By Patrick L.
This note will explore an individual’s legal right to privacy on Facebook.
The right to privacy is rooted in the 4th Amendment to the United States’ Constitution, which protects a person’s legitimate expectations of privacy. U.S. Const. amend. IV. This means that if an individual has both a subjective (actual) and objective (reasonable) expectation of privacy it is an expectation that society will recognize. This right to privacy is accorded to both citizens and non-citizens while on U.S. soil.
In 1986 Congress passed a federal law regulating the privacy of communication. Information posted on a website is subject to regulation under the federal Stored Communications Act (SCA). 18 U.S.C.A. §§ 2701-2712. The SCA permits disclosure of electronic communications that are publicly posted.
In regards to the right of privacy with respect to communications made via an Internet website, such as Facebook, the 9th Circuit has found that the unauthorized viewing of a secured website was an unlawful invasion of privacy. Konop v. Hawaiian Airlines, Inc., 236 F.3d 1035 (9th Cir. 2001). In Konop the website at issue was designed as a secure website requiring a user name and password to which an individual could only get a user name and password from Konop. Konop created the website and granted access to fellow employees of Hawaiian Airlines so they could discuss their experiences working for Hawaiian Airlines. Id. The court found the limited access to the website which could only be granted by the creator of the website to be a distinction from other websites requiring a user name and password. Id. This distinction gave the user’s of the website Konop created a higher expectation of privacy than a website which would allow anyone to create there own user name and password. Id.
Websites that are readily available to the public—websites that anyone can access without a user name or password—do not carry an expectation of privacy regarding electronic communications made through the website. Id. A secured website is one that requires a user to insert a user name and password to access the site. Facebook is a website that requires a user name and password to access the site. However, anyone can create their own user name and password and be granted access to the Facebook website. In Konop the user names and passwords were created by the administrator of the website, who only granted access to the website to certain co-workers.
A Facebook user can post as much or as little information about themselves as they want on the profile page. A Facebook user’s profile page is the central part of having a Facebook account where a user can update their status, receive messages from friends, and post pictures. Facebook’s default privacy settings allow other Facebook users to view this information when looking at the profile page. These privacy settings can be changed by each individual user to increase or decrease the access that other Facebook users have to one’s profile page. However, Facebook makes certain information publicly available to everyone: name, profile photo, list of friends, gender and geographic region. This means that even if a user sets their Facebook page to private settings that only allow their Facebook friends to view their page, anyone searching Facebook, or the Internet, can access the publicly available information.
When signing up for Facebook, certain personal information is required, including a user’s name, email, gender, and birth date. Even though it is required, personal information such as an email address, or birth date, can be hidden from other users through optional privacy settings.
The lowest level of privacy setting on a user’s Facebook page is “everyone”. With this setting, Facebook considers all information provided by the user as publicly available. This info is available to anyone through Facebook, through search engines, or even through other websites not affiliated with Facebook.
Facebook is constantly collecting and logging user information. For example, the Facebook website keeps track of all actions a user takes such as adding a friend, joining a group, or creating a photo album. Facebook also collects information from the computer or mobile phone with which a user accesses the site. Facebook collects information on the browser used, IP address, and the other web pages a user visits.
Facebook states that a user’s information is only shared with third parties when the sharing is permitted by the user based on privacy settings, is reasonably necessary to offer services, or when Facebook is legally required to do so.
Facebook Users Expectation of Privacy
Under the 9th Circuit’s standard for an expectation of privacy in websites such as Facebook, the crucial fact is whether or not the site requires a user name and password given to a user by the creator of the website. Facebook users would most likely not be considered to have an expectation of privacy under this test because anyone can sign up for Facebook by creating their own user name and password. Once a person signs on as a user they need to understand that Facebook is a publicly available resource, which anyone can join, as long as they are at least 13 years old. And, once a person becomes a Facebook user, they can access all of the information of their Facebook friends, as well as the information of any Facebook user whose Facebook page has a privacy setting of “everyone”.
By Andrea S.
The Christian Science Monitor recently ran a story about a new website called PleaseRobMe.com. Soon, nearly every popular blog on the web was featuring the story and a link to the site.
PleaseRobMe.com mocks users of FourSquare who connect their location “check-ins” to their Twitter status updates. FourSquare is a location aware service that allows users to tell friends the address of which Starbucks, movie theater, or restaurant they are at. PleaseRobMe.com demonstrates the potential dangers of this technology by allowing users to enter a city or a specific username and get updates on exact locations of other users.
While PleaseRobMe.com focuses on FourSquare and Twitter, there are plenty of other services that have the same function. For instance, Yelp iPhone application users can use the “Check-It” feature to post their current locations to their Facebook status updates. The program even automatically announces if you’re a “regular,” or frequent patron of a specific business.
Ultimately, the developers of PleaseRobMe.com disabled the search feature and replaced it with two articles: one from the Center for Democracy and Technology (CDT) and the other from the Electronic Frontier Foundation (EFF). The articles highlight how location-aware internet services like FourSquare can present a number of problems. One is social; having friends, family or your significant other know your location at all times in undesirable, even if you are doing nothing wrong.
Another problem is emerging, at least in the U.K., is that people who use such services are seen as an insurance risk. Insurers who protect people’s homes and other personal property are concerned about the public’s increasing willingness to reveal extremely personal information. While one small piece of information seems inconsequential, the totality of an individual’s posts could reveal a good deal about their routines and property.
Then there are the legal concerns that come from broadcasting one’s location and activities. In private disputes, such as insurance fraud or problems between employee/employer, location-aware services pose a number of potential problems. For instance, if an individual is on disability, and presumably homebound, too many public announcements of outside location may be cause for a challenge to the benefits – even if not a violation of the benefit program rules.
As for criminal offenses, posting ones location may waive potential 4th Amendment rights. While there are usually some procedural barriers for determining someone’s whereabouts at a specific time, the same is not true for information that is public and observable. Broadcasting real time location for anyone on the internet to read, gives up any reasonable expectation of privacy.
Of course, quick access to this information does not always have a negative result. There are instances where such information could help law enforcement or allow an accused to establish innocence. The question is whether or not citizens want to open themselves up to a system with less protections than those currently enjoyed.
Despite the potential dangers of such services, a recent MSNBC.com article says that location-aware social networking may be a new trend. While it may be a powerful, new, and up-and-coming technology, it has a lot of troubling features. Moreover, it seems unnecessary. Restaurant and shopping reviews can be posted without it being in real time or announcing the reviewer’s current location. Additionally, there are private communication tools that allow friends to find each other. The bottom line is: for the time being social media users will continue to use location based services, like FourSquare, until the negative consequences of surrendering locational privacy hits home.
The suicides of two teenagers became the center of national attention in 2010. Fifteen year old Phobe Prince, an Irish immigrant in Massachusetts killed herself after several months of being the victim of bullying at school and on-line.. More recently, an eighteen year old college freshman named Tyler Clementi jumped off the George Washington bridge after his roommate used a computer camera to record Clementi engaged in sexual activity with another man, and posted the video on the Internet. Both suicides resulted in criminal charges being filed against the alleged bullies.
The suicides turned media and national attention to the growing problem of cyberbullying. Researchers Sameer Hinjua and Justin W. Patchin at the Cyberbullying Research Center found that about 20.8 percent of students under eighteen were the victims of cyberbullies according to a study conducted in February 2010.
This commentary will discuss possible school responses to cyberbullying and potential legal restrictions that might apply to those responses.
The Supreme Court famously upheld the free speech rights of students in the 1968 case Tinker v. Des Moines Independent School District. In Tinker, school administrators punished several students for wearing black armbands to protest the Vietnam War. The Supreme Court via Justice Fortas dismissed the suspensions as violations of the First Amendment. The Court held that schools can only discipline speech if it is creates a "substantial disruption" to the daily operation of the school. Later Supreme Court cases placed limitations on Tinker's sweep. For example, in Fraser v. Bethel School District (1986), The Supreme Court upheld the suspension of a student who, at an assembly, gave a speech filled with sexual innuendo. Chief Justice Burger wrote that the suspension was justified because schools play a vital role in teaching proper civil discourse and could punish students for speech that is lewd and vulgar.
Courts often have found that many instances of cyberbullying and other cyberconduct by student's violate the Tinker standard. For example, the Pennsylvania Supreme Court upheld a student expulsion for a website the student created even though the site was created off campus. In this case, J.S. v. Bethlehem School District, J.S., created an anonymous website attacking school administrators and teachers. He compared one teacher to the Nazis and asked for donations so he could hire a hitman to kill her. The Principal contacted the police and F.B.I. to discover the creator of the website and decided to expel J.S. after the F.B.I. stated they would not file criminal charges against him.
The majority upheld the expulsion even though J.S. did not tell anyone at the school about the website and took it down voluntarily. The Court reasoned that Tinker's substantial disruption standard was met because the teacher-victim suffered emotional distress and needed to take a leave of absence because of the remarks.
Many jurisdictions agree with the decision reached by the Pennsylvania court in J.S. and hold that schools need broad power to punish students for unacceptable conduct even if the actions occur off-campus and not during school hours.
But in other jurisdictions, there are some courts that reach the opposite result. A federal court in California held that a suspension for cyberbullying violated the First Amendment and Due Process in J.C. v. Beverly Hills Unified School District. J.C. created a video mocking a fellow student named C.C. as a slut and posted the video on YouTube. The court noted that J.C., unlike J.S. in the case above, wanted other kids at school including the victim to see the video. J.C. received a two-day suspension. The court held that her suspension violated J.C.'s First Amendment rights because there was no substantial disruption to school activities and the kind of name-calling J.C. did on her video was the every day kind of bullying that school administrators can expect from students.
J.C. also received support for her argument from California Education Code Section 48900(s). The court noted that the statute severely limits the scope of school jurisdiction and no reasonable person can interpret it to allow a school to punish a student for off-campus activities that were not connected to any school function or event.
Many states are considering or have passed legislation to deal with cyberbullying. Oregon's law may represent a well-balanced approach. The Oregon law requires every school district set up a policy for cyberbullying but encourages schools to consult with students, parents, and teachers to create the policy. School districts are required to explicitly tell student's about the policy and the consequences of violations. The victims of cyberbullying maintain their rights to bring private lawsuits against their attackers but the statute itself expressly does not create a private right of action.
My prediction is that the Prince and Clementi suicides will pressure states and school administrators to punish students for off-campus conduct even if it greatly expands school power in constitutionally questionable ways. This is troubling to me because it is probable that cyberbullies often attack their victims during school-hours as well non school hours and school administrators should focus their attention on in-school bullying to solve both problems. This desire to take action against cyber conduct may lead to harsh punishments for what might be considered protected speech in other contexts.