Sunday, May 9, 2010

More on Email Privacy

I've been writing about email privacy with City of Ontario v. Quon and Stengart v. Loving Care, how about an encore from New York: People v. Klapper. Factually, People v. Klapper is pretty straightforward. The defendant, Andrew Klapper, was a dentist who installed keystroke logger on his office computers. As a result, when one of Mr. Klapper's employees accessed a personal email account from a work computer, Mr. Klapper learned the employee's email password, which Mr. Klapper later used to access the employee's personal email himself. As a result, Mr. Klapper was charged with Unauthorized use of a Computer, which appears to be a New York state law analog of the Computer Fraud and Abuse Act

Now, from an intuitive standpoint, what Mr. Klapper did seems wrong, and I would like to think that the law provides some disincentives for behavior like that engaged in by Mr. Klapper. However, that's a relatively minor point, as there's lots of behavior that people may find objectionable that the law doesn't prohibit, or even frown upon. Indeed, from the decision in this case, it appears that Mr. Klapper's activities fall into that broad class of behavior, as the judge dismissed the charges against him as facially insufficient. What isn't a minor point is the reason given for dismissing the charges. According to Judge Whiten

In this day of wide dissemination of thoughts and messages through transmissions which are vulnerable to interception and readable by unintended parties, armed with software, spyware, viruses and cookies spreading capacity; the concept of internet privacy is a fallacy upon which no one should rely.

It is today's reality that a reasonable expectation of internet privacy is lost, upon your affirmative keystroke.
Compound that reality with an employee's use of his or her employer's computer for the transmittal of non-business related messages, and the technological reality meets the legal roadway, which equals the exit of any reasonable expectation of, or right to, privacy in such communications.

I don't like the end result of the case, but the reasoning behind it is an abomination which should be stricken from the face of history. If anything that you type into a computer is considered to not be private (i.e., "a reasonable expectation of internet privacy is lost, upon your affirmative keystroke"), then everything I do, including work done for clients that I have asserted is covered by attorney-client privilege, is potentially public and could be considered fair game for anyone who wants to request it in litigation. This would be a complete surprise for me, and, I'm guessing every other practicing lawyer in the country.

In any case, I expect that the reasoning behind People v. Klapper is unlikely to be considered persuasive in many cases going forward. However, the fact that it appeared in even one case serves as a reminder that, when it comes to information privacy law, relying on even the most basic principles can be a dicey proposition.



Robin Wilton said...

Excellent post... and what a bizarre judgement.

Seems to me that (i) the employee should have taken more notice of the employer's policy about 'personal use' (even if that is, these days, perhaps somewhat old-fashioned); (ii) Mr Klapper might have been justified in taking steps to tell if personal use was in progress, but exceeded his authority by accessing the employee's account.

Those wrongs don't excuse the bizarre conclusion of the judge, though. For instance, what is the legal definition of an "affirmative keystroke", for goodness' sake? Are some keystrokes affirmative and others not, or some more affirmative than others? And if all keystrokes are definitively affirmative, what is the point of Digital Signature laws? Surely any "affirmative" [sic] keystroke would suffice to give the same weight as a physical signature.

The judge also seems, fatally, to equate a 'right' to privacy with an 'expectation' of privacy. Surely, I can have expectations of things to which I have no right, and rights which I have no expectation of being fulfilled. The two occasionally co-incide, but certainly not because they are the same. I despair...

electronic signature pdf said...

Digital signature turn out to be most effective way that help maintain email privacy as these are used for authentication,Encryption and decryption.But very less people yet use this.The rarely care unless they face any problem

Runescape Money said...

Therefore, as you'll be able to see, there are loads of Runescape weapons to select from Runescape Gold. I have only named 25 percent at the majority of what's on the market.It takes a whole lot of perform to become in a position to wield these kinds of weapons, and ordinarily there is a quest to do to acquire them Cheap RS Gold.Training in Runescape can mean either gaining greater combat levels, or gaining higher skill levels.

Anonymous said...

You also need to buy from the merchants of different cheap guild wars 2 gold materials, can be found through the monster fall, fishing, chest, or other players to attain rare material in WOW.

Vivian Salvatore said...

Guild Wars 2 Gold I want to keep pretty well balanced to stay attractive any kind of scenario. Buy D3 Gold Until you plan to trait pertaining to crits, I might recommend stability.