Google "Street View" case may be headed for SCOTUS Review

By John D. Seiver

Google held true to its promise to seek SCOTUS review of the Ninth Circuit’s interpretation of the term “radio communications” in the Wiretap Act when it filed its Petition for Certiorari last week. Google had argued in the Ninth Circuit that intercepting unencrypted Wi-Fi transmissions is within a specific exemption, but the Ninth Circuit (initially and on rehearing) held instead that unencrypted Wi-Fi is protected from interception by the Wiretap Act. Absent an extension, oppositions are due April 30, 2014.
Continue Reading...

New Cellphone Promises Array of Built-in Privacy Features

By Angela Galloway

Consumers will soon have access to a smartphone that automatically encrypts calls and texts, and provides anonymous web browsing, according to reports about the "Blackphone."

Forbes reports that the phone, set for a spring release, caters to phone users who want built-in privacy protections -- and to avoid the hassle of manually changing privacy settings and adding protective features. For  $629, purchasers will get  three years of encrypted phone calls and messaging services plus 5 GB of encrypted storage, Forbes Reports. The phone also will include anti-tracking and anti-WIFI sniffing services. According to Forbes, the phone was developed by Spanish startup GeeksPhone and Washington D.C.-based Silent Circle.

Newsweek reports that the phone will lack an email app, at least at launch. The company is working with another firm to develop a secure email service. The Guardian reports that the phone  will run a version of Android that certain security holes and provides greater data control than third-party apps.

Oregon Restricts Employers' Access to Private Social Media Accounts

By Christie S. Totten, Chrys A. Martin, Angela Galloway, and Peter G. Finch

 Oregon recently joined numerous states in prohibiting employers from seeking access to employees’ or prospective employees’ private social-media accounts, personal email, and other online content. Employers may not:
  1. Require or request that an employee or applicant allow the employer access to the individual’s personal social media account (e.g. cannot ask for the password)
  2. Compel an employee or applicant to add the employer to the individual’s social media contact list, (e.g. cannot require the employee to “friend” the employer on Facebook); or 
  3. Compel an employee or applicant to allow the employer to view the personal account.
Continue Reading...

New Advisory on Inquiry Into Privacy and Security for the "Internet of Things"

Be sure to check out our advisory discussing the Federal Trade Commission (FTC) workshop on privacy and security issues arising from the emerging market of connected devices, also known as the “Internet of Things.”  The advisory notes how the FTC expects entities operating in this space to apply “privacy by design” principles and build security into their devices, but also explores sentiments that new privacy and security principles must be developed for the Internet of Things.  While there may be something of a consensus that regulation in this space would be premature, it is clear the FTC will continue to watch this sector closely and police entities that fail to employ reasonable practices necessary to protect against inadvertent disclosure of personally identifiable information, with recommendations and best practices to issue via an FTC report to be published next year.  You can read the advisory here.

En Banc 9th Circuit Decision Narrowly Construes Federal Computer Fraud and Abuse Act's Prohibition on Conduct that "Exceeds Authorized Access"

By Ronald G. London

In a 9-2 reversal of an earlier appellate decision by a 3-judge panel, the U.S. Court of Appeals for the 9th Circuit issued an en banc ruling in U.S. v. Nosal, holding that the prohibition in the federal Computer Fraud and Abuse Act (“CFAA”) on exceeding authorized access to a computer covers only the scope of access allowed, not the subsequent use of any information obtained.  In doing so, the court rejected a broader reading the government advocated, which the en banc majority held “would transform the CFAA from an anti-hacking statute into an expansive misappropriation statute.”  The court’s decision, authored by Judge Kozinski, explains that this narrow construction is preferable because it prevents CFAA liability for, for example, employees using their work computers in violation of their employers’ acceptable use polices, and/or web-surfers using a website in ways that may violate its terms of use/service, which the court noted few ever read, and even fewer understand in enough detail to avoid unwitting liability.

Continue Reading...

FCC Adopts Rules Implementing Truth in Caller ID Act

Check out our just-posted advisory offering an overview of the FCC Report and Order adopting rules implementing the Truth in Caller ID Act.  The Act, and now the FCC’s rules implementing it, target “spoofing,” i.e., manipulating the phone number displayed by caller ID devices so that call recipients see a number other than that from which a call originated.  In particular, the statute and regulations prohibit spoofing accompanied by an intent to defraud, cause harm, or wrongfully obtain anything of value, and allows the FCC to impose substantial penalties for violations.

As the FCC’s R&O explains, malicious spoofing practices range from those involved in attempts to gain unauthorized access to voicemail accounts, to identity theft, to stalking, and even to false emergency calls to law enforcement for the purpose of eliciting responses from SWAT teams.  Our discussion of how the Act and rules seek to combat such malfeasance, and how they avoid ensnaring legitimate practices, can be found here.

City Of Ontario v. Quon: United States Supreme Court Rejects Police Officer's Lawsuit Claiming That City's Review Of His Personal Text Messages Was An Illegal Search

By Kelli Sager, Jeffrey Fisher, Rochelle Wilcox, and John (Rory) Eastburg

The United States Supreme Court has ruled unanimously that a California city’s audit of a police officer’s text messages was reasonable, and rejected a lawsuit claiming that the review violated the Fourth Amendment.  At the same time, the Court declined to issue “[a] broad holding concerning employees’ privacy expectations vis-à-vis employer-provided technological equipment,” on the ground that such a ruling “might have implications for future cases that cannot be predicted.”  Read more at, or click here.


We're Baaaaaaack.

Those of you who were once frequent visitors to this blog may, by now, be asking one or more of the following questions:

(a) Why haven’t you guys posted anything for so many months?
(b) Why does the site look different?
(c) Who’s going to win the NBA playoffs?
(d) Why did they cancel My Name is Earl?

Well, the first two at least. The truth is that this blog was started in August 2005, and ran steadily (sometimes more steadily than others) for about three years. As blogs go, that’s a fairly distinguished record – there are more abandoned blogs lining the sides of the Information Superhighway than there are hubcaps along the Cross Bronx. Wait, did we actually just use the phrase “Information Superhighway”? Because that is so 2005. As is that phrase we just used.

So anyway, when our firm decided to revamp its website, we took this as an opportunity to think seriously (read: discuss over drinks) what we wanted to accomplish with this blog, and what we needed to do to keep it fresh and relevant. The process has taken a bit longer than we expected, but here’s where we are:

Rather than a long list of bloggers, you will be getting regular updates from just five of us – and henceforth there will be no more posts in this annoying third-person, royal we, voice. We may have some guest bloggers on occasion, but for the most part you can level any criticisms at the following:

Bruce Johnson, our Burgermeister-Meisterburger, who will be blogging on the topic of Personal Communications (blogging, employee/employer relations, etc.)

Randy Gainer, who will be captivating you with stories about the Government Surveillance (ECPA/CFAA, CALEA, REAL ID/travel issues, etc.)

Charlene Brownlee, who is by far the most stylish among us (and who will be blogging on the subject of Data Breaches and identity-theft laws)

Ronald London, who will endeavor to keep an eye on Congress and will be blogging about telemarketing, junk fax, CAN-SPAM, behavioral/advanced advertising, and CPNI (which we’ll call Marketing and Consumer Privacy)

Lance Koonce, who will try not to mangle any stories about Online Threats such as hacking, phishing, pharming, pretexting, malware/spyware, and offline versions such as dumpster diving and the theft/loss of data-containing devices.

We do not purport to be a source for all news that touches on privacy and security – the field has exploded and aggregating such information would be a full-time career. Rather, we hope to tease out interesting aspects of specific issues within our areas of coverage. We hope you’ll take a look, and keep coming back if what you see intrigues you.


The PrivSecBlog Team

And by the way:

The Lakers.
Ratings. And possibly bad karma.