Managing Risks When Laws Don’t Keep Up with Technology
January 2012
Back in 1998, many people were first discovering the Internet through dial-up telephone connections. Google was just being launched in a California garage and the movie “You’ve Got Mail” hit theaters. Cell phones were getting smaller but they weren’t yet smart. Very few people sent text messages. And unless you were in the military, you probably stopped at a gas station to ask for directions rather than consult your GPS device. Social media Web sites were years away from being introduced and wi-fi hot spots didn’t exist at coffee shops.
Why Doesn’t the Legal System Keep Up with Technology? It’s up to lawmakers to pass laws and courts to uphold them. In the absence of new legislation specifically addressing technological advances, courts must decide cases based on laws in place and cases already decided. Our court system is based on precedent and it takes time to build a body of law. Technologies introduced this year may not make it into court for a couple years. And it could take many years for a case to go before the U.S. Supreme Court. Getting laws passed by Congress is typically not a fast process either. Even some proposed bills that have bipartisan support fail to pass or take years to be signed into law. One example is the recently enacted Leahy-Smith America Invents Act of 2011, which makes sweeping changes to patent law including changing the U.S. system from a “first-to-invent” to a “first-to-file” system. The law is the most significant revision to the patent system since 1952. Similar laws had been proposed in Congress in 2005, 2007, and 2009. U.S. Patent and Trademark Office Director David Kappos urged lawmakers to finally pass the legislation, stating: “In the past 50 years, we have seen technology evolve at a faster pace than any other period in history, but our patent laws have not kept up.” Government leaders aren’t the only ones frustrated with the legal system being years behind the way people use technology. In a 2010 Supreme Court case about monitoring employee e-mails, Justice Antonin Scalia commented that “applying the Fourth Amendment to new technologies may sometimes be difficult, but when it is necessary to decide a case we have no choice.” (City of Ontario, California v. Quon) Still, Supreme Court justices have also opined that just because new products are introduced doesn’t mean that old legal standards don’t apply. For example, the High Court ruled in 2011 that violent video games qualify for First Amendment protection. Justice Scalia noted “the basic principles of freedom of speech . . . do not vary with a new and different communication medium.” (Brown v. Entertainment Merchants Assn.) |
It was a simpler time — and safer in terms of the risks individuals and businesses faced in terms of losing confidential information, privacy, intellectual property and more. Data breaches, identity theft, computer viruses and internal fraud are just some of the tech-related risks businesses deal with today. Other risks stem from the fact that laws don’t generally keep pace with technology.
Take the Electronic Communications Privacy Act (ECPA), passed in 1986, which protects wire, phone, and electronic communications. “Today, this law is significantly outdated and out-paced by rapid changes in technology and the changing mission of our law enforcement agencies after September 11,” argues Senator Patrick Leahy (D-VT), who wrote the original law and introduced legislation earlier this year to update the ECPA.
Leahy explains that many of the assumptions Congress made about technology in 1986 are no longer valid and adds: “Updating this law to reflect the realities of our time is essential to ensuring that our federal privacy laws keep pace with new technologies and the new threats to our security.” So far, the updated ECPA has not passed.
Before incorporating new technologies into your business or personal life, consider the legal traps that might be involved. The following five issues that illustrate how laws have not kept pace with technology.
1. Being Tracked with a GPS. The Supreme Court heard arguments in a case it will be decided in 2012 that asks: Do police need a warrant to install a GPS device on a suspect’s vehicle? Is it different from cops conventionally watching and following a suspect in unmarked cars? In the case (U.S. v. Antoine Jones), law enforcement officials placed a GPS on the vehicle of Jones’ spouse. Police tracked the vehicle to a drug “stash house” and GPS data was among the evidence that led to a conviction for drug crimes.
The U.S. Court of Appeals for the District of Columbia ruled that use of the device intruded on Jones’ “reasonable expectation of privacy.” The Supreme Court will now decide whether placing a GPS on a vehicle without consent or a warrant constitutes a search under the Fourth Amendment.
The case may essentially update the centuries-old Fourth Amendment, which guards against unreasonable searches and seizures.
2. Cell phone data and information stored “in the cloud.” Many smart phones have GPS capabilities and store all sorts of other information about an individual through Internet searches, photos, text messages and telephone calls.
Can the police search a cell phone without a warrant? It depends. As the Electronic Frontier Foundation (EFF) explains, police cannot generally enter a home and search a computer or cell phone without a warrant. But if an individual is arrested or pulled over while driving, the police may be able to take the items in his or her pockets and car.
“Some courts go one step further and allow the police to search the contents of your cell phone, like text messages, call logs, e-mails, and other data stored on your phone, without a warrant,” the EFF states. “Other courts disagree, and require the police to seek a warrant. It depends on the circumstances and where you live.”
Police also may not need a search warrant to access certain data stored on Internet cloud platforms for a specific amount of time. This may include e-mail messages or call location, which law enforcement officials may be able to obtain from Internet service providers (ISPs) or cloud services.
Courts have issued conflicting rulings on whether or not warrantless e-mail searches can be conducted. In one case, the U.S. Court of Appeals for the Sixth Circuit notes that by obtaining access to someone’s e-mail, “government agents gain the ability to peer deeply into his activities.”
E-mail messages today, the Court states, is an “indispensable part of the Information Age” and the equivalent of telephone calls or letters dropped off at the post office.
“If we accept that an e-mail is analogous to a letter or a phone call, it is manifest that agents of the government cannot compel a commercial ISP to turn over the contents of an e-mail without triggering the Fourth Amendment” need to obtain a warrant, the Court adds. (U.S. v. Warshak, 6/16/10)
The proposed update to the Electronic Communications Privacy Act would require a search warrant before obtaining any data stored on the Internet, but as explained above, the legislation has not passed.
In other words, while law enforcement officials generally need a search warrant to seize a document in a company file cabinet, they may not need one to access the same information stored on a cloud computing service.
With businesses and individuals storing more important information in the cloud, it is important to know this data could become evidence in litigation or an investigation without the knowledge of users.
3. E-discovery on mobile devices. Many employees conduct company business on their personal smart phones or tablet computers. However, companies may not be aware that data stored on employees own devices can be required in litigation or a regulatory investigation. If an employer can’t produce the information, it could be charged with evidence spoliation (destroying or suppressing). Courts have not yet addressed this issue.
4. Posting on Social Media. Years ago, people complained about their jobs to their friends and family members. Today, they may go on social media sites and post negative comments. Some people have been fired or disciplined because they violated policies that prohibit employees from making disparaging or embarrassing remarks about their companies.
But employers should be aware that some badmouthing is legally protected.
The National Labor Relations Board (NLRB) recently issued a report explaining that workers have the right to discuss matters affecting employment among themselves. Under the National Labor Relations Act, both union and non-union employees can engage in “protected concerted activity” — which means they can come together online or offline to talk about working conditions, benefits and other aspects of their jobs.
The NLRB report stated that when one employee posts a work-related comment or complaint online and co-workers respond to it, the exchange becomes “concerted activity.” However, that doesn’t mean all social media posts by employees are protected. In some cases, courts have upheld terminations due to employees’ social media conduct. The issue is complex and has not been fully addressed in the legal system. Companies should consult with their attorneys about their social media policies and before terminating or disciplining employees for posting online.
5. The Definition of a Computer. Some businesses run into trouble because they entered into agreements involving technology before new devices were released.
For example, an employee at one Washington computer gaming business signed a non-competition agreement years ago stating he would not compete with the company in “the computer gaming business” for two years following his departure. After the employee left the company, he began designing smart phone game software. The company argued the non-compete contract was violated because a smart phone is a computer.
A U.S. Appeals Court noted that “the term ‘computer’ itself is ambiguous in light of the objectively blurry line between personal computers and devices like smart phones which can perform many of the same functions — including the capability to support games.” But the court added that smart phones “remain popularly understood as distinct devices.” Therefore, the court denied a preliminary injunction to prevent the employee from creating smart phone gaming software for two years. (Richey v. Metaxpert, LLC, U.S. Ct of Ap. 9th Circuit, 12/28/10)
The case demonstrates the need for companies to clearly define contract terms, and in some cases, update agreements when new technology devices are released.
As you can see, applying old laws to today’s digital landscape can be challenging for the legal system and risky for individuals and businesses. By taking proactive steps, you can help mitigate the hazards while enjoying the benefits.