Sign In

Communications of the ACM

ACM News

Privacy in the Age of Digital Glass Houses


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Philip Johnson's Glass House

Credit: National Trust for Historic Preservation

Fame is easy these days; it's privacy that's hard to find.

Consider the case of Tiger Woods, whose lurid text messaging with Joslyn James, Jaimee Grubbs and Rachel Uchitel have kept scandal sites buzzing for months. The unwary may presume text messages disappear when they are sent, but unless erased, they remain on the phones of both senders and receivers. Even if they are deleted, copies can be obtainable from service providers for days or weeks afterward. Vulnerability to the kind of scandal that can result has traditionally been the lot of those in high places, like Tiger Woods, but these days with blogs, Facebook, MySpace, and Twitter, all of us lead public lives. That means almost anyone can be embarrassed in a very public manner.

As the boundaries for privacy have been redrawn by the connected world, the social norms and legal support structure that we count on to preserve privacy have shown more and bigger gaps. These awkward openings raise two key questions: How will an increasingly open cyber society affect my life? And how can I protect myself?

Family Court's Low Bar

You don't need to be among the glitterati to have a spot of incautious sexting come back to haunt you. The result can be more than awkward when electronic evidence of an extramarital fling becomes part of a divorce proceeding. Certainly it can yank the rug out from under plausible deniability.

District Judge David Hanschen of the 254th District Family Court in Dallas, TX sees electronic evidence all the time: Facebook, MySpace, e-mail and text messages, with the last two groups popping up on an every-other-day basis.

Verifying electronic data can be problematical. "It's the lawyer's responsibility to present evidence in a way that it's immutable," Hanschen says. In family court, a competent lawyer might do this by asking the opposing party "Do you recognize this e-mail?" or "Is this your Facebook page?" When the author testifies that in fact he or she sent the texts or e-mails or owns the pages in question, "then they are accepted without any further ado."

If the author doesn't take responsibility, then the recipient has to testify it came into his or her inbox. In one such case, Judge Hanschen recalls, a fight broke out in court about whether the recipient actually received the e-mail in question. In that case, he accepted the e-mail thread into evidence. In fact, over the last few years, he's only refused to admit electronic records as evidence once or twice, and that refusal did not change the course of the ruling.

"Since the family courts are courts of equity," he explains, "the bar to admitting evidence is fairly low." That is, in a family court setting, adjudication does not depend so much on a clear-cut rule of law as upon an evaluation of circumstances to decide either an appropriate division of assets or what is in the best interests of a child. "The general policy of my court is that you put everything out on the table and the right answer will surface," Hanschen says.

No Game-Changer

But so far electronically captured evidence hasn't proved to be game-changing in his courtroom. "I can't remember a situation where we have had an e-mail that reversed the course of events. In general, they are used to confirm what has already been established by other forms of testimony." Then he adds thoughtfully, "and sometimes used to embarrass."

Not surprisingly, such e-mail or Web postings can be pretty cringe-worthy stuff, as in general they chronicle a rendezvous with a paramour, the printouts being presented in court either to confirm infidelity or to raise the issue of how severely wounded a clients is—and thus how generally worthy he or she is for a larger slice of marital holdings.

So far, he has seen little of sophisticated discovery methods used to retrieve private information. "Rarely is there enough money involved to be able to support this kind of discovery, but in a few cases, we've had companies take computer disks and try to reconstruct erased data," he says, but adds, "I foresee that this area will only get increasingly thorny in its complexity as retrieval technology is perfected."

Watched at Work

Just as all's fair in the digital discovery of extra-curricular romance, your life at work is a total terrarium. If you've been under the impression that you had a right to digital privacy there, think again.

As Lewis Maltby, president of the National Workrights Institute says in his recent book Can They Do That? (Penguin Group USA, 2010), you check your legal right to privacy at the door of your job on the way in. In general, your government-granted right to free speech will not protect you from being fired for expressing your views—even if you express them on your Facebook page or private blog. Meanwhile, anything you say on the phone lines or enter on any equipment at the workplace can be captured electronically and could cause you subsequent grief. And employers have a number of legal ways of spying to catch you out.

A National Workrights Institute (NWI) report on electronic monitoring cites a survey that found 92 percent of American employers practicing some kind of employee monitoring. This might involve using software applications that check Internet usage or e-mail content, listening in on telephone conversations, tracking employees via the GPS in their company-provided cell phones, or eyeballing employees via video surveillance. While leaving work late in the evening can be reassured by security cameras in a parking lot or stairwell, the NWI offers a list of employers who set up video monitoring in bathrooms and changing areas.

Furthermore, your employer does not need to tell you that you are being monitored. Sometimes they like to save it for a surprise. According to the Privacy Rights Clearinghouse Web site, "In most cases, employees find out about computer monitoring during a performance evaluation when the information collected is used to evaluate the employee's work."

What about e-mail sent through your Web mail account? Your employer can't legally monitor that, right? Don't count on it. Apparently the rationale is that since your Gmail or Yahoo account must use the technical infrastructure that your employer provides, the company has a right to read it.

Ironically, your cell phone text messages—even those sent on company equipment—may be protected as private as long as they are saved by the service provider and not saved on the phone itself. Why the difference? E-mail is stored on the company servers and uses network equipment owned by the company. But phone infrastructure is owned by a third party and your company does not directly pay the service provider for storing your data. Apparently that was a key difference that prompted the U.S. 9th Circuit Court of Appeals ruling in Quon v. Arch Wireless on June 18, 2008. The Court ruled that employers need a warrant or an employee's permission to view cell phone text messages that are not stored by the employer or by a party paid by the employer to store them. But stay tuned. That law could change. Last December the U.S. Supreme Court agreed to hear an appeal of that decision. Their ruling is expected later this year.

A handful of states, most notably California, have statutes that afford a bit more worker privacy, and some individuals may have additional protection under union contracts. Workers in the UK and elsewhere in the EU also enjoy more workplace privacy protection. But so far in the U.S., courts have generally ruled in favor of the company when questions arise about worker privacy.

That means there isn't much you can do to protect yourself from workplace snooping, although a number of organizations are promoting new privacy legislation for workers. Privacy advocates have pointed out that we do not separate work and other aspects of our lives as we once did. People answer work e-mail from their homes late in the evening and work on projects on their home computers. As a result, it's only to be expected that employees may sometimes need to handle personal business from work.

Unless stronger legal protections emerge, then, caution is definitely the order for any e-mail sent from a work computer. Packet sniffing applications set to monitor e-mail are set to flag any e-message with sexual content or profanity. In Can They Do That? Maltby recommends avoiding comedian George Carlin's "Seven words you can't say on television," but he warns that some filters catch epithets as mild and generally inoffensive as "damn." To reduce the risk that your messages will be flagged for review, Maltby recommends you learn to talk like your grandmother.

Electronic Free Speech?

Suppose you use your personal laptop and a link at your local coffee shop to post a sharp complaint about company practices to a public message board. If you do it anonymously, your right to free speech should protect you, yes?

Yes. It should, as long you don't harass anyone or say something actionable, like, say, the company has crooked business practices—especially if you don't have proof that that's true. A remark like that could start the legal wheels turning on a lawsuit for defamation—whether you say it about the company you work for, about the firm that developed the netbook or mobile phone you just purchased, or about your neighbor who glares at you every afternoon from across the street.

"The courts have historically found that the First Amendment protects not only an individual's right to speak—but to speak anonymously," says Matt Zimmerman, Senior Staff Attorney with the Electronic Frontier Foundation. As he points out, back when the First Amendment was written, writing and distributing political pamphlets was an active pastime. The Founding Fathers realized that some opinions could only be safely expressed anonymously.

Unfortunately, protecting your anonymity might be a little trickier than that implies. Let's say you post to a popular message board, entering a statement like "the CEO of Great Big Meany Electronics Corporation is a total fathead," and you sign it with your usual pseudonym.

Next week you get an e-mail from Google or Yahoo or whoever holds the message board alerting you that a subpoena has been served on behalf of Great Big Meany Electronics Corp. Unless you take action at this point, your information will go to those requesting it.

"The way the system is set up, the burden is on the person whose information is being sought," says Zimmerman. And you may not have much time to get your ducks in a row. "You might get an e-mail over the weekend and learn that within two weeks you must get a lawyer and file a motion to quash."

The burden would then be on you to go to court and make your case that you were within your rights as outlined by the First Amendment.

At that point, the court would look at the statement in question to decide if it is "capable of defamatory meaning," says Zimmerman. "If the court as a matter of law decides that the statement is capable of defamatory meaning, then the court will generally allow the subpoena to be enforced." If, however, the court decides the statement is not defamatory, it will rule against the release of the information and the suit will go no further.

Unfortunately, you could be targeted to receive a subpoena even if you are not doing anything wrong. That's why in a more perfect—if imaginary—world, Zimmerman would have the plaintiff required to show grounds for defamation before they could secure a subpoena. "Move that burden onto the plaintiff," says Zimmerman. At this point the plaintiff would not need to win a court case, just show cause why an action should go forward. "If the plaintiff has a legitimate case, this is not a very high bar for litigants to meet."

This would deter litigants who may just want to know who is making an anonymous online statement or those who might request the subpoena just to discourage online criticism. "I think a number of people have filed legal action so that they can get access to the legal investigatory power of the courts, knowing that it's a fairly cheap and easy way to get that kind of information," he says.

"The system really skews things in favor of the litigant because if the litigant has filed a lawsuit, that means the litigant has a lawyer and has the resources to pursue it," says Zimmerman. The person on the other end of that subpoena might be engaged in lawful speech, but now has only two or three weeks to figure out what to do. "It's going from 0 to 60, trying to go from uninformed to figuring out how to respond," he explains. "It would be nice if there was a better check in place to level the playing field."

How to Protect Yourself

There are a couple of things you can do to safeguard your right to express your opinion anonymously about the screaming meanies, your dog's ham-fisted groomer, or badly behaving corporations large or small—all while minimizing the risk that your name and other information will be shared. First, if you blog or post on message boards online, head out to the EFF Web site and check out its Legal Guide for Bloggers, specifically the section called "Online Defamation Law." This page clearly explains which kinds of statements are likely to be considered defamatory and which represent protected free speech.

Second, if you receive notice of a subpoena and don't want your information revealed, ask the EFF for help. Send your request to [email protected]. Their site offers a caution: "We have a relatively small number of very hard-working attorneys, so we do not have the resources to defend everyone who asks, no matter how deserving," but it adds "If we cannot assist you, we will make every effort to put you in touch with attorneys who can." So this would be the smart place to start in any search for help.

In "10 Web Trends to Watch in 2010" on CNN, Mashable's CEO Pete Cashmore notes our addictive attachment to real-time information. This cultural shift of expecting digital responses to be instantaneous has some dark undercurrents that threaten your privacy.

In the heat of anger, many have found it's easy and fast to retaliate online. An angry spouse might not just collect those incriminating e-mails or text messages for a court fight, but publish them or send them out to Facebook friends. When you add in the potential for embarrassment from photos, even the strong shudder.

This real-time environment means that damage can be done quickly—and fixes can take much longer.

One prudent protective measure is to maintain an online persona that you control. It certainly can't hurt to have a presence on a site like LinkedIn that will let you define yourself professionally. It's only practical to set up Google Alerts on your name—and possibly a Twilert to track what folks are tweeting about you. Some say having a blog that is updated frequently not only gives you the opportunity to let people know you in a positive light, but it can bury negativity by forcing it down the queue in the searches on your name.

And keep a weather eye on evolving privacy law as it emerges through court decisions and proposed legislation. Until we catch up with our privacy again, set your Facebook friends page to private, don't say anything at work you wouldn't say on the six o'clock news, and don't put anything in a text message that you wouldn't want your grandparents to read.

Laurie Rowell is a freelance technology writer in Issaquah, WA.

 


 

No entries found