Tag Archives: criminal case

Your Device Is Private? Ask Tom Brady

However you feel about Tom Brady, the Patriots and football air pressure, today is a learning moment about cell phones and evidence. If you think the NFL had no business demanding the quarterback’s personal cell phone—and, by extension, that your company has no business demanding to see your cell phone—you’re probably wrong. In fact, your company may very well find itself legally obligated to take data from your private cell phone.

New Norm

Welcome to the wacky world of BYOD—bring your own device. The intermingling of personal and work data on devices has created a legal mess for corporations that won’t be cleared up soon. BYOD is a really big deal—nearly three-quarters of all companies now allow workers to connect with private devices, or plan to soon. For now, you should presume that if you use a personal computer or cell phone to access company files or email, that gadget may very well be subject to discovery requirements.

Security & Privacy Weekly News Roundup: Stay informed of key patterns and trends

First, let’s get this out of the way: Anyone who thinks Tom Brady’s alleged destruction of his personal cell phone represents obstruction of justice is falling for the NFL’s misdirection play. That news was obviously leaked on purpose to make folks think Brady is a bad guy. But even he couldn’t be dumb enough to think destruction of a handset was tantamount to destruction of text message evidence. That’s not how things work in the connected world. The messages might persist on the recipients’ phones and on the carriers’ servers, easily accessible with a court order. The leak was just designed to distract people. (And I’m a Giants fan with a fan’s dislike of the Patriots).

But back to the main point: I’ve heard folks say that the NFL had no right to ask Brady to turn over his personal cell phone. “Right” is a vague term here, because we are still really talking about an employment dispute, and I don’t know all the terms of NFL players’ employment contracts. But here’s what you need to know:

Technology and the Law

There’s a pretty well-established set of court rulings that hold that employers facing a civil or criminal case must produce data on employees’ personal computers and gadgets if the employer has good reason to believe there might be relevant work data on them.

Practically speaking, that can mean taking a phone or a computer away from a worker and making an image of it to preserve any evidence that might exist. That doesn’t give the employer carte blanche to examine everything on the phone, but it does create pretty wide latitude to examine anything that might be relevant to a case. For example: In a workplace discrimination case, lawyers might examine (and surrender) text messages, photos, websites visited and so on.

It’s not a right, it’s a duty. In fact, when I first examined this issue for NBCNews, Michael R. Overly, a technology law expert in Los Angeles, told me he knew of a case where a company actually was sanctioned by a court for failing to search devices during discovery.

Work Gets Personal

“People’s lives revolve around their phone, and they are going to become more and more of a target in litigation,” Overly said then. “Employees really do need to understand that.”

There is really only one way to avoid this perilous state of affairs—use two cell phones, and never mix business with personal. Even that is a challenge, as the temptation to check work email with a personal phone is great, particularly when cell phone batteries die so frequently.

The moral of the story: The definition of “personal” is shrinking all the time, even if you don’t believe Tom Brady shrank those footballs.

For further reading: here’s a nice summary of case law.

The Fallout From Ill-Advised Tweets

During the presidential debate on Oct. 3, 2012, a KitchenAid employee used the corporate account to send a tasteless (some would say disparaging and grossly offensive) tweet regarding the president’s grandmother. KitchenAid quickly apologized to the president and his family and explained what happened. In other words, KitchenAid followed the “rules” of reactive reputation management.  

KitchenAid was praised for responding quickly. But the outrage about the tweet was overwhelming, if only for a short period, and underscores that companies need to consider their potential liability from ill-advised tweets.

A bit of background: Libel (written) and slander (spoken), collectively known as “defamation,” which is the general term used internationally, are civil wrongs (sometimes carrying criminal penalties) that harm a reputation, decrease respect, regard or confidence or induce disparaging, hostile or disagreeable opinions or feelings against an individual or entity. If the allegedly defamatory assertion is an expression of opinion rather than a statement of fact, defamation claims usually cannot be brought because opinions are inherently not falsifiable. However, some jurisdictions decline to recognize any legal distinction between fact and opinion. 

Contrary to a general belief that insulting tweets (or comments online through Facebook, online message boards, etc.)  are exempt from libel laws because they are fleeting, libel laws apply to the Internet the same way they do to newspapers, magazines, books, films, etc. The same technology that gives you the power to share your opinion with thousands of people also qualifies you to be a defendant in a lawsuit.    

In considering your legal exposure if an employee may have committed libel, you must consider the country you live in, as well as your exposure to libel laws around the world.

U.S.

The medium for communication is irrelevant; even an email to a single person can be libelous if the sender knew a statement to be false, acted with reckless disregard for the facts or was otherwise irresponsible. To be libelous, the statement must also cause some damage.

United Kingdom 

The basis of British libel law is not substantially different from that in the U.S.: to protect the reputation of an individual from unjustified attack. In British law, a person is defamed if statements in a publication expose a person to hatred or ridicule, cause a person to be shunned, lower a person in the estimation in the minds of “right-thinking” members of society or disparage a person in his work. In the U.K, though, the burden of proof is with the defendant, while in the U.S. the plaintiff must provide the proof. Unlike in the U.S., there is also no provision in the U.K. that makes it harder for public figures to win a judgment–in the U.K., a public figure does not have to prove a statement was made with malice.

Almost all of the rest of the world

There is ever-expanding concern about the use of social media, especially Twitter, to post harassing, offensive and false statements that are defaming or invade another’s privacy. As one judge said: “Twitter as we all know is widely used by individuals and organizations to disseminate and receive information. It is inconceivable that grossly offensive, indecent, obscene or menacing messages sent in this way would not be potentially unlawful.” ([2012] EWHC 2157 (Admin) at {23}. In India, amendments to the Information Technology Act, 2000 (IT ACT) specify that defamation via a computer or communication can lead to a prison term of three years and a fine. (The United Nations Commission on Human Rights ruled in 2012 that the criminalization of libel violates the right to freedom of expression and  is inconsistent with Article 19 of the International Covenant on Civil and Political Rights. The impact of this ruling, if any, is not part of the discussion in this article.) 

Now, let’s consider liability if you or an employee is the “retweeter”:

U.S.

If you retweet a libelous statement in the U.S., you or the company you work for  may be protected from defamation liability based on Section 230 of the Communications Decency Act, which states, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Simply put, this means you cannot be sued for something you retweet, even if the original tweet is libelous, so long as the libelous content was created by a third party. However, if you did have control (it was KitchenAid’s corporate Twitter account)  or you add something defamatory, you could be held responsible. 

United Kingdom

Keir Starmer QC was addressing the London School of Economics about social media in 2012 when he was asked: “Is it an offense to retweet something grossly offensive?” He replied: “You retweet, you commit an offense under the Act.”

The “Act” is the Communications Act, which outlaws sending a tweet that is “grossly offensive or of an indecent, obscene or menacing character.” A person can be prosecuted if he “causes any such message or matter to be so sent.”

For example: In 2012, the British Broadcasting Corporation settled a libel suit for about $300,000 with a UK politician. (The BBC reported that he was involved in a child sex abuse scandal but should have known the statement was false.) The UK politician then sought libel damages from at least 20 “high profile” people who tweeted and retweeted the report. 

Because tweets cross borders so easily, Twitter users in the U.S. and elsewhere should take the UK law into account.

India

Some legal scholars in India say that even accidentally retweeting an offensive tweet can create liability.

Freedom of Speech?

While freedom of speech in the U.S. is a constitutional right, legal exceptions make that right limited. For example: Speech that involves incitement, false statements of fact, obscenity, child pornography, threats and speech owned by others are all completely exempt from First Amendment protections. The U.S. Supreme Court has ruled that the First Amendment does not require recognition of a privilege for those stating opinions. Therefore, the  position that nothing should stand in the way of unabashed free speech on the Internet is like the ostrich with its head in the sand. Defamation and speech intended to inflict severe emotional distress is not protected.States can and do regulate this type of speech.

So here is the takeaway:

If you or an employee tweets or retweets something defamatory, you may face a libel claim. It doesn't matter how quickly you delete the entry or whether you follow up with a correction or an apology. It also doesn't matter where in the world you are.

Disclaimer: The information contained in this article is provided only as general information and may or may not reflect the most current developments legal or otherwise pertaining to the subject matter hereof. Accordingly, this information is not promised or guaranteed to be correct or complete, and is not intended to create, or constitute formation of an attorney-client relationship. The author expressly disclaims all liability in law or otherwise with respect to actions taken or not taken based on any or part of this article.