2015 Law + Informatics Symposium on Digital Evidence

2015 Law + Informatics Symposium on
Digital Evidence

Friday, February 27, 2015

The Northern Kentucky Law Review and NKU Chase Law + Informatics Institute hosted their annual spring symposium, the Law + Informatics Symposium on Digital Evidence, on Friday, February 27, 2015. The event was held in the Northern Kentucky University George and Ellen Rieveschl Digitorium and was co-sponsored by the Center for Excellence in Advocacy.

The all-day symposium provided an interdisciplinary exploration of digital evidence. Discussion topics included individual autonomy and government security, evidentiary, reliability, digital privacy concerns, drone-obtained evidence, and medical reimbursement fraud. Speakers from across the country participated in the conference and in a final roundtable discussion of various current issues and topics in digital evidence.

  • Michael Losavio, University of Louisville, “A World Information Order – Privacy and Security in a Hyper-networked World of Data and Analysis”
  • Erin Corken, Ricoh Legal, “The Changing Expectation of Privacy”
  • Timothy Ravich, University of Central Florida, “All Arise! Courts in the Drone Age”
  • Jennifer Brobst, Southern Illinois University School of Law, “The Digital Wild Frontier: The Impact of Public Records Requests for Whole Databases and Metadata in Public Health and Criminal Justice”
  • Neil Issar and Edward Cheng, Vanderbilt Law School, “Admissibility of Statistical Proof Derived from Predictive Methods of Detecting Medical Reimbursement Fraud”

The symposium included a student scholarship showcase luncheon. Three law review editors, Kathleen Watson, Casey Taylor, and Lauren Martin, presented on the right to confront technology, warrantless cell phone searches, and computer source code copyright, respectively.

On Thursday, February 26, 2015, as a prelude to the academic symposium, NKU Chase hosted a special screening of The Decade of Discovery, a documentary film about a government attorney on a quest to find a better way to search White House e-mail, and a teacher who takes a stand for civil justice on the electronic frontier. After the viewing, the audience discussed the film with Joe Looby, filmmaker; Jason R. Baron, former government attorney featured in the film; Erin Corken, e-discovery adjunct professor and Ricoh Legal regional review manager; and Joseph Callow, partner and leader of the Keating Muething & Klekamp E-Discovery Litigation Support Group. The film screening was sponsored by Ricoh Legal and Keating Muething & Klekamp PLL.

The symposium was sponsored by Northern Kentucky Law Review, NKU Chase Law + Informatics Institute, Center for Excellence in Advocacy, Keating Muething & Klekamp PLL (film), and Ricoh Americas Corp. Legal (film).

A complete agenda with roster of speakers, biographies, and CLE materials is available here.

Watch the webinar without CLE credit.

About the Law and Informatics Institute: The Law + Informatics Institute at Chase College of Law provides a critical interdisciplinary approach to the study, research, scholarship, and practical application of informatics, focusing on the regulation and utilization of information – including its creation, acquisition, aggregation, security, manipulation and exploitation – in the fields of intellectual property law, privacy law, evidence (regulating government and the police), business law, and international law.

Through courses, symposia, publications and workshops, the Law + Informatics Institute encourages thoughtful public discourse on the regulation and use of information systems, business innovation, and the development of best business practices regarding the exploitation and effectiveness of the information and data systems in business, health care, media and entertainment, and the public sector.

Continue reading

Advertisements

SUPREME COURT RULES THAT POLICE MUST GET WARRANT BEFORE SEARCHING CELL PHONES

Yesterday, the U.S. Supreme Court ruled in two cases – Riley v. California and U.S. v. Wurie (collectively “Riley”) – that police may not search a person’s cell phone just because the phone is in the person’s possession when he or she is arrested. Instead, the police must either get a warrant to search or else rely on case-specific facts giving rise to individualized suspicion that evidence on the cell phone will be destroyed before a warrant can be obtained. The Riley decision was virtually unanimous, with Justice Alito joining only in part.

After David Riley was arrested in California for a firearms offense, police searched his pockets and found a smartphone. Searches of the contents of the phone disclosed: that Riley had used the term “CK,” short for “Crip Killer,” suggesting that he was a member of the Bloods street gang; videos in which unknown persons used the word “Blood”; and a photo of Riley in front of a car involved in a recent shooting. This evidence was introduced at trial against Riley in California state court to prove his involvement in the shooting and his gang membership.

In a separate case, Brima Wurie was arrested on drug charges in Massachusetts, and police seized a flip phone from him. Police noticed numerous phone calls coming from a contact identified as “My House.” Police searched the phone for the phone number of the “My House” contact, then located the address associated with that number using an online directory. Police then secured a warrant for that address and seized drugs, cash, and a firearm, all of which were introduced at his federal trial on drug and gun charges.

Riley and Wurie each conceded that police had authority to seize their phones pursuant to the “search incident to arrest” (SIA) doctrine, which permits police, without a warrant, to search the person of an arrestee and seize whatever they find. They argued, however, that police went beyond that authority by searching the contents of their phones without a warrant.

The Court agreed. The Court distinguished a 1973 case, U.S. v. Robinson, in which it had upheld as an SIA the search of a cigarette pack obtained from an arrestee. In Robinson, the Court had justified the SIA rule on two grounds: preventing the arrestee from accessing an item that could be used to injure the officer or effect an escape, and preventing him from accessing evidence that could be concealed or destroyed. In Riley, the Court determined that inthe context of a cell phone, the first justification is obviously inapplicable. And the government had shown nothing beyond speculation that searching a cell phone immediately was necessary to avoid having its contents encrypted or remotely wiped.

On the privacy side of the ledger, the Court determined that digital evidence is of a completely different character than the non-digital evidence found in the cigarette pack in Robinson. While a limited number of personal items might be carried in a person’s pockets or purse, cell phones (particularly smartphones) carry a virtually limitless number of items that are quite private in nature: potentially thousands of e-mails and phone and text messages, a veritable music and video library, a daily calendar going back years, GPS location information, an internet browsing history, and dozens of apps. Each of these might reveal very personal information about the arrestee. And the Court said that this was true not only of Riley’s smartphone but also of Wurie’s flip phone. In short, the quantity and quality of information contained on a cell phone is different from non-digital evidence that might be found on an arrestee’s person in the same way that “a ride on horseback is [different] from a flight to the moon.”

In some cases, the Court acknowledged, police will have sufficient suspicion both that a cell phone contains evidence of a crime and that the evidence might be destroyed before a warrant can be obtained. In those cases, the police will be able to search without a warrant, but only if they can point to particular facts and circumstances indicating a need to search imminently. Otherwise, they will have to convince a judge to issue a warrant based on probable cause that the cell phone contains evidence of a crime.

Riley has the potential to be a very significant case. Not only does the ruling have the immediate effect of barring searches of cell phones, and presumably other computer devices, incident to arrest, but it also has broader implications. For the first time, the Court has acknowledged and coherently articulated that digital data are different than non-digital data, not only in degree but in kind. In the years to come, Riley will likely be viewed as the case that brought the Fourth Amendment into the 21st century.

 

Michael J. Zydney Mannheimer

Professor of Law

NKU Chase College of Law

518 Nunn Hall

Highland Heights, KY 41099

859.572.5862

mannheimem1@nku.edu

 

 

Ninth Circuit Provides Important Protection To Bloggers

In an important victory for free speech advocates, the Ninth Circuit has joined other courts in establishing that authors protected by the First Amendment need not be journalists to have such robust protections.

In Obsidian Finance Group, LLC v. Cox, — F.3d —- (2014) (filed Jan. 17th, 2014), the Ninth Circuit overturned a lower court decision that limited certain First Amendment protections to institutional journalists. The Court explained that “protections of the First Amendment do not turn on whether the defendant was a trained journalist, formally affiliated with traditional news entities, engaged in conflict-of-interest disclosure, went beyond just assembling others’ writings, or tried to get both sides of a story.”

In aligning the Ninth Circuit with other circuits which have addressed the issue, the court reaffirms that negligence is the minimum legal standard for any case involving matters of public interest (and possibly all cases). To receive general damages without suffering specific harm and to receive punitive damages, the plaintiff must establish that the defendant published the statements with actual malice, meaning intentional knowledge of falsity or reckless disregard of the truth.

In New York Times Co. v. Sullivan, 376 U.S. 254 (1964), the Supreme Court established the modern First Amendment framework. Public officials must prove actual malice to prove liability. Curtis Publishing Co. v. Butts, 388 U.S. 130, (1967), then extended this standard to public figures. A decade later, in Gertz v. Robert Welch, Inc., 418 U.S. 323, 350 (1974), the Supreme Court held that the First Amendment required a negligence standard for private defamation actions. Significantly less than the actual malice standard, it nonetheless established that there could not be liability without fault.

In Obsidian Financial Group, the Ninth Circuit does not suggest the defendant is blameless:

Crystal Cox published blog posts on several websites that she created, accusing Padrick and Obsidian of fraud, corruption, money-laundering, and other illegal activities in connection with the Summit bankruptcy. Cox apparently has a history of making similar allegations and seeking payoffs in exchange for retraction. See David Carr, When Truth Survives Free Speech, N.Y. Times, Dec. 11, 2011, at B1. Padrick and Obsidian sent Cox a cease-and-desist letter, but she continued posting allegations.

The accusations and statements, however, were difficult to view as factual assertions. Where there were assertions of fact, the court explains, the plaintiff must establish the negligence of the statements.

The Ninth Circuit also sidestepped the issue whether the Gertz negligence standard applies to matters of purely private concern. It noted the unresolved question, when it stated that “the Supreme Court has ‘never considered whether the Gertz balance obtains when the defamatory statements involve no issue of public concern.’” (quoting Dun & Bradstreet, Inc. v. Greenmoss Builders, 472 U.S. 749, 757 (1985) (plurality opinion)).

Instead, the Ninth Circuit noted that the blog was made available to the public at large, just as every blog does. Moreover, the court noted that “public allegations that someone is involved in crime generally are speech on a matter of public concern.” So instead of answering whether the negligence standard applies to private matters, the court expanded the realm of public discourse to almost any public accusation.

This strategy has the effect of expanding the negligence standard to almost any claim. It may leave certain personal matters personal, though this is unclear. It could also leave certain formats, such as personal emails, texts, and friends’ lists as matters of purely private concern, but undoubtedly many of allegedly defamatory posts on such platforms will also be matters of public concern.

The distinction between matters of public concern and purely private matters has less and less meaning, and the distinction is likely to continue to erode in the context of defamation, though perhaps remain relevant in some issues involving privacy.

Nonetheless, the case is an important victory for free speech interests. Of course, this does not mean anything can be published with impunity. Negligence is not a terribly difficult test to meet and those plaintiffs who have truly been harmed will still have their day in court. It is difficult to be the subject of online attacks, but the rules of law should apply equally to all speakers, journalists, bloggers, and citizens alike. In the Ninth Circuit, it now does.

Court hands at least temporary rebuke to NSA for domestic spying

nsa

NSA (Photo credit: shawnblog)

The New York Times has been highlighting the federal government defeat in the first lawsuit over NSA surveillance of U.S. telephone and internet activity outside the FISA court jurisdiction. The decision in Klayman v. Obama represents a strong rebuke to the NSA. Written in a tone of outrage, the district court decision emphasizes the profound differences that exist in the current NSA surveillance program from the historical precedents upon which the claim of constitutionality is based.

In Smith v. Maryland, 442 U.S. 745 (1979), the Supreme Court held that the use of a “pen register” was not a violation of the Fourth Amendment because the information sent to the telephone company was a business record provided without a reasonable expectation of privacy.[1] The pen register records only the numbers dialed on a telephone. Any expectation of privacy that could exist in the telephone numbers a person dialed was unreasonable.

From the diminutive pen register acorn, a mighty oak has grown to obliterate the sunlight that once shined light on government activities. That oak is the pervasive surveillance program:

[T]he almost–Orwellian technology that enables the Government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979. … The notion that the Government could collect similar data on hundreds of millions of people and retain that data for a five-year period, updating it with new data every day in perpetuity, was at best, in 1979, the stuff of science fiction. By comparison, the Government has at its disposal today the most advanced twenty-first century tools, allowing it to “store such records and efficiently mine them for information years into the future. … Records that once would have revealed a few scattered tiles of information about a person now reveal an entire vibrant and constantly updating picture of the person’s life.”

Critics of the district court opinion point to the precedent of Smith to suggest that the decision reflects an activist agenda, but proper case analysis requires a judge to look to the facts of a case rather than a simplistic summary of the rule. Factually, the public expects far more privacy in the metadata disclosed on their computers, phones, tablets, and mobile devices than the 1979 consumer expected from the telephone company.

In addition, as the court highlighted, the relationship between the telecommunications companies and the government could be viewed as making the telco’s agents of law enforcement. As agents of the police, the third party doctrine no longer applies.

More importantly, the scale of the surveillance and the mosaic of coverage creates a vastly different experience than that previously adjudicated in Smith or the other decision before the Supreme Court.

In United States v. Jones, 132 S. Ct. 945 (2012), the Supreme Court started to review the potential for wide-scale extensive surveillance. The majority decision demurred on the question, finding a search occurred using common law trespass analogies. But five justices opined that the mosaic of surveillance has a constitutional consequence that will need to be addressed.

Dan Solove has written on both the Klayman decision and the importance of privacy in metadata. His conclusion:

 Smith, and many other Fourth Amendment cases, need to be rethought in light of modern technology where surveillance can be so systematic and pervasive. There is a real difference between being able to engage in a small discrete amount of surveillance and having such broad and sweeping surveillance powers as the NSA is exercising. The challenge is where to draw the lines. This problem exists mainly because Smith still remains viable and must be dealt with. I think it’s time for Smith to be overturned, and so there wouldn’t be such line-drawing challenges.

The Katz approach to expectation of privacy may not be the most useful tool for assessing the scope of pervasive privacy. Despite the coverage of the NSA, I expect that few members of the public can truly comprehend the extent to which the movement of every communication, every Internet-connected device, all information on those devices, the tracking of other objects that are reported to central databases, and photographs and video taken by anyone can be integrated into a pervasive picture of movement. Is this science fiction? Or is it the goal of the NSA five-year strategic plan. Unless the courts or Congress begin to say no to a mosaic of unrelenting surveillance, this plan will be enacted soon. With taxpayer dollars. And without oversight.

The decision is being appealed.


[1] Smith explains the constitutional privacy framework: The Fourth Amendment guarantees “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” In determining whether a particular form of government-initiated electronic surveillance is a “search” within the meaning of the Fourth Amendment, our lodestar is Katz v. United States, 389 U.S. 347 (1967). In Katz, Government agents had intercepted the contents of a telephone conversation by attaching an electronic listening device to the outside of a public phone booth. The Court rejected the argument that a “search” can occur only when there has been a “physical intrusion” into a “constitutionally protected area,” noting that the Fourth Amendment “protects people, not places.” Because the Government’s monitoring of Katz’ conversation “violated the privacy upon which he justifiably relied while using the telephone booth,” the Court held that it “constituted a `search and seizure’ within the meaning of the Fourth Amendment.”

Commission report warns U.S. is losing the spy race from lack of R&D, STEM-education

On Nov. 5, 2013, The National Commission for the Review of the Research and Development Programs of the United States Intelligence Community released an unclassified version of its assessment of U.S. research and development programs, finding that the U.S. is falling behind and highly uncoordinated. [The Report can be found here.]

The Commission making the review was originally constituted at the 9-11 Commission (properly The National Commission on Terrorist Attacks Upon the United States. In 2010, the Commission was reauthorized to serve more broadly on the Intelligence Community readiness.

The New York Times described the report as “blistering … charging that the intelligence world’s research-and-development efforts are disorganized and unfocused.”

The Commission said the lack of investment, coordination, infrastructure and foresight is putting the nation at risk.

U.S. technological superiority is diminishing in important areas, and our adversaries’ investments in [Science and Technology]—along with their theft of our intellectual property, made possible in part by insufficient cyber protection and policies—are giving them new, asymmetric advantages. The United States faces increasing risk from threats against which the IC could have severely limited warning, deterrence, or agility to develop effective countermeasures.

The report is not primarily an intelligence report. The Commission was not focused on the failures associated with the NSA massive – and in some cases unconstitutional – spying campaign. Nor was it tied to the Edward Snowden disclosures and the global embarrassment triggered by those disclosures.

Instead, the report identifies the need to treat intelligence as a global issue that needs broad reforms, such as STEM education and immigration/workforce reform. It identifies a wide range of concerns about the lack of investment in intelligence and the failure to be prepared.

The report calls for much greater data analytics, which will likely be the platform used by the NSA to justify its ongoing activities. Even a pro-intelligence report such as this, however, identifies the need for intelligent data analytics rather than the massive, undifferentiated and largely counter-productive methods currently highlighted by the NSA disclosures. Not surprisingly, the admonitions also demand better coordination, including “development of a new joint program plan between the Director of Science and Technology and the Deputy Director of National Intelligence for Intelligence Integration for Enhanced Integrated Intelligence, which it will use to track, prioritize, and coordinate Enhanced Integrated Intelligence R&D across the [intelligence community].”

“Exacerbating these challenges are U.S. policies that weaken the U.S. R&D talent base,” the report warned.  “As scientific and technical knowledge and the resulting economic growth spread around the world, the competition for R&D talent is increasingly global.”

This is just one of many reports highlighting the continued disarray of the intelligence community, an infrastructure struggling to keep up with cyber-threats and embarrassing the U.S. with political follies.

The report opens with a powerful juxtaposition of quotes that should help guide future discussions:

Failure to properly appraise the extent of scientific developments in enemy countries may have more immediate and catastrophic consequences than failure in any other field of intelligence.

—Task Force Report on National Security Organization (the Eberstadt Report) (1948)

Failure to properly resource and use our own R&D to appraise, exploit, and counter the scientific and technical developments of our adversaries—including both state and non-state actors—may have more immediate and catastrophic consequences than failure in any other field of intelligence.

—National Commission for the Review of the Research and Development Programs of the United States Intelligence Community (2013)

Report of the National Commission for the Review of the Research and Development Programs of the United Sta…

Social Media in the workplace – wide-ranging overview now available

In a recent blog post regarding Sam Moore‘s claim for publicity rights in a fictional film, I provided a general update on publicity rights law because such laws are now being used as part of the social media agreement between the public and such companies as Google and Facebook.

The discussion about continuing evolution of publicity rights doctrine is part of a larger review I have written on the role of social media across the spectrum of media law.  That working paper, Social Media in the Workplace – From Constitutional to Intellectual Property Rights is now available at SSRN: http://ssrn.com/abstract=2348779 or for download.

Social media has become a dominant force in the landscape of modern communications. From political uprisings in the Middle East to labor disputes in Washington State, social media has fundamentally disrupted the way in which communications take place. As noted constitutional scholar Erwin Chemerinsky explained, “technology has changed and so has First Amendment doctrine and American culture. It now is much more clearly established that there is a strong presumption against government regulation of speech based on its content.” Just as the government must tolerate more speech, the same thing is true about employers. Chemerinsky further notes that “for better or worse, profanities are more a part of everyday discourse.” Abrasive speech may be coarse from the word choice or may more readily upbraid the objects of the speech. Whether foul or abusive, such speech now pervades commercial and social media.

Social media fundamentally upends the notion of the traditional commercial media environment and with that, it reverses the established legal doctrine from constitutional assumptions to everyday rules involving copyright, defamation, and unfair labor practice. For employers, these rules are particularly important to navigate because they effect the manner in which the companies communicate with the public, how employees communicate with each other, and how laws are restructuring the employee-employer relationship. The transformation is taking place with changing policies affecting trade secrets, confidential information, copyrighted material, aggregated data, trademarks, publicity rights, and endorsements.

This article highlights the nature of the changes as they present the new paradigm shift and provides some guidance on how to prepare policies for the transitional model. The article tracks the rise of the many-to-many model of social media, its effect on commercial speech, intellectual property, and labor law. The article concludes with suggestions on employment policies geared to managing these changes in the modern workplace.

There will be a CLE program sponsored by the Dayton Intellectual Property Law Association on Friday November 8, 2013 featuring these materials.

Industrial Internet reshapes the “Internet of Things”

In a term coined in 1999, the Internet of Things, relates to a world in which all objects are connected wirelessly to the Internet and therefore to each other. The model requires each device to have RFID or other near field communications technology to communicate, sharing information about the identity, status, activities, and other attributes of the device. Partnered with big data analytics, the information from these devices can paint a robust picture of how objects interact in the world and how people interact with them.

This week, the model was supercharged. According to a report in the New York Times, General Electric hopes to transform this model with what it terms the “Industrial Internet.”

The so-called Industrial Internet involves putting different kinds of sensors, sometimes by the thousands, in machines and the places they work, then remotely monitoring performance to maximize profitability. G.E., one of the world’s biggest makers of equipment for power generation, aviation, health care, and oil and gas extraction, has been one of its biggest promoters. … The executive in charge of the project for G.E. … said that by next year almost all equipment made by the company will have sensors and Big Data software.

Emerging technology allows devices to distribute usage and telemetry data, to receive instructions, to interact with other equipment, and to serve as the communications bridge extending network coverage so that the devices themselves expand the network on which the equipment communicates. The implications are quite interesting.

Perhaps the most important aspect of the development affects critical infrastructure – the fundamental systems operating our water, power, rail, and telecom infrastructure. Properly secured and interactive, the elements of our aging infrastructure could begin to trouble-spot and eventually provide small repairs without the need for 24-hour crews.

GE’s present equipment tends to be large devices, ranging from jet engines to MRI machines. But the concept could well extend to automobiles, bicycles, phones, cameras, and even clothing. Equipped automobiles, for example, could report mechanical efficiency for every system in the car. They could also share vehicle telemetry, providing a real-time map of how each car was driving in relation to every other car driving on the road. The information could be used to alert a driver to road hazards, to dangerous weather conditions, or to the driver’s weaving. The information could alert police to the same conditions and behaviors.

In the workplace, the Industrial Internet will improve atomization, which helps retain U.S. manufacturing but probably at the cost of fewer workers doing more specialized work. It should also be employed to improve worker safety but could easily be adapted to create a workplace in which every movement was tracked. With Industrial Internet name badges, doors would lock and unlock in response to the presence of authorized personnel, but the data analytics would also be able to see which employees spent the most time with which of their peers, and correlate such interactions with post-interaction productivity. Schools could similarly track student movements and behaviors, identifying which resources and faculty were actually utilized and which of those impacted learning outcomes – for better or worse.

Existing rules for workplace and education environments do not take the pervasive nature of the Industrial Internet into account. Assumptions that privacy is a zone around one’s home and person has little relevance to a cloud of data points broadcasting a picture of each person and how that person interacts.

The FTC has taken small steps to explore these issues and regulate obvious abuses, but legislators need to do much more. Absent legislation, current NSA practices will vacuum this data into its Orwellian data trove.

The Industrial Internet promises to translate the Internet of Things into very practical, valuable industrial improvements. Safer planes, smarter cars, more efficient homes all improve people’s lives. Proper regulation will encourage those uses while protecting civil liberties, privacy, and overreach. Perhaps we can craft the policies to avoid the outrage rather than in response to it.