Late last month, the U.S. Supreme Court issued its long-awaited opinion in U.S. v. Jones, which held that affixing a GPS device to an individual’s car and tracking his movements without a warrant constituted a violation of the Fourth Amendment. The opinion has not only been dissected by academics and criminal defense attorneys but also by a number of technology commentators. One of the better articles is entitled “A Supreme Court Justice’s Radical Proposal Regarding The Privacy of Your Google Searches, Facebook Account & Phone Records,” written by Kashmir Hill, a technology and social media columnist at Forbes. Hill’s article analyzes Justice Sotomayor’s concurring opinion, which has generated the most commentary. It is an important opinion, the type that just may resonate in other areas of the law, including trade secret law as well as the Computer Fraud and Abuse Act.
Let me explain. Justice Sotomayor asked whether the Supreme Court should revise its present notions of the reasonable expectation of privacy in the digital age. In so doing, she questioned the viability of the third party doctrine, a doctrine that holds that the sharing of information with a third party means that you have a diminished expectation of privacy, and less or no Fourth Amendment rights to complain if the government secures that same information. Here are the two paragraphs that stand out:
“More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the ‘tradeoff’ of privacy for convenience ‘worthwhile,’ or come to accept this ‘diminution of privacy’ as ‘inevitable,’ and perhaps not.
I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.”
What is the impact of this concurring opinion on trade secret law? One of the most litigated issues in trade secret cases is whether a trade secret has been disclosed to a third party and under what circumstances. Some courts have applied a rigid test that disclosure of trade secrets, no matter what the circumstances, may result in the waiver of its trade secrecy. However, many courts have applied an analysis that parallels the one supplied by Justice Sotomayor — one that recognizes that, given the reality of our digital age, there may be some disclosure that is necessitated by practical and economic considerations. For example, does a business waive its trade secrets if it stores them with a cloud provider? Do trade secrets lose their protection if an employee inadvertently discloses some of their elements on the Internet? Are trade secrets lost if some of them are shared with a customer to facilitate or close a sale? A court adopting Justice Sotomayor’s view would likely say “no.”
And the CFAA? This is where Justice Sotomayor’s reasoning could have the greatest impact. I wrote last Fall about the possible fallout from U.S. v. Nosal, a Ninth Circuit case holding that violation of a company’s Internet or computer usage policy could satisfy the access without authorization requirement for a claim under the CFAA. Professor Orin Kerr of George Washington and others had predicted that Nosal’s reasoning could lead to the conclusion that a party’s failure to follow the Terms and Conditions supplied by Facebook, LinkedIn or some other website could give rise to a claim under the CFAA. Sure enough, in September 2011, the Northern District of California found that a commercial party’s failure to follow those terms could give rise to a claim under the CFAA in Facebook v. MaxBounty.
Which leads to the following question: When was the last time any of us actually took the time to read the “Terms of Service” that accompany a software download, to open an account with an Internet Service Provider, or that allow us to do our banking or pay for something on eBay? And if you did take the time to read them and declined them, what happened? I strongly suspect that the reality is most of us don’t have much of a choice when it comes to accepting those terms, whatever they are, to perform those mundane but necessary tasks, unless of course you are content to live like Ted Kaczynski, holed up in a cabin in the woods of Montana.
It is in this respect, therefore, that Justice Sotomayor’s reasoning could have the most impact. Her concurring opinion recognizes the practical realities of the digital age and more importantly, reflects the overwhelming expectation that the vast majority of us have when we access or share information over the Internet, over our mobile phones or through other electronic devices.