S. and know no other home but this.

The Potential Unintended Consequences of Fee Shifting after the Supreme Court Decisions in Octane Fitness and Highmark

POSTED BY Andrew Beckerman-Rodau | Professor of Law & Co-Director of the Suffolk University Law School IP Concentration, e-mail: arodau@suffolk.edu), website: www.lawprofessor.org

---

Yesterday (April 29, 2014) the U.S. Supreme Court handed down two unanimous decisions in the Octane Fitness case and the Highmark case. Both cases addressed the standard for awarding attorney fees in patent infringement cases to the prevailing party in accordance with the patent law statute which provides that a “court in exceptional cases may award reasonable attorney fees to the prevailing party.”

Prior to these cases the U.S. Court of Appeals for the Federal Circuit made it very difficult for U.S. District Courts to award attorney fees in patent cases. The Supreme Court decisions make it significantly easier for district court judges to award attorney fees. The decisions put patent law more in synch with other areas of law by placing the discretion to award attorney fees with the district court judge; And, in limiting the standard for the Court of Appeals for the Federal Circuit to review and reverse a district court judge’s discretionary decision to deny or allow attorney fees. The Federal Circuit will now be required to allow the district court’s decision to stand unless it is shown on appeal that the district court judge abused his or her discretion in deciding to award or deny attorney fees. This is a high standard that will typically prevent the Federal Circuit from reversing the district court’s decision in most cases.

These Supreme Court cases have been heralded by some who think it will improve the patent system by preventing or reducing patent infringement suits by non-practicing entities that neither make nor sell any products. Such entities – often derogatorily referred to as “patent trolls” – will be less likely, according to some people, to bring patent infringement suits if they face the potential of paying attorney fees for the other party.

I think these cases will be unlikely to significantly impact patent trolls because the business model for many trolls is only based on threatening to bring lawsuits as a tactic for forcing settlements rather than actually bringing law suits.

More significantly, these decisions are likely to have some unintended consequences. For example, a patent on a key technology developed by a tech startup may be the only thing preventing a large established company from “stealing” the technology. Having a patent levels the playing field. It has also spawned patent attorneys who are willing to handle patent infringement suits for small startups on a contingency basis. The monetary risk in bringing an infringement is substantial with attorney fees often being in the millions of dollars. Making it easier for judges to award attorney fees to the prevailing party increases the risk calculus and may actually deter many tech startups from bringing an infringement action. It is also likely to make it more difficult to find a patent attorney willing to handle a case on contingency in light of the increased monetary risk. Ultimately, this may benefit large established companies who have sufficient resources so that the potential risk of paying attorney fees if they lose will not be a deterrent to bringing actions. This might also make it more difficult for smaller tech startups to raise money and that could reduce technological advances which is the opposite of the goal of patent law.

Should Law Enforcement Officers be Allowed to Conduct a Warrantless Search of the Contents of a Cell Phone Seized Incident to the Lawful Arrest of a Criminal Suspect?

POSTED BY Caroline Carollo

Although we are living in the age of technology, there are still many unanswered questions as to how certain forms of technology fit within the legal world. Specifically, there is not a clear answer as to whether Fourth Amendment protections apply to one’s personal technology devices, such as cell phones and computers. However, it looks like we are finally going to be getting some answers. On April 29, the U.S. Supreme Court will hear arguments in two cases involving whether the police may search the contents of a cell phone seized incident to the lawful arrest of a criminal suspect.

In the first case, United States v. Wurie, Boston police officers arrested Brima Wurie for possession of crack cocaine after they observed him make a sale to another person. Mr. Wurie was searched and the police recovered two cellphones. While he was being booked, one of the cellphones, a Verizon LG flip phone, received various calls from someone under the name “my house.” Without obtaining a warrant, the police officers went through the call log on the cellphone and obtained the phone number that called from “my house.” The officers were then able to get the address associated with that phone number through an online directory. Although Mr. Wurie denied living at that address, the police believed he did live there and suspected that they would find a larger amount of crack cocaine there. When they arrived at this address, they saw a mailbox with Mr. Wurie’s name on it as well as a woman through the window that closely resembled the woman featured as the background picture on Mr. Wurie’s cell phone. The officers obtained a search warrant for the house and found 215 grams of crack cocaine and other contraband.

Mr. Wurie filed a motion to suppress the cell phone search, but a federal district court denied his motion. As a result, Mr. Wurie was convicted and sentenced to 262 months in prison. On appeal, a panel of the 1^st U.S. Circuit Court of Appeals ruled 2-1 that evidence obtained in connection with the warrantless search of the cell phone should have been suppressed. The court looked at U.S. v. Robinson, 414 U.S. 218, 235-36 (1973), where the Court held that officers conducting a search incident to arrest may open and search through all items on the suspect, even when they are in a closed container. However, the 1st Circuit distinguished a cell phone from a purse or address book, arguing that the former is like a computer and contains information of a highly personal nature. Thus, the court held that warrantless cell phone searches were unlawful under the search-incident-to-arrest exception to the Fourth Amendment.

In the second cell phone case that the Supreme Court will hear, Riley v. California, David Leon Riley was pulled over by police officers for having expired tags. The officers discovered that Mr. Riley’s license was expired, and they impounded his car. Two guns were discovered during the inventory search of the car, and Mr. Riley was subsequently arrested. The police seized Mr. Riley’s cell phone, a Samsung smartphone, and conducted two warrantless searches of it. The first search occurred at the scene, where police went through the cell phone’s contents and believed that some words in the text messages and contacts were gang-related. The officers conducted the second search at the police station hours later. A gang unit detective searched the cell phone looking for evidence of other crimes and discovered photos and videos suggesting that Mr. Riley was a gang member. The detective also discovered a photograph linking Mr. Riley to a shooting that had recently occurred.

Mr. Riley was charged with attempted murder, and he was convicted based mainly on circumstantial evidence found in the photos. He was sentenced to 15 years to life in prison due to gang-related sentencing enhancements. Prior to the ruling in Mr. Riley’s case, the California Supreme Court held in People v. Diaz, 244 P.3d 501, 505-06 (2011) that the Fourth Amendment’s search-incident-to-arrest doctrine allowed police to search cell phones, even hours later, if the phone had been taken from the person of the arrestee. A state appellate court held that the Diaz decision controlled Mr. Riley’s case and the police searches of Mr. Riley’s cell phone were legal.

Courts have previously held that law enforcement officers are allowed to search an individual’s person and effects when they place them under arrest. Nevertheless, modern cell phones enable access to a significant amount of personal data, most of which is unrelated to the government’s reason for securing an arrestee. I believe that allowing police officers to conduct a warrantless search of a person’s cell phone following an arrest would be a substantial infringement on privacy and unreasonable under the Fourth Amendment. Furthermore, warrantless searches are unnecessary when there are procedures available that allow law enforcement to secure cell phone data while waiting for a judicial determination of probable cause.

In regards to what the Court will decide, I do not believe the Court will hold that all warrantless, nonconsensual cell phone searches are unreasonable. I also do not believe that the Court will hold that all searches of such devices are reasonable if conducted incident to a lawful arrest. Instead, I believe the Court will utilize a totality of the circumstances, case-by-case approach. Such an approach would balance the degree of intrusion on an arrestee’s privacy interest against the government’s justification for conducting the warrantless search.

Is King, the Candy Crush Creator, Taking It a Step Too Far?

POSTED BY Nicole Cocozza

Everyone seems to be addicted to the popular game, Candy Crush Saga (“Candy Crush”). King.com Ltd. (“King”) is the creator of the trendy game that has captured an audience of all ages since the release of the game in April of 2012. The game can be accessed on Facebook or on any smartphone by downloading the app. The goal of the game is to match three candies on a game board filled with different colored candies, which may contain some obstacles, in order to get to the next level. Over the past year, Candy Crush had over 90 million daily players, who spent over $1.5 billion last year. King’s number one selling game has led the company to attempt to protect its intellectual property rights by filing an application to register the terms “candy” and “saga” as a trademark in the United States.

The filing of the application by King to protect the words “candy” and saga” has led to an uproar in the gaming community. King wants the trademark to be approved in a broad range of categories such as: software, entertainment, clothing and accessories. The International Game Developers Association said in a blog that King’s filing was “overreaching” and stood “in the opposition to the values of openness and co-operation we support industry wide.” However, King responds through a letter that there is nothing unusual in seeking to register a commonly used word as a trademark, citing registrations by others for such words as “Time,” “Apple,” “Money,” and “Sun.[1]“ Should Candy Crush be able to receive the same protection over such simplistic words?

The purpose of a trademark is to provide protection to a recognizable sign, design, or expression in order to identify a specific product or service from others. The purpose of a trademark makes the debate over whether King is overreaching its power by filing for trademark protection not a simple problem to solve. Candy Crush has had a significant amount of success over the past two years and is still continuing to prosper. King is aware that it is not attempting to control the word “candy,” but rather is trying to prevent others from taking advantage of the company’s success.

The idea of King applying for an application to protect “candy” and “saga” does not seem unrealistic. Apple was successful when it filed a trademark for the word “Apple.” “Candy”, like “Apple,” is a successful product and is continuing to be successful in the market today. Also, future lawsuits may arise and without trademark protection, King will be at a huge risk. So, why shouldn’t Candy Crush be able to protect words like “candy” and “saga?” Well, registering the term “candy” and “saga” could lead to a monopoly in the gaming world. The purpose of an open market is to allow for businesses to be creative and innovative in developing games, competing for market share with other companies. Competition is protected across most industries and highly valued in order to encourage business growth and reasonable pricing.

Overall, the filing by King to register the term “candy” and “saga” as a U.S. trademark has led to a heated debate in the gaming world. The words “candy” and “saga” are common words used everyday and are similar to words that already have trademarks such as “Times” and “Apple.” The idea of King being successful in registering the two terms invokes fear in gaming competitors. No matter the outcome of King’s trademark attempt, Candy Crush will still remain addictive to its players.

[1] See An Open Letter On Intellectual Property (Jan. 27 2014) archived at http://perma.cc/NGT6-VM93 (explaining King’s intellectual property debate in applying for an application to protect the words “candy” and “saga”).

New Partnership Raises Privacy Concerns

POSTED BY Kayla Morency

On February 19, 2014, Facebook publicly announced that it was acquiring one of the world’s most popular and fastest growing mobile phone messaging applications, WhatsApp, for an astounding $19 billion in cash and stock. In particular, the app is widely known around the globe due in part to its easy accessibility and user-friendly capabilities but also in part to its consumer base of 450 million that is gaining about one million users every day. As a result, Facebook formed the partnership with the fairly new startup in order to boost its popularity among the younger crowd.

The application’s unique capabilities help explain why the company is attractive to a younger audience, thus contributing to its enormous success. In particular, WhatsApp serves as a cross-platform mobile messaging app, so that its customers can send and receive free SMS and MMS text messages from several different types of phones, including the iPhone, Android, Blackberry, Windows Phone, and Nokia. These messages are sent using the phone’s existing data plan for web browsing and email, so there is no additional cost to the user, aside from the nominal membership fee. Furthermore, the app also enables users to create groups, so that multiple friends can communicate at once while sending unlimited pictures, audio, and video messages. These features motivated Facebook to enter into a partnership with the startup in order to become the leader in the market for messaging and to attract younger users of social media.

However, in the immediate aftermath of Facebook’s press release, WhatsApp’s users expressed serious concerns that their personal data would be shared with advertisers. As a result, WhatsApp stated on its blog that it had no intention of changing any of its business practices in light of Facebook’s acquisition. Moreover, WhatsApp insisted that the company would remain autonomous and operate independently, so that users could still enjoy their services for its nominal 99-cent yearly fee. However, even after CEO Jan Koum’s promises, users remain skeptical and believe that after a while advertisements will interrupt their mobile messaging.

Aside from this is the concern of many federal and governmental institutions, which are considering the merger in light of worldwide data regulation and restrictions. For example, Schleswig-Holstein’s data protector commissioner, Thilo Weichert, acknowledged that German data protection laws strictly regulate the possibility of merging WhatsApp user data with Facebook user data. In particular, the Telemedia Act and the Federal Data Protection Act both purport that data stored for one purpose cannot be used for another; however, no similar restrictions exist in the United States. Weichert also expressed fear that the merger of personal information would be exploited for advertising purposes, which is the same concern for consumers. Weichert’s expert opinion suggested that these users are rightfully concerned seeing as though many of them moved away from Facebook in favor of a more privacy-friendly alternative, such as WhatsApp.

Despite CEO Jan Koum’s and Facebook’s repeated assurances that WhatsApp would operate independently and honor its current privacy and security policies, it is still too early to gauge the implications of this deal. Since a significant amount of WhatsApp users are located in Europe, there is likely going to be more detailed investigations by the European authorities, including Germany. However, CEO Jan Koum was quick to remind the public that WhatsApp’s respect for privacy is considered tantamount to the company and that the company was predicated on the idea that users need to share very little personal data. For example, information such as the user’s name, email address, birthday, place of employment, etc. is not collected or stored by WhatsApp, and the company adamantly stated that it has no plans to change their mode of operations in the future. Furthermore, in support of Koum’s assurances, the company recently added a new privacy option that allows users to limit the visibility of their information from being seen by the public.

Although many individuals and governmental officials have expressed their concerns about Facebook’s acquisition of WhatsApp, the strategy seems logical considering that WhatsApp’s popularity is driven by its unobtrusiveness in its users’ lives. As a result, consumers appreciate the minimal fee in exchange for the comforting reminder that the company is not earning its money by exploiting its users’ personal information. Even though there is no guarantee that WhatsApp will maintain its identity, Facebook’s Mark Zuckerberg acknowledged that it is the app’s unique features and attributes that Facebook hopes to capitalize on, rather than alter, in order to retain its position as a social media and messaging mogul.

 

Cyberspace: United States v. China

POSTED BY Travis Bortz

Recent reports claim that the United States infiltrated Huawei servers headquartered in China to spy on both the company and government officials. The news was generated from classified NSA documents that were released by whistle-blower Edward Snowden. The claim reports NSA has been hacking into the tech giant’s emails servers since 2009.

Huawei is the second largest provider of network equipment and third biggest phone supplier in the world. It boasts over 150,000 employees in over 150 counties and generates more than $38 billion in annual revenues. The Chinese telecommunications mogul was founded in 1987 by ex-military officer Ren Zhengfei.

The NSA codenamed the operation “Shotgiant”. The objective of the operation was aimed at finding links between Huawei and the People’s Liberation Army, in addition to exploiting Huawei’s technology and conduct surveillance through equipment being sold in foreign countries.

The NSA has declined to comment on the accusations. However, the department released an email statement stating they do not use foreign intelligence capabilities to steal the trade secrets of foreign companies or to enhance their international competiveness. Albeit, the Chinese argue this intelligence has blocked various business transactions with Huawei and companies in the U.S. and/or other American influenced counties in fear of Chinese cyber espionage.

There is clearly a gray area as is relates to international intelligence and spying behavior. As technology continues to advance it is imperative governments across the globe establish a standard of behavior as it relates to conduct in cyberspace. Monitoring activity and ensuring safety is different from perpetrating emails, taking proprietary information and insider intelligence, thus such activity needs to be outlined in an international code of conduct as it relates to cyberspace.

These allegations have put strain on relations between the two countries which were deemed less than desirable to begin. As government spying scandals continue to unravel, the question lies whether this intelligence and such spying is worth the negative impact on international relations? Are our citizens safer? Is our commerce more secure? Time will tell…

Google Lawsuit Denied Class Action Status

POSTED BY Jared Bishop

Google has a serious issue on their hands with regards to wiretapping of Gmail users. However, any hope that consumers had against taking down the monstrous enterprise of Google was likely shot down in a decision by Judge Lucy Koh. Judge Koh, a United States District Judge for the Northern District of California, ruled that the case would not be allowed to proceed as a class action lawsuit due to the importance of individual consent issues.

 

The suit alleged that Google was taking users who used other Google products such as Google Apps and users who send emails to Gmail account holders, and creating Gmail accounts for these same users. These users allegedly did not agree to any terms for Gmail, nor did they agree to have a Gmail account Google allegedly used this data-mining information to target consumers with advertisements.

 

Judge Koh held that the individual consent issue far outweighed the potential for similar issues amongst potential plaintiffs. Koh ruled that a factual basis would need to be addressed in regards to each individual plaintiff to determine whether consent was or was not given to Google. This decision severely damages the plaintiffs’ argument as they have less power to encourage settlement with Google due to the fewer number of plaintiffs and potential damages.

 

Judge Koh’s decision was a giant one in favor of Google, but it was the right one. It would be virtually impossible for a jury to analyze to analyze thousands of consumers’ consent or failure to consent to Google’s actions. Google would essentially have to prove that each and every consumer consented to Google’s actions, which would cost millions in litigation fees.

 

With that being said, Judge Koh’s decision, virtually gives consumers a serious hole in their lawsuit against Google. While the decision saved Google millions in litigations fees, Koh’s decision hinders consumers’ financial power in pooling their financial interests to match the monster of Google. Consumers are more likely now to drop their suits as Google has a far less incentive to settle with individual or small groups of consumers.