Third party PC technician's discovery of contraband held admissible

In this case, Commonwealth v. Sodomsky, an individual delivered his PC to CircuitCity to have a DVD drive installed.  Although he did not ask for any software to be installed, he was informed that installation of the DVD drive would necessarily include testing the DVD drive. While testing the DVD-drive, the technician subsequently discovered contraband and reported it to the police. The police seized the evidence under the plain view doctrine.

Significantly, the Pennsylvania Superior Court held that defendant's acquiescence to the installation of a DVD drive was a de facto acquiescence to the installation of software (whether he knew it or not). The court reasoned that he, therefore, "volitionally relinquished any expectation of privacy in that item by delivering it to CircuitCity employees knowing that those employees were going to install and test a DVD drive."

In arriving at this conclusion, the court employed the legal theory of "abandonment," whereby an individual evidences an intent to relinquish control over personal property ("whether a person prejudiced by the search had voluntarily discarded, left behind, or otherwise relinquished his interest in the property in question so that he could no longer retain a reasonable expectation of privacy with regard to it at the time of the search") (quoting Commonwealth v. Shoatz, 366 A.2d 1216, 1220 (1976)).

Yet, although the court explained that the legal construct "revolves around the issue of intent," it rejected defendant's assertion that he did not intend for CircuitCity employees to access his personal video cache any more than he expected them to access his personal financial information or other files.  The court specifically noted that defendant "failed to either inquire as to how the DVD drive would be tested or otherwise restrict the employees' access to his computer files."  The court also noted that CircuitCity was employing a commercially acceptable manner for testing the DVD drive, rather than setting out to discover illicit contraband.

While I take no position on the ruling of the court, it occurs to me that this is an instance where "ignorance" commands a higher premium than "intent."  Another such case was Long v. Marubeni America Corporation, 2006 WL 2998671 (S.D.N.Y., October 19, 2006), where that court held that both the attorney client and work product privileges were waived by employees using a company computer system to transmit otherwise privileged communications to private counsel, which communications were sent from private password-protected accounts (not from the employer's email system).   Significantly, a cache of the emails were retained by the company's system as "temporary internet files." Because the company could and did obtain these emails by reviewing its own system, the court held that the waiver was created through employees' failure to maintain the confidentiality of these communications with regard to the company's electronic communications policy, which policy advised employees not to use the company system for personal purposes and warned that they had no right of privacy in any materials sent over the system. The court reached this result notwithstanding its factual finding that employees were without knowledge that a cache of their email communications had been retained.

Thus, in these cases, and including the recent In Re Boucher (defendant, who used PGP to encrypt alleged contraband not required to divulge passphrase), we see where a presumption of a reasonable expectation of privacy can be overcome by a defendant's failure to take specific precautions to safeguard property or communications. The phrase, "knew or reasonably should have known" is employed in these cases to mean that lack technological expertise on the part of a layperson may result in waiver.

Enhanced Creative and Intellectual Property Protection Bill Introduced

"In an effort to strengthen laws protecting creative and intellectual property," the House Judiciary Committee recently introduced bipartisan legislation, known as the "PRO IP" bill,  to: strengthen the substantive civil and criminal laws relating to copyright and trademark infringement; establish an Office of the United States Intellectual Property Enforcement Representative (USIPER); appoint intellectual property officers to work with foreign countries in their efforts to combat counterfeiting and piracy: and create a permanent Intellectual Property Division within the Department of Justice to improve law enforcement coordination.

The latter objective is to be accomplished, in part, by "transferring the functions of the existing Computer Crime and Intellectual Property section (CCIPs) that relate to intellectual property enforcement to the new IP Division" and to provide the DoJ with new resources targeted to improve IP law enforcement, including local law enforcement grants and additional investigative and prosecutorial personnel. It also requires that DoJ prepare an annual report that details its IP enforcement activities.

The Press Release is located here: http://judiciary.house.gov/newscenter.aspx?A=887

RIAA asserting, "that it is illegal for someone, who has legally purchased a CD," to xfer to his PC?

Okay, the quote is not from the RIAA but, rather, taken from this Dec. 30, 2007 WashingtonPost.com article, Download Uproar: Record Industry Goes After Personal Use.  According to the reporter, Marc Fisher, the Recording Industry Association of America (RIAA), "In legal documents in its federal case against Jeffrey Howell . . ., who kept a collection of about 2,000 music recordings on his personal computer, . . . maintains that it is illegal for someone, who has legally purchased a CD to transfer that music into his computer." [emphasis in the orig.] 

The case is Atlantic Recording Corp. v. Howell.

In fact, the RIAA Web page concerning piracy does state, in pertinent part:

[T]here’s no legal "right" to copy the copyrighted music on a CD onto a CD-R. However, burning a copy of CD onto a CD-R, or transferring a copy onto your computer hard drive or your portable music player, won’t usually raise concerns . . . Enjoy the music.

However, like the Minnesota PGP case that I characterized in another post as widely misrepresented, I believe that the position of RIAA and Atlantic in this case appears to be similarly misconstrued. If one actually reads the supplemental brief, Atlantic makes clear that the gravamen of the claims isn't the possession of a backup copy of legally purchased materials but, rather, the fact that the backup copy resided in a folder share that was utilized by a file-sharing program:

It is undisputed that Defendant possessed unauthorized copies of Plaintiffs’ copyrighted sound recordings on his computer. Exhibit B to Plaintiffs’ Complaint is a series of screen shots showing the sound recording and other files found in the KaZaA shared folder on Defendant’s computer on January 30, 2006. Virtually all of the sound recordings on Exhibit B are in the “.mp3” format.  Defendant admitted that he converted these sound recordings from their original format to the .mp3 format for his and his wife’s use.  The .mp3 format is a “compressed format [that] allows for rapid transmission of digital audio files from one computer to another by electronic mail or any other file transfer protocol.”  Once Defendant converted Plaintiffs’ recording into the compressed .mp3 format and they are in his shared folder, they are no longer the authorized copies distributed by Plaintiffs. Moreover, Defendant had no authorization to distribute Plaintiffs’ copyrighted recordings from his KaZaA shared folder. Each of the 11 sound recordings on Exhibit A to Plaintiffs’ Complaint were stored in the .mp3 format in the shared folder on Defendant’s computer hard drive, and each of these eleven files were actually disseminated from Defendant’s computer. Each of these actual, unauthorized disseminations ofPlaintiffs’ copyrighted works violates Plaintiffs’ exclusive distribution right under the Copyright Act. In addition, Defendant unlawfully distributed all 54 of Plaintiffs’ Sound Recordings by making unauthorized copies of the recordings available to other KaZaA users for download.

Id. at 15-16. [citations to the record and authorities omitted; emphasis supplied].

Notably, Atlantic complained that Howell had spoliated evidence of his alleged wrongdoing, an allegation that we're seeing raised more and more often in litigation, as lawyers start catching on to electronic discovery practices:

One of the best ways to test a defendant’s denial of responsibility for illegal file sharing would be to look at the contents of the defendant’s computer hard drive, which would show, among other things, the existence of peer-to-peer software programs, the user’s chosen preferences for the use of such programs, the dates of use of such programs, the profile of the individual using such programs, and any sound recordings that were downloaded using such programs. A forensic examination might also provide indications of particular instances of distribution from Defendant’s shared folder. That information, however, has now been intentionally “wiped” from Defendant’s computer. Defendant’s intentional destruction of this evidence severely and irreparably prejudices Plaintiffs’ ability to prove their claim against Defendant and warrants harsh sanctions. 

Supplemental brief at 14.

Surrendering the PGP passphrase

Anyone here remember State v. Levie, 695 N.W.2d 619 (Minn.App. 2005) ?

In Levie, the defendant-appellant's seized computer contained PGP, a cryptography program, which was inaccessible to the investigator.  In rejecting Levie's bid for a new trial, said the court, inter alia:

We find that evidence of appellant’s internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state’s case against him.

As a result, this case stirred waves in techie circles & blogs accross the nation and was unfairly characterized by journalists as, "Minnesota court takes dim view of encryption." (See, e.g., here or here).

I posit that the case was unfairly mischaracterized because the inaccessible PGP archive, by itself, did not result in an adverse jury instruction and the totality-of-the-circumstances was the apparent standard adopted by the trial court.   I.e., the record showed that Levie took a large number of pictures of a minor child with a digital camera and that he uploaded those pictures onto his computer soon after taking them. 695 N.W.2d at 624.

Prof. Orin Kerr came to a similar (albeit differently reasoned) conclusion in his blog post, The Myth of Crypto as a Crime:

Obviously, the idea that using encryption necessarily reflects criminal activity is rather silly; Internet users use encryption all the time for all sorts of legitimate reasons. As many critics of the new decision have noted, it makes no sense to see encryption as inherently linked to crime. But contrary to the blogospheric common wisdom, no court ever said it was.

[emphasis in original]. Kerr reasoned, instead, that the court regarded Levie's use of PGP as evidence that he was a sophisticated computer user, which might explain why the police found no child pornography or nude child photos on his computer.

In cases like these, attorneys often may wonder, "Can a court force a defendant to give up his passphrase?"  (side note: I always include, in routine e-discovery interrogatories that I prepare for my attorney-clients, specific requests for the passwords and password phrases to all encyrpted archives and other repositories containing potentially responsive ESI).  This question is certain to arise more frequently in the near future, including in civil cases (and especially in domestic relations cases).¹

To help answer that question, the U.S.D.C. for the District of Vermont court declined to compel a defendant to surrender his PGP passphrase, finding that compelling a defendant to surrender his PGP passphrase would violate his Constitutional right not to incriminate himself.

The case, In re Boucher, involved child pornography, as you might have expected. Yet, the case law involving the compulsory surrender of encryption passphrases is quite unsettled.

If this case is appealed, it has the potential of creating an important precedent.

___________________________

¹ Unfortunately, perhaps, we should not be looking to domestic relations case law for guidance on issues of substantive constiutional law (such as the privilege against self-incrimination).  See, e.g., David N. Heleniak, The New Star Chamber, 57 Rutgers Law Review no. 3 (Spring 2005), 1009, discussing the "due process fiasco" of family law and characterizing family courts "an area of law mired in intellectual dishonesty and injustice." In the article, Heleniak identified six commonplace deprivations of fundamental due process: seizure of children and railroading innocent parents into jail through denial of trial by jury; denial of poor defendants to free counsel; denial of right to take depositions; lack of evidentiary hearings; lack of notice; and improper standard of proof). In family law, "the burden of proof may be shifted to the defendant," according to a handbook for local officials published by the National Conference of State Legislatures.

Blogger’s Use of Trademark Protected as News Reporting

In its October 22, 2007 Order granting defendant Philip Smith’s motion for summary judgment, the District Court of South Carolina dismissed defamation, trademark infringement, and invasion of privacy claims brought by plaintiff BidZirk LLC, an auction listing company. 

The claims arose out of the pro se defendant-blogger’s publication of articles on his blog, featuring plaintiff’s trademark, that were critical of plaintiffs’ eBay auction listing business.  Plaintiffs asserted that defendant’s use of their mark in an article critical of plaintiff’s business tarnished their famous trademark in violation of the Federal Trademark Dilution Act (“FTDA”). The Court held plaintiff’s trademark dilution claims failed because defendant used the mark in connection with “news reporting and news commentary,” a non-actionable use under the Federal dilution statute.

Pursuant thereto, a party cannot be found guilty of diluting the mark of another if the mark is used in “news reporting or news commentary.” 15 U.S.C. § 1125(c)(4)(C).  The Court held that Smith’s use of the trademark was, in fact, a protected use in the course of “news reporting or news commentary.”. The court noted that, while “not all bloggers are journalists, some bloggers are, without question, journalists.”  The Court had examined “the content of the material, not the format, to determine whether it is journalism.”   The Court found that it was not written solely to denigrate plaintiffs but, rather, it was written for the purpose of conveying information to the public about the use of auction listing companies, based on the author’s personal experience and supported by his research. It also provided a checklist to aid consumers in selecting such companies.  These attributes “evidences [an] intent to report what [Smith] believed was a newsworthy story for consumers.”

The court further dismissed plaintiffs’ defamation claim, finding the challenged statements non-actionable statements of opinion.  Said the Court, “Opinion statements, defamatory or otherwise, are not actionable unless they contain provably true or false connotations.” The statements were an opinion statement that could not be fairly characterized as true or false and, which statements included terms that have, “different meanings to different people.”  Thus, because the statement was not capable of being characterized as false, there was no liability for defamation.

Finally, the Court dismissed plaintiffs’ invasion of privacy claim, arising from a link found on Smith’s blog to a picture of plaintiffs found elsewhere on the Internet, accompanied by Smith's commentary.  According to plaintiffs, the accompanying text implied that they were ‘irresponsible and overcommitted’ and impermissibly cast them in a false light. The Court rejected this claim, finding that South Carolina does not recognize a claim for false light invasion of privacy and, even if it did, the claim would fail as the article did not cast plaintiffs in a false light and ("Nothing about Smith’s statements would be highly offensive to a reasonable person,” an essential prerequisite to a false light invasion of privacy claim").

Similarly, plaintiffs’ ‘wrongful appropriation of personality’ invasion of privacy claim failed: A required element of such a claim is the “intentional [non-consensual] use of the plaintiff’s name, likeness, or identity by the defendant for his own benefit,” which was missing here. Smith did not use a picture of plaintiffs but, instead, only linked to one found on another site.  In addition, plaintiffs waived any privacy right they had in the photograph in question by consenting to its use on the other non-password protected internet site. Finally, there was no apparent benefit to Smith by his use of the link.

The Court sua sponte sanctioned plaintiffs’ attorney, Kevin Elwell, under Rule 11, for filing a lis pendens against Smith’s condominium. The Court fined Elwell $1,000, which he directed be paid directly to Smith.