Legal Research on Technology Protection

11 February 2007

John Figueroa

 

Question Presented:

(DF) Suppose my software permits me to monitor your use of it in a way which would be a tortious invasion of privacy if done by a human being.

 

Is it still tortious if the information never goes to a human, but simply feeds into a program which tells me whether you are violating your license but not what you are doing?

 

Approach:

First, the common law on “invasion of privacy” torts is reviewed in section 1.  Invasion of privacy is classified as four separate torts under the common law and the elements of each are expressed for the Prima Facie case. The first tort has the main applicability to the question. The other three are recited with far less detail.

 

Section 2 shows the other federal applicable law for computer intrusions and one particular section is highlighted as relevant.

 

Section 3 offers as conclusion as to the likely outcome of the question.

 

Section 1:

 

·         Tort 1: Intrusion into privacy; Intrusion into one’s private life

·         Prima facie elements

o       Highly offensive intrusion into plaintiffs private life

o       Intent or Negligence

o       Causation

 

·         Protected locations: the law protects those areas the plaintiff has a reasonable expectation of privacy.

o       Pearson v Dodd, 410 F.2d 701 (1969)

·         Examples: private home wiretapping is a clear invasion

o       Hamberger v Eastman, 206 A.2d 239 (1964)

·         Counter examples: no right of privacy for corporations, reasoning that a corporation has no traits of a highly personal and sensitive nature.

o       Warner-Lambert v. Execuquest, 691 N.E.2d 545 (1998)

 

Since the human act was tortuous then the plaintiff must have had an expectation of privacy, and the same or greater expectation would exist where the “presence of monitoring activity” could not be detected. A computer program is less detectable than a human presence, and leads to a higher expectation of privacy.

 

·         Types of intrusion: Any behavior that intrudes on the plaintiff’s solitude may be actionable. Trespass is usually found to be an intrusion, but several nonphysical intrusions have also been found.

o       Tanning solon nude photos, Sabrina v Willman

§         540 N.W.2d 364 (1995)

o       Peering with telescope into a bedroom

o       Unauthorized recordings of conversations (1985)

o       Distinguish each of these since the full information is conveyed to the defendant. Here only license use is sent.

 

In the present question the unauthorized interference is with computer chattel and is considered a trespass by several courts below and is therefore relevant as reported below.

 

Applicability of Common-Law Trespass Actions to Electronic Communications, 107 A.L.R. 5th 549

·         Liability in trespass for unauthorized search or use of an Internet web site has been established or held supportable where--

·         -- the court determined that the owner of an online auction site was likely to prevail on its trespass claim against an online auction aggregating site, which was using programs to conduct automated searches of the owner's site without authorization, for purposes of obtaining a preliminary injunction, where there was evidence that the defendant's intentional conduct diminished the quality or value of the owner's computer systems, and that the public interest did not weigh against granting a preliminary injunction.[FN1]

·         -- in an action by a software company alleging, inter alia, that the defendant forms processing corporation was liable for trespass due to the fact that a consultant that it hired or contracted with to increase its prominence with search engines used a search "robot" to copy metatags from the plaintiff's web site for use in the defendant's web site, the court, denying the defendant's summary judgment motion, held that, although the plaintiff presented no evidence that the use of the consultant's robot interfered with the basic function of the plaintiff's computer system, and, in fact, the plaintiff conceded that the consultant's robot placed a "negligible" load on the plaintiff's computer system, the consultant's copying of the plaintiff's metatags was, nonetheless, sufficient to prevail on its trespass claim.[FN2]

·         [FN1] eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000) (applying California law).



·         [FN2] Oyster Software,Inc. v. Forms Processing, Inc., 2001 WL 1736382 (N.D. Cal. 2001) (applying California law).

 

Applicability of Common-Law Trespass Actions to Electronic Communications, 107 A.L.R. 5th 549

In general, a trespass to chattel is the intentional use of or interference with a chattel, or personal property that is in the possession of another, without justification. It is the intentional dispossession of another of the chattel, or the use or intermeddling with a chattel in the possession of another. It has been held that any unlawful interference, however slight, with the enjoyment by another of his or her personal property, is a trespass. [FN1] Under the law of some states, in order to prevail on a claim for trespass based on accessing a computer system, the plaintiff must establish that the defendant intentionally and without authorization interfered with the plaintiff's possessory interest in a computer system and that the defendant's unauthorized use proximately resulted in damage to the plaintiff.[FN2]


            [FN1] Am. Jur. 2d, Trespass § 16.



[FN2] eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (N.D. Cal. 2000) (applying California law).


 

·         Intrusion must be highly offensive: it must be highly offensive to the reasonable person.

o       Hotel guests do not need to show that the they were watched through a hole in the bathroom mirror; the mere possibility of intrusion is sufficient. Carter v Innisfree Hotel, 661 So. 2d 1174 (1995)

 

Notwithstanding the unauthorized use of plaintiff computer, the nature of the information conveyed back to the software licensor will need to be “highly offensive” by both subjective and objective standards.

 

We can only presume in this question that if a human observation were tortious then the computer invasion would be equally offensive and tortious.

 

·         Intent: the plaintiff need only show that the defendant intended the intrusion, not that it was intended to be offensive.

o       Restatements 2d § 652B

o       Ohio court held that negligently permitting intrusion also had liability where the actions of a phone company in giving a husband the phone number of an estranged wife caused the intrusion.

 

Software licensor’s knowing use of the program to retrieve data that is unauthorized, is sufficient noting that offensiveness is not required.

 

·         No publication is necessary: If the invasion is a wiretapping, no publication is needed, since the interest protected is the plaintiff’s right to be let alone, rather than his right to control the information. Rhodes v Graham 37 S.W.2d 46 (1931)

 

 

·         Causation: The defendants conduct must be the cause in fact and the proximate cause of the invasion and the ensuing damage.

 

Software licensor’s knowing use of the program to retrieve data that is unauthorized, is sufficient either by manually retrieving the license use information or having programmed the software to deliver the use information. In either mode of operation the manual act or the programming act are the direct cause of use information retrieval.

 

 

·         Defenses: Authorization by law and or consent are defenses as with other torts.

o       However, the conduct must not exceed the scope of consent. Example; Consent to investigators did not extend to placement of a secret monitoring device in hospital room. McDaniel v Atlanta Coca-Cola Bottling, 2 S.E.2d 810 (1939)

 

While it may be possible that the EULA authorizes an audit of license use, the question present poses the question as an analogy to a tortuous human act, and therefore, the defense of consent is assumed not applicable.

 

Further some portions of “click though” agreements have been held non-binding.

 

Cases: Computer user could not be compelled to arbitrate his claims against software developer and internet marketing company for damages caused when software known as "spyware" was downloaded onto his personal computer, even though computer users were presented with opportunity through hyperlink to read end user license agreement (EULA) containing arbitration clause prior to downloading software from software developer's website, where user claimed that he downloaded software bundled with spyware from third-party distributor and never visited developer's website, and uninstalling spyware was significantly confusing and vexing process. Sotelo v. DirectRevenue, LLC, 384 F. Supp. 2d 1219 (N.D. Ill. 2005);

 

·         Damages: pure emotional distress and mental anguish are sufficient damages; thus, the plaintiff need not prove special damages or pecuniary loss.

 

Similar damages would apply to both human and software invasions of privacy.

 

 

·         Tort 2: Public disclosure of private facts. The elements are:

o       Highly offensive public disclosure of private facts about the plaintiff. (Not a voluntary public figure)

o       No legitimate public interest (Not newsworthy)

o       Fault in making the disclosure (Falsity not needed, only that it be highly offensive in nature)

o       Causation

 

·         Tort 3: Appropriationof the plaintiffs name or face for commercial purposes

o       Unauthorized use by defendants of palintiff’s name or likeness for a commercial purpose. (Not required to be highly offensive)

o       Causation

o        

·         Tort 4: A Publication placing the plaintiff in false light

o       Publication by defendant that places plaintiff in a false light. (Highly offensive) (knowing or reckless falsity if “Newsworthy” matter)

o       Causation

 

Section 2:

 

Federal Criminal Code Related to Computer Intrusions

·         18 U.S.C. § 1029.  Fraud and Related Activity in Connection with Access Devices

·         18 U.S.C. § 1030.  Fraud and Related Activity in Connection with Computers

·         18 U.S.C. § 1362.  Communication Lines, Stations, or Systems

·         18 U.S.C. § 2510 et seq.  Wire and Electronic Communications Interception and Interception of Oral Communications

·          18 U.S.C. § 2701 et seq.  Stored Wire and Electronic Communications and Transactional Records Access

·          18 U.S.C. § 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information

 

The following title section 1030(a)(2) seems particularly appropriate to the question presented.

 

TITLE 18. CRIMES AND CRIMINAL PROCEDURE

PART I—CRIMES, CHAPTER 47--FRAUD AND FALSE STATEMENTS

§ 1030. Fraud and related activity in connection with computers

(a) whoever--

(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--

·         (C) information from any protected computer if the conduct involved an interstate or foreign communication;

 

The requirements for this crime are so few and broad that it appears very relevant.

Intent had previously been shown.

The software runs on a computer, and it is that computers activity that is accessed.

The authorization does not exist as the question implies.

Information about the license use is accessed from the computer.

The only question is whether federal jurisdiction applies.

 

An further explanation follows.

In 1986, Congress passed the Electronic Communications Privacy Act ("ECPA"), which, among others things, extended the prohibitions contained in Title III of the Omnibus Crime and Control and Safe Streets Act of 1968 (the "Wiretap Act"), 18 U.S.C. §§ 2510-2521, to electronic communications that are intercepted contemporaneously with their transmission—that is electronic communications that are in transit between machines and which contain no aural (human voice) component. Thus, communications involving computers, faxes, and pagers (other than "tone-only" pagers) all enjoy the broad protections provided by Title III unless one or more of the statutory exceptions to Title III applies.

Exception: Protection of the Rights and Property of the Provider

Title III also permits providers of a communication service, including an electronic communication service, the right to intercept communications as a "necessary incident to the rendition of his service" or to protect "the rights or property of the provider of that service." 18 U.S.C. § 2511(2)(a)(i).

This exception to Title III has some significant limitations. One important limitation is that the monitoring must be reasonably connected to the protection of the provider’s service, and not as a pretext to engage in unrelated monitoring. While no court has explored what this limitation means in the computer context, by way of analogy, one court has held that a telephone company may not monitor all the conversations of a user of an illegal clone phone unrelated to the protection of its service. See McClelland v. McGrath, 31 F. Supp.2d 616 (N.D. Ill. 1998).

 

Section 3:

Under state tort civil law, if the nature of the information would have been “highly offensive” and the computer access was equally offensive then it would appear to also be an invasion of privacy. The burden of proof required would be “preponderance of the evidence.”

 

Under Federal criminal law, if a showing of international or interstate communication  existed then Federal law would  not require the information to be “offensive” but merely unauthorized. The burden proof required would be “beyond a reasonable doubt.”

 

 

Sources:

I have relied greatly on WestLaw, Gilberts, and AmJur to draw the relevant case law.