Round 2: Facebook under fire once again, but this time for scanning private messages

In a previous post, we discussed the lawsuit filed against Facebook in Illinois for its facial recognition technology. Surprisingly, Facebook is under fire once again for its data collection methods. This time Facebook may have violated federal privacy laws by scanning user’s private messages. A class-action lawsuit was filed on May 18, 2016 against the social media site. The suit claims that Facebook was scanning and logging URLs sent through its private messaging system. The plaintiffs claim Facebook scans these URLs to better advertise to its users by providing more user-targeted ads. Facebook has said they engage in the practice of scanning URLs for anti-malware protection and to comply with industry standards on child pornography searches. The company also said URLs are scanned in bulk and that URL data is anonymous. This statement originally made it seem like Facebook would not be able to come up with user-targeted ads by scanning private messages. However, the company later said they may have also used their scanning for advertising purposes and to boost “like” counts.

If Facebook did use their system to better target users with their advertisements, the social media giant may have violated the Electronic Communications Privacy Act and the California Invasion of Privacy Act. Attorneys for the plaintiffs’ were able to gain an abundant amount of information about the site’s data collection methods, but there were some exhibits that were still sealed. After engaging in the discovery process, the plaintiffs’ attorney said “the records that Facebook creates from its users’ private messages, and which are stored indefinitely, may be put to any use, for any reason, by any Facebook employee, at any time.” This statement definitely would shock Facebook users and may be the reason Facebook is aggressively fighting the lawsuit.

Facebook continues to argue that their users remain anonymous after their private messages are scanned. The plaintiffs completed a technical analysis on their own to disprove Facebook’s claims and they were successful. The analysis showed that Facebook collected the date, time, content, sender, and recipient of each private message. Attorneys for Facebook said they were”speculative” of this analysis.

Although the plaintiffs may succeed in their lawsuit against Facebook, they should not expect any monetary damages. The court ruled that Facebook can be prohibited from scanning private messages in the future, but the company would not be required to payout the plaintiffs because the company’s  conduct did not result in actual harm. Everything shared on Facebook is often shared on purpose, but users should have been able to expect privacy when sending private messages. The plaintiffs filed an amended complaint. Facebook continues to hold its position that it never aimed to compromise the security or identity of its users to third parties.

Source referenced: The Verge

Facebook under fire for Facial Recognition Technology

In a previous post, we discussed how we will be seeing a rise in litigation over biometric data in the near future. Facebook’s photo tagging lawsuit is one of the first examples. Despite Facebook’s attempts to throw out the case, a federal judge has permitted a class action lawsuit against the social media giant’s facial-recognition technology. The technology automatically matches names to faces in photos uploaded to Facebook. It was an attempt to make “tagging” friends easier for users and first became available in 2010.

The case was initially filed in Illinois and has since transferred to California. The suit alleges that Facebook’s facial-recognition technology violates an Illinois Biometric Information Privacy Act (BIPA) statute by not informing users about the collection of biometric data. Facebook has said that photo-tagging is disclosed in its terms of service and that users can opt out of the technology at any time. Judge Donato, the San Francisco federal judge who denied Facebook’s request to toss the lawsuit, said protecting the privacy of its users must be a priority for Facebook and that collecting biometric data without their permission is unethical. Facebook previously said they invented the technology to help users, but did not comment on Judge Donato’s decision.

Why is Facebook being targeted?

Facial recognition technologies have been widely used by other social media websites and apps as well. Snapchat is a great example. The app uses the front-facing camera to put “filters” on the user’s face. Like Facebook, Snapchat is known to use facial recognition technology to store information about its users. This brings up the question of why Facebook is being targeted, while other social media websites and apps seem to be getting a free pass. The answer is actually quite simple: Facebook is too good at facial recognition. When comparing Facebook’s facial recognition technology to the FBI’s system, Facebook performs much better. According to Facebook, they are able to identify a person correctly 98% of the time. The FBI’s General Identification system only identifies people correctly 85% of the time. Part of the problem with the FBI’s system is that they are only able to recognize photographs taken straight on, such as a mugshot, whereas Facebook can identify users in nearly any setting. The FBI also has a larger database than Facebook to search. Facebook’s facial recognition software has become one of the world’s most advanced systems in the world and this lawsuit may be seen as an attempt to curve their power and capabilities.

Sources referenced:

1. ABA Journal
2. USA Today
3. NPR

California Authorities and Biometric Technology

Police Departments and Biometric Data

Police departments in California have been using biometric data to identify fingerprints and recognize faces in an effort to find suspects. Agencies around the state have been using smartphone cameras and mobile apps to recognize faces of suspects. Los Angeles, San Jose, and a couple of other agencies use fingerprint data from biometrics to match them with criminal files. Some police departments are also beginning to use tattoo and iris recognition to catch lawbreakers. Los Angeles County police departments are willing to go as far as using DNA recognition and analysis to catch criminals, but this new technology will likely come with a hefty price tag. The facial and tattoo recognition biometric technology has already cost $2 million and the next step of the technology can cost up to $10 million.

Why are Los Angeles Country Police Departments in the Spotlight?

Los Angeles County police departments seem to be at the forefront of biometric technology. This may be a result of the San Bernardino Shooting. As people around the nation were watching Apple and the FBI battle over unlocking the San Bernardino shooter’s phone, something else was going on in Glendale, a city only an hour away from San Bernardino. Authorities in Glendale had found a phone that belonged to an Armenian gang member. When they found the suspect’s girlfriend,Paytsar Bkhchadzhyan, authorities wanted her to unlock her phone so they could get more information about the alleged gang activity. Her iPhone was protected by her fingerprint, but she was required to comply with the authorities and provide her fingerprint. This forced many to ask the question of how far the government could go to obtain fingerprints and other biometric markers.

Is the government going too far with biometric data?

Many lawyers and scholars were outraged after Bkhchadzhyan was forced to provide her fingerprint. Law professor Susan Brenna said the contents of a phone may be incriminating and therefore forcing someone to provide their fingerprint may be a violation of the 5th Amendment. Bkhchadzhyan’s finger was seen as testimony by many scholars and the information in the phone was seen as physical evidence. The US Supreme Court allows authorities to search phones and has permitted authorities to compel people in custody to provide fingerprints without a judge’s permission. Many people were upset by this issue of forced unlocking with a fingerprint, but others argue that the information found in a phone is similar to something that would have been found with a warrant. George Dery, a law professor and a lawyer, said, “Before cell phones, much of this information would be found in a person’s home. This has a warrant. Even though it is a big deal having someone open up their phone, they’ve gone to a judge and it means there’s a likelihood of criminal activity.”

The legal battle between Apple and the FBI really forced many people to take a critical view at the government and how authorities may be collecting too much information about average Americans. Although it was uncommon to see lawsuits over fingerprints and biometric data in the past, we expect to see a lot more litigation on this issue in the coming years. Since police departments in California are working on purchasing newer technologies to gather more data, we may see more lawsuits arising in the state in the near future.

Sources referenced:

1. ABA Journal
2. PC Mag
3. Los Angeles Times

The Rise of the Blawggers

Although the National Law Journal may no longer have a Legal Blog Watch, law blogging has reportedly been flourishing in the past years. More and more lawyers are blogging, whether it is to draw potential clients or to market their expertise. In fact, 18 of the top 25 law firms in the nation regularly blog, according to Am Law’s 200 Blog Benchmark Report. The agency found that between the years 2008 and 2015, they saw an exponential growth in the number of law firms blogging. In less than a decade, they reported seeing 74 law blogs increase to 692. However, these reports might be too optimistic.

The American Bar Association’s Legal Technology Survey Report also found an increase in the number of bloggers, but not anything as significant as Am Law’s report. They found that only 26% of law firms reported having a blog in 2015. While this is up from the 22% in 2012, the number has decreased from the 27% they saw in 2013. As it is clear to see, Am Law and the ABA are conflicted on how big of an increase there has been in the number of blawggers. The ABA also found that blogging and blog readers have changed. In the past, someone would post a blog and the comments sections would be monitored by an editor. However, most blogs do not have an editor now. Due to this, blogs can and have become a place for rivalries to take shape over controversial legal issues. Rivalries in the comment section have also moved to Twitter and other social media sites.

While some might say the blogosphere is slowing dying out, others argue that only the best blogs are still publishing. Whereas in the past everyone was posting with mediocre quality material, only the best law firms are posting today. Above the Law and SCOTUSblog are prominent examples. Staci Zaretsky, one of the writers for Above the Law, has a different viewpoint on the blogosphere. She says most people do not necessarily view blogs as blogs anymore, but more as sources of information. It has become a way for younger generations to learn the news. Lawyers often start off ambitiously with their blogs, but slowly lose energy and new information to talk about. Some lawyers say they simply run out of things to say, while other say it takes too much time and energy to post regularly. Kashmir Hill, a journalist from San Francisco, believes it is absolutely necessary to revive the blogosphere. As a journalist, she relies on a lawyer’s side of the story. She often turns to blawggers to find the legal implications of her stories and wants to see a rise in the number of legal blogs.

While we may not be sure about the future of law blogging, there is certainly an effort being made to revive the practice. Since more and more people are turning to law blogs as a source of news and information, it is important to have up-to-date and current blogs. An approach many lawyers are taking is listening to their clients and asking them about issues they want to know more about or care about. By taking this approach, bloggers become experts in the field. Hilary Bricken of Canna Law Blog says law blogging is “a very powerful tool in this advanced technological age.” We hope more young attorneys will be inspired to become law blawggers in the future.

Source: ABA Journal

Do lawyers have an ethical duty to replace hacked client funds? It depends.

The North Carolina State Bar released an ethics opinion regarding an attorney’s responsibility when a client’s money is stolen by a hacker. The ethics opinion, which did not address the legal liability of the attorney in such situations, focused on the attorney’s duties to maintain computer security. Attorneys should educate themselves about the risks of security banking and hire technology consultants for any advice. Staffers should be adequately trained on trust-account management and taking proper safety measures when it comes to client’s confidential information.

Attorneys have an ethical responsibility to replace the client’s stolen funds if the attorney’s failure to take safety precautions was the proximate cause of the trust account theft. In plain language, the attorney should replace the funds if the funds were lost as a result of the attorney’s mistake. The opinion provided a hypothetical scenario in which a lawyer carelessly wires money to a spoof email set up by a hacker. The lawyer had previously been told to contact the seller by phone before any transactions, but he did not bother to do that. As a result of the lawyer’s mistake, his client lost money. Instead of immediately wiring the money, the lawyer should have contacted the seller directly. By doing this, he might have found out about the hacker’s spoof email. In this case, the lawyer has an ethical duty to replace the funds.

Lawyers are advised to immediately notify their client of any stolen money and help them identify ways to cover the losses. The hope is that lawyers will be more careful with their client’s funds and take the best security measures to protect their client’s personal information. These ethical standards from the North Carolina State Bar are only standards and cannot be imposed on attorneys. There may not be a clear-cut answer on whether or not attorney’s should replace hacked client funds, but the State Bar has attempted to outline a set of ethical guidelines.

Source referenced: ABA Journal