Eugene links to the complaint in the school-provided-laptop-with-cameras case, and I wanted to offer a few thoughts on it from a legal standpoint. I’ll assume the school’s statement as to what happened is accurate, and the computer’s camera was turned on and a still photo was taken only when the school believed the laptop had been stolen or was missing. (To be clear, I’m not sure that statements is true, but I need to assume something to get a sense of how the law applies: That seems a reasonable starting point.)
My tentative bottom line: The schools violated the Fourth Amendment rights of students when they actually turned the cameras on when the computers were at home. On the other hand, the schools did not violate the federal statutory surveillance laws.
1. The federal Wiretap Act cause of action doesn’t work. The computers allegedly took still images of the student, but the Wiretap Act doesn’t apply to video images. The Wiretap Act applies to bugging audio equipment (“oral communications”), intercepting phone calls (“wire communications”) and intercepting computer communications (“electronic communications.”). But the alleged interception here is of a video image without sound, and the Wiretap Act doesn’t apply. See, e.g., United States v. Koyomejian, 970 F.2d 536, 539 (9th Cir.1992); United States v. Torres, 751 F.2d 875, 880 (7th Cir.1984).
2. As far as I can tell, the Pennsylvania wiretap statute is identical (as relevant here) to the federal Wiretap Act. If I’m right about that, the Pennsylvania wiretap act cause of action doesn’t work either.
3. The Stored Communications Act cause of action is frivolous. Individual laptops are not electronic communication service providers under ECPA.
4. The Computer Fraud and Abuse Act claim doesn’t work, either, even if you can get past the unauthorized access issues, because the civil cause of action under 18 U.S.C. 1030(g) requires you to show loss aggregating at least $5,000. Loss is a defined term under 1030(e)(11) which refers to reasonable economic costs suffered by the intrusion. Also, you can’t aggregate losses for other related intrusions of other students, if there were any, because this isn’t a case brought by the United States Government. See 1030(c)(4)(A)(i)(I). I don’t see how the plaintiff here suffered $5,000 in economic loss. The complaint makes no mention of any such losses.
5. The Fourth Amendment issues here are interesting. I can’t speak to the Pennsylvania common law cause of action, but at least among the other causes of action, this strikes me as the most serious. Let me break down the issues in two steps:
a) This case is brought as a class action, but the Fourth Amendment issues here don’t work as a class action. Any “search” here didn’t occur until the camera was turned on, which according to the school occurred when the laptop was thought to be lost or stolen. That means no search occurred under the Fourth Amendment for students who had laptops that were not turned on. See United States v. Karo, 468 U.S. 705 (1984) (“The mere transfer to Karo of a can containing an unmonitored beeper infringed no privacy interest. It conveyed no information that Karo wished to keep private, for it conveyed no information at all. To be sure, it created a potential for an invasion of privacy, but we have never held that potential, as opposed to actual, invasions of privacy constitute searches for purposes of the Fourth Amendment. . . . It is the exploitation of technological advances that implicates the Fourth Amendment, not their mere existence.”).
b) Taking the photograph inside the home seems pretty clearly to be a search under Karo. The school might try to justify this under the special needs exception: The school issued the laptop and could search it to investigate misconduct under New Jersey v. TLO. The problem with this argument is that the school didn’t search the laptops: They searched the home where the laptop happen to be present.
Is there some other reasonableness framework that can apply in that situation to justify the search of taking the photograph? None come to mind: I would think the government would have to use the probable cause of the computer being taken to get a warrant to justify turning on the camera. So unless I’m just missing something, this was a Fourth Amendment violation for taking the still image of the home without obtaining a warrant.
6. As I said, I’m not sure about the Pennsylvania common law tort claim. I’ll leave that one to the tort lawyers.
Instapundit » Blog Archive » SCHOOL SPIED ON STUDENTS AT HOME via laptop webcams? “The suit says Lower Merion School District of… says:
CurlyDave says:
With regard to your point 1, the computers issued are capable of both audio and video transmission. While I don’t know if turning on the camera in this instance also turned on audio transmission, I would not hang my hat on audio being off during video transmission.
The actual video transmission is streaming video, with the ability to capture a still image. I think the video stream can also be captured. CurlyDave(Quote)
Orin Kerr says:
Curly,
I wouldn’t hand my hat on either side’s version of the facts, given that all we have now is a complaint and a press release in response. Orin Kerr(Quote)
Off Kilter says:
I think the lesson here is an old one: Beware of government school officials bearing gifts... Off Kilter(Quote)
Phanatic says:
Orin, unless I’m missing something, 18 USC 2510 defines “electronic communication” as:
“Signs, signals, writing, *images*, *or* intelligence of any nature.” How does “images” not include...well, photographs? The definitions would certainly seem to include webcam photographs under “electronic communications. Phanatic(Quote)
JKB says:
Some one tell me how they knew that turning on the video wouldn’t image the child while nude or engaged in some sexual activity. Did they see those images and then delete them? Are they sure all those with access to the images didn’t save some child porn? What about the risk that the laptops set up with this weren’t compromised by pedophiles?
Sure these aren’t really going to work in court but someone who stands for election needs to explain why the school consciously chose to increase the risk that kids in the school/district will be exploited by pedophiles.
The real risk of opening monitoring holes like this is that you’ve done 3/4ths the work for a hacker. All he has to do is break the probably weak password protection on the “officially” installed malware. JKB(Quote)
TMLutas says:
The computer is a state agent that is both stationed at a private home and feeding off of its supplies. Isn’t there a 3rd amendment cause here? TMLutas(Quote)
stradageezer says:
Please don’t crucify me, I’m neither a lawyer, nor a law Student. I’m just a periodically humble computer security professional
I haven’t had the luxury of reading the complaint yet, but I have heard no mention of the standard “this system is monitored, by using it you agree to be monitored” message that we see throughout Corporate America and the Federal Government being present on these allegedly stolen laptops. Absent that message, the students MAY have themselves covered from the standpoint a reasonable expectation of privacy.
No mention has been made as to how a laptop is deemed stolen, allegedly the trigger which turns on of the camera.
Additionally, in the original news stories are mentions of catching the families in various stages of undress and some other unmentioned compromising situations. One might logically ask the obvious question as to the number of images that need to be collected to establish identity. I’m not well versed in the possibility of using an automated process to collect images from an embedded cameras, but this has either creepy, or ill-advised policy written all over it
My gut tells me there might be something else going on here that the school system would wish to go away. I could be wrong. Wouldn’t be the first time, and won’t be the last, but the complaint points to multiple images of people in various stages of undress that were captured and stored.
Just noticed that the school system publicly dropped the policy.
Just sayin’ stradageezer(Quote)
Bruce Boyden says:
“Individual laptops are not electronic communication service providers under ECPA.” There’s actually a troubling amount of confusion about whether the equipment on either end of a transmission is a “facility through which an electronic communication service is provided.” E.g., some of the cookies cases, and at least one fax machine case, seem to hold this. But I’m not sure where you’d locate the “electronic communication [in] electronic storage” here. I don’t think it could be the very photograph that the asst. principal took during her unauthorized access — that seems like bootstrapping.
Phanatic, the image file that the asst. principal transmitted using the webcam is clearly an electronic communication. But she didn’t “intercept” that transmission, she caused it. And while the Wiretap Act also prohibits electronic eavesdropping, i.e., using a device to listen in on someone’s oral conversation without their consent, it does not prohibit electronic snooping, i.e., using a device to look at someone without their consent. Bruce Boyden(Quote)
Orin Kerr says:
Phanatic,
The thing intercepted needs to be an “electronic communication,” and an electronic communication must be “transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system.” A still image taken by a camera does not intercept something that has been “transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system.”
JKB,
I’m confused: Is there an allegation that the camera captured images that were images of minors engaged in sexually explicit activity? Orin Kerr(Quote)
memomachine says:
Hmmm.
1. Quick someone alert the School Safety Czar!
2. Oh wait. He’s actually in favor of this sort of stuff.
3. Nevermind.
4. Are people completely out of their minds? Who works in a school and thinks “oh hey I’ll just turn on the webcam ...”? Not to be pedantic but shouldn’t the first step in retrieval of a stolen laptop be .... inform the –police-? memomachine(Quote)
TomHynes says:
http://www.itexaminer.com/stolen-laptop-takes-photo-of-thief.aspx
It sounds like the software product is “Undercover” which is described in the linked article. They heavily market to school districts. TomHynes(Quote)
Phanatic says:
A still image taken by a camera does not intercept something that has been “transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system.”
The still image is the electronic communication in question. The camera, a photo-optical system, records an image. The image is communicated by means of wire and electromagnetic system to the computer’s hard drive, where it is stored. Then the school official intercepts that communication, by causing that data to be duplicated and related to whatever system he’s using to view it. A still image taken by a camera doesn’t intercept anything, but the school certainly intercepts an electronic communication when it causes the duplication and transmission of that stored still image. If the school had used a previously-installed backdoor into the student’s computer to download his stored emails, it’d be pretty clearly a violation of this law, and this isn’t different in any practical or technical way. Phanatic(Quote)
Orin Kerr says:
Phanatic,
No, that is incorrect. It is not an “intercept” to access a stored image. Orin Kerr(Quote)
Chris L. says:
It seems to me that in order to give the command to the laptop to turn on the camera, the school system had to access the home wireless network (via the Internet) the laptop was using. If that is the case, that sounds like an electronic communications to me. Chris L.(Quote)
Soronel Haetir says:
Prof. Kerr,
How is it that streaming video is to be distinguished from other data sent across the same medium? Part of the definition quoted above would certainly appear to cover internet traffic. Is the “data” that makes up web-cam images to be exempt because some other form of image acquisition has been ruled not covered? I’m just trying to figure out how this is not a “computer” or “electronic” communication.
I could certainly see such definitions not covering, for example, someone who intercepted a closed circuit television signal, but internet traffic seems quite different from that. I just don’t see whether something is a “communication” or not turning on the type of data encapsulated in the messages. Everything quoted appears to turn much more on the manner of exchange or intercept. Soronel Haetir(Quote)
Orin Kerr says:
There are electronic communications in the fact pattern, but the law only prohibits intercepting the contents of electronic communications by nonparties to the communication. That didn’t happen here. Orin Kerr(Quote)
Phanatic says:
United States v. Councilman, 373 F.3d 197 (1st Cir. 2004) held that it’s an an intercept to access a stored email message.
Phanatic(Quote)
Phanatic says:
A semi-related question:
Does any Federal law prohibit me from giving you a gift of a pot of flowers that has a camera concealed within it, which I can turn on remotely to take photographs of you puttering around your kitchen while naked? Phanatic(Quote)
newscaper says:
Dumb question ...
Why in hell is a school district supplying laptops to leave the school campus in the first place?
You know damned well these aren’t $300 netbooks.
That’s not much better a use of taxpayer $$s than giving students Ipods (as has actually been done in the delusional theory that they’ll be used for listening to teacher podcasts. newscaper(Quote)
Orin Kerr says:
Phanatic,
Two responses. First, whether a communication is an “electronic communication” is different from whether it is “intercepted.” Interception requires access to something while it is in transit.
Second, to be technically precise, an intercept can occur when a communictaion is stored in some cases — Councilman came close to holding that but did not, although it should have — but it would not be an intercept in this case for several reasons, among them that the school would be a party to the communication. Orin Kerr(Quote)
Bruce Boyden says:
OK, there’s some confusion here. Orin is correct. Let’s break down the various steps.
Photons bounce off of the student and hit the webcam lens. This is not an interception of an electronic communication, because ordinary visible light is not an electronic communication.
The webcam then records that image in the computer’s RAM. This creates an electronic file, but it’s not the interception of an electronic communication; what’s recorded in the file is the image extracted from the light that hit the lens, which, again, is not an electronic communication.
That file is then transmitted to the asst. principal. Now we have an electronic communication. But we don’t have an “interception” of that communication punishable under the act. The asst. principal didn’t intercept a communication between two other people. She caused the transmission from the student’s laptop to her own computer. That is, she was a party to that communication, and a party can consent to the interception of it. Bruce Boyden(Quote)
Chris L. says:
Isn’t unauthorized access of a computer network a crime? Chris L.(Quote)
jimboster says:
From stories I heard, the webcam was only activated if the computer was reported lost or stolen by the student– in order to try to identify the person using it and recover it. Of course, if a student is presented with a webcam snapshot of himself using the computer after he’s reported it stolen, well, they say the best defense is a good offense. jimboster(Quote)
Chris L. says:
Lost, stolen, or not, the computer sending the command to the laptop has to access someone else’s wireless network to activate the camera. The sender has to (with the help of whatever program is buried in the laptop) penetrate the network the laptop is using to access the Internet. That still sounds like unauthorized access of a computer network to me. Chris L.(Quote)
Orin Kerr says:
Chris L.,
The unauthorized access claims are brought under the Computer Fraud and Abuse Act. See paragraph 4 in the post as to why those claims don’t work as a civil law matter. Orin Kerr(Quote)
jimboster says:
Well, then there’s a myriad of anti-theft devices that are illegal. jimboster(Quote)
Chris L. says:
I see your point. It would be a criminal issue not a civil one. In that case, maybe the school system should settle this quickly before some enterprising prosecutor decides to look into it. Chris L.(Quote)
Chris L. says:
I don’t know if any of those devices have been tested in a court of law or not, but it seems to me that if you are accessing someone else’s network without their permission, that is probably a crime. In this situation, there is no way to activate the camera remotely without going through another person’s wireless network. Chris L.(Quote)
jimboster says:
No, that’s not my point. Either there’s dozens of illegal anti-theft webcam activation programs or, more likely, they’re perfectly legal. The computers belong to the school. If a student reports one lost or stolen, then the school should be able to legally activate the webcam to try to catch the thief. It’s certainly possible the kid who is suing actually stole his computer and the school had a nice webcam pic of him doing it. Apparently, instead of punishing their kid, the parents are trying to make it look like the school was arbitrarily spying on all its students. jimboster(Quote)
Matthew Carberry says:
You don’t plan based on an enemies’ intentions, you plan based on their capabilities.
Not to imply the school admin is any sort of enemy, but the fact they say “we will only use this in cases of laptops reported lost or stolen” is merely a statement of intent, not any limitation of actual ability.
Official statements were trumpeted, over the derided objections of privacy activists, that the images produced by the full body scanners in London were only going to be seen by a security agent who would not know who was in the scanner and the image would, I believe they actually said could, not be printed or preserved.
Yet what happened? Is it really to hard to see a similar event taking place with the prom queen or head cheerleader?
The potential for misuse seems to at least equal, if not surpass, the potential utility of the system in cases of reported loss or theft.
If they keep the system they need to change the policy. Given the presumably low number of thefts and the comparatively high value of the laptops, system access should be limited to only a few senior staff and only with the formal involvement of LEO (it involves a reported or potential theft does it not?) and tracking software needs to be in place and regularly monitored to check for any access by staff not under policy or by outside cyberattack. Matthew Carberry(Quote)
Charles Collins says:
How does the school district get to a point where it “believed the laptop was stolen or missing”? Was there a policy of laptops not leaving the school? If so, why laptops? Or was this “belief” triggered by something else? Charles Collins(Quote)
philorchophile says:
If the school was storing and viewing images of partially clad school students, then aren’t they guilty of kiddie porn? How many images of kiddie pron were stored on each computer? Call in the prosecutor now! philorchophile(Quote)
alittlesense says:
Legal issues aside, I wonder how long the assistant principal will have his or her job after this really hits the fan. Likewise the Superintendant of Schools. And I will be fascinated to see if this comes up in the next School Board election. alittlesense(Quote)
Matt says:
Thanks for your analysis, Professor Kerr, was hoping you’d post on this. Matt(Quote)
Sabba Hillel says:
There are laptops with a lojack system. When the computer is connected to the internet, it connects to the lojack monitoring office to verify that it has not been listed as stolen. If it has been listed as stolen (by the computer owner), it triggers a response. I know of a laptop that was recovered in this wsy.
I do not see how activating a camera would identify where the laptop was being kept. Sabba Hillel(Quote)
Bryan Gividen says:
@Orin,
I think that JKB’s commentary on the child pornography is the mere possibility of the student being nude and then possibilities that follow from that. That’s how I took the post.
General question for everyone from a non-lawyer: what types of damages would be available in this setting, if any? Bryan Gividen(Quote)
Laura(southernxyl) says:
I wonder if the camera is activated if the user puts in a wrong password.
Also, I wonder if the students knew the cameras were on there, and could be activated remotely; and if they had homework assignments they were required to use the laptops for. So they couldn’t opt out of the possibility of the school spying on them in their homes. I wouldn’t care for that at all, myself.
And I wonder if the computers were given to the students, or only loaned to them. If given, I don’t know why the school worries about them getting lost after that. If the parents are concerned about the kids having to have laptops, and their school-issued laptop possibly being stolen so the parents will have to buy another, I can see that, but then the parents ought to be the ones in control of the thief-detection device. Let them call the police. Laura(southernxyl)(Quote)
Laura(southernxyl) says:
Also, this:
is a tremendous concern, IMO. Laura(southernxyl)(Quote)
Laura(southernxyl) says:
Also, what if the kid put a piece of duct tape over the camera in *his* computer — would the school try to discipline him for that? Laura(southernxyl)(Quote)
School-issued Laptops Used to Spy on Kids | KEYTLaw says:
Lazarus Long says:
A question:
What sort of behavior was the school official trying to discourage?
Here I thought they were a collection of enablers. Lazarus Long(Quote)
Philistine says:
Orin,
According to the School’s press release, not only is a picture taken from the webcam, but a screenshot is also captured. Would/could that constitute an “electronic communication”? Philistine(Quote)
ParatrooperJJ says:
How about conspiracy to produce child pornography? ParatrooperJJ(Quote)
KilgoreTrout XL says:
The rumor is that the kid was eating a bunch Mike and Ike’s, and the school thought that it was “drugs” (I’m not kidding around.) Which for the school’s sake I hope is not true.
On a related note, are there really drugs that look like Mike and Ike’s, and if so, do they taste just as yummy? KilgoreTrout XL(Quote)
Bruce Boyden says:
Philistine, that’s an interesting question. Court authority is unclear on whether a screenshot can be an interception of an electronic communication, and the related issue of whether keylogger software intercepts a communication between the keyboard and computer. With screen capture, I suppose you could argue the communication that is intercepted is between the computer and the monitor. But I don’t think that works (unfortunately). I don’t think the connection between a peripheral device and a computer is significant enough to constitute a “wire system” under the definition of “electronic communication.” According to the legislative history, that term was only supposed to apply to transmissions using a “wire that carries the communication to a
significant extent from the point of origin to the point of reception, even in the same building.”
Some courts have held that keyloggers or screen captures that record an email in draft intercept that email. But I don’t think that works either. Before the email is sent, it’s not a communication, even though the author may intend it to become a communication. Bruce Boyden(Quote)
Rr says:
Wonder if this applies (seems PA does not have a separate ‘peeping tom’ law, although those are usually written such that this case wouldn’t apply — see for example Stephanie’s Law in NY for):
Rr(Quote)
Fub says:
I have no idea what the alleged misbehavior actually was in this case. The reports have no real details. But the real question is how anybody but an actual psychic can determine whether a low resolution image depicts an actual event, or a staged show for the camera.
Say the picture shows a subject drinking “beer” from a glass. How can anyone but the subject know whether he is actually drinking ginger ale? Fub(Quote)
Sandy MacHoots says:
Prof. Kerr: Interesting and informative post. I know there’s a certain amount of fun in pulling people’s chains as you frequently do, but you should do this kind of substantive analysis more often. Sandy MacHoots(Quote)
Lost and Stolen in Lower Merion | Snowflakes in Hell says:
John A says:
The school almost certainly was legally correct. Especially considering it presumably retained actual, legal, ownership of the computer.
But the ground is shaky. There are cases of criminal and civil prosecutions against unscrupulous “peeping Tom” landlords/employees installing cameras.
And the school district “response” is that the camera is only turned on if reported lost or stolen — implying, not because someone in authority suspects the person[s] using it to be doing something improper. Oh? Sure, that is the policy — but I have seen no indication that the particular device was ever so reported. Locking the barn door may be policy, but those horses got loose anyway...
Related [maybe?] — go to a web page with a Flash® advert. Did you know that the default was/is merely by allowing it to display you allow the advertiser to turn on your webcam (if you have one)? The default may have changed since I noticed it a couple of years back, but when I realised it I wrote the company and asked — the response was not to worry as the software did not THEN actually have that capability. John A(Quote)
zippypinhead says:
Professor Kerr, you may be right as to the Federal law hooks here. But here’s a lazy question (lazy because I don’t have time to research the state law answer over my already-limited lunch break): has Pennsylvania passed a ‘peeping Tom’ law to criminalize non-consensual voyeur photography? And/or non-consensual covert photography of minors? If such a statute criminalizes clandestine, non-consensual photography without also including a prurient interest intent gloss, wouldn’t that arguably also be on point?
As for your #6 point, I also haven’t thought much about tort law since crawling out of the bar exam, but to this uninformed outsider it seems to be awfully close to a slam-dunk case (as Professor Volokh emphatically says). Absent a conspicuous banner warning that this type of monitoring may occur and there should be no expectation of privacy while using the laptop, why on Earth (or the Commonwealth of Pennsylvania) wouldn’t there be a good common law invasion of privacy tort cause of action? zippypinhead(Quote)
Chris Travers says:
I thought the CFAA was irrelevant because presumably the school had authorization to access computers it owned. Chris Travers(Quote)
ptt says:
I could be wrong about this, but it strikes me that people are discussing this software incorrectly. The school district did not “access the laptop remotely”. This feature, as I understand it, operates in the following way:
1) software is loaded on the device (iPhone, laptop, etc.)
2) upon booting or at some interval the software automatically looks up its own status at a remote site hosted by the software company or the manufacturer. This process goes unnoticed and triggers no particular activity until...
3) someone logs onto the remote site and reports the device as missing or stolen
4) the next time the device checks its status and finds that it has been stolen or is missing, a series of actions are triggered on the device itself and the results of those actions are sent to the remote site (photo, screenshot, IP data, etc.)
5) that information is made available to the registered owner at the remote site
6) appropriate action is taken (or inappropriate action, as the case may be) ptt(Quote)
Scott says:
Just for reference, PA’s wiretapping law is NOT the same as the Federal statue. It requires all-party notification whereas the federal is single party. Given that the students and their families were not notified of the capability to remotely access the webcam, I’d say there is a wiretapping violation in play here.
For the record, I live in PA and I think both the PA wiretapping statute as well as the federal statute are archaic and events like this prove just that. The statues seem to exist to simply cover law-enforcement’s actions, and don’t protect or help the citizen much at all. Scott(Quote)
Nick says:
Does Pennsylvania not have a “peeping tom” law which would cover this sort of thing? How is this any different than a stranger posting a hidden video camera in a bathroom or dressing room and taping people? While they may claim they were using it for some “law enforcement purpose”... I’m not sure that is valid given that they are not sworn officers. They’re peeping toms, who were using the color of the law to cover their acts. They should be criminally prosecuted as such. Nick(Quote)
ptt says:
To be more clear, that information is made available to the registered owner when they check the remote site ptt(Quote)
John Smith says:
Prosecute under stalking laws. They are pursuing a subject in an invasive and obsessive manner. John Smith(Quote)
John Smith says:
Also what type of person stalks children? Hint. They are very popular in prison. John Smith(Quote)
Holy Prepuce! says:
Without knowing about the whole remote-activated-webcam aspect, one might legitimately wonder why educational dollars are being used to hand out free laptops to residents of Philadelphia’s Main Line suburbs. Surely the money would be better spent in, say, Kensington or Strawberry Mansion.
But with these new revelations, it starts to make sense. Aside from better teachers, newer textbooks, and functioning buildings, what do rich kids in America get that poor kids don’t? Answer: the luxury of attending schools instead of mini-prisons equipped with metal detectors, rent-a-cops, and zero-tolerance policies that result in seventh graders being arrested for writing on their desks.
Obviously this inequality needed to be remedied by equivalently striping Harriton High kids of their dignity and privacy, but in a manner less offensive to Main Line aesthetics. Harriton kids can come to school safe in the knowledge that their gym bags won’t be x-rayed, and that their marker doodling will be remedied with Windex rather than handcuffs. But... Teacher is watching.
I have more to say on this topic here. Holy Prepuce!(Quote)
The real problem with student laptops - SmartPlanet says:
Federale says:
What about the Reasonable Expectation of Privacy standard? Federale(Quote)
Marc Rotenberg says:
A few thoughts:
1. It seems very unlikely that the school’s characterization is correct.
2. ECPA does not cover video in the sense that the police do not need to obtain a warrant when using a video camera for surveillance, regardless of what Judge Posner might wish. See US v. Torres (1984). But with a general purpose communication device, the ECPA claim is much stronger. Otherwise, the interception of a Youtube clip as an email attachment would not be covered. That would be an odd result. And in fact, it is quite legal that the security technique at issue here transmits an image as an email attachment, i.e. it does appear to involve streaming viewing. (Also sent is a snapshot of the desktop).
3. The CFAA allows you to aggregate damages, which could be relevant. The interesting part also of the CFAA claim is that the CFAA penalizes unauthorized intrusion and intrusions that “exceed authorization,” which arguably occurred here.
4. There are also some good tort claims. Taking images inside the home? Really not good.
5. Finally, the tech experts tell me there are much less intrusive ways to locate misplaced or stolen laptops or cellphones for that matter. (iPhone users should learn about this feature).
Marc Marc Rotenberg(Quote)
Marc Rotenberg says:
Ooops. In the above, it should be “it is quite *likely* that the security technique at issue here transmits an image as email attachment.
On the less intrusive techniques, look here: http://seccure.xtool.com/xtooltracker.aspx “Internet Connection Information is the most commonly used information utilized by “track and trace” products. In most situations, the Local IP and the Public IP information is enough to recover a lost or stolen laptop.”
The company also says “XTool® Laptop Tracker has the ability to detect a camera connected to a laptop and can take a snapshot of the unauthorized user that is then relayed to the XTool® Monitoring Center!”
And then here is something really interesting: “This technique is ONLY installed/activated when the monitored laptop has been reported lost or stolen and with the owner WRITTEN authorization.”
I’ll rest my case that ECPA, and possibly CFAA applies, and see what Prof. Kerr has to say.
Marc. Marc Rotenberg(Quote)
Marc Rotenberg says:
Double ooops. (The Friday afternoon defense). ” . . . i.e., it does *not* appear to involve streaming video . . .”
Marc. Marc Rotenberg(Quote)
Chris Travers says:
Who exceeded authorization and who had the right to give such authorization?
I would think that the school retained rights to authorize various forms of access. The issue here isn’t likely to be a winner for the parent. Common law tort issues, OTOH, may well apply.
On the other hand, if the school administration official acted outside the policies governing use of that software, that individual might be liable under the CFAA. However, would it be actionable by a third party? I don’t know. Any takers? Chris Travers(Quote)
uberVU - social comments says:
Dan says:
This is for sure a Fourth Amendment violation .It is a crime to search peoples house,be it through images or captures without a warrant and to think of not getting permission from those involved is just too unbelievable. Dan(Quote)
Bill says:
Then that is a legal flaw in the package. If it’s stolen it’s not the owners problem (well it is), but rather it’s the long-arm of the law to go and get it. While the owner *might* be permitted to get an “oi! we found it” and nothing more, the appropriate action in item 6 is for the antitheft server holder to call the police, donchathink? Bill(Quote)
Bill says:
And I agree with earlier posters. When you rent, lease or are issued an organization’s systems for a specific use (e.g., School Laptops), there should be a message and user agreement that makes it clear and says, “Santa Clause (“draw and quote” me on that) is Watching You” or similar message. We have that on both our fixed and portable office systems. I have very little sympathy for the students who reported the laptops stolen — but it would have been better if the cops came in quickly with search warrants and arrested them for theft and fraud. This one of morning’s AM shows were featuring them as victims with little mention of their own hand in their own misconduct.
My sympathy is properly filed under a certain rude s word and syphilis. Bill(Quote)
A. Reader says:
The reason, presumably, is to ensure that those children on the Main Line who are of modest or poor means (and there is a non-trivial number of such persons, even on the Main Line) are not greatly disadvantaged relative to the Main Line rich. Imagine being a lower-middle-class kid without a computer, trying to compete academically with all those students who do have computers.
A. Reader(Quote)
piers says:
The school district denies that it took any photographic images of the plaintiff–at school or home. If you read the complaint, you’ll see that key facts are missing: when the photo was taken, what it depicts and who took it. Rather, the complaint implies that because the school district had the ability to take a photograph when the laptop is within a student’s home, then it could take photos of students in states of undress. But note it never says that this is what happened to this student. Last night the student gave a television interview and said that the photograph depicted him with “Mike & Ike” candy and the vice Principal thought it was pills. OK, so if the school district didn’t take the photo but the VP saw it at school and made comments about it, does that rise to the level of a 4th Amendment violation? Is merely having the technology to take photos within the home, but not having done so in fact, a 4th Amendment violation? piers(Quote)
Links, 2/20/10 says:
Chris Travers says:
It seems to me that what they are alleging is:
1) The school disciplined the student for “improper” behavior at home (wtf?)
2) When asked, the school stated they could activate the web cam remotely.
Now, this doesn’t necessarily mean that the web cam was used but more likely that this was what the assistance principle may have said regarding the source of the information. However, even accepting the accusation, it could have been a cover for something like another student saying something, a conversation overheard, or something similar.
What I want to know is why the schools are actively engaged in parenting the kids when they are at home. Chris Travers(Quote)
Arthur Kirkland says:
I believe I heard a report that the FBI has commenced an investigation. Between a federal investigation and civil litigation, I am hopeful the facts will be identified and justice effected.
So far, it looks bad for the school administrators, but who knows? Maybe they have a memorandum from John Yoo, Jay Bybee and Miguel Estrada declaring that their conduct was lawful under a theory of inherent authority to safeguard the school. Arthur Kirkland(Quote)
David Schwartz says:
Not over my home network it doesn’t. In order to command the laptop while it’s in the student’s home, they need to send that command over the child’s home network.
The laptop is configured to make a periodic “phone home” call. There is no way for them to connect out to the laptop because they don’t know where it is. So even if they didn’t take any pictures, one can make an argument that this periodic “phone home” was a search (reporting where the laptop was), and one that took place through unauthorized use of the home network.
However, this doesn’t get you much under CFAA for the reasons mentioned in the OP. David Schwartz(Quote)
Mike G in Corvallis says:
If this security consultant’s analysis is correct, the school administrators are in very deep dung.
In comments on the earlier thread, I had defended the school district and the administrators. Things had to have been misinterpreted and blown up all out of proportion, right? Well, I guess I was wrong. If this guy’s presentation is anywhere near accurate, those people are going to be in a world of hurt. Mike G in Corvallis(Quote)
Webcamgate at The Core Knowledge Blog says:
David Schwartz says:
The new evidence shows that at least two claims the school made were false:
1) They claimed the software kind of “came with the systems”. This is false. They specifically chose LANRev, which is by no stretch of the imagination a “standard”.
2) They specifically modified LANRev in ways not intended by the manufacturer to make it possible to surreptitiously take snaps from the webcam without alerting the user, taking control of the laptop otherwise, or activating the anti-theft feature. So any evidence about how or when the anti-theft feature was activated tells us nothing about what pictures may have been taken.
And, IMO worse, now that we know the true facts, it’s clear that the intentional deception in the district’s press release is even more disturbing. There are many examples, most of them consist of equivocating between the theft tracking feature (which could take a picture only once the tracking mode was enabled, and is standard) and the independent snapshot feature (which can take a snapshot at any time and is something their IT department hacked in by themselves).
For example: “2. Why was the remote tracking-security feature installed?
Laptops are a frequent target for theft in schools and off school property. The security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.”
Right, but we know know *that* feature was unrelated to the way the pictures were taken. Obviously, the reason for putting that question in there with that answer is to make us think that the remote tracking feature is the only way the laptop can be commanded to take a picture. David Schwartz(Quote)
Laptop Spying and the Fourth Amendment says:
Privacy Lives » Blog Archive » More on the Pennsylvania Webcam Case: What’s the Fourth Amendment Argument? says:
markm says:
As best I can tell from the news reports, Robbins was never accused of stealing a laptop. He was accused of taking drugs (actually candy), based on a picture taken by his school-issue laptop. Which means the principal’s claim that this surveillance was to find stolen laptops is just blowing smoke.
Second, according to the link Mike G posted, it wasn’t a one-time occurrence; most of the kids noticed the camera light blinking at random times. Nor was it an accidental software glitch. A kid who disabled the camera was threatened with expulsion, but there was no rule against it — then the rules were changed. The laptops were taking pictures at random times, the computer administrator not only knew about it but did some hacking to make it possible, and given that the picture of Robbins somehow reached the principal, the pictures must have been sent over the internet for someone at the school to review.
And some of those pictures must meet the definition of child porn. markm(Quote)
Episodes 114 and 115 – February 27, 2010 « says:
The real problem with student laptops « Talk desiger fashion women leather handbags wallet purses says:
electronic display says:
but we have never held that potential, as opposed to actual, invasions of privacy constitute searches for purposes of the Fourth Amendment electronic display(Quote)
Ale Mon says:
Try this advanced online video surveillance system. It allows you to remotely monitor your home, kids, business, and even your industrial production line in real time. Ale Mon(Quote)
bearcat scanners says:
nice post.....how would you rate uniden scanners? bearcat scanners(Quote)