If you're planning to apply for a job with the city of Bozeman, Mont., be prepared to hand over much more than your references and resume.
The Rocky Mountain city instructs all job applicants to divulge their user names and passwords for "any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc."
"Before we offer people employment in a public trust position, we have a responsibility to do a thorough background check," Chuck Winn, Bozeman's assistant city manager, said in an interview on Thursday. "This is just a component of a thorough background check."
"Shame on us if there was information out there available about a person who applied for a job who was a child molester or had some sort of information out there on the Internet that kind of showed those propensities and we didn't look for it, we didn't ask, and we hired that person," Winn said. "In many ways we would have let the public down."
After local news reports highlighted the requirement on Wednesday, a firestorm of sorts has erupted online: irate e-mail messages have jammed mailboxes in City Hall, snarky Twitter.com comments have poked fun at a place once awarded the sobriquet of "All-America City," and a poll indicates 98 percent of respondents believe the city's policy amounts to an "invasion of privacy."
In addition to the usual requests for a home address and Social Security number, Bozeman's one-page background check form asks for the account information for "current personal or business Web sites, Web pages or memberships." It assures applicants that any information received "is confidential."
Winn said applicants are not required to divulge their social networking log-ins, but warned that there could be repercussions if they lie. "If you say 'I have no driving violation,' and then we run your driving record and it turns out you do, and through further questioning we find out you've been deceitful about it, than that would be cause (for firing)," he said. "That tells us a lot about that particular person. They lied to us and were deceitful."
Under the policy, which the city says has been in place for a few years, a police officer logs into and reviews the social-networking sites of people applying for public safety (that is, police and fire) jobs. For other jobs, the city's human resources department will perform the investigation.
An attorney for the Electronic Frontier Foundation, a digital rights group based in San Francisco, questioned Bozeman's decision to ask for user names and passwords.
"I think its indefensibly invasive and likely illegal as a violation of the First Amendment rights of job applicants," said EFF attorney Kevin Bankston. "Essentially, they're conditioning your application for employment on your waiving your First Amendment rights...and risking the security of your information by requiring you to share your password with them.. Where does it stop? How about a photocopy of your diary?"
One potential privacy concern is that accounts for Facebook and Google, among other sites, are used for more than just displaying photos, videos, and messages. They're also used for e-mail, meaning that a Bozeman investigator could review years of personal messages.
"I don't think the government can condition your application for employment on your giving up your First Amendment rights and your Fourth Amendment rights," Bankston said.
Another possible hitch: Some social-networking sites flatly prohibit disclosure of passwords, so a job seeker who complied with Bozeman's request could lose his account. Facebook's terms of service, for instance, say: "You will not share your password (or) let anyone else access your account."
Bozeman's Winn said the city does not want to be the "taste police" and is focused on looking for evidence of illegal activity. "They can log in themselves," he said. "If not, they can show us what's on their face page. 'Yes, I have a face page but I don't want to show it to you.' That's a fine answer. We'll use other resources out there to do a through background check. We owe it to the public."
CNET News' Elinor Mills contributed to this report.
In the first case of its type, a federal judge in California has ruled that police can forcibly take DNA samples, including drawing blood with a needle, from Americans who have been arrested but not convicted of a crime.
U.S. Magistrate Judge Gregory Hollows ruled on Thursday that a federal law allowing DNA samples upon arrest for a felony was constitutional and did not violate the Fourth Amendment's prohibition of "unreasonable searches and seizures."
Hollows, who was appointed by President George H.W. Bush, said the procedure was no more invasive or worrisome than fingerprinting or a photograph. "The court agrees that DNA sampling is analogous to taking fingerprints as part of the routine booking process upon arrest," he wrote, calling it "a law enforcement tool that is a technological progression from photographs and fingerprints."
Lawrence Brown, acting U.S. attorney for the Eastern District of California, says he's "gratified" by the ruling
(Credit: U.S. Department of Justice)"The invasiveness of DNA testing is minimal," Hollows wrote (PDF). "The DNA can be taken by an oral swab, and even blood tests have been held to be a minimal intrusion."
"We are very gratified with the ruling," Lawrence Brown, acting U.S. attorney for the Eastern District of California, said in a statement. It also said that the U.S. Department of Justice "exercised its authority under the statute earlier this year and issued direction to various federal agencies to begin collecting the DNA of individuals who are arrested or facing charges, as has historically been the case with the collection of fingerprints."
A bill that President Bush signed in January 2006 said any federal police agency could "collect DNA samples from individuals who are arrested." Anyone who fails to cooperate is, under federal law, guilty of an additional crime.
In addition, federal law and subsequent regulations from the Department of Justice authorize any means "reasonably necessary to detain, restrain, and collect a DNA sample from an individual who refuses to cooperate in the collection of the sample." The cheek swab or blood tests can be outsourced to "private entities."
While other courts have ruled on the constitutionality of DNA sampling after conviction, this is the first case to deal with defendants who have only been accused of a crime. (The 9th Circuit, in U.S. v. Kincade (PDF), ruled that mandatory DNA testing of violent convicted felons on supervised release was constitutional; a dissent by Judge Alex Kozinski said that same logic could lead to mandatory testing of every American citizen: "The more DNA samples are included in the database, the better off we are: More guilty parties will be found, more innocents will be cleared and more unknown crime victims will be identified...")
The defendant in the current case in California, Jerry Albert Pool, is accused of possessing child pornography in the form of illegal images of minors on his computer, a felony. He has no prior criminal record and has pleaded not guilty.
Hollows ruled that in the case of felony charges lodged against a defendant by a judge or a grand jury--resulting in a formal finding of probable cause--mandatory DNA sampling was reasonable. He noted that he took no position on whether or not DNA sampling for misdemeanor offenses was reasonable and constitutional.
The list of possible federal felony charges includes ones you might expect, including counterfeiting and kidnapping. But it also includes some forms of peer-to-peer piracy, circumventing e-book protection, or using innocent words like "Barbie" on a sexually-explicit Web site.
"In utilizing the totality of the circumstances, the decision to impose the DNA testing requirement on pre-trial detainees or releasees seems clearly warranted, if not compelling," Hollows wrote. "An arrestee's identity obviously becomes a matter of legitimate state interest...While fears of a 'Big Brother' style government harassing or persecuting individuals based on genetic characteristics is always theoretically possible, that is not the purpose of the amendments before the court, nor is it at all likely."
Police Blotter is a regular CNET News report on the intersection of technology and the law.
What: Defendants in Florida and Virginia, each arrested after being stopped for speeding, claim warrantless searches of their handheld devices violates the Fourth Amendment.
Outcome: One federal judge rejects the warrantless search as illegal, while a federal appeals court upholds it as perfectly OK.
What happened, according to court documents and other sources:
Anyone who relies on a handheld device for e-mail, Web browsing, note, and scheduling knows how well it knows them. Modern gadgets contain enough data about us to raise alarms about identity theft if lost--or worries of another sort if police peruse them in hopes of finding incriminating files.
To snatch these capacious little devices from our homes, police need warrants. But if we happen to be arrested with gadgets in our pocket or purse, police claim they can search through the contents, including personal photo albums, without limitation. (CNET readers who attend the Burning Man festival and like to document their pharmaceutical experimentation, take note.)
This has become an more important--and unresolved--modern privacy question. As Police Blotter reported last month, courts have split over whether (or exactly how) to support police powers or defend Americans' privacy rights.
In just the last few weeks, two more cases have appeared, both arising from speed traps.
On June 6, 2008, Florida Highway Patrol Trooper John Wilcox was running a speed trap in Collier County in an area known as "Alligator Alley." His radar gun said a car was traveling over 90 mph, and Wilcox pulled the driver over.
Wilcox said he smelled raw marijuana from inside the car, asked the driver to step outside, and called for backup. The driver, Ariel Quintana, was arrested for driving with a suspended license. (He had failed to pay a traffic fine.) A search of the car yielded possible traces of marijuana in the sole of a shoe but nothing else.
When Quintana was in custody, his cell phone rang, and Trooper Yoenis Garcia removed the phone from the suspect's pocket without permission and dialed the most recent number. Quintana's wife Amy answered the phone.
Garcia then began to peruse the contents of the phone, including a digital photo album, hoping to find marijuana-related evidence. He found a photo of marijuana plants in what appeared to be a "grow house," plus what court documents delicately describe as "intimate" photos of Quintana's wife.
Those police officers telephoned their colleagues in Hillsborough County, over 100 miles away, who then promptly visited the address on Quintana's license, jumped over a fence, unlocked a driveway gate, and snooped around until they allegedly smelled the odor of marijuana plants. A raid netted over $850,000 in marijuana plants, according to an article in the Tampa Tribune.
Quintana's lawyers argued that searching the cell phone during an arrest was unlawful under the Fourth Amendment. U.S. Magistrate Judge Elizabeth Jenkins agreed, saying the results of the search of the digital photo album could not be used against the defendant.
A similar situation arose two years earlier, when Virginia State Trooper Danny Pruett was manning a speed trap on I-81 and spotted a vehicle traveling at 95 mph. Pruett stopped the vehicle, which was driven by a woman who said her name was Debbie Arlene Sanchez but claimed that she had left her driver's license at home.
One of the two passengers said he had left his driver's license at home as well, and a man in the back seat produced an Alabama license. Pruett checked the names against the National Crime Information Center's database, which told him that there were no records of any driver's licenses or state ID cards issued in those names. The Alabama license had a legitimate number but it was issued to a woman.
You can guess what happened next: Pruett called for backup, arrested the driver (whose name turned out to be Marsha Massengill) for reckless driving, arrested the front seat passenger for obstruction of justice, and arrested the rear seat passenger for providing a fictitious license. About $14,790 in cash was found in a laptop bag, and 26 uncut sheets of what were allegedly counterfeit $100 bills.
The front seat passenger claimed his name was Corey Antonio Murphy, but was later identified as Damian Murphy, on parole for drug violations.
Murphy's cell phone was shipped to a Drug Enforcement Administration office and examined by DEA Special Agent Brian Snedecker on June 26. Snedeker identified several text messages exchanged with someone named Brian Sheppard. After police called him that same day, Sheppard claimed that Murphy was his drug supplier.
After Murphy was charged with conspiracy to distribute cocaine and the pain killer hydromorphone and with possession of counterfeit currency, his lawyer objected to the cell phone search, saying a warrant should have been required. The U.S. 4th Circuit Court of Appeals rejected that argument, saying the evidence could be used against him.
These two cases capture the different ways to look at digital devices: are they like physical containers, which can be opened at will during arrests, or does their uniquely personal nature mean that a search warrant should be required? Should photographs on a mobile device receive more legal protection than an electronic address book? Few of us would travel with decades' worth of intimate personal diaries, but that's what modern gadgetry lets us do.
One of the better-known cases is the 5th Circuit's opinion (PDF) in January 2007, which sided with police. Police Blotter has covered other cases that took the pro-police view and the pro-privacy view.
Excerpts from U.S. Magistrate Judge Elizabeth Jenkins's January 20, 2009 report, not allowing the cell phone search:
The Fifth Circuit has allowed the search of a cell phone incident to a lawful arrest, reasoning that if law enforcement has probable cause to arrest, it may "look for evidence of the arrestee's crime on his person in order to preserve it for use at trial." Other courts have adopted similar reasoning. Notably, the defendants in these cases were arrested for drug-related activity when their electronic devices were searched. The courts recognized that the devices may have been used to communicate with others participating in, e.g., drug-trafficking. Consequently, there was a reasonable probability that information stored on the device was "evidence of the arrestee's crime."
Here, rather than seeking to preserve evidence that Defendant was driving with a suspended license, Garcia was rummaging for information related to the odor of marijuana emanating from the vehicle. Where a defendant is arrested for drug-related activity, police may be justified in searching the contents of a cell phone for evidence related to the crime of arrest, even if the presence of such evidence is improbable. In this case, however, Defendant was arrested for driving with a suspended license. The search of the contents of Defendant's cell phone had nothing to do with officer safety or the preservation of evidence related to the crime of arrest.
Accordingly, the information obtained pursuant to Garcia's search of the cell phone photo album should be suppressed. Because this information-a photo of a "grow house"-directly led to and tainted the preliminary search of the Lutz residence, any information discovered during that search should also be suppressed. Nonetheless, suppression of the evidence discovered in the cell phone is not dispositive of Defendant's motion because the preliminary search of the Lutz residence was unlawful for additional reasons discussed below...
Excerpts from the 4th Circuit's January 15, 2009 opinion, allowing the cell phone search:
Murphy argues that whether a cell phone may be searched without a warrant can be determined only upon the officers ascertaining the cell phone's storage capacity. In so arguing, he concedes that a device with a small storage capacity may be searched without a warrant due to the volatile nature of the information stored, but that a search of a cell phone with a larger storage capacity would implicate a heightened expectation of privacy and thus would require a warrant to be issued before a search could be conducted.
Murphy's argument is problematic for several reasons. First, Murphy has not provided the Court with any standard by which to determine what would constitute a "large" storage capacity as opposed to a "small" storage capacity, as he does not quantify these terms in any meaningful way. Second, Murphy has introduced no evidence that his cell phone had the requisite "large" storage capacity which he contends is subject to a heightened expectation of privacy...
Finally, Murphy's argument must be rejected because to require police officers to ascertain the storage capacity of a cell phone before conducting a search would simply be an unworkable and unreasonable rule. It is unlikely that police officers would have any way of knowing whether the text messages and other information stored on a cell phone will be preserved or be automatically deleted simply by looking at the cell phone. Rather, it is very likely that in the time it takes for officers to ascertain a cell phone's particular storage capacity, the information stored therein could be permanently lost...
Further, Murphy's argument that the search of the cell phone's contents was unlawful because it was not performed contemporaneously with his arrest is also without merit. The evidence establishes that the initial search of the cell phone occurred in Murphy's presence and at his direction, after he indicated to Trooper Chapman that the phone contained phone numbers for people who could corroborate his identity...
Police Blotter is a regular CNET News report on the intersection of technology and the law.
What: Police claim they can legally copy data from the handheld devices of anyone who's arrested.
When: Two judges wrestle with concepts including privacy, the Fourth Amendment, and searches, and reach two different conclusions.
What happened, according to court records and other documents:
Handheld gadgets and laptops seem to know us better than our spouses do. They know whom we talk to, which Web sites we visit, whose e-mail we ignore, and with a little extra smarts, they could probably offer an educated guess about what we want for dinner.
To snatch these useful little devices from our homes, police need warrants. But if we happen to be arrested with gadgets in our pocket or purse, police say they have the right to peruse what could be gigabytes of data for potentially incriminating files or photographs.
The frightening scale of electronic searches has made this an important--and unresolved--privacy question. Two recent federal cases illustrate how judges remain deeply divided about whether to support police powers or defend Americans' privacy rights.
In May 2008, Chester Balmer, an officer with Georgia's Savannah-Chatham Metropolitan Police Department, responded to a complaint of sexual activity in a silver pickup truck parked near an apartment complex. Balmer found a Dodge pickup truck with two people inside, obtained the driver's permission to look inside the truck, and allegedly spotted crack cocaine in the ashtray.
Balmer arrested the driver, Bernard McCray, and scrolled through the photos on McCray's mobile phone. He found images of what he believed to be a 14-year-old teenage girl in lewd poses, which led to McCray being charged with possession of child pornography. His lawyer objected to using the images as evidence, saying the warrantless search violated the Fourth Amendment.
U.S. District Judge B. Avant Edenfield disagreed. Because papers, diaries, and traditional photographs can be examined during an arrest, Edenfield reasoned, a mobile phone can too.
The second case yielded a different result. It began with a Florida drug bust involving a man named Aaron Wall. A Drug Enforcement Administration informant offered to sell several kilograms of cocaine to Wall, who was arrested when he allegedly showed up at an exchange point with a bag full of cash.
Wall had two cell phones, which DEA agent Dave Mitchell examined during the booking process (but not during or immediately after the arrest). Mitchell found and took photographs of several text messages on the defendant's phones.
Mitchell would later offer justifications for his warrantless search: 1) he regularly performs mobile-phone searches because it's common to find evidence of crimes in text messages; 2) it's a standard DEA practice authorized by the DEA Legal Department, as long as the search is performed during the booking process; 3) he was concerned that the text messages might expire after a certain amount of time; and 4) the cell phone battery may die.
When the defense attorney objected to the search, U.S. District Judge William Zloch agreed. He said, essentially, that the DEA agent lied: "The court finds Agent Mitchell's statement that he searched the phone because of his concern that text messages might immanently expire is not credible...the true, and only, purpose of the search by Agent Mitchell was to find incriminating evidence."
Zloch ordered that the incriminating text messages be suppressed, which means that prosecutors can't use them in court proceedings.
These two cases capture the different ways to look at digital devices: are they like physical containers, which can be opened at will during arrests, or does their uniquely personal nature mean that a search warrant should be required? Few of us would have traveled with decades' worth of intimate personal diaries, but that's what modern gadgetry lets us do.
One of the better-known cases is the 5th Circuit's opinion (PDF) in January 2007, which sided with police. Police Blotter has covered other cases that took the pro-police view and the pro-privacy view.
It's worth pointing out that the second proceedings may have turned out differently, if the cops had searched Wall's mobile phone at the time of the arrest, rather than waiting until booking. Then again, this is no tremendous obstacle: if judges insist on that distinction, police can respond by doing a complete copy at the time of arrest. (Note that the state of Florida says "agents should continue to obtain search warrants for securing information from cell phones seized from arrested subject." That shows that a search warrant is no insurmountable hurdle.)
Excerpt from opinion of U.S. District Judge B. Avant Edenfield on January 5, 2009, allowing the mobile-device search:
It is well settled that a search incident to a lawful arrest is a traditional exception to the warrant requirement of the Fourth Amendment. Such searches are reasonable not only because of the need to disarm the arrestee of any weapons that might be used to resist arrest or effect his escape, but also because of the need "to search for and seize any evidence on the arrestee's person in order to prevent its concealment or destruction." (Unquestionably, when a person is lawfully arrested, the police have the right, without a search warrant, to make a contemporaneous search of the person of the accused for weapons or for the fruits of or implements used to commit the crime.)
As the Fifth Circuit held in Finley, "the permissible scope of a search incident to a lawful arrest extends to containers found on an arrestee's person." A cell phone, like a beeper, is an electronic "container," in that it stores information that may have great evidentiary value (and that might easily be destroyed or corrupted).
While such electronic storage devices are of more recent vintage than papers, diaries, or traditional photographs, the basic principle still applies: incident to a person's arrest, a mobile phone or beeper may be briefly inspected to see if it contains evidence relevant to the charge for which the defendant has been arrested.
Excerpt from opinion of U.S. District Judge William Zloch on December 22, not allowing the mobile-device search:
The search of the cell phone cannot be justified as a search incident to lawful arrest. First, Agent Mitchell accessed the text messages when Wall was being booked at the station house. Thus, it was not contemporaneous with the arrest. Also, the justification for this exception to the warrant requirement is the need for officer safety and to preserve evidence...The content of a text message on a cell phone presents no danger of physical harm to the arresting officers or others. Further, searching through information stored on a cell phone is analogous to a search of a sealed letter, which requires a warrant.
The Court further finds that the search of text messages does not constitute an inventory search. The purpose of an inventory search is to document all property in an arrested person's possession to protect property from theft and the police from lawsuits based on lost or stolen property.
This, of course, includes cell phones. However, there is no need to document the phone numbers, photos, text messages, or other data stored in the memory of a cell phone to properly inventory the person's possessions because the threat of theft concerns the cell phone itself, not the electronic information stored on it.
Surely the government cannot claim that a search of text messages on Wall's cell phones was necessary to inventory the property in his possession. Therefore, the search exceeded the scope of an inventory search and entered the territory of general rummaging.
Caption: Can you find the "privacy concern" in these Google Flu Trends data? Hint: There may not be one.
Google's recent announcement that it may have found a way to predict U.S. flu trends has led to the inevitable expressions of concern from some privacy groups.
The Electronic Privacy Information Center and Patient Privacy Rights sent a letter this week to Google CEO Eric Schmidt saying if the records are "disclosed and linked to a particular user, there could be adverse consequences for education, employment, insurance, and even travel." It asks for more disclosure about how Google Flu Trends protects privacy.
In reality, Google is releasing precisely zero personally identifiable information about its users.
Instead, Google Flu Trends publishes one number per state, representing the company's best guess based on search queries at influenza-related cases in each state. These are the same type of regional statistics that the Centers for Disease Control and Prevention already publishes.
If you think that knowing that Alaska's "influenza-like illness" number for the week of November 9 is 2.035 and California's number is 1.384 is somehow worrisome and can identify you personally, it's time to break out your tinfoil hat.
"There are no new privacy implications," Mike Yang, a Google lawyer, told me on Friday.
EPIC acknowledges that Google Flu Trends may prove useful. But the group is also making a more subtle argument as well.
"The basic question I'm asking to Google is: how can it be that across all these key terms, you can generate aggregate anonymized data without any risk of reidentification?" said Marc Rotenberg, EPIC executive director.
Put another way, what if an attorney general in a state where marijuana was illegal sent a subpoena to Google asking for the identities of anyone who typed in "how to grow pot?" Or if abortion were illegal in a certain state, what if the subpoena wanted to know who typed in "how to get an abortion?"
Google has told us in the past that if, given a list of search terms, it can produce a list of people who searched for that term, identified by IP address and/or cookie value. If they're registered with Google, the company also knows the names they typed in when registering. (Google partially anonymizes log files after nine months. And, of course, the company has fought legal battles to keep these data confidential.)
EPIC's answer to these hypotheticals is to pressure Google--and this week's letter was a part of that strategy--to keep logs for an even shorter period of time, or not at all.
EPIC's Web site darkly warns: "There are no clear legal or technological privacy safeguards that prevent the disclosure of individual search histories. Without such privacy safeguards Google Flu Trends could be used to reidentify users who search for medical information. Such user-specific investigations could be compelled, even over Google's objection, by court order or presidential authority."
Yet keeping search logs for nine months may be useful for dealing with advertising-related questions and for optimizing a search engine's responsiveness. If users don't like that, nobody's forcing them to use Google. They also have the choice of using an anonymizing service like Tor.
But if the problem is bad laws and nebulous "presidential authority" that permits fishing expeditions, then it makes sense to fix them. This week's letter might have been better addressed to President-elect Barack Obama and Democratic leaders in Congress, asking them to make sure the Fourth Amendment's protections are extended to information stored by third parties like search engines. Unfortunately, that's not likely to happen.
Disclosure: The author is married to a Google employee.
- prev
- 1
- next
