Ethics, Week 5: Feb 12

• Book publishers have already agreed to kindle distribution
• the synthetic voice has no inflection or emotion
• No copy is made [is this a legitimate argument?]
• Amazon is a leading seller of audiobooks; arguably they don't see a negative effect on the market.
  
• what about reading for the blind?
• what about conventional-text-to-braille scanners?
• existing audiobook formats (CDs) are unsatisfactory
• use is transformative
  

• The kindle infringes on the right to create audio recordings of books
• publishers thought this was a text-only deal
• people who buy e-books to listen to while driving now may not buy the audio book.

Benefits:

• tracking graduation records
  
• tracking how programs & funding affect student performance

Drawbacks:

• cradle-to-grave tracking of behavior issues, sometimes unsubstantiated
  
• potential availability to employers, etc
  
• identity theft
  
• errors

Is such a database a good idea?

Related "database-matching" issue: should the government be able to link databases of:

• men receiving student aid
  
• men registered with the selective service (draft)?

Joe the Plumber

• no license (but he wasn't a contractor; he might need a journeyman's license; this is unclear)
• back taxes: $1,182 to Ohio
• child support: Helen Jones-Kelly: director of Ohio Dept of Job & Family Services, authorized a check on Wurzelbacher's child-support payments.  Julie McConnell, of the Toledo Police Dept, has been charged also. Apparently neither case went anywhere, but Jones-Kelly has since resigned.
  
• divorce records: 2006 income was $40K
• voter records: he's registered, but his last name was misspelled "Worzelbacher"
• related to Robert Wurzelbacher (not!), son-in-law of Charles Keating & convicted of Savings & Loan fraud; served 40 months in prison

Search records and computer forensics

• Barber had recently taken out a large life-insurance policy on his wife
• Barber was having an affair
• Barber was heavily in debt
• April Barber's family was sure Justin did it
  

Workplace privacy of email

Smyth v Pillsbury, 1996

Federal District Court within Pennsylvania, 1996. Case was dismissed after a preliminary hearing (not a trial).
The District Court opinion is at http://cs.luc.edu/pld/ethics/smyth_v_pillsbury.html.

Whatever happened to the CONTRACTUAL issue? Hint: there is a long history of cases upholding "employment at will" doctrine. Judge: Charles Weiner

How would the case have been different if:

• pillsbury had an email policy allowing such access?
  
• pillsbury had no policy at all?
  

Circumstances when you CANNOT just fire someone:

• contractual or union protections
  
• firing for refusal to do illegal acts
  
• firing for racial, ethnic, & religious discrimination (civil rights act)
  
• firing for age discrimination
  
• whistleblower protection
  
• Americans with Disabilities Act protections

Does OWNERSHIP of the email equipment matter? No!!

• ownership of a phone
  
• ownership of stationery
  
• ownership of an apartment building

Bourke v. Nissan:

Shoars v. Epson: California

Alana Shoars was involved in email training at Epson. She found supervisor Hillseth had been printing and reading employee emails. She objected, and removed some of the printouts from Hillseth's office. She also reported the incident to Epson's general manager. Hillseth then had Shoars fired, allegedly because she had asked for a private email account that was not accessible by Hillseth. Epson had informed employees that email was "private and confidential". California had a law prohibiting tapping of telephone lines. The law may have covered other communications, but that part was dismissed on a technicality: tapping alone didn't constitute eavesdropping, and the eavesdropping issue was never brought up.

Discuss Smyth v Pillsbury:

Contract v Tort: Judge held that corporate eavesdropping is not offensive. Duh. (Could it be offensive IF the company had promised not to??)

Judge says Smyth lost because email was "utilized by entire company" and Smyth's emails were "voluntary".

Were they?

Reasonable expectation of privacy does NOT mean the search is "offensive". Only searches that are "offensive" would allow legal action regarding firing of an "at-will" employee.

Judge: Pillsbury's actions did not "tortuously" invade privacy

unstated by judge: prevention of sexual harassment as justification. This provides a legitimate "motive" for corporations to read all employee email.

Arguably, though, the Smyth kind of talk between "buddies", with the self-image projected to fit that context, is EXACTLY what some interpretations of privacy are about. Not all context is "professional".

What if Pillsbury recorded water-cooler or bathroom conversation?

What the heck is a "reasonable expectation of privacy"??? "In the absence of a reasonable expectation of privacy, there can be no violation of the right to privacy."

Could Smyth have sued for DAMAGES, instead of reinstatement?

Footnote to judge's ruling: ["estoppel" is eh-STOP-uhl]

Jurisdiction problems: what if one party to an email lives in a state that grants statutory privacy protections? This problem comes up all the time with phone calls:

Worldcom case: Plaintiffs were Kelly Kearney and Mark Levy; they worked for a company acquired by Worldcom. Their calls were recorded in Georgia, but plaintiffs were calling from California, which forbids recording without notification of ALL parties.

Massachusetts case: jurisdiction depends on where wiretapping physically took place, not where the speakers were. How does telephony relate to email? What is our expectation of privacy? 

What about use of, say, a personal gmail account while at work? If employer monitors transactions with gmail.com? If employer obtains email from google directly?

Loyola policy: luc.edu/its/policy_email_general.shtml (discussed below)

Persistence: email sticks around, although people USE it as if it were like the phone.

Dr Parle Paul, MD, would take home discarded hospital equipment. He would sell it or send it to clinics in Yugoslavia, his homeland. He got permission to take five discarded refrigerators. Unfortunately, he apparently did not have the RIGHT permission.

Oops.

He was fired, and filed suit in state court for reinstatement and for defamation.

A jury trial resulted in a verdict in Paul's favor, both for damages and reinstatement. Superior court affirmed. The appellate court reversed the reinstatement order.

From the appellate decision:

Equitable estoppel is not an exception to employment at-will. The law does not prohibit firing of an employee for relying on an employer's promise.

Exceptions to the [at-will firing] rule have been recognized in only the most limited curcumstances, where discharges of at-will employees would threaten clear mandates of public policy. [some such: racial/ethnic discrimination, whistleblowing, refusal to commit illegal acts, unionizing, ...]

Look at this another way. Smyth and his lawyers knew that he could be fired for any reason, regardless of Pillsbury's promises to the contrary.

Smyth was asking for application of the TORT of invasion of privacy to be applied. A "tort" is essentially a common-law right that has been breached, as opposed to a contractual right. Tortious invasion of privacy exists, but the standards are high and privacy must be a reasonable exception.

In court cases, you can't add 30% of an argument for equitable estoppel and 70% of an argument for tortious invasion of privacy to get 100% of a case. ONE argument must be 100% sound.

Bottom line, there is "no reasonable expectation of privacy for work email" and they can read it even if they promise not to.

That last part fits in with longstanding law regarding employment-at-will.

The main issue is really the "no reasonable expectation" part, since that blocks civil tort suits. Even if "reasonable expectation" is highly subjective.

Loyola's policy on email

Privacy on University electronic mail systems [1997-1998] http://www.luc.edu/its/policy_email_general.shtml

In the section subtitled "Privacy on University electronic mail systems", seven reasons are given why someone else might read your email:

The University community must recognize that electronic communications are hardly secure and the University cannot guarantee privacy. The University will not monitor electronic mail messages as a routine matter. But the University reserves the right to inspect, access, view, read and/or disclose an individual's computer files and e-mail that may be stored or archived on University computing networks or systems, for purposes it deems appropriate. There may arise situations in which an individual's computer files and e-mail may be inspected, accessed, viewed, read and/or the contents may be revealed or disclosed. These situations include but are not limited to:

1. During ordinary management and maintenance of computing and networking services,
   
2. During an investigation of indications of illegal activity or misuse, system and network administrators may view an individual's computer files including electronic mail,
   
3. During the course of carrying out the University's work, to locate substantive information required for University business, e.g., supervisors may be need to view an employee's computer files including electronic mail,
   
4. If an individual is suspected of violations of the responsibilities as stated in this document or other University policies,
   
5. To protect and maintain the University computing network's integrity and the rights of others authorized to access the University network.
   
6. The University may review and disclose contents of electronic mail messages in its discretion in cooperating with investigations by outside parties, or in response to legal process, e.g., subpoenas,
   
7. Should the security of a computer or network system be threatened

Some possible protections (not actually implemented):

Protection against items 5,7: If your email is examined because we believe your account has been compromised, any contents implicating you on other matters and associated with your legitimate use of your account will NOT be held against you (except in cases of ????)

Protection against 1: If your email is examined accidentally or as part of routine system maintenance, any contents implicating you on any matters will not be held against you (exceptions???)

[While these would not be enforceable for staff, they WOULD be for

• students: really customers
  
• faculty: if tenured (that is a contract)
  

Legit: 2, 3 [maybe], 4 [but what grounds for suspicion?] Item 6 could be clearer that outside investigations must be part of law enforcement;

Electronic Communications Privacy Act, 1986

1. The provider exception;
   
2. The ordinary course of business exception
   
3. The consent exception.

Generally, most employer monitoring falls under one of these. Note that the "provider" exception is a specific feature of ECPA; ownership of the hardware does not create a general right of access and in particular ownership of a telephone system does not create a right to eavesdrop.

Phone surveillance in the workplace
Keystroke monitoring
Location monitoring

Do computers empower workers, or shackle them?

While we're on the topic of ECPA, there is:
    Title I, covering electronic communications in transit
    Title II, the Stored Communications Act.
The latter has much less stringent restrictions.

ECPA amended the Wiretap Act of 1968.

In the case US v Councilman, the government had argued that interception of email as stored on servers temporarily while being routed to their final destination did constitute "interception" for the purposes of the Wiretap Act. The District Court and a 3-judge panel of the Appellate Court ruled that, no, it did not. In 2005 the 1st Circuit court ruled en banc that, yes, it applied to data stored temporarily on disks (filesystems) as well.

Note that the issue here is not government access to electronic communications.

Case is at http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf

Warshak: spammer promoting "Enzyte" for "natural male enhancement" He was a suspect in a fraud case. The gov't got an order from a US Magistrate asking for his email records. The emails were turned over to him.

Eventually Warshak found out about this:
Warshak: get a search warrant!
US: all we need is subpoena (much weaker)

• subpoena v search warrant: latter is stronger
  
• warrant for unopened email, subpoena for opened?? (stored-document doctrine)
  
• Subpoenas give you a few days to comply. Warrants do not.
  
• Subpoenas may or may not be issued by a court! But for search warrants *must* be court-issued
  
• Search warrants are supposed to describe precisely what is being sought.
  
• Phone calls: need warrant (supreme court Katz v US case, 1967) [Patriot Act created some new classes of search warrant, but the basic principle remained.]

Are subpoena rules for email overly broad?
US argument: users of ISPs don't have a reasonable expectation of privacy.

This is clear for employer-provided email, though there's no reason to suppose loss of privacy extends to the government.

But what about commercial email? Here's an imaginary Yahoo Terms-of-service by Mark Rasch, from securityfocus.com/columnists/456/3 :

Because a customer acknowledges that Yahoo! has unlimited access to her e-mail, and because she consents to Yahoo! disclosing her e-mail in response to legal process, compelled disclosure of e-mail from a Yahoo! account does not violate the Fourth Amendment.

The point here is that because Yahoo has access to your email, the gov't thinks that all your email should be treated just like any other commercial records. You have no "expectation of privacy".

Govt' argued that this case was like the 1976 _US v Miller_ case, where bank records were found NOT to be protected

Stored Communications Act, part of ECPA
    email stored 180 days or less: gov't needs a warrant
    more than 180 days: warrant, subpoena, or court order
See http://www.usdoj.gov/criminal/cybercrime/ECPA2701_2712.htm
§2703 (a): less than 180 days (b): more than 180 days

Warshak was arguing that the gov't should need a warrant for ANY of his email.

District court Warshak won. (Quote from full 6th circuit decision)

3-judge panel of 6th circuit appellate court: Warshak won, June 2007. The decision was far-reaching, not specific to the facts at hand. The decision was by a 3-judge panel. From the ruling:

October 2007: 6th circuit agrees to _en banc_ review (whole court)

July 2008: full court ruled that the case was not "ripe": broad question was not ready to be addressed.

The ripeness doctrine serves to "avoid[] . . . premature adjudication" of legal questions and to prevent courts from "entangling themselves in abstract" debates that may turn out differently in different settings.

Conventional wisdom as to why the supreme court is not likely to hear the case: they would have to find that the case was "ripe", and they are much more likely to wait for a case where "ripeness" is more evident. (See Eugene Volokh, volokh.com/posts/1176832897.shtml) Traditionally, the courts consider 4th-amendment cases "after the fact".

Gmail: all gmail is "read" at google. Just not necessarily by people.

• to detect terrorism
  
• to detect criminal activity
  
• to detect hacking targeting the ISP
  
• to detect protests about lack of "net neutrality", and slow down your service as retribution?

gmail

All gmail is read at google. Just not necessarily by people. Does this matter?

What could google do with the information it learns about you?

What could the government do, if they had access to any of it?