Category Archives: Privilege

Bless Me, Father, For i Have Sinned

MP900431662 Let me state from the outset, I'm not Catholic, however, I attended three years of Catholic high school.  This post has absolutely nothing to do with religion.

I'm sure by now you've already heard about the new iPhone/iPad/iPod Touch app that allows you to confess electronically.  Before you take that stairway to heaven, I have one word of advice:

DON'T!

Do you think maybe there's a reason that confession was meant to occur in private, using the spoken word between the priest and the penitent?  There isn't a secretary present taking notes.  And before anyone mentions privilege, forget it.  This isn't about privilege.  Privilege isn't going to wash away (there I go again) the embarrassment when your most private thoughts and feelings become public.

We've become a world of "over-sharers".  We think everyone needs to know everything about us.  I figure this must be part of the Andy Warhol, fifteen-minutes-of-fame problem.  Problem?  That's right – problem.  Is it generational?  In my opinion, yes, for the most part.

Never mind the fact that I've read several articles related to this app in which the "makers" (sorry, I couldn't help myself) claim they've done everything they can to make it secure.  Their sincerity notwithstanding, I don't care.  Do not put your personal thoughts on your device.  Period!

Think of it this way.  Confession iApp = Diary.  Your future is a hell (sorry, did it again) of a lot more valuable than $1.99.

e-Discovery California: “Elementary, My Dear Watson”…

MP900178861 Holmes v. Petrovich Development Co. (Cal. Ct. App. – Jan. 13, 2011)

In this decision from the Third Appellate District of California, the Court found that Holmes’ emails did not fall under the protection of attorney-client privilege (warning – link opens a 40-page PDF of the ruling).

Why?

Because she wrote them on a company computer with the knowledge that the company had a “we own the data” policy.

YMMV (that’s my cute way of telling you, other state laws are contra, e.g. New Jersey’s Stengart).  From that post:

“I suppose if I simply admonish you not to use your company collateral for personal purposes, you’re going to ignore me, but it’s missing the point, anyway.  You can’t un-ring the bell.  Sure, I understand that, in this case, they were forced to return the emails and there was to be a decision as to whether the law firm that read the emails could even continue in their representation, but the bottom line is, the emails were still read.”

A little fun fact?  Holmes never said, “Elementary, My Dear Watson”.

e-Discovery California: Turn your Head & Cough

MP900386083 How long has it been since I posted something California-specific?  (September 22nd, 2010, in case you wanted to know…)

This opinion piece by a consumer watchdog group (literally named "Consumer Watchdog") does a good job of expressing the tensions between the FTC and the State of California regarding approaches to internet privacy.

Now, I've certainly banged the privacy drum loudly this past year – and I don't intend to focus on it as much in 2011, lest I risk being compared with Chicken Little (by the way, just because a chicken tells you the sky is falling, doesn't mean it's not true) – but my focus has been on the evidentiary risks of not protecting your privacy, whether it be on an individual basis, corporate or somewhere in-between.

This is an e-discovery blog, after all…

Nor do I necessarily agree with the concept of a "do not track" list, as I've mentioned before (because in my opinion, it probably won't work).  There has to be an effort at formulating comprehensive policy, rather than acting like tracking a node is somehow like tracking a telephone number.  What do I mean?

  1. Has anybody thought about how one would manage such a list?  How will one identify the requestor?  By name?  By IP#?  By a unique device name/code?  (Whoops; there goes your privacy).  Suppose the individual has a PC, a laptop and a PDA – and they swap PDAs annually.  How will the database account for this?
  2. Take into account everything above, now add all of the devices in a corporate environment – and we know how often those are refreshed.  Will the firewall be enough?
  3. Now, what about the spouse, the children and all of their devices?  Children are by far the most vulnerable because, a) they already think they're bulletproof and b) they don't yet fully understand the concept of privacy (heck, neither do a lot of their parents!)

On the plus side, there are brilliant minds out there who may actually have answers to some of these issues, but the point I'm making is, you can't just slap a feel-good name on something, then give the public the impression that it's a panacea to all of their concerns.

We're not just talking about preventing annoying sales-calls at dinnertime.  Placating the public without actually achieving the goal will increase the risk (through a false sense of security), not reduce it.

Does this ‘Border’ on Unconstitutional?

MP900400680 When you endeavor to cross a border, you give up many of your 4th Amendment protections against illegal search and seizure.  To put it another way, a search at the border, absent probable cause – or even reasonable suspicion, for that matter (a lower standard) – isn't an illegal search.  Lawyers are well aware of this, but what about the general public?

Two issues are triggered here.  The first, privacy, I've written about before (see my International category).  Also, the mere act of crossing the border with certain ESI on your device (and many paper documents, for that matter) may violate the privacy laws of the country you seek to enter (possibly criminally).

However, today's discussion is a little more nuanced than that.  It's one thing to be granted the right to search a person, their luggage and their electronic devices for a bomb; but does that right extend to the contents of the device?  Well, the short answer is, yes.  Is that proper?  Do you agree?

I suppose this might bring new meaning to the retort, "Don't touch my junk!"

Say you have a password-protected file with your personal banking, credit card and other financial information on it.  Now let's go one step further.  Suppose it's a company laptop, the file contains your employer's financial information and it contains evidence of a crime?  Two steps further?  You keep both personal and corporate information on it (does that sound like you?).  What's the difference between a federal official accessing it at the border versus going into your bank, demanding the key and opening your safe-deposit box – without a warrant?

I'll tell you the difference.  When you show up at the border, it's implied consent.  You waive your right to protest.  That's how the law stands now.  However, that may – or may not – change, subject to the outcome of the latest challenge.

In the meantime, this is a cautionary tale for executives who travel internationally; oh, and don't forget your charger.

WikiLeaks & the Un-diplomatic Diplomats

MP900321206 I have visions of a film noir; dark alley, stormy night, mysterious person in trenchcoat, hat with the brim pulled low so the eyes are barely visible…did I mention it was stormy?  And while this scene plays out, the message is unmistakeable.  "We can get to you."

Well, diplomats, that applies to you, too.  Nothing like having your 'confidential' cables revealed for all of the world to see.

You didn't really call Kim Jong Il a "flabby old chap", did you?  Bet you wish you could take that one back, eh?

Perhaps this will serve as a timely reminder…

Don’t be Afraid of the Dark – SUNY

MP900414068 I know you hate it when I do this, but I don't have a lot of spare time and Ralph Losey just did another excellent treatise on the "SUNY" case, which sheds some light on when to issue a litigation hold.

I know you want to know about this because my stats tell me that over a year after I first posted it, my sample of a litigation hold letter – which you see over on the left sidebar – is still the most popular item on this blog.

So, I highly recommend you take a look; and pay close attention to the contrast in privileges.  We need all the guidance we can get.

Turn your Head & Cough: Digitized Health Records, Privacy & e-Discovery

J0402701 With all of the discussion of government-sponsored health care these days, lost in the shuffle is a concerted push to digitize health records.  It seems like everyone's getting in on the action; providers, consultants and even the federal government.  In theory, it makes sense for a number of reasons; portability, efficiency, cross-referencing, cost-reduction, and for those who are into 'green technology', lack of paper.  In practice, however…

Let me tell you about my first experience with digitized records.  I've been with an HMO ever since I ventured out on my own.  Save for one short period of time, I've had very competent doctors.  About two – three years ago my provider migrated to digitized records.  The next time I showed up for an appointment, my doctor informed me that she was so frustrated with the new system, she was retiring!

Now, I didn't ask her how old she was (I'd guess late 50s) and as we all know, age-based resistance to new technology is certainly a factor, but there are a host of other worries, such as who's going to be responsible for protecting us from all of this?  The doctors are probably thinking the same thing.  Right or wrong, I doubt they want their records falling into the wrong hands, either.

We know the records are supposed to be confidential, but if the powers that be can't protect our credit card and banking records, how well do we think they're going to do with medical records?  I suppose from the e-discovery side, I should be licking my chops (and perhaps I would be, except that I have medical records just like everyone else!).

Let me tell you about my last experience with digitized records.  I went in for my annual physical and I always have the usual, routine labs.  Unfortunately, all did not go smoothly.  My new, very competent doctor informed me she was having trouble setting up my lab work. 

Why?

The computers were down…