Neko

C841 - Legal Issues in Information Security

I've always been interested in the court cases I see referenced in blog posts or news. This class gave me an opportunity to easily look into them. Below you'll find the information you will need to pass, summaries of court cases and finally, summaries of laws.


Last updated: May 4th, 2023

Necessary for Passing:

CFAA - Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (CFAA) is a United States federal law that was enacted in 1986 to address computer-related crimes. It is sometimes referred to as the "anti-hacking law" because it criminalizes a variety of computer-related activities that are deemed illegal under the Act. The law was amended in 2001, 2008, and 2013 to expand its scope and increase its penalties.

The CFAA is primarily aimed at preventing unauthorized access to computer systems and networks, as well as theft of information and other forms of cybercrime. The law defines several specific types of criminal conduct related to computers, including:

  1. Unauthorized access to a computer or network
  2. Intentional damage to a computer or network
  3. Trafficking in passwords or other access devices
  4. Economic espionage

The penalties for violating the CFAA can be severe, depending on the nature and severity of the offense. For example, a first-time offender who is found guilty of unauthorized access to a computer or network could face up to one year in prison and a $100,000 fine. Repeat offenders or those who commit more serious offenses could face much harsher penalties.

In recent years, the CFAA has been the subject of criticism and controversy, with some arguing that it is overly broad and could be used to criminalize innocent conduct. Critics also argue that the penalties for violating the CFAA are disproportionately harsh, and that the law may be used to punish individuals who engage in political activism or whistleblowing. However, supporters of the law argue that it is necessary to protect against cybercrime and maintain the integrity of computer systems and networks.

ECPA - Electronic Communications Privacy Act

The Electronic Communications Privacy Act (ECPA) is a federal law in the United States that was enacted in 1986 to regulate government access to electronic communications and related data. The law is primarily focused on protecting the privacy of electronic communications, such as email, phone calls, and text messages.

Titles of the ECPA

  1. Title I: The Wiretap Act - This section of the law regulates the interception of wire, oral, and electronic communications. It requires law enforcement agencies to obtain a court order or warrant before intercepting any electronic communication.
  2. Title II: The Stored Communications Act - This section of the law regulates access to electronic communications that are stored on a third-party's server or computer. It requires law enforcement agencies to obtain a court order or warrant before accessing these communications.
  3. Title III: The Pen Register and Trap and Trace Devices Act - This section of the law regulates the use of pen registers and trap and trace devices, which are used to record outgoing and incoming telephone numbers. It requires law enforcement agencies to obtain a court order or warrant before using these devices.

Overall, the ECPA provides a framework for protecting the privacy of electronic communications and data, while also allowing law enforcement agencies to obtain the information they need to investigate crimes. However, the law has been criticized, similar to the CFAA, for being outdated and not keeping pace with advancements in technology, which has led to questions about its effectiveness in protecting privacy.

SOX - Sarbanes-Oxley Act

SOX is a US federal law passed in 2002 to address corporate governance and financial reporting issues.

Key Provisions of SOX

  • Section 302: Requires CEOs and CFOs to certify the accuracy of financial reports and disclosures.
  • Section 404: Requires companies to document and test their internal controls over financial reporting.
  • Section 802: Makes it illegal to alter, destroy, or conceal any documents related to a federal investigation.
  • Section 906: Imposes criminal penalties for CEOs and CFOs who knowingly sign off on false financial statements.

SOX has had a significant impact on the way companies do business, increasing transparency and accountability while also imposing a burden on some companies due to the cost of compliance.

Laws

  • Administrative Procedure Act (1946)
    • Establishes procedures for federal agency rulemaking, adjudication, and judicial review, providing greater transparency and accountability.
  • Affordable Care Act of 2010 (ACA)
    • Overhauls the US healthcare system, expands Medicaid coverage, creates healthcare exchanges, mandates health insurance, and imposes taxes and fees on certain industries.
  • American Inventor’s Protection Act (1999)
    • Reforms US patent law, harmonizing it with international standards, and strengthens patent enforcement measures, including provisions for preissuance submissions and inventor's rights.
  • American Recovery and Reinvestment Act (2009)
    • Provides $787 billion in economic stimulus, including tax cuts, grants, loans, and contracts for infrastructure, education, healthcare, and renewable energy projects.
  • Anti-Cybersquatting Consumer Protection Act (1999)
    • Protects trademark owners from domain name hijacking and cyberpiracy by establishing civil liability for bad faith registration, trafficking, or use of a domain name that is identical or confusingly similar to a trademark.
  • Bank Holding Act (1956)
    • Regulates the acquisition and ownership of banks and other financial institutions, prohibits anticompetitive practices, and establishes the Federal Reserve Board's oversight authority.
  • Bank Secrecy Act (1970)
    • Requires financial institutions to maintain records and file reports on certain transactions, including cash deposits, withdrawals, and transfers, to prevent money laundering and terrorist financing.
  • Banking Act of 1933 (also called the Glass-Stegall Act)
    • Separates commercial and investment banking activities, creates the Federal Deposit Insurance Corporation (FDIC) to insure bank deposits, and prohibits banks from engaging in certain speculative activities.
  • Banking Act of 1935
    • Establishes the Federal Reserve System's independence from political influence, increases its regulatory authority over member banks, and creates the National Labor Relations Board to oversee labor-management relations.
  • Cable Communications Policy Act of 1984 (CCPA)
    • Established the regulation of cable TV providers, including franchise requirements and rate regulation.
  • Census Confidentiality Rules
    • Prohibits the Census Bureau from disclosing any information that could identify individuals or households.
  • Children's Internet Protection Act (2000)
    • Requires schools and libraries receiving federal funding to implement internet safety measures, such as filters to block obscene or harmful content.
  • Children’s Online Privacy Protection Act of 1998 (COPPA)
    • Regulates the collection and use of personal information from children under 13 by websites and online services, and requires parental consent for certain activities.
  • Civil Rights Act of 1964
    • Prohibits discrimination on the basis of race, color, religion, sex, or national origin in employment, education, and other areas of public accommodation.
  • Communications Decency Act of 1996 (CDA)
    • Regulates obscene and indecent content on the internet, and provides immunity for online service providers for content posted by third parties.
  • Computer Fraud and Abuse Act (1986)
    • Criminalizes unauthorized access to computers and networks, and includes provisions for civil remedies.
  • Computer Security Act of 1987
    • Requires federal agencies to develop and implement security plans and guidelines for computer systems and networks.
  • Consolidated Omnibus Budget Reconciliation Act (1986)
    • Requires employers to offer continuation of health insurance coverage to employees and their dependents after certain events, such as job loss or divorce.
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act)
    • Regulates unsolicited commercial email, and requires senders to include opt-out mechanisms and accurate header information.
  • Copyright Act (1976)
    • Provides protection for original works of authorship, and includes provisions for fair use and other limitations on copyright.
  • Digital Millennium Copyright Act (1998)
    • Provides protections for copyrighted works in the digital environment, and includes provisions for safe harbors for internet service providers and notice-and-takedown procedures.
  • Dodd-Frank Wall Street Reform and Consumer Protection Act (2010)
    • Addresses financial regulatory reform, and includes provisions for consumer protection and oversight of the financial industry.
  • Driver’s Privacy Protection Act of 1994
    • Regulates the collection, use, and disclosure of personal information from state motor vehicle records.
  • Drug Abuse Prevention, Treatment, and Rehabilitation Act (1980)
    • Establishes federal programs for drug abuse prevention, treatment, and research, and includes provisions for confidentiality of patient records.
  • E-Government Act of 2002
    • Established guidelines for the use of electronic records and signatures in government transactions.
  • Electronic Communications Privacy Act of 1986 (ECPA)
    • Set standards for government access to electronic communications and data.
  • Electronic Signatures in Global and National Commerce Act of 2000 (E-Sign)
    • Established legal recognition for electronic signatures in contracts and transactions.
  • Fair and Accurate Credit Transaction Act of 2003 (FACTA)
    • Added consumer protections and identity theft prevention measures to the Fair Credit Reporting Act.
  • Fair Credit Reporting Act (1970)
    • Regulates the collection, use, and dissemination of credit information by credit reporting agencies.
  • Family Educational Rights and Privacy Act of 1974 (FERPA)
    • Protects the privacy of student education records.
  • Federal Credit Union Act (1934)
    • Established a regulatory framework for federal credit unions.
  • Federal Information Security Management Act of 2002 (FISMA)
    • Created requirements for federal agencies to secure their information systems and data.
  • Federal Information Security Modernization Act of 2014 (FISMA)
    • Updated and strengthened the cybersecurity requirements for federal agencies.
  • Federal Reserve Act (1913)
    • Created the Federal Reserve System and established its responsibilities and authorities.
  • Federal Trade Commission Act (1914)
    • Established the Federal Trade Commission to protect consumers from unfair or deceptive practices in commerce.
  • Financial Institutions Reform, Recovery, and Enforcement Act (1989)
    • Restructured the regulatory framework for banks and other financial institutions in response to the savings and loan crisis.
  • Financial Institutions Regulatory and Interest Rate Control Act (1978)
    • Expanded the powers of the Federal Reserve Board and reorganized the regulatory framework for banks and other financial institutions.
  • Financial Services Regulatory Relief Act (2006)
    • Relieved financial institutions of certain regulatory requirements in order to promote economic growth and protect consumer privacy.
  • Freedom of Information Act
    • Allows public access to federal agency records, promoting transparency and accountability in government.
  • Genetic Information Nondiscrimination Act of 2008 (GINA)
    • Prohibits discrimination based on genetic information in employment and health insurance, protecting individual privacy and preventing discrimination.
  • Gramm-Leach-Bliley Act (1999)
    • Requires financial institutions to protect the privacy and security of customers' personal information, while allowing for certain information-sharing practices.
  • Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act)
    • Encourages the adoption of electronic health records while also strengthening the privacy and security protections for individuals' health information.
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
    • Protects the privacy and security of individuals' health information by setting national standards for its handling by health care providers, health plans, and other entities.
  • Identity Theft and Assumption Deterrence Act (1998)
    • Criminalizes identity theft and provides for penalties and restitution, deterring and punishing this form of privacy invasion.
  • Inspector General Act of 1978
    • Established offices of inspectors general in federal agencies to promote efficiency and prevent fraud, waste, and abuse in government operations.
  • Lanham Act (1946)
    • Protects trademarks and trade names, promoting business interests and preventing confusion and deception in the marketplace.
  • Leahy-Smith America Invents Act (2011)
    • Overhauls the U.S. patent system, promoting innovation and economic growth while also protecting intellectual property rights.
  • Mail Privacy Statute
    • Protects the privacy of mail by prohibiting unauthorized access and interception, safeguarding individuals' communication and preventing privacy violations.
  • National Bank Act (1864)
    • Establishes a federal banking system and provides for the chartering of national banks.
  • Patent Act (1952)
    • Defines the requirements for obtaining a patent and the rights and limitations associated with patent ownership.
  • Pen Register and Trap and Trace Statute
    • Regulates the use of electronic surveillance equipment to collect information about telephone and Internet communications.
  • Plant Variety Protection Act (1970)
    • Grants intellectual property rights to breeders of new plant varieties, similar to the protections granted to inventors under patent law.
  • Privacy Act of 1974
    • Regulates the collection, use, and dissemination of personal information by federal agencies, and provides individuals with certain rights to access and correct their own records.
  • Public Company Accounting Reform and Investor Protection Act (2002)
    • Requires greater financial disclosure and accountability from publicly traded companies, and establishes new oversight mechanisms for the accounting profession.
  • Red Flag Program Clarification Act of 2010
    • Clarifies the definition of "creditor" and "identity theft" under the Fair Credit Reporting Act, which requires financial institutions and creditors to implement identity theft prevention programs.
  • Securities and Exchange Act of 1934
    • Regulates securities trading and the operations of the securities industry, and created the Securities and Exchange Commission to enforce its provisions.
  • Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (PATRIOT Act)
    • Expands law enforcement and intelligence agencies' surveillance and investigative powers, including the ability to conduct electronic surveillance and access business records and other personal information.
  • Veterans Affairs Information Security Act
    • Requires the Department of Veterans Affairs to implement information security policies and procedures to protect sensitive personal information and prevent data breaches.
  • Wiretap statutes
    • Regulate the use of electronic surveillance equipment by law enforcement and intelligence agencies to collect information about telephone and Internet communications.

Court Cases

  • Authors Guild, Inc. v. HathiTrust, 755 F.3d 87 (2014). The Second Circuit Court of Appeals held that the doctrine of fair use allowed HathiTrust to create a full-text searchable database of copyrighted works.
  • Autoliv ASP, Inc. v. Department of Workforce Services, 29 P.3d 7 (Utah Ct. Appeals, 2001). Utah Court of Appeals held that the transmission of sexually explicit and offensive jokes, pictures, and videos constitutes a flagrant violation of a universal standard of behavior.
  • Baltimore & Ohio Railroad Co. v. United States, 261 U.S. 592 (1923). The U.S. Supreme Court held that mutual assent can be determined from the conduct of the parties, even if there is no express, written contract.
  • Bill Graham Archives v. Dorling Kindersley Ltd., 448 F.3d 605 (2d Cir. 2006). The Second Circuit Court of Appeals held that reduced versions of copyrighted posters used in an illustrated book were fair use.
  • Brady v. Maryland, 373 U.S. 83 (1963). The U.S. Supreme Court held that the prosecution has a duty to disclose any evidence that it has that might help prove the defendant’s innocence.
  • Brown v. Board of Education, 347 U.S. 483 (1954). The U.S. Supreme Court overruled Plessy v. Ferguson. It held that separate but equal practices are inherently unequal and violate the U.S. Constitution.
  • Burnet v. Coronado Oil & Gas Co., 285 U.S. 393 (1932). The U.S. Supreme Court recognizes the value of precedent in deciding cases.
  • Carlill v. Carbolic Smoke Ball Company, 1 QB 256; Court of Appeal (1892). English court case that held that an advertisement could constitute a valid offer.
  • Carpenter v. United States, 138 S. Ct. 2206 (2018). The U.S. Supreme Court held that a person has a reasonable expectation of privacy in the location information collected by his or her smartphone and stored by his or her cell phone service provider.
  • City of Ontario v. Quon, 130 S.Ct. 2619 (2010). The U.S. Supreme Court held that reviewing a police officer’s text messages did not violate federal law and the police officer’s privacy rights because the review was not intrusive and was for a legitimate business purpose.
  • Claridge v. RockYou, Inc., United States District Court Northern District of California, C 09 6032 BZ (2009). An Indiana man sued RockYou. The lawsuit claims that RockYou stored personal data in an unencrypted database and failed to take reasonable steps to secure that personal information.
  • CompuServe, Inc. v. Cyber Promotions, Inc., 962 F.Supp. 1015 (S.D. Ohio 1997). The first court case holding that spammers could be liable for the tort of trespass to chattels.
  • Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993) The U.S. Supreme Court case that set forth the test for admitting scientific expert witness testimony.
  • Deal v. Spears, 980 F.2d 1153 (8th Cir. 1992): The Eighth Circuit Court of Appeals found that a recorder purchased at a consumer electronics store and connected to an extension phone line did not qualify as ordinary telephone equipment.
  • Diamond v. Chakrabarty, 447 U.S. 303 (1980): The U.S. Supreme Court held that patentable subject matter is "anything under the sun that is made by man."
  • Fisher v. United States, 425 U.S. 391 (1976): The U.S. Supreme Court held that the Fifth Amendment protects communications that are compelled, testimonial, and incriminating in nature.
  • Free Enterprise Fund and Beckstead and Watts v. Public Company Accounting Oversight Board, 537 F.3d 667 (Fed. Cir 2008): This court case challenged the constitutionality of the Public Company Accounting Oversight Board. The case was on appeal to the U.S. Supreme Court at the time this book was written.
  • Gideon v. Wainwright, 372 U.S. 335 (1963): The U.S. Supreme Court held that a state must appoint counsel to an indigent defendant who has been charged with a felony. Denial of the Sixth Amendment right to counsel at trial results in an automatic reversal of any conviction.
  • Giglio v. United States, 405 U.S. 150 (1972): The U.S. Supreme Court held that the prosecution has a duty to disclose to the defendant any deals that it makes with witnesses.
  • Griswold v. Connecticut, 381 U.S. 479 (1965): This was the first U.S. Supreme Court decision to articulate a Constitutional right to privacy.
  • Hammer v. Amazon.com, 392 F.Supp.2d 423 (E.D.N.Y 2005). The District Court for the Eastern District of New York held that a defamatory statement is more than mere opinion.
  • Hartford v. Moore, 181 F. 132 (S.D.N.Y. 1910). The District Court for the Southern District of New York recognized that an invention that seems obvious after it is created may actually meet the non-obvious requirement for patentability.
  • In re Boucher, 2009 WL 424718 (D. Vt., February 19, 2009). The District Court for the District of Vermont held that it is not a violation of the Fifth Amendment to require a defendant to provide an unencrypted version of his hard drive.
  • Intel Corp v. Hamidi, 71 P.3d 296 (Cal. 2003). The California Supreme Court held that the plaintiff did not sustain any damages in a trespass to chattels spam case. As such, the plaintiff could not recover damages.
  • Jacobellis v. Ohio, 378 U.S. 184 (1964). The U.S. Supreme Court stated that the First Amendment does not protect pornography or obscenity. The famous line, “I know it when I see it,” is from the majority decision in this case.
  • Jones v. Hamilton, Alabama Court of Civil Appeals, Opinion, January 22, 2010, available at https://caselaw.findlaw.com/al-court-of-civil-appeals/1521828.html (accessed August 7, 2020). The Alabama Court of Appeals held that information left in the back seat of a vehicle that was accessible to many employees was not properly protected as a trade secret.
  • Katz v. United States , 389 U.S. 347 (1967). The U.S. Supreme Court held that the Fourth Amendment of the U.S. Constitution protects a person’s right to privacy
  • Lamle v. Mattel, Inc., 394 F.3d 1355 (Fed. Cir. 2005). The Federal Circuit Court of Appeals held that an email outlining contract terms is a signed writing under the California Statute of Frauds.
  • Leonard v. Pepsico, Inc., 88 F.Supp.2d 116 (S.D.N.Y. 1999), aff’d 210 F.3d 88 (2d Cir. 2000). Second Circuit Court of Appeals case that held an advertisement was a valid contractual offer only if a reasonable person considered it to be an offer.
  • Major v. McCallister, Missouri Court of Appeals, No. CD29871 (December 23, 2009). The Missouri Court of Appeals held that a browsewrap contract was enforceable where the user was put on notice in many ways that the terms of the contract applied to the service provided on a website.
  • Miller v. California, 413 U.S. 15 (1973). The U.S. Supreme Court created a three-part test for identifying materials as obscene.
  • Nardone v. United States, 308 U.S. 338 (1939). The U.S. Supreme Court first uses the term “fruit of the poisonous tree” to describe evidence that is inadmissible at court because it is collected illegally.
  • NASA v. Nelson, 131 S.Ct. 746 (2011). The U.S. Supreme Court held that background checks on contract NASA employees do not violate any constitutional right to information privacy.
  • Owasso Independent School District No. I-011 v. Falvo, 534 U.S. 426 (2002). The U.S. Supreme Court held that the practice of peer grading does not violate the Family Educational Rights and Privacy Act (FERPA).
  • Palsgraf v. Long Island Railroad, 162 N.E. 99 (N.Y. 1928). The New York Court of Appeals held that there is no duty to an unforeseen plaintiff for unforeseeable injuries.
  • Pavesich v. New England Life Ins. Co., 50 S.E. 68 (Ga. 1905). First state case to specifically recognize a right to privacy in a state constitution.
  • Pemberton v. Bethlehem Steel Corp., 502 A.2d 1101 (Md. App.), cert. denied, 508 A.2d 488 (Md.), cert. denied, 107 S.Ct. 571 (1986). Maryland Court of Appeals held that the publication of a mug shot is not a privacy violation because the photograph is part of the public record.
  • People v. Weaver, 12 N.Y.3d 433 (N.Y. 2009). New York’s highest court held that police officers need a warrant in order to place a tracking device on a suspect’s car.
  • Plessy v. Ferguson, 163 U.S. 537 (1896). The U.S. Supreme Court legalized racial, separate but equal, segregation practices. The Court stated that these practices did not violate the U.S. Constitution.
  • ProCD Inc. v. Zeidenberg, 86 F.3d 1447 (1996). The Seventh Circuit Court of Appeals upheld a shrinkwrap contract where users had the opportunity to return software for a full refund if they did not agree to the terms in the contract.
  • Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004). The Second Circuit Court of Appeals has recognized that e-commerce has not changed the fundamental principles of contract law.
  • Reno v. American Civil Liberties Union, 521 U.S. 844 (1997). The U.S. Supreme Court said that the principle of freedom of speech applies to the internet.
  • Riley v. California, 573 U.S. 373 (2014). The U.S. Supreme Court held that law enforcement officers must get a warrant before searching a cell phone, even when the cell phone is seized when its owner is arrested (search incident to lawful arrest).
  • Robinson v. California, 370 U.S. 660 (1962). The U.S. Supreme Court said that a state statute could not criminalize the status of being an addict. Criminal behavior is evidenced by a specific action, not status.
  • Schifano v. Greene County Greyhound Park, Inc., 624 So.2d 178 (Ala. 1993). Alabama Supreme Court case held that people cannot state a claim for false light when they are in a public place.
  • Silverthorne Lumber Co. v. United States, 251 U.S. 385 (1920). The U.S. Supreme Court first articulated a doctrine that says that evidence is inadmissible at court if it is illegally collected.
  • Smith v. Maryland, 422 U.S. 735 (1979). The U.S. Supreme Court found that there is no right of privacy in the routing information of electronic communications.
  • Specht v. Netscape Communications Corporation, 306 F.3d 17 (2002). The Second Circuit Court of Appeals did not enforce terms of a browsewrap contract whose terms were located on a submerged web page.
  • State v. Smith, Slip Opinion No. 2009-Ohio-6426 (Oh. 2009). The Supreme Court of Ohio found that individuals have a reasonable expectation of privacy in their cell phones.
  • State v. Sveum, 769 N.W.2d 53 (Wis. Ct. App. 2009). Wisconsin Court of Appeals held that police did not need a warrant to attach a tracking unit to a suspect’s car.
  • State Rubbish Collectors Association v. Siliznoff, 240 P.2d 282 (Cal. 1952). Landmark case that recognized a cause of action for intentional infliction of emotional distress.
  • Strassheim v. Daily, 221 U.S. 280 (1911). The U.S. Supreme Court used the detrimental effects test to determine if a state could exercise criminal jurisdiction over a person that committed acts outside of the state.
  • Strunk v. United States, 412 U.S. 434 (1973). The U.S. Supreme Court held that a criminal charge must be dismissed if the defendant’s speedy trial rights are violated.
  • Toys “R” Us v. Akkaoui, 40 U.S.P.Q.2d (BNA) 1836 (N.D. Cal. Oct. 29, 1996). The District Court for the Northern District of California ordered an adult website to stop using its domain name because it cast a famous trademark in an unflattering light.
  • United States v. Al-Marri, 230 F. Supp.2d 535, 541 (S.D.N.Y. 2002). The District Court for the Southern District of New York held that people have a reasonable expectation of privacy in data stored on personal pagers.
  • United States v. American Library Association, 539 U.S. 194 (2003). The U.S. Supreme Court upheld the constitutionality of the Children’s Internet Protection Act (CIPA).
  • United States v. Barrows, 481 F.3d 1246 (10th Cir. 2007). Tenth Circuit Court of Appeals held that an employee did not have a reasonable expectation of privacy in his personal computer when he took no steps to protect his computer.
  • United States v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009). The U.S. District Court for the Central District of California held that a cyberbullying conviction under the Computer Fraud and Abuse Act was not valid.
  • United States v. Heckenkamp, 482 F.3d 1142 (9th Cir. 2007). The Ninth Circuit Court of Appeals held that a person has a reasonable expectation of privacy in a personal computer.
  • United States v. Jones, 132 S.Ct. 945 (2012). The U.S. Supreme Court held that installing a GPS unit on a car is a search under the Fourth Amendment to the U.S. Constitution.
  • United States v. Kirschner, 2010 U.S. Dist. Lexis 30603 (E.D. Mich., March 30, 2010). The District Court for the Eastern District of Michigan held that it is a violation of the Fifth Amendment to require a defendant to provide the password to his computer.
  • United States v. Miami University; Ohio State University, 294 F.3d 797 (6th Cir. 2002). The Sixth Circuit Court of Appeals held that disciplinary records are records that are protected by the Family Educational Rights and Privacy Act (FERPA). A student’s consent is required before releasing the records.
  • United States v. Mullins, 992 F.2d 1472 (9th Cir. 1993). The Ninth Circuit Court of Appeals held that the Wiretap Act’s provider exception can be used by system administrators to track a hacker throughout an entity’s computer network in order to prevent damage to the network.
  • United States v. White, 401 U.S. 745 (1971). The U.S. Supreme Court found there is no right of privacy in information that is voluntarily disclosed to another person.
  • Whalen v. Roe, 429 U.S. 589 (1977). The U.S. Supreme Court specifically recognized a right of “informational privacy.”
  • Wheaten v. Peters, 33 U.S. 591 (1834). The U.S. Supreme Court first acknowledged that a person has an interest in being “let alone.”
  • White v. Samsung Electronics of America, Inc., 989 F.2d 1512 (9th Cir. 1992). A Ninth Circuit Court of Appeals case where a game show host argued successfully that being a host on a popular game show was her identity, and that a business misappropriated her identity.
  • Williams v. Crichton, 84 F.3d 581 (2d Cir. 1996). The Second Circuit Court of Appeals stated a test used for determining “substantial similarity” between copyrighted works.
  • Zubulake v. UBS Warburg, LLC, 2004 WL 1620866 (S.D.N.Y. July 20, 2004). A series of decisions in the District Court for the Southern District of New York that helped define the limits of electronic discovery.