FTC Says Bloggers Must Disclose Freebies
by Aaron Titus
The FTC recently announced new guidelines requiring bloggers to disclose when they get freebies in exchange for reviews. Adopted by a vote of 4-0, this is the first update of the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising in 29 years. The rules go into effect on December 1, 2009.
[Focus on Privacy] E-Mail Privacy: A short-lived dream?
By Patrick Romero and Michael Santarcangelo
Previously, we explored whether you should be issuing and relying on email disclaimers. This week, we look deeper into email communication to find out if your emails are considered private communications or not.
When speaking with audiences, this is a topic that generates a lot of questions, opinions and sometimes controversy. While everyone is entitled to his or her opinion on the topic, we wanted to take a look at any legal grounding to form a more complete answer.
In the business world, the answer is pretty clear: if you are using the resources of your company, then you have no expectation of privacy. However, what about when you’re using your personal email account, on non-company resources? Do you have a reasonable expectation of privacy for those messages?
The crux of the argument here is one of the fourth amendment. Basically, does the government need to rise to the level of requiring a subpoena in order to require your ISP to provide them a copy of your email records, and in the process, notify you that they have done so.
Think about that for a second.
This has implications for both you personally, and for your organization. What standard is the government required to produce in order to obtain your email records? As a company, what standard is the government required to produce in order to compel you to provide email records – especially if you are an ISP or other email provider.
Based on a landmark ruling this past summer, it appeared the easy answer was “yes.” In the ruling, the United States Court of Appeals for the 6th Circuit held that computer users had a “reasonable expectation of privacy” in their e-mail communications.
No so fast
Yet what was hailed as a victory for privacy advocates was short-lived. Just days ago, on October 9th, 2007, the 6th Circuit granted a rehearing en banc, thereby vacating their earlier decision. This is significant, as an en banc hearing means that instead of the usual three-judge panel decision, all sixteen active judges of the Court will hear this case.
The humble beginning
The decision of the 6th Circuit arose out the government’s investigation into Steven Warshak and his company, Berkeley Premium Nutraceuticals, Inc. Warshak was being investigated due to allegation of mail and wire fraud, money laundering, and related federal offenses. The government obtained a court order directing ISP Yahoo! and NuVox Communications to turn over information pertaining to Warshak’s e-mail account. The order was issued under the Stored Communications Act (SCA) of the Electronic Communications Privacy Act. The SCA requires the government to show that there be “reasonable grounds to believe that the contents of a wire or electronic communication…are relevant and material to an ongoing criminal investigation.”
The government argued that the court order issued under the SCA to the ISPs were not searches but rather compelled disclosures, akin to subpoenas. As a result, the higher burden of probable cause required under the 4th Amendment for a search and seizure was inapplicable. The 6th Circuit disagreed, ruling that “a seizure of e-mails from an ISP, without either a warrant supported by probable cause, notice to the account holder to render the intrusion the functional equivalent of a subpoena, or a showing that the user maintained no expectation of privacy in the e-mail, amounts to a” a 4th Amendment violation.
Why is email different?
Most Internet users believe that they have a reasonable expectation of privacy in their electronic communications and would be shocked if government agents could snoop around their e-mail box. Americans naively assume that e-mails a private and require that the government seek a warrant supported by probable cause to access. Whereas telephone calls due have this judicial standard, e-mails today are not afforded the same level of protection due their technological differences.
The seminal case that enshrined our privacy laws was Katz v. United States
. The Supreme Court held that that the 4th Amendment protects individuals against unreasonable searches and seizes if an individual can justifiable expect that is communications would remain private. Justice Steward wrote that “no less than an individual in a business office, in a friend’s apartment, or in a taxicab, a person in a telephone booth may rely upon the protection of the 4th Amendment.”
The government argued that e-mails are not analogous to telephone communications because they require an intermediary. E-mail works by breaking the contents into individual packets that are routed to the senders ISP. The ISP then stores and copies the e-mail on their server before transmitting it to the recipient. The government’s theory runs along the lines that since the ISP stores and copies the e-mail, the information was voluntarily turned over. As a result, the sender has forfeited any expectation that the ISP would keep the information private and the government should be able to access the content stored by the ISP without a showing of probable cause.
Yet while the government is correct in arguing that e-mail is not akin to the telephone, their argument would eradicate any expectation of privacy for any type of communication which requires an intermediary. The fact that an ISP must store and copy the message does not mean that people expect their messages to be turned over to the government by their ISP.
Fallout of the Decision
So what does this mean for you and me? The Court will hear the case again and determine whether the government’s action were in violation of federal law. While it is always difficult to predict the outcomes of such a case, the issues raised by Warshak should be of concern to all Americans. The decision of the court will be one of the most important decisions involving fundamental Constitutional protections. Due to the prevalent use of new technologies, Americans are not being adequately protected by federal statutes. The need for the courts like the 6th Circuit to establish clearer guidelines to the government and Americans is critically needed to prevent confusion and abuse in the digital age.
In the meantime – remember that email works on a store-and-forward system, and if you are not willing to read what you wrote in the newspaper, you may not want to send it.
TSC Insight: Do Email Disclaimers Matter?
By Michael Santarcangelo with Patrick G. Romero
If you’r
e like me, you routinely ignore the email disclaimers that many messages seem to have attached to them these days. For the most part, disclaimers have been added by the company, automatic and out of the hands of the users. Some users include their own, both serious and sometimes to be funny. I’d more or less accepted that some used them, while others didn’t – but paid little mind to the question – do email disclaimers matter?
During a breakfast a few weeks ago, a friend of mine shared a situation in which a business email sent to an individual was later posted to a website (by the recipient). In this case, it wasn’t really a big deal, but then he asked me if he needed to start using an email disclaimer.
It’s been a while since someone asked me if they needed a disclaimer, and my instinct was that it simply wasn’t necessary. Rather than give him a wrong answer, I promised that I’d look into it. With the help of Patrick Romero, this is what we found:
Some Background on Disclaimers
Turns out these disclaimers can be used for a whole list of things – from breach of confidentiality to transmission of viruses to employer’s liability. However, the most common type of disclaimers are those that guarantee the privacy and confidentiality of documents. They usually look something like this:
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
With the prevalence of e-mail communication, statements like these have become more and more ubiquitous among private and public companies – the majority are automatically generated whenever a user sends out any information regardless of the content of the message.
So now that we have examined the basis for email disclaimers, let’s dig deeper and explore if they provide any value or serve any purpose.
Can e-mail disclaimers guarantee the privacy and confidentiality of documents?
Generally speaking, e-mail disclaimers are not legally enforceable.
The misconception that they are stems from a lack of knowledge that surrounds the interception of electronic communication. The relevant statute that supports this belief comes from the language of the Electronic Communications Privacy Act of 1986 (ECPA) which includes language that criminalizes the interception of electronic communications. However, ECPA defines “intercept” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” A narrow reading of the statute would insinuate that only information that has been acquired illegally can be found to be intercepted.
One of the many courts that have defined “intercept” this way is the 8th Circuit. The Court held that electronic communications that have reached their destination are ineligible for interception and, therefore, are outside the protections of the ECPA. As a result, unless an e-mail has been intercepted in transit, the ECPA will not provide legal authority for individuals seeking to prevent disclosure of a misdirected e-mail.
If you are concerned about the privacy and confidentiality of your email, we offer three basic considerations:
1. Use encryption
2. Use the “envelope within an envelope” approach
3. Write carefully, review and think before pressing send
1. Can encryption provide privacy and confidentiality email?
I have spent a lot of time reminding people recently that “solutions follow requirements” – and I’m always hesitant to recommend a solution without understanding the requirements. However, if you are concerned about the privacy and confidentiality of your email communications, you probably need to investigate the use of encryption.
I have always enjoyed learning about and teaching encryption – and while it can be a double-edged sword, it offers the safest means of ensuring privacy of email communications. In general usage, the message is encrypted (and signed in most current applications) before being sent. In a properly constructed and managed solution, only the designated recipient has the ability to decrypt and verify the message – ensuring the confidentiality of the transmission (this is an overly simplified explanation – if you’re thinking about using email encryption, give me a call and we can talk about specific details).
Encryption solutions are available for commercial and personal use. If you’re looking at this for corporate use – please start with your requirements and then select your solution.
2. It’s all about positioning
If you’re convinced that you need to continue to use a disclaimer, then you might consider where you place it. Arguments have been posed that by placing the disclaimer at the bottom of the e-mail, the user is undermining the enforceability of the disclaimer.
Think about it – how can you comply with a disclaimer after having read the content of the e-mail? As a result, there are some who advocate (albeit annoying for those who rely on email) that the disclaimer appear at the top of the e-mail. This option is known as the “envelope within an envelope” approach. The confidential information is sent as an attachment and the text of the e-mail only contains the actual language of the disclaimer.
While this does not guarantee that the recipient will not open the attachment, it could provide some greater standing in litigation if disclosure does occur. Such evidence would be relevant into providing proof that the sender took reasonable measures to ensure the confidentiality of documents.
3. Stop. Think before you press send.
One of the best methods for protecting information (note: information protection doesn’t always mean encryption) is to establish and effectively communicate expectations for proper use of email (if you need some help learning how to communicate policies more effectively – pick up the phone and call, it’s what we do).
Every organization should put in place a company policy with regards to sending confidential information through e-mail. This could range from a “no forwarding” policy to restrictions on what information can and cannot be sent. Clear guidelines within an organization can provide directions for individuals to understand the proper use of e-mail and decrease disclosure of sensitive information.
In the end, some do, some don’t and you get to chose
Currently, there is little case law or statutory interpretation that discusses the legal rights of senders vis-à-vis e-mail disclaimers. With the prevalence of internet use, it is understandable that individuals would attempt to ensure some level of privacy when sending e-mails. Unfortunately, the law today does not provide protection for the misuse of confidential information sent over the internet regardless of a written disclaimer. Companies and individuals need to determine, on their own, the risk of disclosure and how to best protect their privacy.
Engage with Michael
-
Journey Into the Breach
