A Business Technology Place

Smartphone passwords and privacy

How would you rule in this case?

An employee is provided a smartphone and cellular service by their employer. The employee leaves the company and returns the device. Then the employee is brought under investigation for by the SEC for insider trading activities. The SEC requests the password for the phone in an effort to build evidence for their case.

Is the employee required to surrender their passcode so that access can be granted to the smartphone?

The result may not surprise you but the reason will.

A US District Court ruled that that the employee was not required to surrender their password in SEC V. Huang as this could violate their Fifth Amendment right to privacy.

In a court response it stated that,

“Since the passcodes to Defendants’ work-issued smartphones are not corporate records, the act of producing their personal passcodes is testimonial in nature and Defendants properly invoke their fifth Amendment privilege. Additionally, the foregone conclusion doctrine does not apply as the SEC cannot show with “reasonable particularity” the existence or location of the documents it seeks. Accordingly, the SEC’s motion to compel the passcodes is denied. “

The case revealed that Capital One, the employer, did have policies stating that the company owned the device issued as well as corporate documents stored on the device. As you would expect, Capital One also required employees to use a passcode and by best practice the code should be private and not written down anywhere. Hence the court ruling that the passcode itself was not a corporate record.

The court also stated that,

“Each party argues based on established legal precedent m non-smartphone contexts involving the interplay between corporate records and encrypted information on computers. As we find the personal thought process defining a smartphone passcode not shared with an employer is testimonial, we deny the SEC’s motion to compel. “

I bet you’ve never considered making your password part of your “personal thought process”!

How far could this reach?

Could this apply to computer and laptop passwords? Would an employee be able withhold their password from an employer if they were not under investigation for criminal activity?

If the rationale of this decision carried forward then I would think it could be far reaching.  Employers typically don’t assert ownership of the password or require they be stored where they are accessible. Hence they would be considered something personal.

If a Company wants maintain complete control and ownership of equipment issued to employees they should consider the following policies:

  1. Create a policy that issues passwords to be used by employees on company owned equipment.
  2. Designate a required storage area for passcodes.
  3. Equip phones with software that allows a remote wipe of the device if the employee leaves.

Photo Credit: binaryCoco via creative commons


QR codes are dumb codes.

Jeb Cashin - GravatarBob and others I’ve worked with know I don’t like QR codes (for marketing anyway.) They may not always remember why I don’t like them. QR codes are a re-tooling of an ancient technology (2D bar codes) that were re-born to fail by the very trend they attempted to build on: smart phones. And they don’t really solve a problem for the user, rather they create a problem of having to get a QR code reader.

They are also ugly blotches to incorporate into design.

Barcodes (whether 1 dimensional or 2 dimensional) are “machine readable” codes that are designed to be read very quickly by very dumb machines. QR codes are a marketing fad that serve no other purpose other than to use them.

Smart phones are not dumb. They are smart enough to recognize faces, text, and objects. Try out Google Goggles if you haven’t. I had one recognize Dwight Shrute’s head on a mug! Smart phones don’t need dumb print blotches.

I just redeemed an iTunes card using a feature I had not seen before: “Use your camera.” I clicked on it, held the card up to the camera, and was surprised by what happened. I thought it was going to read the barcode on the back. Instead, it found the human-readable text and read that.

iTunes uses camera to read $10 gift card code.

Two things to note:

1. Not directly related, but note how the camera view is backwards, which is a default for some reason with computers and phones. I think this mirror view is just more comfortable because things move the way we have been trained (with hand held mirrors.)

2. But the iTunes reader quickly found and boxed in the human-readable text code (not bar code), interpreted it, and displayed it back to me with a reinforcing message. It was almost instantaneous. And it was friendly enough to show me the code frontwards (not backwards like the actual shot.)

That’s smart cod(ing).