tag:blogger.com,1999:blog-21633793.post5722823896158846686..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: Scope of Consent IssueSusan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-21633793.post-28857522240575018552010-05-17T12:27:08.632-04:002010-05-17T12:27:08.632-04:00There is a schism between what people know ("...There is a schism between what people know ("Nothing on the internet is private") and how they act ("You can't look at my ???, it's private")<br /><br />I think that there is a great deal blending between the concepts of <i>privacy</i> and <i>anonymity</i>.<br /><br />The latter is a very strong controller of people's behavior. More riots are controlled by cameras than riot batons.<br /><br />The mapping of physical standards into the cyberworld needs to address a person's right to anonymity. In the physical world, this is a minor issue and not a very strong societal expectation. It is accepted that people have to identify themselves routinely. We generally automatically assume that the right to a physical search includes the loss of anonymity.<br /><br /><br />In the cyberworld however, anonymity is a societal expectation that gets blended into privacy. Many(Most?) computer users assume their identity is protected even if their data is public.<br /><br />How many privacy issues would go away if anonymity was preserved. "I don't care if you look at my ???? as long as you don't know who I am."<br /><br />I'm going to play with the concept of anonymous physical searches for a while just to see where it leads. For example, if there is no personally identifying information on a computer, how can the owner of the information be identified? Is the identity of the owner of the information always the same as the owner of the computer? Nope.<br /><br />I feel a techie article coming on here. <br /><br />Getting back to the blog in question, what would have been the issues if King has asserted that the owner(s) of the files et al was/were anonymous. I really can't think of any technical way to prove ownership to a specific person. I can prove a file belongs to an account but I can't prove that a specific person placed that file in that account (short of some stuff the feds are doing such as anthropometric logins etc).<br /><br />Probably the courts would have thrown out that argument because the physical search standards (ie the automatic mapping of possession to identity) would hold sway. But, as possession becomes more distributed, will that argument become stronger.<br /><br />And, swinging in from the other side, possession often does not mean ownership. As a system admin, I possess everything on my servers but I own very little of it.<br /><br />Might even go for a journal article on this one.Professor Donhttps://www.blogger.com/profile/16267677947700230734noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-54323352633152369552010-05-17T08:10:19.591-04:002010-05-17T08:10:19.591-04:00Professor Don,
You did a good job of pointing out...Professor Don,<br /><br />You did a good job of pointing out some of the problems that arise from literally analogizing information stored on a computer to information stored in a physical container, like the footlocker that always seems to come up when courts discuss this.<br /><br />The answer in the MyDocuments scenario would probably be yes because the refuser has a separate account from the consenter (and if, of course, the consenter doesn't have access to that account).<br /><br />The answer in the sys admin scenario MIGHT also be yes . . . it would depend, I think, on whether the sys admin was considered to be acting on behalf of an employer who had a bailment relationship with those who had data on the system. As to bailments and consent, check out this post:<br /><br />http://cyb3rcrim3.blogspot.com/2009/06/privacy-and-cloud.html<br /><br />The answer here would probably be no since they don't have authority to consent to the search of the entire thing.<br /><br />Now, having explained how these issues would probably be resolved under the current state of the law . . . I need to note that I agree with the point I believe you are making: It's conceptually difficult and arguably illogical and therefore impracticable literally to apply physical 4th Amendment principles to searches that occur in a non-physical context.<br /><br />So far, that's pretty much what courts are doing . . . in part, I think, because these challenging scenarios aren't coming up yet. They will.<br /><br />And then we need to figure out how to handle them . . . which presumably would mean that we need to decide how to extrapolate versions of the standards we use for physical searches to a non-physical context.<br /><br />Any suggestions?Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-91492315420482035412010-05-16T23:41:45.179-04:002010-05-16T23:41:45.179-04:00Uh did I understand this right??
The court said,
...Uh did I understand this right??<br /><br />The court said,<br /><br />“[c]omputer users can protect their files by using a password, just as one who shares a footlocker can protect his photographs by placing them in a locked container inside the footlocker.” <br /><br />So anything in the refuser's MyDocuments folder is protected if the refuser has a separate user account than the consenter.<br /><br />OK how about this one. In the system admin gives consent to search a server, are all user documents unprotected by that consent since they are not hidden from the SysAdmin's administrator privileges?<br /><br />Or weirder still. If a user give consent to search their portion of a server, does it "unprotect" the entire server.<br /><br />I can see the legal side of the house having a lot of fun with this one.<br /><br />God help us if we start trying the apply the 4th amendment to swap spaces and cache files.Professor Donhttps://www.blogger.com/profile/16267677947700230734noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-83507992545583597052010-05-13T21:50:06.454-04:002010-05-13T21:50:06.454-04:00Oh, and Cherry Poppin' Daddys is the name of a...Oh, and Cherry Poppin' Daddys is the name of a rock band.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-20626171607731882492010-05-13T21:47:59.102-04:002010-05-13T21:47:59.102-04:00I hate the feds because they always use 'month...I hate the feds because they always use 'months' for the length of their sentences and then I have to sit and do the math to figure out long long it is in the 'normal' time of years. Who keeps knows off the top of their head how long 360 months is???<br /><br />That being said, I think that the court's opinion is wrong. By using the analogy of a foot locker or password on a computer as support for their position, then why couldn't the same analogy have been used for the real property seach Randolph? Since you can lock a room or have a safe in a house, then I won't assumed the risk that my roommate or spouse would consent to its seizure.<br /><br />Just because I co-mingle my stuff doesn't mean that I should run the risk of it being seized by the cops.<br /><br />While I could understand the court's decision if the guy wasn't there, but the girl was, and she allowed the cops to take her computer with his hard drive in it, that is not what happened. Since he was physically present and announced the fact that it was his property inside the computer, the cops should not have been allowed to take it.<br /><br />My property is still my property even if I put it inside someone else's computer. Since they guy was objected to the seizure and search of HIS property, I think the cops were wrong.<br /><br />We all know why the court voted the way that it did - they think this guy is a dirt bag and deserves to be in jail. But Justice should not be decided on whether or not you like the guy.Anonymousnoreply@blogger.com