Avoiding the Down-Sides of BYOD

POSTED BY Marion Goodsell

The Consumer Electronics Association hailed the bring-your-own-device (BYOD) trend as a key to innovation in 2013. BYOD has long been in practice and has been gaining acceptance from employers, who seek the benefits of lower connectivity costs and increased productivity. However, there are potential legal and operational concerns for both employers and employees as this practice becomes commonplace. Employers must balance the cost savings and increased productivity against concerns over data security and human resources issues. While, employees may be concerned about use-policies, privacy, and uncompensated work-time.

Both the U.S. Department of Commerce and the National Security Agency published extensive reports in 2013, to advise enterprises on data security and creating effective BYOD policies. While carefully crafted policies may provide a firm’s later action in response to a breach of policy, many employees are not aware of the specific contents of a their firm’s use policy, and often have not received any instruction or advising on the policy. Generally mobile devices are perceived as more secure that the typical office p.c., although many are not used with enough security procedures in place. Widespread unsecure behaviors include: connecting to unsecured wireless networks, having no security software installed, failing to encrypt files, or opening them on unsecure devices, and using unsupported internet based services to conduct work.

As companies, and perhaps law firms, seek to secure information, employees should be aware of policies permitting an employer to remotely wipe the device. Given the not insignificant rate of loss and theft of mobile devices, such a security measure would be good stewardship on the part of the company, but also highlights the extent to which the BYOD model permits an employer to access an employee owned device. The convenience to employees may be gained at the expense of their privacy. Depending the contents and implementation of the use policy, employees’ privacy may be safeguarded by state and federal laws, although recovery seems limited.

Finally, employers might be wise to consider who among their staff is included in BYOD and if their use extends beyond their workday. While communication may be batched and restricted to within the workday and the 40 hours per week for certain employees, without such a proactive approach, hourly employees may seek compensation for their off-hours response to email or other work beyond de minimis use. (Allen v. City of Chicago, 2013 U.S. Dist. Lexis 5394 (2013)).

Advertisements

Police Are Keeping Mum About Their Cell-Tracking Technology

POSTED BY Edwin Batista

Police have been using a device called Stingray to intercept phone calls and text messages to aid in their police work. However, privacy issues have been raised due to police refusing to elaborate on the details of their surveillance operation. Little is known about how police use Stingray and the rules they follow when using it even in states with strong open record laws. Efforts to obtain public-records regarding Police use of Stingray have been mostly fruitless.

At about the size of a suitcase, Stingray works by tricking cellphones in its range of operation into identifying themselves and transmitting their data to police rather than the nearest cellphone tower. It is not clear what information Stingray is capable of capturing because documents regarding Stingrays are usually heavily censored. In rare court appearance in 2011, the FBI confirmed that Stingray has the potential to affect innocent users in its area of operation.

Earlier this month the American Civil Liberties Union of Arizona, through one of its journalist, sued the Tucson Police Department, alleging that police had not complied with the State’s public-records law because police did not fully disclose Stingray records.

Awareness of police cell-tracking capabilities through their use of Stingray has spread across the country. News agencies in California, Florida and Philadelphia have been denied police records on Stingray. Attempts to obtain this information have been met with denials and challenges to such request in court. The main issue here is that there is an exception in public-records law that protects trade Secrets. It is through these trade secrets exception and nondisclosure agreements that Police have been able to decline to tell the courts about the use of Stingray.

The recent revelations about the surveillance programs run by the NSA has started a debate regarding the balance between citizen’s privacy and government surveillance policies. The issue of the lack of information on police use of Stingray will not go away and will likely intensify and spread across the country. The fact that police can avoid complying with public-records request by contracting with private companies with trade secrets and nondisclosure agreements must be addressed. In order to maintain our civil liberties and eliminate abuses public agencies need to be more transparent. A balance must be struck between allowing police to use technology to effectively do their job and allowing citizens the ability to make sure police are not abusing their power.

Profiling “Criminal Aliens”

POSTED BY Hillary Cheng

Immigration and Customs Enforcement (ICE) of the Department of Homeland Security (DHS) is responsible for locating and deporting immigrants who have not complied with laws governing immigrants. These statutes regulate the criminal activity of aliens, their entry into the U.S., their health, their dependence on public welfare, and various other activities related to the national interest. As technology has advanced, ICE has begun to use an electronic biometrics system to track immigrants in the U.S. in conjunction with local law enforcement databases, and they call this program “Secure Communities.” This policy has raised concern among civil liberties advocates including the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU).

The concern over using the biometrics scanning comes down to three main points, which are listed on the ACLU website regarding the Secure Communities policy. First, it deters people from accessing the criminal justice system and receiving equal protection of the laws. Second, it creates the risk of unlawful and extended detentions by local jails. Third, it invites racial profiling by local law enforcement.

The constitutionality of this ICE policy is difficult to assess. Historically, immigrants have received fewer constitutional protections than citizens, and it is unclear how the protection against unreasonable search and seizure apply. The question, then, becomes whether immigrants should be treated differently than American citizens—and why. One side of the debate advocates for a conditional, special status for immigrants where they are bound to certain restrictions or face the penalty of deportation, characterizing immigrants as temporary visitors to the U.S. whose permission can and should be easily revoked. The other side recommends that immigrants be treated no differently from American citizens, especially if these immigrants have grown up in the U.S. and know no other home but this.

New Partnership Raises Privacy Concerns

POSTED BY Kayla Morency

On February 19, 2014, Facebook publicly announced that it was acquiring one of the world’s most popular and fastest growing mobile phone messaging applications, WhatsApp, for an astounding $19 billion in cash and stock. In particular, the app is widely known around the globe due in part to its easy accessibility and user-friendly capabilities but also in part to its consumer base of 450 million that is gaining about one million users every day. As a result, Facebook formed the partnership with the fairly new startup in order to boost its popularity among the younger crowd.

The application’s unique capabilities help explain why the company is attractive to a younger audience, thus contributing to its enormous success. In particular, WhatsApp serves as a cross-platform mobile messaging app, so that its customers can send and receive free SMS and MMS text messages from several different types of phones, including the iPhone, Android, Blackberry, Windows Phone, and Nokia. These messages are sent using the phone’s existing data plan for web browsing and email, so there is no additional cost to the user, aside from the nominal membership fee. Furthermore, the app also enables users to create groups, so that multiple friends can communicate at once while sending unlimited pictures, audio, and video messages. These features motivated Facebook to enter into a partnership with the startup in order to become the leader in the market for messaging and to attract younger users of social media.

However, in the immediate aftermath of Facebook’s press release, WhatsApp’s users expressed serious concerns that their personal data would be shared with advertisers. As a result, WhatsApp stated on its blog that it had no intention of changing any of its business practices in light of Facebook’s acquisition. Moreover, WhatsApp insisted that the company would remain autonomous and operate independently, so that users could still enjoy their services for its nominal 99-cent yearly fee. However, even after CEO Jan Koum’s promises, users remain skeptical and believe that after a while advertisements will interrupt their mobile messaging.

Aside from this is the concern of many federal and governmental institutions, which are considering the merger in light of worldwide data regulation and restrictions. For example, Schleswig-Holstein’s data protector commissioner, Thilo Weichert, acknowledged that German data protection laws strictly regulate the possibility of merging WhatsApp user data with Facebook user data. In particular, the Telemedia Act and the Federal Data Protection Act both purport that data stored for one purpose cannot be used for another; however, no similar restrictions exist in the United States. Weichert also expressed fear that the merger of personal information would be exploited for advertising purposes, which is the same concern for consumers. Weichert’s expert opinion suggested that these users are rightfully concerned seeing as though many of them moved away from Facebook in favor of a more privacy-friendly alternative, such as WhatsApp.

Despite CEO Jan Koum’s and Facebook’s repeated assurances that WhatsApp would operate independently and honor its current privacy and security policies, it is still too early to gauge the implications of this deal. Since a significant amount of WhatsApp users are located in Europe, there is likely going to be more detailed investigations by the European authorities, including Germany. However, CEO Jan Koum was quick to remind the public that WhatsApp’s respect for privacy is considered tantamount to the company and that the company was predicated on the idea that users need to share very little personal data. For example, information such as the user’s name, email address, birthday, place of employment, etc. is not collected or stored by WhatsApp, and the company adamantly stated that it has no plans to change their mode of operations in the future. Furthermore, in support of Koum’s assurances, the company recently added a new privacy option that allows users to limit the visibility of their information from being seen by the public.

Although many individuals and governmental officials have expressed their concerns about Facebook’s acquisition of WhatsApp, the strategy seems logical considering that WhatsApp’s popularity is driven by its unobtrusiveness in its users’ lives. As a result, consumers appreciate the minimal fee in exchange for the comforting reminder that the company is not earning its money by exploiting its users’ personal information. Even though there is no guarantee that WhatsApp will maintain its identity, Facebook’s Mark Zuckerberg acknowledged that it is the app’s unique features and attributes that Facebook hopes to capitalize on, rather than alter, in order to retain its position as a social media and messaging mogul.

 

Cyberspace: United States v. China

POSTED BY Travis Bortz

Recent reports claim that the United States infiltrated Huawei servers headquartered in China to spy on both the company and government officials. The news was generated from classified NSA documents that were released by whistle-blower Edward Snowden. The claim reports NSA has been hacking into the tech giant’s emails servers since 2009.

Huawei is the second largest provider of network equipment and third biggest phone supplier in the world. It boasts over 150,000 employees in over 150 counties and generates more than $38 billion in annual revenues. The Chinese telecommunications mogul was founded in 1987 by ex-military officer Ren Zhengfei.

The NSA codenamed the operation “Shotgiant”. The objective of the operation was aimed at finding links between Huawei and the People’s Liberation Army, in addition to exploiting Huawei’s technology and conduct surveillance through equipment being sold in foreign countries.

The NSA has declined to comment on the accusations. However, the department released an email statement stating they do not use foreign intelligence capabilities to steal the trade secrets of foreign companies or to enhance their international competiveness. Albeit, the Chinese argue this intelligence has blocked various business transactions with Huawei and companies in the U.S. and/or other American influenced counties in fear of Chinese cyber espionage.

There is clearly a gray area as is relates to international intelligence and spying behavior. As technology continues to advance it is imperative governments across the globe establish a standard of behavior as it relates to conduct in cyberspace. Monitoring activity and ensuring safety is different from perpetrating emails, taking proprietary information and insider intelligence, thus such activity needs to be outlined in an international code of conduct as it relates to cyberspace.

These allegations have put strain on relations between the two countries which were deemed less than desirable to begin. As government spying scandals continue to unravel, the question lies whether this intelligence and such spying is worth the negative impact on international relations? Are our citizens safer? Is our commerce more secure? Time will tell…

Knox Guilty Again: The Evidence Might Not Always Be What It Is

POSTED BY Veronica LaClair

In 2009 Amanda Knox and Raffaele Sollecito were convicted, by an Italian court, of the gruesome stabbing murder of Knox’s roommate, Meredith Kercher. In 2011 the two were acquitted of Kercher’s murder due to a lack of evidence, after being in custody for nearly four years. The Italian Supreme Court, in March 2013, determined that the jury acquitted Knox and Sollecito without considering all the evidence and with discrepant testimonies. The court therefore issued an order for a new trial.

At the conclusion of the new trial in January of 2014 Knox and Sollecito were found, for a second time, guilty of Kercher’s murder. Knox was sentenced to 28 years and six months in prison, while Sollecito received a 25 year sentence. Knox and Sollecito are planning to appeal and until a final decision has been handed down by the court it is unlikely that prosecutors will file extradition papers to have Knox brought back to Italy.

Discussion has recently sparked about Knox and what her future will hold and how the end of the Amanda Knox Story will be written. Many are confused with the Italian court’s recent decision, as most of the evidence and testimony used in the new trial was the same as that used in the original trial – which lead to an acquittal. With confusion comes questions, and these questions are leading many individuals to look more closely at what is really going on with the Knox case and its trial evidence.

A new concern has been stirred up in the mist of the Knox case, which is whether or not the police and criminal prosecutors are placing too much faith and reliance on forensic evidence and forensic testimony. It has long been said in reference to evidence, that: it is what it is. Meaning that the evidence doesn’t lie, and the evidence doesn’t change. The problem is that the interpretation of such evidence can be misread and misconstrued when scientists and forensic experts push the boundaries of such evidence too far.

This has been seen in many cases including Mayfield and Peterson. In the Mayfield case authorities were convinced a fingerprint match placed a United States citizen at the heart of the Madrid bombing, when in actuality the fingerprint match was a fluke and belonged to another individual altogether. Moreover, in the Peterson case the jury returned a guilty verdict which was later changed by the court to a grant of a new trial when it was discovered the State’s expert witness had lied about his credentials before his damning bloodstain pattern analysis testimony.

There is an impression that such misrepresentation and overreliance has occurred in the Knox case in reference to the DNA evidence supposedly linking Knox to the murder. Like most forensic evidence there is a depth and limit to its reliability, and it appears that prosecutors might have used evidence that was beyond the threshold of validity and reliability simply because it indicated a match to Know.

An analogous issue has occurred in the past when fingerprints were considered to be a match when seven individual indicators were found to be similar between two samples. However, it is now known that the similarities need to be in the high teens for fingerprints to be considered a possible match. With this analogy in mind, it would seem as though the Knox DNA evidence equated to a seven point finger print match, when a sixteen point match is truly needed in order to satisfy tests and concerns of reliability.

The forensic technology that the criminal justice system relies so heavily on has come under attack in recent years. Forensic science itself is facing a remodeling of its core tenants of reliability and validity, as the field as a whole tries to become more scientifically based. However, it is important that the court be made aware that scientists, now with advances in technology readily available to them, have the ability to make evidence more then what it is by pushing the bounds of reliability before proper testing has been conducted. Until such research and testing can be done it is better to let the evidence speak for itself rather than letting scientist put incriminating words in its mouth.

NameTags Like Never Before

POSTED BY Bridget Sarpu

Many people have attended events where they must sport the “Hello, My Name is…” nametags, in order for other guests to be able to easily identify one another. With new advancements in technology, traditional nametags may be obsolete, replaced with a much creepier, smartphone or Google Glass application.

NameTag is a new facial recognition app that lets users scan faces of strangers and match the face to the owner’s online and public record. If NameTag successfully locates the owner’s face online, it retrieves any public information and presents it to the user of the application. Information can include full name, relationship status, school attended, current occupation, interests, and more. According to a recent press release, NameTag also will be able to scan a face through the National Sex Offender Registry and can tell a user the criminal records of individual. Soon, people may not need traditional nametags if they can just scan a person’s face and receive all available information on their smartphone.

The app, developed by FacialNetwork.com, is available for iOS and Android devices and is believed to be available soon for Google Glass. Specifically, NameTag sends photographs wirelessly to a server, compares the photographs to millions of records and in seconds returns a match complete with a name, additional photos, and social medial profiles. Technology is already being developed to allow the scanning of profile photos from dating sites such as Match.com, PlentyOfFish.com, and OkCupid.com. For added peace of mind, the user can also cross-reference the photos against more than 450,000 entries in the National Sex Offender Registry.   Other criminal databases are perused and report information such as online court records. Once the application gathers all the details of the scanned face, it not only presents the information to the user who originally scanned the face but then it uploads them to FacialNetwork.com’s database for future easy access.

Kevin Alan Tussy, NameTag’s creator, claims to have developed the app for the purpose of safety. He believes there is an added benefit of giving users an easy way to learn more about their future friends, coworkers, or dates, creating an instant connection based on mutual interests or hobbies. Tussy said in a statement, “It is much easier to meet interesting new people when we can simply look at someone, see their Facebook, review their LinkedIn page or maybe even see their dating site profile. Often we were interacting with people blindly or not interacting at all.”[1]

The app is not officially sanctioned Glassware, applications accepted on Google’s new Glass wearable technology. Google has made clear that it is against their developer policies to approve any Glassware that has any sort of facial recognition technology. Therefore, Google will not make NameTag available through the company’s official channels. However, it could still be possible for the FacialNetwork.com to distribute the app themselves, and have users side load it. Plus, individuals using Glass could potentially “jailbreak” the technology and upload NameTag and begin to use it on a daily basis. Obviously, the issue of facial recognition has led some serious fears over the invasion of privacy, especially if the app could be used with Google Glass.

Invasion of privacy is a serious issue regarding NameTag and other application using facial recognition software. Legal and moral issues aside, NameTag says that their goal is not to invade user privacy. Tussy believes issues with privacy can be solved by having users sign up and create profiles on NameTag and choose to not have their profile shown in public searches. He states, “It’s not about invading anyone’s privacy; it’s about connecting people that want to be connected. We will even allow users to have one profile that is seen during business hours and another that is only seen in social situations.”[2] So, if a person does not want their information made available, they can actively sign on to NameTag and opt-out of the service. However, one has to know about the service in order to opt-out. Otherwise, people using the app can scan your face randomly when you walk pass them on the street. One argument is that it should be up to the person whether to opt-in to the service, not opt-out. That way, an individual would first need to create a profile and agree to have their information shared to the outside world.

Other privacy issues concerns question whether NameTag’s ability to access sex offender registries is a good thing. Sex offender lists are publicly accessible but some advocates conclude that public sex registries do not increase public safety. According to Kieran Mccartan, an associate professor in criminology at the University of the West of England, is one who questions whether access to such registries will harm social relationships, instead of build them. In an article in the Conversation, Mccartan writes, “The notion that you can check whether a new partner has offending history suggests a less trusting and more suspicious approach to relationships, as well as an attempt to foresee and future-proof any potential problems.”[3] Mccartan also question database maintenance, accuracy and reliability in the use of apps like NameTag. Instead of relying on an app, people should ask their date those pressing questions and base their future on those answers. NameTag’s angle is the program will help enhance people’s social lives and potentially protect individuals who want to know if someone is registered as a sex offender before engaging with them or allowing their children to be near them.

Individuals are not standing by and waiting for apps like NameTag to hit the market, some are taking action. U.S. Senator Al Franken from Minnesota, recently send a letter to FacialNetwork.com. In the letter he expresses his concerns with NameTag, noting that NameTag lets strangers get a broad range of personal information, done without the person’s knowledge or consent, which crosses a bright line for privacy and personal safety. Senator Franken concluded his letter by asking numerous questions regarding NameTag. Questions include whether NameTag will administer an opt-in program, rather than an opt-out program, how NameTag plans on addressing users who may be stalkers, how NameTag is addressing Google’s prohibition on facial recognition software for Glass, etc. The majority of questions come down to whether publicly available data should be easily accessed by others. One argument is that if a person chooses to post pictures on Facebook for everyone to see, he should not complain if others access the information. On the flipside, the opposing argument is individuals do not realize that by uploading their photos to Facebook they may be subjecting themselves to other outside program access.

Although there is plenty of excitement for future technologies like Google Glass, apps capable of using facial recognition software like NameTag will continue to alarm society. Sure, smartphones have cameras that where people could take pictures of strangers without their knowledge but the easy of accessibility of public information with a simple click can be disturbing. NameTag is only in the beta version and not ready for public distribution but the end result is inevitable and society will quickly be forced to wonder who is scanning their faces and what information is readily available for all to see.

[1] Press Release, FacialNetwork.com Announces Beta Release of “NameTag” the First Real-Time Facial Recognition App for Google Glass, http://www.nametag.ws/.
[2]Id. 
[3] Kieran Mccartan, The App that Checks Whether Your Date is a Sex Offender, The Conversation (Jan. 13, 2014), http://theconversation.com/the-app-that-checks-whether-your-date-is-a-sex-offender-21941.