Orin Kerr
The FCC’s broadband privacy regulations are gone. But don’t forget about the Wiretap Act.
President Donald Trump recently signed a congressional resolution completing the repeal of broadband privacy rules announced by the Obama-era Federal Communications Commission. According to news reports, the purpose of the repeal was to allow broadband Internet service providers to conduct the same sort of monitoring of user online activities, such as Web-surfing habits, that companies like Google and Facebook can conduct. I don’t know much about communications law or the proposed regulations. But the description of what the repeal was designed to do made me wonder: Isn’t that kind of monitoring mostly illegal under the Wiretap Act?
As I see it, the Wiretap Act substantially limits what kinds of surveillance broadband providers can conduct even without the Obama-era rules. Given that, it’s not clear to me how much the repeal actually matters. I have been told that [the arguments I described] never entered the debate over the FCC regulations because communications lawyers just don’t think about the Wiretap Act. The Wiretap Act is a criminal statute in Title 18, and it’s just something off the radar screen of lawyers who practice communications law. If so, that should change. Depending on what the broadband providers want to do, the Wiretap Act may be a serious bar to the companies doing it legally. And given the hammer of statutory damages that the Wiretap Act allows, a mistake that implicates the Wiretap Act might end up as a very costly mistake.
When ‘Miranda’ violations lead to passwords
A new decision, United States v. Ashmore (W.D. Ark. December 7, 2016), raises an interesting question at the intersection of new technology and constitutional rights: If the government violates a suspect’s Miranda rights, interrogating him without reading Miranda warnings, and during the interrogation obtains the suspect’s passwords that are then used to access his phone and computer, are the phone and computer admissible in court?
The district court held that the passwords themselves must be suppressed but that, on the specific facts of this case, the evidence on the devices should not be suppressed. I think that’s the right result, although the court reached that result for the wrong reason. And I think that the government should win on much broader grounds than the court realized.
Government ‘hacking’ and the Playpen search warrant
[Commentary] In recent months, over a dozen district courts have handed down divided opinions on the legality of a single search warrant that was used to search the computers of many visitors to a child pornography website. The warrant raises interesting legal issues, although I think the significant issues are mostly not the ones that have received the most media attention. Many of these cases are headed to various courts of appeal, so I thought I would present an overview of the investigation and discuss some of the legal issues raised by the warrant.
[Orin Kerr is the Fred C. Stevenson Research Professor at The George Washington University Law School, where he has taught since 2001. ]
Password-sharing case divides Ninth Circuit in Nosal II
[Commentary] The Ninth Circuit has handed down United States v. Nosal (“Nosal II“), a case on the scope of the Computer Fraud and Abuse Act. The court held 2-1 that former employees of a company who had their company accounts revoked violated the CFAA when they subsequently used the passwords of a current employee, with the current employee’s permission, to access the company’s computers. I think that the majority’s result is right on its facts but that its analysis is less helpful than it could be. This post explains my thinking, and it then explains the likely importance of the Ninth Circuit’s still-pending case in Facebook v. Power Ventures.
[Orin Kerr is the Fred C. Stevenson Research Professor at The George Washington University Law School]