August 01, 2018

MONTH-IN-BRIEF: Internet Law & Cyber-Security

Juliet Moringiello, Sara Beth A.R. Kohut

Data Privacy

Every Move You Make: SCOTUS Says Warrant Needed for Cell-Site Location Data

By Christopher Merken, Villanova University Charles Widger School of Law

The U.S. Supreme Court has held that a warrant is necessary to obtain a person’s location data recorded by cell-phone network sites. In Carpenter v. United States, 585 U.S. __ (2018), federal prosecutors failed to obtain a warrant before acquiring a defendant’s cell-site location information, which tied the defendant to a string of robberies. In a narrow ruling, the Supreme Court held that accessing these records constitutes a search and generally requires a search warrant because cell-site location information (1) contains a detailed and comprehensive record of the user’s movements, and (2) does not fall under the third-party doctrine, under which a user has ceded Fourth Amendment protections by exposing information to a third party. The Court noted “special solicitude for location information in the third-party context,” citing United States v. Jones, 565 U.S. 400 (2012), where the Court held that GPS monitoring of even a vehicle traveling on public streets constituted a search. The Court found that cell-site location data creates a “detailed chronicle of a person’s physical presence compiled every day, every moment, over several years,” implicating privacy concerns far beyond the third-party doctrine, and declined to “grant the state unrestricted access to a wireless carrier’s database of physical location information.”

California Enacts Voter Data Breach Reporting Legislation

By Joel Glazer, Temple University Beasley School of Law

To safeguard voter-data security, California has enacted a law, A.B. 1678, requiring the disclosure of any knowledge of misused voter data to California officials.  Currently, voter registration data — consisting of, among other things, names, birthdates and addresses — is typically made available to persons and groups intending to use the data for reporting, educational, and political applications.  Any use of the voter data outside of these applications must now be made known to California officials.  The new law also creates a misdemeanor offence for intentionally misinforming any voter regarding voting locations, times, and eligibility.  Finally, the law establishes a new governmental office related to election cybersecurity and risk management, and dedicates $134 million for new voting equipment. 

Electronic Contracting

Uber’s Arbitration Clause Is Unenforceable, Says First Circuit

By Prof. Juliet Moringiello, Widener University Commonwealth Law School

Courts have consistently held that contract terms delivered via websites will be enforced only if the terms were reasonably communicated and accepted. On a website, underlined blue font communicates a hyperlink. Does an app communicate terms differently? In Cullinane v. Uber Technologies, Inc., No. 16-2023 (1st Cir. June 25, 2018), the U.S. Court of Appeals for the First Circuit addressed that question. In holding that the Uber customer registration process did not reasonably communicate the existence of the Terms of Service containing an arbitration clause, the Court of Appeals included screenshots of the various steps in that registration process. Because the link to the Terms of Service did not have the common appearance of a hyperlink and was presented in a manner identical to or smaller than other terms, the First Circuit found that the arbitration clause was unenforceable.

 

Cybersecurity

Sixth Circuit Orders Insurer to Honor Cyber-Scam Injury Claim

By Joel Glazer, Temple University Beasley School of Law

The U.S. Court of Appeals for the Sixth Circuit granted summary judgment ordering an insurer to cover the insured’s computer-fraud claim after an imposter intercepted an email to a frequent vendor and changed the wiring instructions for the insured’s payments to the vendor. Am. Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am., No. 17-2014 (6th Cir. July 13, 2018).  Under the terms of the policy, a claim for computer fraud required a “direct loss” of money “directly caused by computer fraud.”  The court found that American Tooling Center (“ATC”) had suffered a “direct loss,” defining “direct” as the controlling Michigan court had, because ATC’s loss was “immediate” or “proximate” when it paid money to the impersonator with no “intervening event.”  The actions of the impersonator constituted “computer fraud,” because the emails were fraudulent — i.e., the fraud occurred because the actions through the computer were illegitimate.  The court also found that the loss was “directly caused by the computer fraud,” because the fraudulent email was immediately followed by ATC transferring money to the imposter and, again, no intervening events arose.  Finally, the court found that no exclusions to the Policy applied.  The court therefore granted summary judgement for ATC, ordering Travelers to honor ATC’s claim for computer fraud.

Juliet Moringiello

Commonwealth Professor of Business Law, Widener University Commonwealth Law School

Juliet Moringiello is the Commonwealth Professor of Business Law at Widener University Commonwealth Law School in Harrisburg, PA, where she teaches Property, Bankruptcy, Secured Transactions, Sales, and a seminar on Cities in Crisis. She earned her B.S.F.S. at Georgetown University, her J.D. at Fordham University School of Law, and her LL.M in Legal Education at Temple University School of Law. Professor Moringiello is Chair of the Pennsylvania Bar Association Business Law Section, a Uniform Law Commissioner for Pennsylvania, and a member of the American Law Institute. She is also a Fellow of the American College of Commercial Finance Lawyers and has held several leadership positions in the American Bar Association Business Law Section.

Sara Beth A.R. Kohut

Co-Chair; Cybersecurity, Privacy, and Data Protection Group; Young Conaway

Sara Beth’s practice focuses on advising legal representatives for future claimants in connection with asbestos mass tort insolvency matters and settlement trusts. She has also represented national and local businesses in cases involving intellectual property, corporate and commercial issues in the federal and state courts in Delaware. Sara Beth has advised clients on strategies for protecting intellectual property rights and complying with obligations governing the privacy and security of sensitive data. She currently co-chairs Young Conaway’s Cybersecurity, Privacy, and Data Protection group.