ECPA

On Thursday, the Senate Judiciary Committee reportedly will vote on Sen. Patrick Leahy’s bill that would amend the Electronic Communications Privacy Act (ECPA) and the Video Privacy Protection Act (VPPA).  The bill would amend the VPPA by clarifying that a consumer may consent to the disclosure of her video viewing

Continue Reading Committee Vote on ECPA, VPPA Amendment Scheduled for Thursday

Last Friday, Rep. Zoe Lofgren (D-CA) introduced the ECPA 2.0 Act, H.R. 6529, which would strengthen the legal standards for law enforcement to gain access to electronic communications and location information.  The Electronic Communications Privacy Act (ECPA) is more than 25 years old and is widely seen as needing modernization to address changes in digital storage, the cloud, and location-based services.  As we’ve previously noted, government access to location information is an ongoing issue for legislators, courts, and government officials.  Continue Reading Rep. Lofgren Introduces Legislation to Update ECPA

According to a number of media outlets, the Senate Judiciary Committee will consider proposed amendments to the Video Privacy Protection Act (“VPPA”) and to Title II of the Electronic Communications Privacy Act, better known as the Stored Communications Act (“SCA”).  The amendments reportedly will be offered by Judiciary Chairman Patrick

Continue Reading Judiciary Committee May Consider Amendments to VPPA, ECPA

Late last month — in a decision that seems to have been largely overlooked in the privacy trade press — a federal judge in Illinois held [PDF] that the Wiretap Act did not prohibit the interception of communications sent over unsecured Wi-Fi networks provided by hotels, restaurants, coffee shops and other commercial entities.  The decision came in a case, In re Innovatio Ventures, LLC Patent Litigation, that does not involve an alleged violation of the Wiretap Act.  Rather (as its name suggests), In re Innovatio is an infringement suit in which Innovatio has accused various commercial entities that provide Wi-Fi to their customers of violating its patents in Wi-Fi technology.  To gather evidence about the defendants’ alleged infringing uses, Innovatio has used “commercially available Wi-Fi network analyzers” to “intercept data packets that are travelling . . . between the Wi-Fi router[s] provided by [the Defendants] and any devices that may be communicating with [the routers].”  Innovatio apparently grew concerned that its activities violated the Wiretap Act and sought a preliminary ruling on the admissibility of the evidence it obtains through its “proposed sniffing protocol.”Continue Reading Court Holds Interception of Unsecured Wi-Fi Communications Does Not Violate the Wiretap Act

Judge Feess of the Central District of California recently rejected Carrier IQ’s attempt to litigate in federal court a class action concerning whether Carrier IQ’s software, installed on a wide range of smart phone devices from many different manufacturers running on various wireless networks, violated California law.  Judge Feess remanded

Continue Reading Carrier IQ Class Action Sent Back to State Court

The Ninth Circuit reversed the district court’s approval of a class action settlement last Monday in Nachshin v. AOL, remanding the two-year old case back to the district court for a new round of settlement negotiation and approval. No. 10-55129 (9th Cir. Nov. 21, 2011).  The class action was brought in 2009, alleging that the Internet company violated the Electronic Communications Privacy Act (ECPA) when it inserted footers containing promotional messages into e-mails sent by its users. The complaint also alleged unjust enrichment, breach of contract, and violations of state law.

The problem with the settlement was not that the class representatives failed to adequately represent class members, as in the Second Circuit’s recent decision in the latest iteration of the Tasini v. New York Times case, or that the interests of the members of the proposed class (all 66 million of them) were too factually and legally different to proceed in a class action, as in the Ninth Circuit’s recent decision in Ellis v. Costco Wholesale Corp. Instead, the Ninth Circuit reversed the settlement on the less common ground that it provided for distributions from the settlement fund to charities that were unrelated to the claims underlying the lawsuit.Continue Reading ECPA Class Action Settlement Overturned

by David Fagan and Alex Berengaut

On November 10, 2011, Judge Liam O’Grady of the United States District Court for the Eastern District of Virginia issued a 60-page memorandum opinion in a dispute over the validity of a special court order issued to Twitter for non-content records for certain users

Continue Reading Virginia District Court Issues Significant Ruling Upholding Government Access to Non-Content User Data

Your company has just launched an innovative new social media service, and you’ve received fanfare from the press, increased website traffic, and a spike in advertising revenues.  In short, the service is a complete success — until you’re served with a class action complaint seeking millions of dollars in damages and a civil investigative demand from the FTC.  What did you do wrong, and what can you do to get out of this mess?

That’s the question that I recently explored as a part of a panel at the summer meeting of the Virginia Bar Association on the benefits and risks of social media.  On the panel, we discussed the many ways that social media has influenced law and policy over the past few months and highlighted what businesses and their lawyers need to understand about privacy issues online in order to avoid litigation and regulatory enforcement.

One of the main reasons that companies face litigation and investigations in the social media area is that they haven’t fully evaluated the information that they are collecting through social media and how that information is (or could be) used.  That is why the discussion on privacy today is coalescing around the concept of “privacy by design,” which Kashmir Hill at Forbes recently described as companies “bak[ing] privacy into their products” rather than considering privacy only reactively.  (You can read more about privacy by design here.)Continue Reading Social Media: Legal Risks and Rewards

The Northern District of California issued two key rulings last week in denying in part a motion to dismiss in In re Google Inc. Street View Electronic Communications Litigation, a consolidated action arising out of Google’s acknowledged interception of “payload data,” including emails, usernames, password, and other private data, from unencrypted home wireless networks using technology installed on Google’s Street View vehicles.    

First, in a matter of first impression Judge Ware rejected Google’s argument that its interception of Wi-Fi communications content was not restricted by the Wiretap Act (Title 1 of the Electronic Communications Privacy Act or ECPA), due to a “readily accessible to the general public” exception contained in the statute.  Instead, the court held that this exception applies only to communications using traditional radio broadcast technology.  Significantly, Judge Ware distinguished Wi-Fi technology from traditional radio services, which presumptively are intended to be public, instead likening Wi-Fi to cellular technology, in that both are designed to send communications privately.  The court also held that plaintiffs’ Wiretap Act claim was plausibly pleaded, meaning that the litigation will continue beyond Google’s motion to dismiss. Continue Reading Key Holdings in Google Street View Litigation: WiFi Not “Readily Accessible to the General Public” and ECPA Preempts State Wiretap Laws

In light of the number of privacy and data security-related bills currently being considered by Congress, we thought it might be helpful to provide a roundup of the legislation introduced or circulated to date:

Comprehensive privacy legislation:

  • BEST PRACTICES Act, H.R. 611 (Rep. Rush): introduced Feb. 10, 2011.  Referred


Continue Reading Flurry of Privacy Bills Introduced in Congress; More to Come?