the gizmodo/jason chen/search warrant debacle

There have been many views expressed on both the propriety of Gizmodo breaking the story on the next-gen iPhone as well as the subsequent search warrant executed by the police against Jason Chen, the Gizmodo reporter that broke the story. Needless to say, each side has its supporters. A good summary with links to contrasting views can be found on GigaOm.

I won’t rehash all the arguments either for or against the execution of the warrant or its validity – you can check out the link above for all of that. The only thing I did want to point out was the possibility that a previous, somewhat similar case, may perhaps have prompted the criminal investigation leading to the search warrant. O’Grady v. The Superior Court of Santa Clara County (pdf) was a case in 2006 that also involved Apple. Apple was seeking civil subpoenas to certain websites that published information that it claimed to be trade secrets, in order to discover the source of the disclosures. The publishers moved for a protective order, which was denied at trial. However, the protective order was granted on appeal.

Though there were various bases on which the court found in favour of the websites, the one that seems relevant to the Chen search warrant relates to the California reporter’s shield – the same California legislation cited by the chief operating officer of Gizmodo as making the search illegal. In short, the appeal court in O’Grady found that “any subpoenas seeking unpublished information from petitioners would be unenforceable through contempt proceedings in light of the California reporter’s shield (Cal. Const., art. I, § 2, subd (b); Evid. Code, § 1070)”.

More importantly, the appeal court had this to say about what was alleged by Apple to be criminal activity and reviewing the lower courts findings on same:

The court found petitioners’ assertion of a constitutional privilege “overstated” because “[r]eporters and their sources do not have a license to violate criminal laws such as Penal Code [section] 499c [(§ 499c)].” 8 The court assumed petitioners to be journalists, but wrote that “this is not the equivalent of a free pass” and that they could still be compelled to reveal information relating to a crime. The court repeatedly alluded to the supposed presence of criminal or larcenous conduct. The court also faulted petitioners for failing to establish “what public interest was served” by the publications in question. While acknowledging evidence that thousands of people were interested in the information in question, the court opined that “an interested public is not the same as the public interest.” The court implied that the publications in question were not “ ‘protected speech.’”

Though the appeal court didn’t dwell much further on the relevance of the alleged criminal acts to the California reporter’s shield in the body of the decision, the foonote to the excerpt above is rather informative:

8 Section 499c criminalizes the misappropriation or attempted misappropriation of trade secrets under specified circumstances. Although Apple alluded to this statute in its memorandum below, and does so again before us, it has never demonstrated that the facts here could establish a criminal theft of trade secrets. That offense requires proof of, among other things, “intent to deprive or withhold the control of [the] trade secret from its owner, or . . . to appropriate [the] trade secret to [the defendant’s] own use or to the use of another . . . .” (§ 499c, subd. (b).) Since Apple has never argued the point, no occasion is presented to consider whether the inferred circumstances of the disclosure here could be found to constitute a crime. For present purposes we are concerned only with an allegedly tortious disclosure of a trade secret presumably by an Apple employee.”

It would seem clear that the court took pains to distinguish between a tortious disclosure of a trade secret, versus a criminal misappropriation of a trade secret. And although the court does not make any findings as to what might have happened if there were a basis to claim of criminal wrongdoing, the implication of the note above is that the findings on appeal may well have been different, if only apple had presented any facts to establish a crime. (All that being said, the EFF has expressed the opinion that both the California shield law as well as the federal Privacy Protection Act would make such a search illegal, even if a crime were committed)

So here Apple is, facing a similar situation as in O’Grady, and knowing that it will likely have either very limited or no ability to successfully obtain civil subpoenas given the finding in O’Grady, but with a little crack in the door suggesting that if criminal misconduct could be successfully demonstrated, it may have some chance of success. That seems better than nothing.

Given the above, it seems logical that Apple would want to request the DA to commence a criminal investigation (though to be clear, reports indicate that the DA has declined to indicate who instigated the investigation), either for plain theft or for theft of trade secrets, in order to enable it to seek some sort of remedy for the leaked information, though I’ll admit that if the above is correct its not clear to me exactly what remedy Apple would be seeking – in contrast to O’Grady, the identity of the Apple rep who lost the phone (and all the gory details) is already public. Perhaps the identity of the person who picked it up (which doesn’t appear to be public)? Though I’m not sure what that gets Apple, other than perhaps fiery retribution against the fellow and disgorgement of his ill-gotten gains (the $5,000 that Gizmodo paid him for the phone). Will be interesting to see how it plays out.

norwich orders, part ii (an editorial of sorts)

<rant>

I was a bit surprised to find this article that covered the court orders that had required Google to disclose information on some Gmail users and the subsequent orders in Canada against certain Canadian ISPs, which was the subject of a previous post. The long and short of it is that the author considers Norwich orders to be some sort of grave, grave intrusion on privacy rights and personal liberty. Hence, this dire warning at the end of the article:

No matter how many precautions we take to remain private or cloak our identity, the authorities and other potential litigants usually have little difficulty obtaining this content. And they do it not by nefarious mean like hacking, but through our very own court system.

Internet users everywhere would do well to take heed. Your emails — and maybe even your Google searches — could be one subpoena away from the prying eyes of federal authorities, not to mention private litigants.

Why am I surprised? Because it seems to lack the most basic understanding of the legal system. I won’t get into all the details of the workings of Norwich orders – the original article by Omar Ha-Redeye that I had previously mentioned does a very good job at that, and I would certainly commend it to the author of this article so he may perhaps gain some insight.

The fact of the matter is that no, your privacy rights and right to anonymity have not suddenly disappeared altogether. However, as with all rights there are limitations. Thus, while U.S. citizens have the right to bear arms, they do not have the right to shoot people. If someone were to do that, they should reasonably expect their gun (and likely their liberty) to be taken away. Similarly, if someone uses their right to anonymity in an attempt to commit a crime or harm someone else, they should reasonably expect that right of anonymity to be taken away – at least to the extent it relates to the crime.

Remarkably, the author seems to suggest that the use of “subpoenas” (presumably he meant to refer to the Norwich orders) are almost the equivalent of, say, parking tickets, that the authorities or litigants can simply write up  if and when they choose to stomp on someone’s personal liberties for no good reason. What an unfortunate misperception of the legal system. The very reason why someone must go to the courts to obtain such as order is to ensure that the interests of the parties involved are balanced and safeguarded. If someone seeking the order does not have a reasonable and valid basis for doing so, it is likely that the order would not issue.

Regarding process, he cites Eric Goldman:

“People need to know that very little information that they give or make available to third parties [like Google] is unavailable to the government or private litigants,” says Eric Goldman, director of the High Tech Law Institute at Santa Clara University School of Law. “I think most people are surprised at how relatively easy it is for the government and private litigants to obtain ‘their’ information.”

I can’t speak to the process in the U.S. or what Mr. Goldman considers to be “relatively easy”. What I can say is that in Canada there is reasonable due process and consideration before such orders are issued. Just to cite one part of Mr. Redeye’s article:

A Norwich order is a pre-action discovery mechanism that is described by Spence J. in Isofoton S.A. v. The Toronto-Dominion Bank,

Requests for Norwich relief are largely unfamiliar to Canadian courts.  A Norwich order essentially compels a third party to provide the applicant with information where the applicant believes it has been wronged and needs the third party’s assistance to determine the circumstances of the wrongdoing and allow the applicant to pursue its legal remedies.

The 5 elements identified in this case for granting such an order include:

(i) Whether the applicant has provided evidence sufficient to raise a valid, bona fide or reasonable claim;
(ii) Whether the applicant has established a relationship with the third party from whom the information is sought such that it establishes that the third party is somehow involved in the acts complained of;
(iii) Whether the third party is the only practicable source of the information available;
(iv) Whether the third party can be indemnified for costs to which the third party may be exposed because of the disclosure, some [authorities] refer to the associated expenses of complying with the orders, while others speak of damages; and
(v) Whether the interests of justice favour the obtaining of disclosure.
[emphasis added]

The privacy interests of the alleged wrongdoer were overcome by the last element, the interests of justice, because of the applicant’s equitable right to information.  Spence J. pointed to Alberta v. Leahy and Bankers Trust Orders (from Bankers Trust Co. v. Shapira) indicating that court orders can override confidential information, even for financial records, and Glaxo-Wellcome PLC v. M.N.R. that the privacy interests of alleged wrongdoers is somewhat diminished.

Perhaps its just me, but this doesn’t sound particularly easy.

Of course, as with most things, the legal system is certainly not perfect, and there may well be instances where abuses might occur, or wrong decisions might be made by the courts where the scales of justice tip a bit. But to point at the sky and say it’s falling because of this case seems to me to be somewhat premature, to say the least.

Or at very least, as far as privacy concerns go, consider focusing more on things like the NSA and TIA than the courts.

</rant>