by: Billy Raska, Associate Staff

Starting back in 2011, Innovatio IP Ventures, LLC (“Innovatio”) began suing various hotels, coffee shops, restaurants, supermarkets, and other commercial Wi-Fi users for infringing several patents that it had acquired from Intermec Technologies Corporation and Intermec IP Corporation, Norand Corporation, and Broadcom Corporation.[1] Most of the publicity surrounding this case has focused on the fact that Innovatio is a non-practicing entity and that the act of suing companies for merely using Wi-Fi is an abusive use of the patent system.[2] However, it is equally interesting to examine how Innovatio has gone about discovering the alleged infringement of its patents.

Innovatio sent technicians to the premises of the various hotels, coffee shops, restaurants, and supermarkets that it ultimately sued with a laptop and a Riverbed AirPcap Nx packet capture adapter[3] (or another similar device). The technicians analyzed only the headers of captured Wi-Fi packets using a modified version of Wireshark [4]. On August 22, 2012, in a preliminary ruling on the admissibility of the information that Innovatio had obtained through its Wi-Fi sniffing process, Judge Holderman held that “Innovatio may collect information from the defendants’ public-facing Wi–Fi networks according to its proposed protocol.”[5]

In reaching this conclusion, Judge Holderman examined the potential privacy concerns raised under the Federal Wiretap Act and ultimately found that “Innovatio’s proposed protocol falls into the exception to the Wiretap Act allowing a person ‘to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.’”[6] Judge Holderman relied heavily on the fact that the Riverbed AirPcap Nx packet capture adapter is available to the public to purchase for $698 and the Wireshark software can be downloaded for free. Furthermore, Riverbed offers a more basic packet capture adapter for $198. Therefore, the information that Innovatio obtained was readily accessible because the technology used to obtain it was readily accessible to the general public.

A further analysis of the technology involved here reveals that Judge Holderman could have made an even stronger argument on this point. “[A]ll Wi–Fi devices necessarily store an entire received data packet, including the packet’s substantive communications, while the device processes the packet.”[7] These packets are then subjected to several different types of filters that are used to determine whether or not the packet is addressed to the particular Wi-Fi device. There are two types of filters that are of particular interest here: the first filter is used to determine whether or not the packet was sent on the same Wi-Fi network and the second filter is used to determine whether or not the packet is addressed to the particular Wi-Fi device.[8]

The first filter can be avoided by placing a device in “monitor mode.”[9] Some newer Linux machines have monitor mode functionality built in and for those computers that do not, devices such as the Riverbed AirPcap Nx packet capture adapter can be used.

The second filter can be avoided by placing a device in “promiscuous mode.”[10] This can be achieved by simply checking a box in the Wireshark software. Therefore, once a computer is connected to a Wi-Fi network, Wireshark can be used to capture packets on that Wi-Fi network that are not intended for that computer due to the underlying implementation of Wi-Fi.

This all goes to show that capturing Wi-Fi packets in today’s day and age is very easy to accomplish. There are several benefits to having the ability to place a device in monitor mode, but a lot can be accomplished in promiscuous mode. Innovatio targeted commercial entities that provided an open Wi-Fi network for customers. Anyone connected to one of those open Wi-Fi networks could have installed and run Wireshark in promiscuous mode in order to capture packets for FREE.

A point of concern is that Judge Holderman did not rely at all on the fact that Innovatio only collected the header information of the packets because Innovatio’s protocol fell under an exception to the Federal Wiretap Act. This raises the question: could Innovatio have also collected the personal information that was associated with the captured packets? If so, then this opens the door for companies to use the techniques employed by Innovatio to discover a much wider range of patent infringement than may have been initially anticipated.

by Laura Bedson, Associate Staff

On October 1 of 2013 the much awaited online insurance exchanges launched under the Affordable Care Act.  With this launch millions of uninsured people were to be offered health insurance plans on Healthcare.gov.  Unfortunately the website did not run as smoothly as planned, leaving individuals with error messages and long waits to sign on to the site.  And to date, the website is still experiencing technological difficulties.  These technological errors, while embarrassing, and frustrating, have proven to be the least of the Obama administration’s worries.

Where this mess gets even messier is when you start to contemplate the lawsuits that will inevitably spring up as a result of the problems encountered on the website. Currently the extent of the legal issues seem like a good deal of finger pointing but in today’s lawsuit-happy society, it is likely that lawsuits are possible and imminent.  What we are waiting for at this point is for the tangled web of culprits to be unwoven. 

Health and Human Services Secretary KathleenSebelius is part of that web, and is one of the parties who has been the subject of much scrutiny as a result of the website’s failure.  Secretary Sebelius is convinced that by the end of November the majority of consumers will be able to successfully use the site to enroll in their insurance plans.  This does not mean however that Secretary Sebelius is off the hook.  She along with an additional 55 or so contractors reportedly involved in setting up the Obamacare federal exchanges stand to be implicated in lawsuits seeking refunds as a result of the site’s malfunctions.[1]  In fact, on Thursday, October 24, House Oversight Committee Chairman Darrell Issa threatened Secretary Sebelius with a subpoena saying that if she didn’t respond to questions about the problems with the website she could possibly face compulsory action.[2]

Action can come about in the form of the federal government suing for refunds or withholding payment to contractors.  In response to this, the contractors who feel they are entitled to payment could sue.  In addition, the contractors can sue one another.  This web of blame is undoubtedly tangled but with so many players involved it is likely that someone will be impacted.  Harv Lester, who spent 20 years litigating in the Justice Department’s Civil Division is quoted saying that “the government, to recover damages, will have to prove which contractor or contractors are responsible for any defects.”[3] 

Overall this ordeal is just beginning.  It is likely that we will have to wait until the end of November, as Secretary Sebelius has predicted to determine what the extent of the damage is.  Right now it is clear that these technological glitches carry more weight than anticipated.   We will just have to continue waiting and watching to see how the rest of the story unfolds.

by Miles Jolley, Associate Staff

Your initial response to this question is probably, “No way bro!” But answering this question under Virginia law may not be as easy as it seems.  If your league requires an entry fee and then allocates the pot to your league’s best, you may be breaking Virginia law.

Illegal betting in Virginia is prohibited by statute.  The statute reads, in pertinent part: “‘Illegal gambling” means the making, placing or receipt of any bet or wager . . . made in exchange for a chance to win a prize . . . dependent upon the result of any game, contest or any other event the outcome of which is uncertain or a matter of chance.”[1]  Broken down, this means that if you put down money in order to win a prize (more money), and winning is dependent upon events out of your control, you are an illegal gambler in Virginia.  However, there are exceptions in the code as well.  The relevant exception to Virginia’s gambling law reads: “Nothing in this article shall be construed to prevent any contest of speed or skill between men . . . where participants may receive prizes or different percentages of a purse . . . dependent upon their position or score at the end of such contest.”[2]  This exception carves out immunity for people who involve themselves in games of skill for gain.  The big difference between these two statutes is whether the contest involves a game of chance or skill.  So the title question boils down to another question: what are fantasy sports, games of chance or games of skill? 

There are certainly elements of both involved.  On the skill side, fantasy sports require fantasy owners to evaluate hundreds of real-world players’ potentials before the draft to determine when to, if at all, draft certain players.  Additionally, players are constantly assessed during the season for trade value, starting spots, and free-agent acquisitions.  All of this seems to include some sort of skill.  Owners need to interpret a player’s past performance, future matchups, etc.  Any first-time owner will tell you this is not easy, and requires loads of skill and experience. 

On the chance side, all of that assessment hinges on the performance of a real-world player.  Everything about this aspect of fantasy sports is out of the owners’ hands.  A player’s performance depends on coaching decisions, injuries, the other team’s performance, etc.  Again, any fantasy owner can tell you how unpredictable fantasy sports can be.  This chance is the reason gambling is illegal in most states; as wagering money on unknown outcomes is seen as morally defect.  The distinction between skill and chance is what this issue hinges on, but federal law may provide a guiding light for future Virginia statutes.

Betting on fantasy sports is not illegal under federal law.  In fact, there is a special carve out for this activity.  In 2006, the Unlawful Internet Gambling Enforcement Act established widespread provisions limiting online gambling.  However, members of Congress (I wonder how contentious that fantasy league must be) made a specific exception for fantasy sports.  Betting is allowed on fantasy sports so long as rosters aren’t based entirely on the rosters of real sports teams, prizes are established at the outset of the league, outcomes are based on the skill of fantasy owners and the collective statistical performance of several individuals, and so long as outcomes aren’t based entirely on one team’s or one individual’s performance.[3]  Virginia, if it so chooses, can use this statute as an example to exempt fantasy leagues from its illegal gambling law.

 While nobody in Virginia has ever heard of fantasy sports leagues being prosecuted, it still could very well be illegal.

by Spencer Mead, Associate Staff

Shopping today looks very different than it did 20 years ago. Online retailers like Amazon have forever changed the way consumers shop. A person can hop on the internet, travel to a website such as Amazon.com, and order a wide variety of items in a matter of minutes. This method saves time traveling to the store, walking around to find what you want, and in most states shopping online is cheaper. The reason for this is because most states have not enacted any form of taxation on online retail sales. Thus, making the total cost cheaper to shop online than in a local store.

In this day and age of budget cuts and deficits, should online retailers be taxed by states? The taxation would help generate revenue for states desperate for income, and remove the incentive for people to buy online instead of going to their local retail store. But it would come at a cost to the average consumer having to pay slightly more for all online purchases. Now this probably would not have a significant impact on consumers overnight, but the few dollars of tax on each purchase would add up over time. Eventually, these dollars could add up to having a significant impact on families already stretched thin from the recession.

 18 states have determined that they are allowed to tax online retailers, and these states have enacted some form of law taxing sales that take place on the internet. However, the Illinois Supreme Court invalidated a state law allowing taxation of online retailers.[1] The Court determined that the state tax was superseded by Federal Law, and therefore not valid.[2] You might be thinking to yourself, “So what? I don’t live in Illinois so this can’t possible impact me.” However, that would be looking at this issue very narrowly.

This split created by the states could lead to the Supreme Court stepping in to determine if states are allowed to tax transactions taking place on the internet. This has the potential to have an impact on online shoppers across the United States, not just Illinois. This would also have an impact on how states can or cannot generate extra income from taxes on the internet as a whole. A Supreme Court ruling could also greatly affect how retail chains approach online shopping. Even if you are not an online shopper, this can impact you in the future. Large retailers like Wal-Mart and Amazon believe the future of retail lies somewhere between in-store shopping and online shopping.[3]

Regardless of how you shop, you need to be aware of the taxation of online goods. In the future, all goods might be bought and sold online. That is not the case today, but the current decisions of the courts and lawmakers will have a significant impact on the future of retail shopping.

by Laura Bedson, Associate Staff

Consumers will stop at nothing to get their hands on the newest Apple products.  But, it appears that with the launch of the iPhone 5s those same hands will be used for something more than just coveting Apple’s newest creation.  The introduction of the 5s also meant the introduction of “Touch ID”,  Apple’s latest technological toy, which has replaced the old passcode system as the means of unlocking one’s phone.  As always, Apple has outdone itself with the release of its newest device, however lawmakers have voiced concerns over Touch ID, specifically it’s Fifth Amendment implications.

 Touch ID has been touted by many as the fingerprint scanning device on the new iPhone.  But this is not what it does.  Instead, it goes deeper to get at information under your skin.  Put (very) simply, the technology in the home button of the phone scans information from the sub-epidermal layers of the skin and uses it as one variable in a larger mathematical representation of your fingerprint to identify you as the owner of the phone and unlock it.[1]  What this means is that the biometric system is more concerned with the capacitive properties of the user’s finger than with its print.[2]

 This procedure is markedly different from the alphanumeric password that iPhone users have been used to, in that it would no longer require users to remember such passwords.  While this may seem like a great idea for those of us whose brains are already at capacity, lawmakers and scholars have approached this new advancement skeptically.

 This skepticism grows out of the possible Fifth Amendment implications of using the Touch ID, specifically the right against self incrimination.  Under this privilege, a witness in a criminal or civil proceeding is protected from revealing information that has the potential to incriminate herself.[3]  The privilege however only extends to testimonial statements, which is a statement that reveals the contents of one’s mind.  A password is something that is (ideally) stored in one’s mind, and as such, qualifies as a testimonial statement.  Based on this logic, law enforcement cannot compel a phone’s owner to incriminate herself by requiring her to enter her password and provide access to the contents of her phone.

 Where the privilege fails is when we enter the realm of biometric data, data which includes but is not limited to fingerprints, blood work, and DNA.  Courts have determined that because this evidence does not speak to what someone “knows”, it is not testimonial and therefore is not privileged. Therefore, the use of the new Touch ID technology, which focuses solely on this biometric data, may make it easier for the government to compel information without implicating the Fifth Amendment privilege against self incrimination.  Without this privilege, a phone user would be forced to use her finger to unlock her phone and reveal its contents law enforcement. 

 Over the years our phones have become an extension of our brains, storing all types of what we may consider personal, classified information.  As our reliance on our phones and the information they store increases, it is now, more than ever, crucial to be aware of how these newest advances, while exciting, can impact the right to privately store and access that information.  It will take time to know whether these advancements have constitutional implications, but until then knowledge is power and consumers need to be alerted to the possibility of infringement on their rights.

by Jasmine McKinney, Associate Staff

In late September, a federal judge allowed a lawsuit against Google to move forward, when ruling that Google may indeed be violating wiretap law when it scans the e-mails of users not using a Gmail account.[1]  Google utilizes automatic scanning of all e-mail that comes through its servers to work its spam filter, build user profiles, and target advertisements.[2]  The main concern is that when one reads Google’s privacy policy, there is no mention of the fact that the content of e-mails — either between Gmail users or Gmail users and users of other email service providers — are being collected.  This suit against Google has made it possible for similar lawsuits to surface against other e-mail service providers.  In early October, a class action arose claiming that Yahoo violates the Wiretap Act as well as other California laws that forbid intercepting private communications.[3]

The Electronic Communications Privacy Act serves to regulate the collection of content through wire and electronic communications.[4]  This Act was an extension to what is commonly called the “Wiretap Statute” and forbids the “intentional interception, use, or disclosure of wire and electronic communications unless a statutory exception applies.”[5]  There were two primary exceptions under the Wiretap Statute.  The provider exception grants providers the right to intercept and monitor communications in an effort to combat theft or fraud.  Additionally, there is also the exception that when information is readily accessible to public any person is permitted to intercept that electronic communication.  In 2005, the Second Circuit interpreted another exception to the Wiretap Act when it ruled in Hall v. Earthlink Network, Inc. that Earthlink’s continued reception of emails sent to plaintiff Hall’s account did not constitute an “interception” under the Wiretap Act because it was part of Earthlink’s “ordinary course of business.” [6]

Lawsuits such as the ones against Yahoo and Google have raised the question of whether e-mail users should have a reasonable expectation of privacy concerning the messages they send via a third party service providers.  The third party doctrine that was articulated in Smith v. Maryland where the Supreme Court held that once a person involves a third party in communication any legally enforceable privacy rights are lost.[7]  This is precisely the argument that e-mail service providers have attempted to make.  Regardless of which provider an individual chooses to use for their own personal e-mail, once a message is sent to a user who uses some other provider, one’s right to privacy is lost.  However, the question remains whether this doctrine should apply to email service providers like Google and Yahoo.

Aside from an expectation of privacy, there are a number of concerns raised by the use of automatic e-mail scanning.  For example, does Google use automatic scanning solely for the purposes it states or should users be concerned about something more?  Further, should users be concerned with whether the information that is scanned from the e-mails they send is stored by email service providers?  Overall, where should the line be drawn?  The fact remains that we live in a highly technology driven world.  If individuals cannot expect their communications via the Internet to be private, by what means can that expectation be met? Perhaps as this recent litigation continues to unfold, a clear answer will be given as to whether email scanning by service providers is indeed permissible under the Wiretap Act.      

by Fiona Clancy, Associate Staff

On Monday, October 14, 2013, two girls, ages twelve and fourteen were arrested in Florida and charged with aggravated stalking, a third-degree felony.[1]  The charges against the two suspects stem from their cyberbullying of Rebecca Sedwick, just twelve years old, who killed herself in September.[2]  Rebecca had been targeted by the two suspects over the course of ten months, with the suspects posting harassing online messages, among them that Rebecca should kill herself.[3]  Florida Sheriff Grady Judd said the tipping point for making the arrests on Monday was one of the suspects allegedly posted a callous message about Rebecca’s death on Facebook the Saturday before, which included her acknowledging she bullied Rebecca.[4]

“Yes ik [I know] I bullied REBECCA nd she killed herself but IDGAF [I don’t give a (expletive)]”[5]

On Wednesday, October 16, 2013, two days later, Facebook announced its new privacy policy for teens.[6]  Never before were teens able to make their Facebook posts, pictures, and videos publically visible to anyone and everyone.[7]  Facebook describes the policy change for teens as “a new option to share broadly,” claiming teens “want to be heard.”[8]  While the Facebook news release features one post about a teen publicizing a food drive, and another post about a teen running in a 10k charity run as examples of this new policy in action, one can easily imagine the dark side of this new power in the wake of Rebecca Sedwick’s torment and subsequent suicide.[9]

Cyberbullying among teens is a recognized problem in this country, and is its effects are serious.  A 2011 study found that 16% of high school students were electronically bullied in the past year, and that kids who are cyberbullied are more likely to use alcohol and drugs, skip school, have lower self-esteem, and have more health problems.[10]  Cyberbullying is especially troubling because kids who are cyberbullied have a harder time getting away from the behavior.[11]  Before Rebecca’s suicide, she had run away from home, been hospitalized for cutting herself, and had changed schools to escape the torment, but the bullying continued online.[12]

So why did Facebook decide to change its teen privacy policy?  Reports speculate that Facebook’s change is motivated by a desire to increase its bottom line.[13]  Marketing and advertising companies that work with Facebook are eager to reach impressionable young consumers and target their advertisements to them.[14]  Now that teen users will be able to post information publicly, marketers and advertisers will glean more information about those teens, which they will use to personalize advertisements directed specifically to them.[15]

On the legal front, some say the felony charges filed in Florida may mark a turning point in how U.S. law enforcement agencies handle the problem of cyberbullying and stalking, with national ramifications for the prosecution of such cases.[16]  Sheriff Judd said he hoped the arrests would have an impact on cyberbullying, and some say Judd’s tough stance electrifies the growing movement to intensify the battle against juvenile bullying, which has increased and intensified in the era of social media.[17]  Even before the arrests, Florida took the lead nationally in 2004 when it passed a major cyberbullying amendment to its criminal code, which spurred other states to follow suit.[18]

Time will tell how these two events, which intersected so poignantly last week, will continue to play out for teens in this country.

by Jessica Ertel, Associate Staff

How many times have you subconsciously clicked the thumbs up button on Facebook?  Every time you log onto Facebook, it is inevitable that something amusing, smart, or relatable will pop up on your news feed which will warrant the social sign of approval, the “like.”  Facebook processes approximately 2.7 billion of these “likes” every day.[1] While Facebook liking simply seems to be yet another form of social interaction, it actually has greater consequences than one might realize.   

Recently, the Fourth Circuit Court of Appeals ruled that “liking” on Facebook constituted protected free speech.[2]  When a former deputy sheriff in Hampton, Virginia, pressed the thumbs up button for his boss’s opposing candidate in the Sheriff election, he suffered an adverse employment action.  By simply liking a Sheriff candidate’s Facebook page, Daniel Ray Carter was expressing his political opinions, expressions that deserve the highest Constitutional protection.  However, the Court noted that this First Amendment level of protection fluctuates depending on whether an individual who has a policymaking role is expressing opinions that intersect with or undermine that public role.  Since a certain political affiliation was not an appropriate requirement for Carter’s job, his political expression on Facebook was given significant protection.  It was improper for Carter to be fired for showing political support for a Sheriff candidate.  

Undoubtedly, every U.S. citizen has the right to freedom of speech.  Yet, it makes sense that an employer can take their employee’s political beliefs into account when that employee’s job necessarily entails policymaking.  An employer will probably not want to hire someone whose Facebook page is stamped with Hitler support groups or racist slurs.  Thus, there is a caveat to the ruling that Facebook “liking” is protected free speech.  While such speech is one’s Constitutional right, that expression is inevitably made public and thus available to whoever happens upon your Facebook page.

The same is true for one’s Twitter account.  Even though there is an option to make one’s Twitter profile private, this social media site provides in its Privacy Policy that any information that a user posts is considered publicly available information.[3]  In a New York case, the Court ruled that the defendant’s Twitter account could be subpoenaed after he participated in an Occupy Wall Street march on the Brooklyn Bridge.[4]  Presumably, the defendant’s political expressions on Twitter would be used against him to prove that he participated in this protest in which he was arrested for disorderly conduct. 

Since Facebook liking now qualifies as protected First Amendment speech, it seems that tweeting should qualify as well.  And, although these social media expressions are guaranteed Constitutional protection, that does not diminish the fact that these expressions are made public.  An employer cannot fire someone for their political expressions on Facebook or Twitter, but there is still the reminder that those opinions and views are out there for the world to see.