Computer Investigation Law
Investigators engaged in electronic discovery should be mindful of posted terms, conditions, EULAs, labels, notices, warnings, banners, contracts, agreements and no-trespassing signs. They can have legal effect in the electronic world, and may be binding on an investigator who encounters them.
Consider Pietrylo v. Hillstone Restaurant Group.
While off-duty, restaurant employees maintained a password-protected MySpace forum, labeled as “talk about all the crap/drama/and gossip occurring in our workplace, without having to worry about outside eyes prying in.” Pietrylo created and maintained the forum, explicitly designated it as “invitation only,” and distributed passwords to a limited number of employees. One of these employees gave her password (whether voluntarily or otherwise is unclear) to restaurant management. Management accessed the forum, and discovered . . .
Pietrylo and his co-worker sued the restaurant. The jury concluded that management accessed the forum without authority, in violation of the Federal Stored Communication Act and the New Jersey Wire Tapping & Electronic Surveillance Control Act. The jury said plaintiffs were entitled to back pay in the amount of $3403.
The jury further answered that management's interrogation of the MySpace forum was “malicious.”
My interpretation: The words that labeled the forum as private contributed to the legal conclusion that management had maliciously violated privacy law. In this case, management may have believed it was acting like an HR supervisor investigating legitimate workplace issues that might be relevant to topics such as hostile work environment. Nevertheless, the law concluded that this social media forum was outside the workplace and off-limits to an employment supervisor, in good part because it was bounded by words that so declared. The forum here was MySpace, but it could have been Facebook, Twitter or Google Buzz.
Legal terms posted in cyberspace are powerful. Just as posted terms can be legally effective against a human resources investigator, they might be binding on other computer users, such as spies or hackers who attack or invade corporate or government networks. Or, they might be effective against snoopy divorce lawyers.
Mr. Wright delivers professional training on cyber defense law, ethics, privacy and investigations under the SANS Institute. His SANS courses teach investigators how, in the electronic environment, to use, understand and watch out for legal terms, notices, policies, contracts, disclaimers and the like. He often serves as a public speaker at professional meetings.