A Business Technology Place

Smartphone passwords and privacy

How would you rule in this case?

An employee is provided a smartphone and cellular service by their employer. The employee leaves the company and returns the device. Then the employee is brought under investigation for by the SEC for insider trading activities. The SEC requests the password for the phone in an effort to build evidence for their case.

Is the employee required to surrender their passcode so that access can be granted to the smartphone?

The result may not surprise you but the reason will.

A US District Court ruled that that the employee was not required to surrender their password in SEC V. Huang as this could violate their Fifth Amendment right to privacy.

In a court response it stated that,

“Since the passcodes to Defendants’ work-issued smartphones are not corporate records, the act of producing their personal passcodes is testimonial in nature and Defendants properly invoke their fifth Amendment privilege. Additionally, the foregone conclusion doctrine does not apply as the SEC cannot show with “reasonable particularity” the existence or location of the documents it seeks. Accordingly, the SEC’s motion to compel the passcodes is denied. “

The case revealed that Capital One, the employer, did have policies stating that the company owned the device issued as well as corporate documents stored on the device. As you would expect, Capital One also required employees to use a passcode and by best practice the code should be private and not written down anywhere. Hence the court ruling that the passcode itself was not a corporate record.

The court also stated that,

“Each party argues based on established legal precedent m non-smartphone contexts involving the interplay between corporate records and encrypted information on computers. As we find the personal thought process defining a smartphone passcode not shared with an employer is testimonial, we deny the SEC’s motion to compel. “

I bet you’ve never considered making your password part of your “personal thought process”!

How far could this reach?

Could this apply to computer and laptop passwords? Would an employee be able withhold their password from an employer if they were not under investigation for criminal activity?

If the rationale of this decision carried forward then I would think it could be far reaching.  Employers typically don’t assert ownership of the password or require they be stored where they are accessible. Hence they would be considered something personal.

If a Company wants maintain complete control and ownership of equipment issued to employees they should consider the following policies:

  1. Create a policy that issues passwords to be used by employees on company owned equipment.
  2. Designate a required storage area for passcodes.
  3. Equip phones with software that allows a remote wipe of the device if the employee leaves.

Photo Credit: binaryCoco via creative commons

 

Do you cover your webcam?

Do you cover your webcam with a piece of tape?

Over the past several years I’ve noticed that many colleagues in the office cover their webcams with a piece of tape. Maybe they’ve read about incidents of camfecting or maybe they are just paranoid of any intrusion to their privacy. It may seem like a Hollywood movie script but the threats are real. Hackers have used webcam images for extortion  and even government agencies have hacked webcam sessions in the name of state security.

There are other ways block the camera hole.Samsung-close-webcam-cover

This security concern isn’t new. Some manufacturers allow you to completely disable the camera in the system BIOS. That’s a good method to turn it off before the system boots, but you’ll have to reboot to turn it back on if you want to use the camera for legitimate purposes. You can also disable the camera through the operating system, but that would be susceptible to hacking for power-up. There are variety of webcam slide covers available to purchase from a retailer. These devices have a manual slide closure which makes it more convenient than a sticky piece of tape to close and open the camera hole for viewing and more visually appealing.

If you are paranoid about someone spying on you from your computer camera you should also be concerned about the onboard microphone that captures sound. Don’t forget your cell phone camera. It’s susceptible to hacking as well.

With all the security concerns why isn’t a webcam slider standard issue?

If we can buy webcam sliding devices on the market to cover the camera hole then why can’t manufacturers make this a built-in standard feature? My car with a sunroof has manual sliding cover in addition to the electric sunroof opener. When I open the roof the manual cover slides open with it. Then when I close the sunroof I can slide the cover to a fully closed position if I don’t want to see the sky through the glass sunroof. Why can’t built-in webcams for laptops and USB webcams have a similar slide device built-in?

This would solve a need and keep the choice to cover or leave the camera up to the operator of the device. Hack me or hack me not?

Onward and upward!