Legal

Finding Confidential Information Online – By Mistake

From Bruce Schneier’s blog and Boston.com:

Tax liens, mortgage papers, deeds, and other real estate-related documents are publicly available in on-line databases run by registries of deeds across the state. The Globe found documents in free databases of all but three Massachusetts counties containing the names and Social Security numbers of Massachusetts residents….

It’s easy to say “we haven’t seen any cases of fraud using our information,” because there’s rarely a way to tell where information comes from. The recent epidemic of public leaks comes from people noticing the leak process, not the effects of the leaks. So everyone thinks their data practices are good because there have never been any documented abuses stemming from leaks of their data and everyone is fooling themselves.

It can only be a matter of time before a lawsuit is filed because of this type of data leak. I wonder what the repercussions of that would be?

What is E-Discovery?

Ernie The Attorney has a very interesting and informative write-up on what all the hubbub is regarding e-discovery. If you’re not sure what e-discovery really is, and why it might be a “hot topic” these days, you should definitely read this article.

Fourth Amendment Puzzle

As a computer professional, I’m often very interested in these sort of legal questions, as they relate to technology. Here’s a bit of a quote from this article over at The Volokh Conspiracy:

Here’s the problem. Imagine that the police believe that there is evidence of crime on a suspect’s computer, but they lack probable cause to obtain a warrant to search it. The police ask the suspect if he will consent to allow the police to search the computer for evidence. The suspect agrees, and gives the police his computer to be searched. A few days later, the suspect talks to an attorney and the attorney advises the suspect to revoke his consent and demand the return of the property. The lawyer (or the suspect) calls the police and withdraws consent to search the computer.

[...]

But here’s the twist. It turns out that the first step a computer forensic analyst takes when seeking to retrieve evidence from a hard drive is to create a “bitstream copy” or “image” of the computer hard drive. The “image” is an exact copy of the hard drive that copies every one and zero on the drive. It is created for reasons of evidentiary integrity; searching a computer drive can alter the data it contains, so analysts copy the original and do all of the analysis on the image copy. After the drive has been imaged, there are two copies of the data, not one: one copy of data on the defendant’s property and another copy on the government’s machine.

Now, back to our hypothetical. It turns out that a suspect often withdraws his consent after the computer has been imaged, but before government has begun to search the image. (This is common because imaging can be done in a few hours, but most government forensic labs have long waiting lists for the actual analysis.) So here’s the big question: When the suspect withdraws his consent, does the withdrawal of consent also apply to the image? Can the police search the imaged copy, or will searching the imaged copy without a warrant violate the Fourth Amendment? In doctrinal terms, does a defendant retain a legitimate expectation of privacy in the image, and if so, does his common authority to regulate consent to search the original apply equally or differently to the copy?

My opinion on the matter (given my understanding of the law) is that the image made of the drive could be retained by the police – after all, you would hardly expect the police to give back a picture they took of a suspect if that suspect was later released. That’s my gut feeling on the matter, anyway.

If you disagree, or if you just have additional thoughts – please feel free to comment!

Unauthorized Computer Access; legally speaking

This article (which I found thanks to a link over at Bruce Schneier’s blog) is quite interesting. What exactly is “unauthorized” access, as far as computers are concerned?

If the answer seems clear-cut to you, you may want to read this article to see how the issue quickly becomes murky. As is often the case, old legal precedents don’t quite work when applied to new technology.

For more info on this subject, and some “historical” cases in the same sort of vein, see:

Remarks on Oregon vs. Schwartz
Computer or Crime? State of Oregon v. Randal Schwartz

U.S. Medical Privacy Law Gutted

Bruce Shneier had this to say today in regards to changes in the way HIPAA rules are being applied.

I imagine that many of our customers will be interested in what he has to say.

Strange book recommendation for lawyers

This interesting article comes from Ernie the Attorney.

Newer Entries

Follow TurboLaw

Categories

TurboLaw Tweets

Legal Blogs

Archives

Search