AUSTIN, Texas — A divided House vote provides momentum for Texas employees who wish to shield personal text messages, email passwords under a bill backed by Democratic State Rep. Hellen Giddings and given preliminary approval Thursday.
Proponents say Texas workers need the same social media protections provided in several other states. The bill prohibits employers from asking job applicants or employees for passwords to access their Facebook, Twitter or other personal accounts. Opponents argue it will provide “safe harbor” for employees to steal proprietary information at the workplace through their personal accounts.
No specific penalties are spelled out for employers who would violate the law.
The Texas law is another reminder of the ongoing evolution of Social Media law and regulation as legislators and private businesses struggle to understand how these technologies affect everyone’s rights, obligations and remedies.
If you or your business is concerned about social media legal and regulatory compliance, contact David Adler at Leavens, Strand, Glover & Adler. 866-734-2568 firstname.lastname@example.org.
Tagged: email, employe, employer, Facebook, Privacy, security, Social media, Texas, Twitter, Workplace
Three Things I Learned About Personal Cybersecurity At RSAConference That You Should Be Doing Right Now
February 28, 2013
I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.
One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.
Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.
Here are the three things I learned about how you can protect yourself and others in your organization.
First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.
TIP NO. 1: Use a private, obscure email address for your more sensitive information.
Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.
TIP NO. 2: Back Up your digital life, early and often.
Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.
Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.
TIP NO. 3: Whenever possible enable two-factor authentication.
Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.
Please comment and follow!
- Twitter looks to add two-factor authentication to stop password hacks (arstechnica.com)
Tagged: Authentication, CloudFlare, Cyber, cybersecurity, Facebook, Google+, Hackers (film), Matthew Prince, Privacy, Risk, security, trust, Two-factor authentication, User (computing), ZoneAlarm
February 19, 2013
I will be speaking at Affiliate Management Days SF 2013 (April 16-17, 2013) on the topic of “Managing Risk: Legal Issues for Merchants & Affiliate Managers.”
Affiliate marketing is one of the most cost-effective techniques for monetizing web site traffic and driving sales. Unfortunately, it has a reputation for high risk. While the industry is unlikely to ever be risk-free, it is possible to manage risk by: (1) understanding how techniques like behavioral and contextual targeting affect consumers, affiliates and merchants, (2) understanding the legal and regulatory environment, (3) understating risks involved with prospective marketing partners, (4) using and maintaining proper contracts that allocate risk and provide appropriate indemnifications, and (5) keeping informed about the changes in technology, marketing practices and the regulatory environment. Attendees will learn how to identify these issues and develop policies and procedures to keep informed about the current technology, marketing strategies and regulatory compliance.
Topics covered include:
- Behavioral/Contextual Advertising
- Regulatory/Industry Compliance : FTC Guides & Enforcement Actions
- CAN-SPAM compliance
- IP Law: Rules governing use of others™ Trademarks/Keywords, Right of Publicity/Endorsement Issues.
- Identifying, protecting against, and disputing accusations of Click-Fraud
- Bad Affiliate Programs: Cheating and Stealing from Affiliates (earnblogger.com)
Tagged: Affiliate marketing, Affiliate Program, April 16-17 2013, Business, Marketing, Network affiliate, Online Opportunities, Opportunities
December 23, 2012
As a result of the rapid shift in marketing from unilateral one-to-many communications, to the multilateral, many-to-many or many-to-one conversations enabled by Social Media, employees and employers are struggling to manage accounts that are used for both work and personal purposes.
This new phenomenon has benefits, but it also creates a number of legal challenges. For employees, it may result in greater efficiency, more opportunities for authentic customers engagement and the ability to stay on top of the most current grands and business issues. For employers, it presents opportunity to reap substantial benefits from lower communications and customer support costs. For in-house counsel, it raises a host of legal and practical issues with few easy solutions and significant liability and regulatory risks.
First, there are hardware issues. Smartphones, tablets and other personal electronics often have social networking capabilities built in. in addition, they contain contain both personal and business data. Because these devices are always on and always connected, they are more than just personal property. They have become essential business tools. For both sides of the workplace equation, employers and employees must understand where the privacy lines fall between personal versus work-related information.
Second, there are data issues. Employers must balance their needs to monitor employee usage, employees’ privacy concerns, and the risk of liability for theft or exposure of data if a device is lost or stolen, or from lack of proper safeguards on account usage. For in-house counsel tasked with drafting policies to address these risks, , Prior to implementation of any policy, the legal team needs to educate front line employees and management on reasonable expectations of privacy and security and the harms that the organization seeks to prevent.
Lastly, recent cases such as the Cristou v. Beatport litigation, highlight the struggle to define and control the beginning and end of employee social media accounts, ownership and protection of intellectual property and the post termination risks that arise from the absence of appropriate policies.
As we prepare to start a new year, the time is ripe to establish security and privacy policies governing creation, maintenance and use of employees’ social media accounts for work functions. In-house counsel must lead the charge to educate, inform and train employees about privacy, security and evidence-recovery implications associated with use of social media.
Tagged: accounts, attorney, Business, BYOD, Communications, counsel, employee, employer, in-house, infosec, Law, Lawyer, Legal, Marketing, media, Mobile, policies, policy, Privacy, regulation, security, social, Workplace
October 15, 2012
I’m surprised at how often I receive commercial bulk email messages that are not compliant with the Federal CAN SPAM act.The two biggest mistakes I see are 1) no physical address and 2) no opt-out/unsubscribe mechanism.
Another common mistake is a “blind” bulk email address list like “Undisclosed-Recipients@email.com.” Not only do I NOT know which address this received the offensive message, there usually isn’t even a proper return address for me to send an “Unsubscribe” message.
With the popularity of social media, you’ve probably received a Twitter promotion for iPhones, special deals, free downloads, etc. While it’s easy to dismiss poorly-written tweets from obvious spammers, when someone replies to you on Twitter, says “must read, check it out” and the topic is clearly the kind of thing you read and share it’s more difficult to tell. Often, these are from legitimate accounts where a human has taken the time to compose and send the message.
In light of the growing use of electronic mail (“email”) messages for advertising, marketing, corporate communications and customer service, is essential to have some familiarity with the Federal “Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003” also known as the CAN SPAM Act (the “Act”) The Act provides the parameters of its application, explicit prohibitions, requirements for transmission of legally compliant email messages including the “Opt-Out” mechanism and vicarious liability. Generally speaking, the Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing.
Congress drafted the Act to impose limitations and penalties on the transmission of unsolicited commercial email messages. Unlike some state initiatives, the Act is an “opt-out” law. Put another way, for most purposes permission of the e-mail recipient is not required. However, once an email recipient has indicated a desire to opt-out or no longer receive such messages, failure to comply with the recipient’s request may subject both the sender and the person or entity on whose behalf the message was sent to severe penalties.
Frequently asked question about the Act include:
1) To Whom Does The Act Apply? The Act applies to any person or entity that sends email.
2) What Activities Are Prohibited By The Act? The Act is primarily concerned with explicitly prohibiting certain predatory and abusive commercial email practices.
3) What Are The Requirements For Sending Email Messages? Section 5(a) of the Act sets requires the inclusion non-misleading information regarding: (a) transmission, (b) subject, (c) email address, (d) Opt-out and physical address, and (e) clear and conspicuous language identifying sexually-oriented messages.
4) Who Can Be Liable for Violations? The Act applies to both the party actually sending the commercial email messages and those who procure their services.
The primary substantive provisions of the Act can be divided into three parts found in Section 4, Section 5 and Section 6. Section 4 of the Act addresses “predatory and abusive” practices prohibited by the Act. Section 5 details the requirements for transmission of messages that comply with the Act. Section 6 details the requirements for transmission and identification of sexually-oriented messages. Section 6 is not discussed in this article.
Section 4 of the Act lists specific “predatory and abusive” practices prohibited by the Act. In short, the Act specifically prohibits: (i) accessing a computer without authorization for the purpose of initiating transmission of multiple commercial email messages, (ii) transmission of multiple commercial email messages with the intent to deceive or mislead recipients, (iii) transmission of multiple commercial email messages with materially false header information, (iv) registration of email accounts or domain names using information that materially falsifies the identity of the actual registrant, and (v) false representations regarding the registration of Internet Protocol addresses used to initiate multiple commercial email messages.
The second relevant part, set forth in Section 5 of the Act, details the requirements for transmission of messages that comply with the Act. Subject to certain limitations discussed below, the Act requires that email messages contain: (i) transmission information that is not materially false or misleading, (ii) subject information that is not materially false or misleading, (iii) a return address or comparable mechanism for opt-out purposes, (iv) identifier, Opt-out and physical address, and (v) clear and conspicuous language identifying sexually-oriented messages as such. (Note, this last requirement is not discussed. See above.) Lastly, the Act implicates both commercial email transmission service providers as well as those who procure their services.
To Whom Does The Act Apply?
The Act applies to any person or entity that sends email. The Act specifically regulates “commercial electronic mail messages,” defined as any email message “the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” However, the Act specifically excludes from this definition “transactional or relationship messages.” A “transactional or relationship message” falls within one of five categories of messages:
- communications that facilitate, complete or confirm a commercial transaction previously agreed to by the recipient;
- communications that provide warranty or other product information with respect to a product or service previously used or purchased by the recipient;
- notifications with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship;
- information directly related to an employment relationship or related benefit plan in which the recipient is currently involved; and
- communications to deliver goods or services, including product updates or upgrades, under the terms of a transaction previously agreed to by the recipient.(Emphasis added.)
The purpose for the distinction between “commercial electronic mail messages” and “transactional or relationship messages” is to exempt certain types of communications from compliance with all the message transmission requirements of the Act. As should be clear from the list above, the Act distinguishes the types of communications based on the relationship between the sender and recipient rather than on the character of the message. Put another way, so long as the communication is related to some type of existing business relationship, it is not a “commercial electronic mail message.”
What Activities Are Prohibited By The Act?
Section 4 of the Act is primarily concerned with prohibiting certain predatory and abusive commercial email practices. Section 4(a) amends Chapter 47 of Title 18 of the United States Code by adding Section 1037 which specifies the offenses that constitute “fraud and related activity in connection with email.” An offense is committed by anyone who directly or indirectly, knowingly:
- accesses a protected computer without authorization, and intentionally initiates the transmission of multiple commercial electronic mail messages from or through such computer,
- uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
- materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
- registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, or
- falsely represents oneself to be the registrant or the legitimate successor in interest to the registrant of 5 or more Internet Protocol addresses, and intentionally initiates the transmission of multiple commercial electronic mail messages from such addresses.
Clearly, Section 4 is primarily concerned with preventing practices whereby the sender intentionally, either through outright fraud or other deception, conceals its true identity or the true commercial character of the message.
What Are The Requirements For Sending Email Messages?
Section 5(a) of the Act sets forth certain other protections for the users of commercial email.
Accurate Transmission Information. Among the affirmative requirements of Section 5(a), Section 5(a)(1) prohibits sending either a commercial electronic mail message, or a transactional or relationship message, that contains, or is accompanied by, header information that is materially false or materially misleading. Unlike the general prohibition against sending messages with materially false header information under Section 4, in addition to having technically accurate transmission information, the sender is prohibited from having used false pretense or other deceptive means to acquire such information (e.g. email accounts, domain names and IP addresses). Furthermore, the “from” line must “accurately identify the person transmitting the message.” Lastly, the sender must accurately identify the computers used to originate, relay or retransmit the message.
Note, the following only apply to commercial electronic mail messages:
Accurate Subject Information. Messages must have accurate subject information. Subject information would not be accurate if a “person has actual knowledge, or knowledge fairly implied on the basis of objective circumstances, that a subject heading of the message would be likely to mislead a recipient, acting reasonably under the circumstances, about a material fact regarding the contents or subject matter of the message.”
Inclusion of Opt-out Mechanism. Messages MUST contain a functioning return email address or other Internet-based mechanism (e.g. hyperlink), that is clearly and conspicuously displayed that enables a recipient to submit a request to opt-out of future email messages from the sender whose email address was contained in the message. The opt-out mechanism (whether email address or hyperlink, etc.) must remain functional for at least thirty (30) days after the transmission of the original message.
Removal After Objection. If a recipient makes a request using the opt-out mechanism, the sender shall not transmit any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such message would fall within the scope of the request. A third-party acting on behalf of the sender shall not transmit or assist others to transmit, any further messages to the recipient, more than ten (10) business days after the receipt of such request, if such third party knows or should know of the recipient’s objection. Lastly, the sender and any third party who knows that the recipient has made such a request, shall not sell, lease, exchange, or otherwise transfer or release the electronic mail address of the recipient for any purpose other than compliance with the Act or other provision of law.
Inclusion of Identifier, Opt-out & Physical Address. Every message must clearly and conspicuously: (i) identify the message as an advertisement or solicitation; (ii) provide notice of the opportunity to opt-out of future communications; and (iii) provide a valid physical postal address of the sender. However, the notice that a message is an advertisement or solicitation does not apply where the recipient has given prior affirmative consent to receive the message.
Related Activities Proscribed.
Other prohibitions in the Act concern unethical or unscrupulous practices that tend to coincide with deceptive or abusive email. Several common methods for generating email distribution lists have also been proscribed. The Act prohibits certain unethical practices such as:
- hijacking another email server to send or relay messages;
- “harvesting” email addresses that appear on others’ Web sites;
- randomly generating email addresses;
- knowingly linking an email ad to a fraudulently registered domain; and
- participating in other offenses such as fraud, identity theft, etc.
Who Can Be Liable for Violations?
The Act applies to both the party actually sending the commercial email messages and those who procure their services. One cannot “outsource” its “spam” and thereby avoid liability under the Act. One may be held accountable if the email service employed isn’t actually using a legally-compiled or permission-based list. Under some parts of the Act one may be held liable for employing a third party to distribute the messages “with actual knowledge, or by consciously avoiding knowing, whether such [third party] is engaging or will engage, in a pattern or practice that violates this Act.”
The Act was written to prohibit the fraudulent, deceptive, predatory and abusive practices that threaten to undermine the success and effectiveness of commercial email and email marketing. Since Bacon’s uses email to communicate with employees, vendors, existing and prospective customers, Bacon’s is clearly subject to the Act. The Act focuses on enumerating proscribed activities rather than affirmative obligations to make it easier for legitimate, honest businesses to comply with the Act. The Act distinguishes communications based on a previously existing relationship between the sender and the recipient from those communications that are prospective in nature. Generally, email messages not based on a pre-existing relationship are subject to greater affirmative requirements.
- Be Aware of the Requirements for Transmitting Messages.
- Require Compliance by Clients.
- Monitor Distribution by Affiliates.
Tagged: Advertising, CAN SPAM Act, CAN-SPAM Act of 2003, E-mail spam, IP address, IPhone, Opt-out, Twitter
September 7, 2012
Sept. 5 2012:
From the FTc web site:
The Federal Trade Commission has published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC’s new publication, “Marketing Your Mobile App: Get It Right from the Start,” notes that there are general guidelines that all app developers should consider. They include:
Tell the Truth About What Your App Can Do. – “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises;
Disclose Key Information Clearly and Conspicuously. – “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”
Build Privacy Considerations in From the Start. – Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”
Offer Choices that are Easy to Find and Easy to Use. – “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”
Honor Your Privacy Promises. – “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers – like all other marketers – have to live up to those promises.”
Protect Kids’ Privacy. – “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”
Collect Sensitive Information Only with Consent. – Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.
Keep User Data Secure. – Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information.
Tagged: applications, apps, data, FTC, kids, Mobile, policies, Privacy, security
August 28, 2012
A recent New Jersey District Court case underscores the rise in tensions between employers and employees when it comes to Social Media Accounts. In Ehling v. Monmouth-Ocean Hospital Service Corp., the Court denied an employer’s motion to dismiss a former employee’s invasion of privacy claim that alleged a supervisor accessed the employee’s Facebook account. Ehling worked for Monmouth-Ocean Hospital Service Corporation (“MONOC”) and became Acting President of the local union for Professional Emergency Medical Services. Ehling alleged that MONOC began engaging in a pattern of retaliatory conduct against her eventually leading to termination of her employment.
Posting Limited to “Friends”
Ehling maintained an account on Facebook, but kept access to her wall post limited to Facebook “friends,” many of whom were coworkers, but none of whom were members of MONOC’s management. Ehling alleged that MONOC surreptitiously gained access to her Facebook account when a supervisor summoned a MONOC employee, who was a Facebook friend, and coerced, strong-armed, and/or threatened the employee to access his Facebook account in the supervisor’s presence for the purpose of viewing and copying Ehling’s posts.
Ehling alleged that MONOC then sent letters regarding a certain posting to the New Jersey Board of Nursing and the New Jersey Department of Health, Office of Emergency Medical Services as it was concerned that Plaintiff’s Facebook posting showed a disregard for patient safety. Ehling alleged the letters were malicious and meant to damage her professionally.
Ehling’s claim for common law invasion of privacy was premised on Defendants’ alleged unauthorized “access of her private Facebook postings” The Court denied MONOC’s motion to dismiss which argued that Ehliong did not have a reasonable expectation of privacy in her Facebook posting. The Court stated that Under New Jersey law, to state a claim for intrusion upon one’s seclusion or private affairs, a plaintiff must allege sufficient facts to demonstrate that (1) her solitude, seclusion, or private affairs were intentionally infringed upon, and that (2) this infringement would highly offend a reasonable person. See Bisbee v. John C. Conover Agency Inc., 186 N.J. Super. 335, 339 (App. Div. 1982). “[E]xpectations of privacy are established by general social norms” and must be objectively reasonable – a plaintiff’s subjective belief that something is private is irrelevant. White, 344 N.J. Super. 211, 223 (Ch. Div. 2001).
The Impact of Social Media on Privacy is Unsettled
The Court went on to make further observations on the impact of Social Media on Privacy:
“Privacy in social networking is an emerging, but underdeveloped, area of case law. See Robert Sprague, Invasion of the Social Networks: Blurring the Line between Personal Life and the Employment Relationship, 50 U. Louisville L. Rev. 1, 13 (2011) (discussing the undefined legal boundary between public and private communications on social networking websites).
There appears to be some consistency in the case law on the two ends of the privacy spectrum. On one end of the spectrum, there are cases holding that there is no reasonable expectation of privacy for material posted to an unprotected website that anyone can view. See, e.g., United States v. Gines-Perez, 214 F.Supp.2d 205, 225 (D.P.R. 2002), rev’d on other grounds, 90 F. App’x 3 (1st Cir. 2004) (“[I]t it strikes the Court as obvious that a claim to privacy is unavailable to someone who places information on an indisputably, public medium, such as the Internet, without taking any measures to protect the information”); Yath v. Fairview Clinics, N.P., 767 N.W.2d 34, 44(Minn. Ct. App. 2009) (holding that privacy was lost when private information was posted on a publicly accessible Internet website and “[a]ccess to the publication was not restricted”).
Some Reasonable Expectation of Privacy
On the other end of the spectrum, there are cases holding that there is a reasonable expectation of privacy for individual, password-protected online communications. See, e.g., Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (N.J. 2010) (employee could have reasonably expected that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private); Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 587 F. Supp. 2d 548 (S.D.N.Y. 2008) (employee had a reasonable expectation of privacy in personal, password-protected e-mail messages stored on a third party’s server, although the employee had accessed that outside server while at work).
Legal Approaches Continue to Develop
The Court note that a consistent approach hasn’t yet developed. While most courts hold that a communication is not necessarily public just because it is accessible there is disagreement as to how far that theory extends. Some courts have adopted the rule that when one shares private information to one or more persons, there may still be a reasonable expectation that the recipients of the information will not disseminate it further. What is clear is that privacy determinations are made on a case-by-case basis, in light of all the facts presented.
Tagged: Expectation of privacy, Facebook, Fourth Amendment to the United States Constitution, Privacy, security, Supreme Court of the United States, United States, Vehicle tracking system
August 10, 2012
Although courts have called the Internet “one large catalyst for rumor, innuendo, and misinformation,” nevertheless, it provides large amounts of evidence that may be relevant to litigation matters. Increasingly, courts are facing presentation of, and challenges to, data preserved from various websites. According to a survey conducted by the X1ediscovery blog, there are over 320 published cases involving social media/web data in the first half of 2012.
Evidentiary authentication of web-based data, whether it’s Internet site data available through browsers, or social media data derived from APIs or user credentials, presents challenges. Given the growing importance of social media posts and data, businesses should be prepared to offer foundational evidence to authenticate any posts that are vital to a case.
Authentication of social media and web data is a relatively novel issue for many courts. Courts have been extremely strict in applying foundation requirements due to the ease of creating a profile or posting while masquerading as someone else. Therefore it is important to go beyond the surface of a social media profile or a post to provide the foundation necessary to authenticate what he evidence for use in court.
Regardless of the type of data, it must be authenticated in all cases. The authentication standard is found in Federal Rule of Evidence 901(a), “The requirement of authentication … is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims.” United States v. Simpson, 152 F.3d 1241, 1249 (10th Cir. 1998).
The foundational requirement of authentication is satisfied by evidence sufficient to support a finding that the matter in question is what its proponent claims. See US v. Tank, 200 F. 3d 627, 630 (9th Circuit 2000) (citing Fed.R.Evid. 901(a)). This burden is met when “sufficient proof has been introduced so that a reasonable juror could find in favor of authenticity.” This burden was met where the producer of chat room web logs explained how he created the logs with his computer and stated that the printouts appeared to be accurate representations. Additionally, the government established the connection between the defendant and the chat room log printouts based on IP addresses.
See also, Perfect 10, Inc. v. Cybernet Ventures, Inc. (C.D.Cal.2002) 213 F.Supp.2d 1146, 1154, and Lorraine v. Markel American Insurance Company, 241 F.R.D. 534, 546 (D.Md. May 4, 2007) (citing Perfect 10, and referencing additional elements of “circumstantial indicia” for authentication of electronic evidence).
Clearly, there is an emerging trend in the use of social media and web data as evidence. As the use of this type of evidence increases, so too will the consistency and predictability of the foundational matters required by courts. Thus, businesses are well advised to include web collection and social media support in the investigation process so they are prepared to offer the necessary foundational evidence to authenticate any social media posts that may be vital to a case.
Tagged: Authentication, Computer, data, evidence, Federal Rule of Evidence 901(a), Foundation, FRCP, Law, Legal, litigation, media, Proving a Case, social, strategy, technology
August 2, 2012
1. Content & Marketing
MutualMind Signs Agreement With LexisNexis to Offer Advanced Social Media
MarketWatch (press release)
PRNewswire via COMTEX/ — MutualMind, an award-winning social media technology developer based in Dallas, Texas, announced an agreement today with LexisNexis, a leading provider of legal content and technology solutions.
Facebook: Should Law Firms Bother?
Business 2 Community
While consumer brands have embraced Facebook as a key tool in building deeper customer engagement, the biggest social network largely remains terra incognita in the legal world. The sector has certainly harnessed professional networking sites.
Bahrain may act against social media abuse
Legal action could be taken against people in Bahrain, who incite violence and spread sectarianism on social media, said a top official. The initiative comes as a new code of honour for social media users is set to be launched by the Bahrain Bloc.
3. Law Enforcement
An overwhelming majority of investigators using social media for investigative purposes are “self taught,” according to a new survey of 1200 Federal, state, and local law enforcement professionals.
That’s but one of the many conclusions found in a comprehensive new survey — conducted in a partnership between PoliceOne and LexisNexis Risk Solutions — focused on the impact of social media on law enforcement in criminal investigations. Among the …
4. Employees & Workplace
What your social media profile is telling future employers? (Take our poll)
The State of Maryland already has passed a law forbidding employers from asking job candidates for their passwords to Facebook and other social media sites, and California is considering a similar law. 01fgSCREEN2.jpg View full size · The Society for …
Social Media in the Workplace – July 2012
JD Supra (press release)
With an understanding of some of the relevant issues, employers can implement meaningful and reasonable policies and guidelines for employees and respond appropriately and legally to social media issues that arise. Below are a few of the discrete issues …
5. Financial Services
The trick for us is trying to provide legally correct information, in such a way that is easy to understand, to the American public so that investors truly understand their options with retirement savings.” “Internet, the online experience and social media are the 21st Century.”
The New Social Metrics
Bank Technology News
Below are methodologies and metrics for determining the ROI of these specific social media use cases. The metrics roll up to three major categories of benefits: revenue impact, operational efficiencies, and legal and compliance risk avoidance.
David M. Adler, Esq. is an attorney, author, educator, entrepreneur and partner with Leavens, Strand, Glover & Adler, LLC, a boutique law firm in Chicago, Illinois created with a specific mission: provide businesses with a competitive advantage by enabling them to leverage their intangible assets and creative content in order to drive innovation and increase overall business value.
We meet this challenge by providing legal counsel on issues related to creation, protection and commercialization of intangible assets, our comprehensive understating of the relevant law, our team of seasoned professionals and our client service philosophy.
Tagged: content, Employees, Financial services, International, law enforcement, Legal, Marketing, media, police, regulation, social, Statutes, Workplace
July 23, 2012
Newsmakers Q&A | Law slow to address workers’ social-media privacy
Colorado shooting: Public calls on Christian Bale to swoop in
Los Angeles Times
July 21, 2012, 12:04 p.m.. People are calling upon the caped crusader in the wake of the Colorado theater shooting with the 21st century bat signal: social media.
And with the government mulling a media law to tighten its grip over the fledgling but lively Afghan press corps, Nai hoped social media could help safeguard political and social freedoms, as occurred during the wave of uprisings across the Middle East.
A social media win on merger
It’s a bracing lesson, on a local stage, in the power of social media to create community around an issue and ratchet up pressure on key players – in this case, the members of the Abington board and its president and CEO, Laurence Merlis. “It’s amazing to me just how fast word spread,” …. A community-conscious and activist community, with a high concentration of concerned, committed people who work in industries such as law, medicine, public relations, and journalism.
Once new information began streaming in about the shooting, over 100 viewers began responding to the Action 4 News Facebook page and Twitter feed. As the day progressed, over 500 comments came into valleycentral.com andAction 4 social media
Media Wise Parents to the rescue
Windsor This Week
Media Wise Parents helps parents, educators and churches become more aware with social media and the internet. Tweet · Bookmark and … It’s certainly in my background with law and marketing, it’s always something that interests me.
We Want To Hear From You: Take This Two-Minute Social Media Survey
This Is The Gun Used In The Colorado Shooting That Everyone Can’t Believe Is Actually Legal
In Focus: Social Media & Law Enforcement
Busted! Police Turn to Social Media to Fight Crime
Law enforcement is taking to social media because criminals are changing their behavior and using social media to facilitate crime. In response, law enforcement officials are using it to track down criminals and as a predictive policing tool, said Haywood.
Role of Social Media in Law Enforcement Significant and Growing
Business Wire (press release)
WASHINGTON–(BUSINESS WIRE)–LexisNexis® Risk Solutions today announced the results of a comprehensive survey focused on the impact of social media on law enforcement in criminal investigations.
Police Make Wide Use Of Social Tools
The survey, of more than 1200 law enforcement professionals with federal, state, and local agencies, found that 83% of the respondents are using social media, particularly Facebook and YouTube, to further their investigations.
Crime Busters Embrace Social Media
It’s not just prospective customers, partners or employers who may be scanning the social media landscape to glean information about you and your organization. The long arm of the law has joined the party as well, a new survey shows.
How Law Enforcement Is Using Social Media (Infographic)
Law enforcement officials are using social media to solve crimes and will continue to do so in greater numbers. In an online survey conducted by LexisNexis Risk Solutions, four out of five law enforcement officials used social media.
Tagged: Colorado, Crime, government, law enforcement, Legal, Lexis-Nexis, police, Political, Politics, Privacy, regulation, Social media, Survey