几个月后,美国最高法院在一个刑事案例中遇到麻烦,但已对于在汽车上安装GPS设备的行为造成了冲击。在United States v. Jones 132 S. Ct. 949, 565 U.S. ___ (2012)案件中,Scalia法官认为,需要在汽车上安装GPS设备的侵入行为已经侵犯了个人隐私。此外,协同意见书表明,任何长期的GPS跟踪都会侵犯个人隐私,因为这会泄露出大量的个人信息,包括家庭、政治、宗教和两性关系等。
然而,手机并未在法院受到平等的待遇。在United States v. Skinner 690 F.3d 772 (6th Cir. 2012)案例中,法院认为手机的位置发射信号并没有合理地牵涉到个人隐私。如果其中牵涉到个人隐私,那么利用嗅觉灵敏的狗来追查嫌疑人也会构成侵犯隐私。在Skinner案件中,法院对Jones案件中将GPS设备置于私家车内的行为,以及使用个人手机信号来跟踪定位的行为明确区分开来。前者涉及非法侵入,后者则没有。
美国50个州都在立法或司法(由州级最高法院裁定)方面采用本原则。加利福尼亚州采用司法豁免权原则(Trudell v. Leatherby (1931) 212 Cal. 678 [300 P. 7],行动受限的未成年子女不得针对父母的疏忽提起诉讼,因为子女起诉父母将“给家庭带来纷争,破坏家庭的安宁与和谐”)。
At Flexispy, we are always trying to get consumers the best value for their money. As part of achieving that goal, we actually buy and test all Spyphone software on the market. That way, we can tell customers what they can expect when they purchase any brand of Spyphone software.
One thing we abhor is companies that sell Spyphone apps that plain just don’t work. This makes the entire industry look bad. We want customers to come to us because our products are the best on the market. When customers spend their hard-earned money on something that doesn’t work, that often means they give up, reasoning all Spyphone software is a scam.
With that in mind, we would like to share our experience with one particular brand.
We were intrigued by their website, because they advertise that you can install the software on a target phone, without having physical access to that phone and then intercept any call made or received on the target phone.
After purchasing the software, we downloaded it as instructed, we tried installing it on the android platform, the iOS platform and the Blackberry platform. The installation was unsuccessful on all three. Our company has technicians with years of experience installing Spyphone software onto phones. And, even they couldn’t get this app to work.
As instructed by their website, we submitted a ticket to their support team. We asked for a refund, because the software wouldn’t install. On their website, they guarantee customer satisfaction with the product and promise a full refund if dissatisfied with the product within 30 days of the purchase, no questions asked.
After submitting our ticket for a refund, we received this email from [email protected]
We never heard from them again. Yep, $27 down the drain. What a rip-off! But, you don’t have to kiss your money goodbye. At Flexispy, we’re going to help you get your money back.
How to raise a dispute, and do a chargeback on your credit card
When you purchase any software, take the time to read the legal disclaimer and the terms and conditions of the purchase. It will save you a lot of headaches and disappointment down the road. Here’s the relevant legal disclaimer for our purchase:
Software Download Return Policy: All sales final. In-store credit only.
If there is a problem with the download, please contact us via email for a quick resolution.
Ummmm . . . what happened to my iron-clad 100% money back guarantee?
Never fear. With a credit card purchase, you can always get your money back. It may take a little time, but don’t let the scammers win.
But didn’t the company’s email say that it is illegal to file false and fraudulent chargebacks and disputes with my credit card company?
LOL, the scammers who sold you worthless software and took your hard-earned money are threatening you with legal action if you file a chargeback?
It is your right as a credit card customer to file a chargeback or dispute, if the product you purchased does not conform to your reasonable expectations as a consumer based on the marketing information provided by the seller.
So, here’s what we did to get our money back.
We first contacted our credit card company and informed them that we want to file a chargeback for this purchase. We told them the date and amount of charge. They emailed us a form to complete, which identifies the seller, the charge and the reason for the chargeback. We emailed it back with a copy of our emails with the seller. Our credit card company investigates, tries to get a response from the seller, and then reverses the charge. Simple as that.
But we didn’t stop there.
How to file a complaint with the payment gateway provider
When you purchase something on a website, usually your purchase goes into a shopping cart, and when you checkout to pay, you are taken to a different website, called the Payment Gateway. The payment gateway is the lifeblood of the ecommerce seller, because it processes all its credit card transactions.
Payment gateways carefully watch the number of chargebacks and refunds for credit card transactions that they process, as there can be a risk if the amounts are particularly large. They may close their payment gateway service to the seller, or charge higher transaction fees, if they detect a pattern suggesting potential consumer fraud. Payment gateway providers are particularly interested in refund policies and whether the seller is living up to the refund policy as it is presented to the customer on the seller’s website.
CellSpyMonitoringSoftware uses Plimus as its payment gateway provider. Plimus is a very reputable company, and handles a lot of ecommerce software credit card transactions. Plimus has its own support system for handling complaints that cannot be resolved with the seller.
We submitted our ticket to Plimus’ service center so that we could escalate our request for refund. We do not expect Plimus will be able to get our refund, as that usually has to be obtained through a credit card chargeback. However, we are certain that our email has created a red flag about this seller and that Plimus may take some action as a result of this.
So, don’t accept that the Spyphone software you purchased is just a scam and that you threw away your money. Get your money back through a credit card chargeback and take the seller to task.
There are many reasons an employer may want to use GPS location tracking technology to monitor the whereabouts of its employees.
These are some examples of where GPS tracking might provide some degree of help in the workplace:
You suspect an employee of misusing company time to conduct personal business;
You suspect an employee is engaged in illegal behavior, such as pilferage or drug use;
You suspect an employee is misusing company paid sick leave;
You suspect an employee of misappropriating company secrets or colluding with a competitor;
You are concerned about whether an employee is on a personal diversion rather than his appointed task when using his personal vehicle.
These however, are only a few examples of where an employer may consider engaging in Geo-location to confirm reasonable suspicions about a particular employee.
The question then arises, what can the employer legally do to obtain some evidence to confirm these suspicions?
For company-owned vehicles, the law is clear that an employer may put a GPS tracking device on the vehicle. The company-owned vehicle is the employer’s property, and its use for a business purpose is an extension of the workplace.
In O’Connor v. Ortega 480 US709 (1987), the US Supreme Court held that workplace searches never require a warrant. Also see, Matter of Caruso v. Ward72 NY2d 432 (1988)(applying New York law, random workplace drug testing does not require a warrant).
But what about placing a GPS tracking device on an employee’s personal car? Is this ever legal? What restrictions and limitations apply?
Employers now have guidance in this matter.
In Cunningham v. New York State Dept. of Labor (2013 NY Slip Op 04838), New York’s Appellate Division heard a case in which the employee was subjected to discipline based on evidence obtained through the use of a GPS tracking device installed on his personal car.
Michael Cunningham worked in the state’s department of labor in a management position. He was a 20-year veteran of the department and much of his work was performed either in the field or in remote locations.
His employer suspected that he was submitting false time reports and taking unauthorized absences. They believed he was claiming he was on extended business trips, when he had actually returned home much earlier than his timesheets showed.
The employer hired an investigator to follow his car to confirm their suspicions. Cunningham was successfully able to elude the tailing investigator several times. Thereafter, the employer attached a GPS tracking device to the wheelbase of Cunningham’s personal car, without Cunningham’s knowledge.
The employer tracked the movements of Cunningham’s car for one month. During that time period, the GPS tracking device required two replacements. Through the evidence obtained by the tracking device, the employer brought disciplinary charges against Cunningham which resulted in termination of his employment.
The reviewing court found that the use of GPS tracking device to confirm suspicions about Cunningham’s absences and timekeeping records was reasonable. It further held that tracking the car’s movements for one month was a reasonable length of time.
However, the court also ruled that the search was excessively intrusive. Because the employer was tracking the movements of Cunningham’s car 24/7, and this would include considerable time periods when Cunningham made no claim that he was working, the search exceeded its permissible scope. The employer, who replaced the GPS device twice during the surveillance, could easily have removed it when Cunningham took a personal vacation. The court found that the employer failed to make a reasonable effort to avoid tracking Cunningham when he was outside of business hours.
Generally, New York’s privacy protection with respect to GPS tracking is stated broadly in its State Constitution. The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. NY State Constitution, Article I, Section 12
In Cunningham, New York’s appellate division concluded that the placement of a GPS tracking device on an employee’s personal car is not subject to the constitutional warrant requirement, because a personal car which is used in any way for a business purpose is an extension of the workplace.
Thus, the court has distinguished the employment setting from the police investigation setting. Cf People v. Weaver, 12 NY3d 433, 447(2009)(holding the attachment of a GPS tracking device to a suspect’s car always requires a court-issued warrant supported by probable cause). United States v. Jones 132 S.Ct. 945 (2012)(holding attachment of GPS tracking device to a suspect’s car is a trespass and requires a warrant.) Interestingly, that distinction means the case is inapplicable to other GPS tracking technology, such as mobile phone GPS tracking applications.
Yet, an employer who has reasonable grounds to use location tracking technology on the employee’s car, must monitor with reasonable care. Constant tracking of an employee’s car is liable to violate the employee’s right of privacy.
Security companies that manufacture GPS tracking devices would be wise to design the device so as to allow employers to turn the monitoring function off during non-working hours and weekends. This would avoid the Cunningham situation, where the employer’s reasonable use of the GPS tracking device was made unreasonable by being overly intrusive into the employee’s private life – the employee’s off-work hours.
As an employer, if you are going to use GPS tracking devices, you should make sure that the device has a scheduler and that your HR department creates a policy that the employer will reasonably refrain from using GPS tracking during off-work hours.
You should also make sure that your HR department thoroughly documents any targeted GPS location tracking of an employee’s personal car. They should detail the suspicion that surrounds the employee’s conduct, why less intrusive means of investigation would not be effective, and the proposed limits of the surveillance that will be used during the investigation of the employee.
The use of Keyloggers by employers is becoming commonplace. As an employer, you should be asking, what is a Keylogger? Is it legal to monitor my workforce, and, should I be monitoring my employees?
A Keylogger is a computer program designed to record every action on a personal computer. This not only includes every keystroke, but also every website visited, every email read or sent, every password entered, and any applications or programs run on the PC.
In examining U.S. law in this area, it has been noted that there is no federal statutory framework which covers the use of Keyloggers by employers. The Electronic Communication Privacy Act (ECPA), the Federal Wiretap Act (FWA) and the Stored Communication Act (SCA), all of which could reach Keylogger activity, have never been extended to protect computer privacy in the workplace, or even in the home.
So, while judicial interpretation of the ECPA has broadened its scope, it still does not reach Keylogger technology. As a result of that legislative gap, state courts have searched their own legislative schemes in an attempt to protect the privacy of computer operators.
For instance, a federal court in Indiana heard a case in which a woman was authorized by her employer to access her personal checking and email accounts from her work computer. The employer failed to notify her that they had installed Keylogger software on her work computer. Rene v. G.F. Fishers, Inc., 817 F.Supp.2d 1090 (S. Ind. 2011)
The employer used the password discovered through the Keylogger software, and reviewed both her personal email and checking account history. There were several emails between company management, discussing the contents of those histories.
Importantly for employers, the federal court ruled that the FWA was inapplicable, because the keystrokes recorded by the Keylogger software remained on the PC, and were never transmitted through interstate commerce.
The court, however, went on to review whether the employer’s conduct violated the state of Indiana’s wiretap act. The court noted that the Indiana statute does not include the requirement that the communication be intercepted through interstate commerce, and, therefore, held that the state wiretap law was applicable to Rene’s claim.
Additionally, the federal court ruled that the Stored Communications Act, was also applicable to Rene’s claim. The Keylogger information itself, which included passwords, opened emails and viewed webpages, did not infringe on the Act. However, the employer’s conduct in using the passwords to review Rene’s histories (stored communications) would be covered by the SCA.
Other states have held that the use of a Keylogger violates state privacy laws. In a New Hampshire decision, a court held that obtaining a password through use of a Keylogger, and then using the password to access the computer user’s email history does violate the state’s wiretap act. In State of New Hampshire v. Walters, the court excluded any evidence related to emails which were uncovered by the former housemate of the defendant, because the emails were obtained in violation of the wiretap act which protects privacy from illegal interception of wire communications.
The WPA is a criminal wiretapping law, so it is no surprise that the use of a Keylogger by an employer can be prosecuted. In Ropp v. United States, 347 F.Supp.2d 831 (CD Cal. 2004), a California federal court considered whether an employer’s use of a Keylogger could violate the criminal provisions of the WPA.
Ropp, worked as a manager for an insurance company and installed a Keylogger on the computer of one of his subordinates. The court began its inquiry by noting that the WPA affords greater privacy protection to wire and oral communications as opposed to electronic communications.
The federal court dismissed the indictment against Ropp, finding the Keylogger only intercepted internal communications between the keyboard and the CPU, as opposed to the signal being intercepted on transmission to the company’s network, which was attached to interstate commerce.
The Ropp decision, however, did not put the issue to rest in California. In Brahmana v. Lembo(N.D. Cal. 2011), the federal court questioned Ropp’s restrictive interpretation of the definition of electronic communications found in the WPA.
Brahmana was a sales manager for a VOIP company located in Silicon Valley. Brahmana discovered that emails he had sent on his work computer had been read by the company president through a Keylogger which was installed on Brahmana’s computer. In light of the fact that the keystrokes had been read over the company’s network, the court concluded that there were sufficient facts to allow the case to proceed through discovery as the network might have affected interstate commerce.
We started this discussion by asking what a Keylogger is. The Keylogger in Ropp was actually a machine which recorded the keystrokes of a PC’s keyboard as they were traveling from the keyboard to the PC. In Brahmana, the Keylogger was a network analyzer, which records all the activity of a PC through a network connection to a server. The advancement of Keylogger technology probably puts it squarely within the prohibitions of the ECPA and WPA.
The second question was whether the use of a Keylogger by an employer is illegal. Here’s a list of points to ensure that the employer’s use of a Keylogger stays within both state and federal law:
As the workplace PC is the employer’s property, the employer may install a Keylogger on an employee’s PC without concern for trespass.
Use of a networked Keylogger probably violates federal and state privacy and wiretap laws and requires the consent of the monitored employee. An employer should disseminate a policy stating that all employee work stations are monitored and have the employee acknowledge receipt of that policy. This will satisfy the consent requirement to take the monitoring outside of the wiretap laws.
An employer should not allow anyone access to passwords for an employee’s private accounts which are recovered through use of the Keylogger. Under no circumstances should an employer use the passwords to browse the employee’s private account history. To do so risks a serious civil damage recovery under the Stored Communications Act.
This takes us to the last question, should you, as an employer, be monitoring your employees through use of a Keylogger.
This question is answered with a resounding, “YES”.
In the risk management arena, there are too many potential liabilities carried by providing employees with unlimited network and internet access. These liabilities include:
• Damage to Business – making sure communications with persons outside your company are correct, polite and consistent with your business goals
• Risk Management – monitoring for potentially abusive behavior, such as sexual harassment, bullying or racial hate speech
• Trade Secret or Data Theft – keeping watch for the loss of important company secrets and data
• Illegal Behavior – such as workplace theft, embezzlement and drug abuse
• Productivity – the internet and computers can be time-wasters. Even if you block Facebook, there are other time-wasting websites, games and other forms of entertainment which can seriously impact on productivity.
• Loyalty – is one of your key staff members loyal, or plotting to knife you in the back?
In light of these liabilities, it almost seems like use of Keyloggers in the workplace by should be mandatory. Just make sure to keep within the law, by publicizing and receiving acknowledgement of your monitoring policy, keeping the persons with access to the Keylogger data to an absolute minimum, and never using any private passwords obtained from the Keylogger to access the employee’s private accounts.
Technology now makes it possible for employers to keep track of virtually all workplace communications by any employee, on the phone and in cyberspace, whether at their desk, on their mobile, or even outside the office. Many employers take advantage of these tracking devices: A survey of more than 700 companies by the Society for Human Resource Management (SHRM) found that more than half of all employers are monitoring their employees’ telephone calls.
There are a number of reasons that employers would want to monitor or even record the phone calls of their employees, such as quality assurance, customer relations and training. Employers may also want to take steps to make sure employees are not giving trade secrets to competitors, engaging in illegal conduct at work, or using company communications equipment to harass or bully their coworkers.
In the UK, prior to 1985, there was no statutory regulation of interception of phone calls, whether it be for personal or business reasons. With respect to governmental surveillance, it was carried out under the Royal Prerogative, with the only oversight being the informal “judges rules.”
Moreover, for private citizens, under British common law, there is no right of privacy. This means that individuals cannot bring claims for invasion of privacy unless there is a specific tort, legislation or regulation that has been violated.
Early attempts to enact legislation to fill the gap in British call interception law ran afoul of the EU’s Declaration on Human Rights and were voided by decisions of the Strasbourg Court.
Under the LBP Regulations, monitoring or recording communications is legal if it is done for these reasons:
• to establish the existence of facts;
• to ascertain compliance with regulatory practices or procedures;
• to demonstrate standards which should be achieved (quality control and training);
• to prevent or detect crime;
• to detect unauthorized use of a telecommunications system;
• to secure effective system operation;
• to determine whether communications have a business or personal purpose; or,
• to monitor customer support lines.
Most importantly, the business must make reasonable efforts to notify persons using the telecommunications system, that interceptions may be made. This can be accomplished through dissemination of a company policy statement, or through a recorded announcement at the start of a call.
Under the LBP, employers in the UK are free to monitor any phone calls made by its employees. Technically, the regulations require that once an employer determines that the call is personal, and, not business-related, the monitoring should cease. However, there could be a number of reasons for continuing the monitoring of the call, including the following: to detect improper use of company equipment; to reduce time-wasting activities which adversely affect productivity, to prevent or detect crime, and also to determine adherence with other company policies (ie, harassment, bullying or gambling).
If the employer records the phone calls of its employees, the use and storage of those recordings is regulated by The Data Protection Act 1998. The DPA was enacted to protect the privacy of the data contained within the recordings. The act requires obtaining the consent of the call participants if the contents of the call are disclosed to third parties. It also requires companies to develop systems and procedures for maintaining the confidentiality and security of the data.
Below are the basic guidelines of the DPA, as it applies to companies that are recording employee phone calls for internal purposes only (marketing, quality assurance, training, customer care, detection of illegal or prohibited behavior):
Data can only be used for the explicit purpose for which it was gathered.
Data cannot be released to a third party without the consent of the individual it refers to, unless there is a lawful reason to do so – for instance, the prevention or detection of criminal activity.
Personal data cannot be kept for longer than is necessary and must be kept up to date.
Tips for Staying Within the Law
Employers in the UK currently have a lot of leeway in monitoring their employees’ communications, as mentioned in the Eavesdropping in the UK article. However, the law in this field is evolving rapidly, as technological change and increasing concerns about privacy pressure Parliament, regulators, and the courts to take action. If you decide to monitor employees, consider these tips:
• Adopt a policy. Tell your workers that they will be monitored, and under what circumstances. If you indicate that you will respect the privacy of personal phone calls or email messages, make sure that you live up to your promise. The safest course is to ask employees to sign a consent form, as part of their first-day paperwork, acknowledging that they understand and agree to the company’s monitoring policies.
• Monitor only for legitimate reasons. You will be on safest legal ground — and waste less time and money — if you monitor only for sound, business-related reasons. If you have a reasonable suspicion that a particular employee is engaging in unauthorized use of your equipment, that would certainly qualify as legitimate cause for monitoring. Equally sound reasons include keeping track of productivity or monitoring the quality of customer service.
• Be reasonable. Employees will not perform their best work if they are in constant fear of eavesdropping. Overreaching monitoring – or unnecessarily Draconian policies about personal use of communications equipment – will only result in employee resentment and attrition. It is reasonable to prohibit workers from spending hours on the phone wooing a lover or catching up on gossip with an old friend. But it is unreasonable to prohibit brief personal calls of the “I’ll be home late” or “where shall we meet tonight” variety.
Every employer understands that there is sometimes a need to do some investigative work. You might be checking out a new hire, or be suspicious of one of your employees who is entrusted with confidential or sensitive information.
What is the law if the employer logs in to the employee’s account? Is it illegal? Can the employee sue the employer?
This is a relatively new area of privacy law in the US, and it touches both on federal and state regulatory schemes.
On the federal level, the Stored Communications Act, 18 U.S.C.§2701, was enacted as part of the Electronic Communications Privacy Act. It protects electronic communications that are kept online. Recognizing that the reasonable expectation of privacy of these records and the interpretations of the 4th amendment’s prohibition against unreasonable search and seizure which offer protection for physical locations, Congress established stiff criminal penalties for unlawful access or changes to these online records.
This law famously came into play in a case of internet snooping, dubbed “WebcamGate”. The case arose when a school district issued laptops to students which gave the school control over the laptops’ webcam. The school district administrators did activate the webcams without knowledge of the students or their parents.
A class action lawsuit ensued, which was eventually settled with the school district. In that action, a claim was made under the SCA for civil damages for unauthorized access of the records which would be maintained on the laptops, namely the photo files. The case was quickly settled, so the Court never ruled on the SCA claim.
Subsequently, another federal court did find that the unauthorized accessing an employee’s personal accounts through use of a password captured from a keylogger was a violation of the SCA. In Rene v. G.F. Fishers, Inc., 817 F.Supp.2d 1090 (S. Ind. 2011), a woman was authorized by her employer to access her personal checking and email accounts from her work computer.
The employer failed to notify her that keylogger software was installed on her work computer. Her passwords were discovered through keylogger software. Her employer reviewed both her personal email and checking account history using the captured passwords.
There were several emails by and between company management, discussing the contents of her personal account histories. The court reviewed whether the employer’s conduct violated the Stored Communications Act.
The keylogger information itself, which included passwords, opened emails and viewed webpages, did not infringe on the Act. However, the employer’s conduct in using the passwords to review Rene’s histories (stored communications) would be covered by the SCA.
With respect to social media networking sites, the SCA first came into play in Pietrylo v. Hillstone Restaurant Group (NJ, 2009). Pietrylo and another employee started a private, invitation-only, password protected MySpace group in which they voiced their complaint about the company’s management and customers.
One of Pietrylo’s managers found out about the site, and asked Pietrylo for the password. Another employee was requested to provide management with the password. Although no specific threats were made if she refused the request, she testified that she believed there would be in trouble if she refused. Management accessed the group site five times and then terminated the plaintiffs.
The jury found that the MySpace group was a facility that stored electronic communications as defined by the SCA. The jury further found that the restaurant managers violated the SCA as they did not have authorization to access the group webpage. The court awarded the plaintiff’s back-pay, punitive damages 4 times the amount of back-pay damages, and attorney’s fees.
Finally, of importance to our customers, is retrieving data from dual-use devices. The line between personal and business use of mobile device is increasingly becoming blurry. As more and more employees carry cell phones and tablets that are used both for personal and business purposes, the likelihood that an employer would access the employee’s personal accounts is dramatically increasing, and, with that, exposure to liability for the employer.
Lazetta v. Kulmatycki (N.D. Ohio 2013) arose out of the accessing of an employee’s personal email account from a company-issued phone. Verizon issued a blackberry to its employee, Lazetta, who set up a personal Gmail account on the phone with Verizon’s permission.
When Lazetta ended her employment, she returned the blackberry to her supervisor, but forgot to delete the gmail account. She was advised by her supervisor that the phone would be recycled and given to another employee. Instead, her supervisor read over 48,000 of Lazetta’s personal emails over an 18-month period.
The court ruled that both the supervisor and Verizon could be liable for the SCA violation. To defeat a summary judgment motion, it was enough to show that the personal account contained private information and that the personal account was accessed through the unauthorized use of a password. Moreover, the court ruled that the employer, Verizon, would be held vicariously liable if the supervisor were found liable.
Even if an employee were to give a personal account password to an employer, the account may only be accessed for the limited purpose of the authorization. Exceeding the authorization invokes liability under the SCA.
In Cheng v. Romo (D.C. Mass 2012), the court also ruled that a motion for summary judgment was defeated, where an employee pled sufficient facts to show that the scope of password authorization had been exceeded by the employer’s access to the plaintiff’s personal email history.
Cheng and Romo were radiologists working for the same company. Cheng gave Romo her personal email account password, so that Romo could receive radiology consultations as the employer did not have a company email account. Both employees ended up in litigation with the employer after their terminations.
Claiming that she wanted to investigate various disciplinary actions, Romo used her son’s computer to access Cheng’s email account, and printed 10 of those emails, some of which contained personal content. The Court held that an employer can be liable under the SCA for exceeding the scope of authorization for use of a password for an account, even if the account is used for mixed purpose (personal and business), where personal information is accessed.
In the United Kingdom, spying on phone calls has come to the forefront of the privacy debate. First, there was RupertGate or MurdochGate in which reporters from News of the World were criminally prosecuted and brought before Parliament and numerous governmental bodies for their phone hacking.
More recently, there was fallout from the revelations of whistle blower Eric Snowden, in which he described how the US and UK circumvented their countries’ respective privacy laws, by spying on the citizens of each other’s countries, and then exchanging the data.
To this charge, Foreign Secretary William Hague said “Intelligence gathering in this country, by the UK, is governed by a very strong legal framework so that we get the balance right between the liberties and privacy of people and the security of the country.”
Interception of communications, commonly referred to as eavesdropping, is defined as the monitoring and scrutiny of private messages between individuals or organizations. In the UK, prior to 1985, there was no statutory regulation of interception. With respect to governmental surveillance, It was carried out under the Royal Prerogative, with the only oversight being the informal “judges rules”.
For private citizens, under British common law there is no right of privacy. ] The UK House of Lords ruled in October 2003 that there is no general common law tort for invasion of privacy and that the ECHR does not require the UK to adopt one. Wainwright and another v. Home Office (UKHL 53 2003). Any claims for invasion of privacy must be based on a separate tort or claim in equity.
The United Kingdom has taken several shots at creating a remedy for invasion of privacy with respect to intercepted communications. The first attempt was the passing of the Interception of Communications Act 1985. The act was passed in response to a legal challenge before the European Court of Human Rights. Malone v. The United Kingdom, Application No. 8691/79 (1984).
Malone, an antiques dealer, was charged with dishonest handling of stolen goods. His conviction had been based, in part, upon a telephone conversation which had been intercepted by a police officer. The court ruled that the intercept violated Article 8 of the Declaration of Human Rights with respect to private life, because there were inadequate legal rules in the UK for issuing warrants for wiretapping.
The ICA 1985 established a criminal offense for the unlawful interception of communications by means of a public communications system. However, the UK statutory scheme was again found to be inadequate by the Strasbourg Court. Halford v. The United Kingdom, Application No. 20605/92 (1997).
Halford was the highest ranking police officer in the United Kingdom and claimed that she was denied a promotion as the result of gender discrimination. After filing several complaints, both her office phone and her home phone were tapped by the Merseyside Police. The court again ruled that the intercept of the office phone violated Article 8 of the Declaration of Human Rights, because Halford had not been informed her office phone was subject to monitoring.
Following Halford, the Regulation of Investigatory Powers Act 2000 provided the framework for lawful interception of communications. Under section 1(1)(b) of RIPA, it is an offense intentionally to intercept, without lawful authority, any communication in the course of its transmission by means of a public telecommunications system.
Accordingly, it is highly unlikely that an intercept of a telephone call could ever be the basis of a prosecution or civil suit. Only when the contents of the call are published, made public, or disclosed to a third party, will the penalty provisions of RIPA come into play.
Although not a RIPA case, an example of the court’s inclination to find a tort where there has been disclosure of information for which there is a reasonable expectation of privacy involved Naomi Campbell. Campbell v. MGN Ltd, (UKHL 22 2004).
In Campbell, a source informed the Mirror that Campbell was attending group sessions with Narcotics Anonymous. The Mirror covertly took photographs of Campbell entering and leaving those meetings. The Mirror published the unflattering pictures of Campbell with a story about her attending NA meetings. In a rather convoluted decision, the Court created a tort for wrongful use of private information, or breach of confidentiality, even though the Mirror had no relationship with Campbell or the informant.
While the law is certainly unsettled in this area in the United Kingdom, there are two definite axioms that can be extracted:
(1) Given the ambiguity and patchwork history of the UK’s call interception law, it is probably nearly impossible for there to be a civil or criminal prosecution of eavesdropping through a spy call, unless the contents of the conversation are published, made public or disclosed to a third party.
(2) To make interception of a call clearly legal, you should get consent of one party. This is mentioned in RIPA with respect to governmental wiretaps.
Facebook has become an almost universally accepted social network. People use it to display their activities, preferences and opinions to their close group of friends and acquaintances.
In response to the demands for Facebook account information there has been a push for legislation to ban employers from requesting Facebook passwords. Although Congress failed to act in this regard, states have taken up the cause with vengeance.
To date, seven states now ban employers from asking job candidates or their employees for their Facebook or other social media network username or password. Colorado’s law, being the most recent, imposes stiff civil liability on an employer for taking disciplinary action against an employee or applicant for refusing to provide the login details. Legislation is pending in another 19 states to establish similar bans.
Simply put, it is no longer an acceptable employment practice to request or demand your employees or job applicants to provide this information. Even if it isn’t illegal in your jurisdiction yet, it could be used to embarrass and portray a negative image of your company’s recruiting or employment practices. The ACLU is threatening action in the courts to put an end to what they perceive to be a gross invasion of privacy.
Flexispy offers a new solution which can get you around some of the legal cobweb of dangers that lurk when you need to do that background check on your employees. Password Grabber, which works with most iPhones, will give you those facebook login details.
Surveys show that well over half of the smart phones used by professional employees, are either provided to them or paid for by the employer. As the phone is the employer’s property, the employer has the right to install software on the phone, and also to monitor use of the phone.
Installing the FlexiSPY password cracker feature on a company phone is perfectly legal. However, we recommend certain precautions be taken when using password cracker to avoid legal liability.
Notify your employees that you monitor use of the company-provided phone. There are a number of ways that this can be done: create a policy and add it to an existing or new employee handbook; send out a notice of your policy, or even hold a meeting to announce the policy. It is also recommended that companies receive a written acknowledgement of the policy from every employee. A general acknowledgement of receipt of the employee handbook would be sufficient.
Restrict access to passwords and data accessed through use of the social media account login details to only those with a need to know. Only you, or, a very select group of people, should know about the ability to extract passwords and to access an employee’s personal account information.
Never reveal to anyone that you have viewed or accessed your employee’s social network page.
Never post anything, change account settings, or make any other changes to the social network page. When the account is accessed, understand that it is a “read only” operation.
Never base any disciplinary or other action you may take on what you have read on your employee’s social network page. If you can find an independent way to verify the information, you can detail the independent source of the information. Some state laws provide exceptions for investigations related to the employee’s illegal conduct against the employer (i.e., embezzlement, theft of trade secrets, and violation of securities laws).
As telephones have become mobile, in addition to your regular land-line phones, your staff might be using mobile phones and smart phones, whether company-issued or their own personal handsets.
With the proliferation of mobile communications, risk to the employer has multiplied exponentially.
Here are some reasons why, as an employer, you might want to monitor the phone conversations of your staff:
Quality Assurance – making sure your customers are dealt with correctly and politely
Risk Management – monitoring for potentially abusive behavior, such as sexual harassment, bullying or racial hate speech
Trade Secret or Data Theft – keeping watch for the loss of important company secrets and data
Illegal Behavior – such as workplace theft, embezzlement and drug abuse
Productivity – mobile devices can be time-wasters, especially smart phones, because they are connected to the internet. Even if you block facebook, your staff can access it wirelessly on their mobile devices.
Loyalty – is one of your key staff members loyal, or plotting to knife you in the back?
This piece covers the federal legal framework for the monitoring and recording of employee phone calls by the employer. There will be additional posts explaining the various differences in state laws in this area.
Mobile phones present numerous privacy issues, because the modern smart phone is a mini-computer. They contain emails, call logs, IM messages, internet data and personal data. Smart phones are also capable of sending GPS location data and transmitting voice communications.
The constitutionality of wiretapping goes back to the age of prohibition in which the US Supreme Court approved of wiretapping in a criminal context. Olmstead v. United States, 277 U.S. 438 (1928)
Ironically, in the year Richard Nixon was first elected President, the US enacted Title III of the Omnibus Crime Control and Safe Streets Act, entitled Wire and Electronic Communications Interception and Interception of Oral Communications, 18 U.S.C.A.§§2510-2520. Simply known as the Wiretap Act, the law sets out the general framework for securing the privacy of telephone communications.
Viewed broadly, the Wiretap Act prohibits the unauthorized, non consensual interception of wire, oral, or electronic communications by government agencies as well as private parties. However, a notable exception was cut out to allow employers to monitor and record phone conversations of their employees.
The act states that “It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.” 18 U.S.C.A. §2511(2)(iii)(d).
Basically, the federal government and 38 states adhere to the general rule that only one party to a telephone conversation must consent to the call being monitored or recorded. In those states, if an employer adopts a policy and makes it clear to its employees that all workplace telephone communications may be monitored or recorded, then one party has consented, and the interception is perfectly legal. Therefore, to comply with the law in these states, the employer only needs to notify its employees that it has a policy of monitoring and recording workplace phone calls and obtain the employee’s written acknowledgment of the policy.
Many businesses record phone conversations in order to have proof of what transpired during the call, monitor performance of employees, or even to train their staff. This is not considered to be telephone tapping in most US jurisdictions because at least one of the parties knows that the call is being recorded or monitored.
The lead court case testing this exception to the Wiretap Act was not in the employment setting, but rather a domestic dispute between separated spouses. In Simpson v. Simpson, 490 F2d 803 (5th Cir. 1974,) The Simpson Court unearthed this part of the Senate testimony regarding the act which is particularly enlightening:
The tremendous scientific and technological developments that have taken place in the last century have made possible today the widespread use and abuse of electronic surveillance techniques. As a result of these developments, privacy of communication is seriously jeopardized by these techniques of surveillance. Commercial and employer-labor espionage is becoming widespread. It is becoming increasingly difficult to conduct business meetings in private. Trade secrets are betrayed. Labor and management plans are revealed. No longer is it possible, in short, for each man to retreat into his home and be left alone. Every spoken word relating to each man’s personal, marital, religious, political, or commercial concerns can be intercepted by an unseen auditor and turned against the speaker to the auditor’s advantage.
And, despite this finding, the Simpson court concluded that the Wiretap Act was enacted only to regulate criminal and governmental wiretapping, not private wiretapping. It concluded that private wiretapping, which involves privacy rights, is best left to the states to legislate. As cited above, 38 states have adopted the federal definition of wiretap where no parties to the conversation have given their consent to the monitoring or recording.
There are, however, 12 states which require both parties to the conversation consent to the recording or monitoring of the calls. In two party consent states, an employer needs more than just acknowledgement from the employee of the company’s phone monitoring policy. The best industry practice in these 12 states, is to have an announcement at the start of a call that call may be recorded. This has been held to be sufficient notice that should the second party to the call, not want the recording or monitoring to proceed, that they may discontinue the call.
There are alternatives to the announcement system. Other services that have some kind of call recording capacity such as Google Voice enforce notifications for call recordings. When the recording session is activated a voice comes on letting the participants of the conversation know that the recording has begun.
Some companies use a beeping sound when phone recording is in session. Having these devices in place cover the companies from a legal perspective but creates an awkwardness on the call since people tend to be more guarded when constantly reminded that they are being recorded.
An employer has a plethora of reasons for monitoring and recording employee telephone conversations. For the most part, creating and disseminating a recording/monitoring policy will avoid any liability on the part of the employer. In select states, where 2-party consent is required, the employer will have to take additional steps to make sure that the second party to the call is also aware that the call is being monitored or recorded.
This is the first in a series of posts about using spy technology at the workplace. We’re going to look at this both from the employer’s perspective and from the employee’s perspective.
Spying raises many legal issues, particularly employee monitoring. Employers typically have wide latitude to monitor their employees. There are legal limitations as to what an employer can monitor.
There are many reasons why an employer may want to monitor their workers. Employers are generally liable for the acts of their employees who are in the course and scope of their employment. Workplace lawsuits for wrongful termination and sexual harassment have become more common. Work injuries are another source of liability.
Risk management is one reason why monitoring makes sense for employers. Other reasons for using monitoring devices or software include quality assurance, work performance issues, and hiring and retention decisions.
From the employee’s side, workers are now asserting their right to record meetings. They also have pushed to be able to gather visual evidence. Courts have opened the doors for employees to defend their rights in the workplace, and also to become whistleblowers.
Workplace spying raises legal, human resource, and privacy issues. We’ll deal with all of these so that you can make an informed choice as to whether to use spy devices at work.
Facebook has become an almost universally accepted social network. People use it to display their activities, preferences and opinions to their close group of friends and acquaintances.
