An Attorney’S Guide To Managing Social Media Based Evidence 03142011

  • 3,106 views
Uploaded on

Ethics and Social Media for Attorneys.

Ethics and Social Media for Attorneys.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
3,106
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Hello and thank you for participating in our class today. After a brief five minute introduction, our class will last <90> minutes today, including intermittent question and answer sessions. For those students wanting CLE credit, please make sure to complete our attendance sheet and take home your certificate of attendance.
  • I would like to take a moment to go over the ground rules for today’s class. The class is designed to provide a superior educational experience by being interactive. It may have been a couple years since each of you have participated in a healthy vigorous law school debate, but nonetheless today that will be our goal. So I would encourage all of you to participate in the spirit of community and professionalism.
  • Before we begin, I will briefly introduce myself and Scarab Consulting.
  • The main focus of Scarab’s expert practice is providing expert advice on best methods and technologies to materially reduce wasted expense in discovery, maximize dollars available for substantive legal work, and minimize litigants’ exposure to the most common electronic discovery sanctions.
  • Scarab is one of the nation’s oldest litigation technology practices, having been started in 2000 with operations in NY, Texas, Illinois and Michigan.In addition to ESI expert witness services, Scarab also provides a comprehensive suite of best of breed litigation support technologies that currently multiple international firms and corporations.
  • A bit about myself, I am Scarab’s Chief Innovation Officer, and am currently engaged as an expert ESI witness on multiple Federal cases.I have been qualified and testified as computer forensic expert in an NASD (now FINRA) arbitration working on behalf of the respondent, an employee of Morgan Stanley.I owned, operated and sold one of the largest computer forensic and electronic discovery companies in the Midwest.I provided computer forensic collection services to individual clients such as Gov. Rod Blagojevich and multi-national corporations.
  • The topics we will be covering today include: identity, privacy, free and protected speech concerns, evidence identification and collection methods from social media sources, and social media policies
  • Social media poses a unique challenge to litigators in that issues of privacy, speech, identity and certainly discovery are not as clear cut as one might initially believe. The purpose of this class is to arm students with a methodology to approach evidence appearing in social media sites that acknowledges these challenges. First, let’s take a brief look at how the Supreme Court’s interpretation of 4th Amendment protections from technology based unreasonable search and seizures by the U.S. government have evolved over time.
  • In 1967, the US Supreme Court ruled that immaterial intrusion with technology constituted a search and extended Fourth Amendment protection to all areas where a person has a "reasonable expectation of privacy". In this case, Charles Katz sued the US government for 4th Amendment protection under the Constitution after the FBI had recorded him making illegal wagers. In order to get their recording, the FBI attached a listening device to the outside of Mr. Katz phone booth. Ultimately, the Supreme Court concluded that the general public’s expectations of privacy at that time was that conversations held inside a phone booth would not be heard outside of the phone booth. For those of you who are wondering, if the FBI’s listening device had entered Mr. Katz’ phone booth, their search would have been material, not immaterial, and they would have been required to acquire a warrant before recording Mr. Katz.
  • As we look at privacy and social media, it is helpful to understand the two part test the Supreme Court applies when deciding whether or not a U.S. citizens’ privacy should be afforded 4th Amendment protection. First, court examines whether or not the individual had exhibited an actual (subjective) expectation of privacy and second, “whether his expectation is one that society is “prepared to recognize as "reasonable.” For example, when you are interviewing potential jurors during voir dire, an 18 year old’s REP might differ significantly from those of a 60 year old’s. I would argue that technology has and will continue to change expectations of privacy to the point that privacy may become a luxury of the past. Certainly the framers of the constitution could not have anticipate the privacy challenges that Facebook pose.
  • In another interesting case from 1979, the supreme court denied Michael Lee Smith 4th Amendment protections from unreasonable search and seizures when the police and the phone company recorded the numbers Mr. Smith was dialing in order to catch him dialing the home of a woman the police suspected he had robbed and was now stalking. Let me read you part of the majority’s decision as it applies to the police and a third party using technology to capture activities taking place in a private home: “First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does, in fact, record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone, rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as "reasonable." When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information to the police”.
  • It is interesting to note Justice Marshall’s dissent to the majority’s decision. Let me read it for you and please consider that in 1776, the only entity citizens needed protection from was the U.S. government. When Alexander Graham Bell invented the telephone in 1876, he unknowingly created a new form of human social interaction and a second entity in addition to Big Brother that would affect 4th Amendment rights. As we are about to see, the internet and social media in particular, have added a third group of entities that are searching and seizing on our every activity online. It bears asking the question, whether or not privacy is “not a discrete commodity, possessed absolutely or not at all” as stated by Justice Marshall in his 1979 dissent to the majority opinion, or, is privacy as a commodity slowly but surely be destroyed by advances in technology?
  • So to make this class interesting, let’s take a look at how the currently assembled members of the general public expect some level of privacy when you use Facebook? For those of you that do not use Facebook like myself, there are a variety of privacy settings that Facebook users may set themselves to control what levels of personal information are revealed to their friends and the public at large.
  • In Facebook’s current privacy policy, they begin by saying their basic role is to share your information with other people. Facebook affords its user privacy settings, which we look at shortly, to control some of their own personal information. However, let’s read their policy further and see if any potentials holes appear.
  • Here is Facebook’s first privacy policy from 2005.
  • Now fast forward to April of 2010 and we see a slightly different picture.
  • Matt McKeon, an internet technologist, converted Facebook’s privacy policies from its inception up to today. Let’s take a look at what information Facebook’s 2010 policy means by “everyone”
  • Here is 2005. You are in the middle with your friends, your network of friends, and finally all Facebook users represented. As you see here, the default privacy setting in 2005 did not reveal any information to the rest of the internet.
  • Now that we see privacy is a shifting, morphing quality for Facebook users, let’s take a look at what I am call “invisible intrusions with technology”.
  • Wouldn’t you agree that “There are pretty sound reasons to hope that when you search for a job online, that fact isn't broadcast to dozens of companies you've never heard of?” Yes? Well that is precisely what is happening at the largest job site in the United States, Careerbuilder.com.
  • When one logs in to enter personal resume information into CareerBuilder.com, these nine companies are invisibly capturing and recording all of your information. These companies, some of which are owned by Microsoft and Google, are building comprehensive lifetime profiles of all internet users and reselling that information. And when I mean comprehensive, I mean comprehensive.
  • Every webpage we visit and the activities we undertake there is tracked by these companies and added to their record of your lifetime online existence through the use of very hard to delete “supercookies”.
  • Many of you may be wondering how just how comprehensive a profile these tracking companies are able to create. Well, a shown by a recent research paper by Balachander Krishnamurthy and Craig Wills, social networking sites like Facebook, LinkedIn and MySpace are “giving the hungry cloud of tracking companies an easy way to add your name, lists of friends, and other profile information to the records they already keep on you.” In fact, their research shows that there is, as they call it, surreptitious anti-privacy engineering at work. So, how is everyone’s reasonable expectations of privacy doing just about now?
  • Let’s take a look at an interestinganti-tracking and privacy technology that led to the previous discovery of nine tracking companies at CareerBuilder.com by the Electronic Frontier Foundation. NoScript is a free program that Mozilla Firefox browser users can download that can be configured to prevent invisible programs from being run when we visit websites. Here are three popular websites and the companies that are tracking us when we visit them.
  • I would like to ask the class now for your opinions as to the suitability of these lifetime profiles for use in litigation. For example: Are the profiles a good target for subpoenas for enterprising plaintiffs firm wishing to prove discriminatory lending / pricing or other commercial practices by an online retailer??
  • At this point in the class I am sure many of you are rethinking your own use of the internet and may even be wondering if there is a way to shield one self from being tracked online entirely.
  • In fact, there are techniques to surf the web anonymously, so let’s take a look at one of the better technologies available now called Tor. As we look at Tor, please keep in mind what challenges anonymous surfers might pose to litigators. In other words, do not automatically assume that what one sees posted on the web can be directly attributed to a given individual.
  • To quote their website, “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.”
  • If you are travelling overseas on an internal investigation, Tor might be of use to you if you do not want to reveal the fact you are in a certain location. When one we travel abroad and connects to our employer's computers to check or send mail, we can inadvertently reveal our national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.” Depending upon the sensitivity of your investigation, announcing your presence to certain parties may not be desirable.
  • If you are travelling overseas on an internal investigation, Tor might be of use to you if you do not want to reveal the fact you are in a certain location. When one we travel abroad and connects to our employer's computers to check or send mail, we can inadvertently reveal our national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.” Depending upon the sensitivity of your investigation, announcing your presence to certain parties may not be desirable.
  • So now that we have shown you that the disparaging post on a social networking you just terminated an employee over may not have actually been made by them, let’s take a look at speech issues in general and other challenges posed by advancements in technology.
  • In February this year, the SOUTHERN DISTRICT OF FLORIDA denied a motion to dismiss by a public school principal who attempted to claim qualified immunity against a lawsuit filed by a former student of his. Katherine Evans brought an action against Peter Bayer for suspending her for making the following post on her Facebook page: “Ms. Sarah Phelps is the worst teacher I’ve ever met! To those select students who have had the displeasure of having Ms. Sarah Phelps, or simply knowing her and her insane antics: Here is the place to express your feelings of hatred.” The Florida court ruled that Ms. Evans’ post did not constitute a threat to her teacher, and in fact was her opinion and therefore afforded protected under the 1st Amendment.
  • In addition to free speech concerns, employers of unionized employees certainly need to consider protected speech rights when approaching social media posts as the following case shows.
  • In this recent case, an NLRB investigation found that an employee’s Facebook postings constituted protected concerted activity, and that her employer’s blogging and internet posting policy contained unlawful provisions, including one that prohibited employees from making disparaging remarks when discussing the company or supervisors and another that prohibited employees from depicting the company in any way over the internet without company permission.
  • The NLRB press release states that “Under the terms of the settlement approved today by Hartford Regional Director Jonathan Kreisberg, the company agreed to revise its overly-broad rules to ensure that they do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions.”  Some of you may feel differently
  • Lets take a look at the language from the employer’s handbook that the NLRB found overreaching
  • Now, let’s take a look at yet another form of speech that employers need to be cognizant of.
  • It appears that organizations of all types may be wise to adopt social media policies that reflect the specific nature of their business, the classes of employees they employ, and are generally in line with the very low level of privacy afforded by social networking sites.
  • Mario Sundar is the official blogger of LinkedIn, a professional social networking site. Mario has some sage advice which I will read to you now.
  • Here is a website with 164 different companies’ social media policies broken down by industry segments.
  • Let’s take a look at a social media policy created by the law firm Baker & Daniels. Please note how the B&D policy is tailored to the specific professional demands and responsibilities of attorneys.
  • So assuming one has found information on Facebook or other social media sites that could be relevant to a case, let’s take a look at methods and challenges to subpoenaing such evidence.
  • Here are a list of specific items Facebook asks to be included in subpoenas sent to them. One of today’s handouts is Facebook’s 2010 LE guideline to subpoenas.
  • Finally, let’s take a look at methods the DOJ internet crime and intellectual property division is teaching its attorneys to identify and gather evidence from social networking sites.
  • The following slides were procured by the FOIA and are authored by John Lynch and Jenny Ellickson to give proper credit.
  • The DOJ is teaching its attorneys that evidence from social-networking sites can :Reveal personal communications, Establish motives and personal relationshipsProvide location information, Prove and disprove alibis, Establish crime or criminal enterprise, Networks of targets, Also: instrumentalities or fruits of crime
  • The authors caution that establishing the true identity of the person who made a Facebook post in question is not always straight forward. For example, one can log in to Facebook using my Google account. If this occurs, Facebook does not store the same identity information Google is in possession of. Therefore, to uncover my true identity, a DOJ attorney would have to subpoena Google to discover who exactly made the Facebook entry.
  • Thank you for participating in our class today. Make sure to fill out our attendance handout if you wish to receive CLE credit.

Transcript

  • 1. An Attorney’s Guide to Managing Social Media Based EvidenceIdentity, Privacy and Ethical Challenges
    Larry Lieb
    Chief Innovation Officer
    Scarab Consulting
  • 2. Class Ground Rules:
    Class content is for Continuing Legal Education purposes only and does not constitute legal advice.
    Questions posed by and opinions offered by class participants are for the sole purpose of improving today’s class’s educational value and do not constitute legal advice.
    So Please Participate!
  • 3. WHO WE ARE
  • 4. Scarab Consulting
    Expert Advice on Best Practices and The Application of Technology to:
    • Materially reduce wasted expense in discovery
    • 5. Maximize limited dollars available for substantive advocacy
    • 6. Minimize exposure to common electronic discovery sanctions
  • Scarab Consulting
    National practice founded in 2000
    Operations in: Texas (Houston, Austin, Dallas, San Antonio), New York, Illinois (Chicago)
    Complete Discovery Service Line:
    26(f) Meet & Confer ESI Expert Consulting & Testifying Services
    Complete Evidence Management Mapping / Collections / Hosting / Review
    Clearwell/ Relativity / iConect / RiverGlass
    Court Reporting
  • 7. Today's Instructor: Larry Lieb, CCA
    • Worked in electronic discovery since 1998
    • 8. Testified as computer forensic expert in NASD (now FINRA) Arbitration for Morgan Stanley.
    • 9. Rule 26(f) meet & confer ESI expert on multiple federal cases.
    • 10. Established and sold largest commercial computer forensic company in the Midwest.
    • 11. Sample client: Gov. Rod Blagojevic
  • Today's Topics
    Technology & Privacy
    Online Identity & Anonymity
    Free, Protected & Regulated Speech
    Social Media Policies
    Evidence identification and Collection Methods
  • 12. Will Technology Eventually Extinguish Society's Reasonable Expectations of Privacy?
  • 13. 1967 and The Immaterial Intrusion With Technology
    Katz v. United States, 389 U.S. 347 (1967)
    FBI attaches listening device to the outside glass of a phone booth to record Mr. Katz’ criminal conduct.
    Katz sues for 4th Amendment protection.
    Supreme Court agrees with Katz that both Mr. Katz’ own subjective expectations of privacy met the general public’s expectations; in 1967, everyone expected their voices would not be overheard in a phone booth.
  • 14. Reasonably Expectations of Privacy Online
    Two part test:
    Whether the individual has exhibited an actual (subjective) expectation of privacy
    Whether his expectation is one that society is prepared to recognize as "reasonable.”
  • 15. Immaterial Intrusion With Technology in 1979
    Without a warrant or court order, the telephone company, at police request, installed a pen register at its central offices to record the numbers dialed from Mr. Smith’s home.
    Mr. Smith was arrested for a home robbery and imprisoned based upon evidence uncovered by the phone company.
    Mr. Smith sued the government for 4th Amendment protection and lost.
    Supreme Court majority concluded that Mr. Smith and the general public expected the phone company to be listening into everyone’s calls on occasion.
    SMITH v. MARYLAND, 442 U.S. 735 (1979)
  • 16. Justice Marshall Dissent
    “Even assuming, as I do not, that individuals "typically know" that a phone company monitors calls for internal reasons, ante, at 743, 1 it does not follow that they expect this information to be made available to the public in general or the government in particular.” (MARSHALL, J., dissenting).”
    http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?court=US&vol=442&invol=735
  • 17. Facebook and Privacy
    How has social media affected the general publics’ reasonable expectations of privacy?
    A show of hands for those of you in the class that expect some level of privacy when using Facebook?
  • 18. Facebook’s definition of privacy
    Lets take a look at how Facebook views and handles the privacy of its users.
    Keep in mind how easily Facebook users can expose sensitive information and how that may help or hurt your existing cases.
  • 19. http://www.facebook.com/policy.php
    How We Share InformationFacebook is about sharing information with others — friends and people in your communities — while providing you with privacy settings that you can use to restrict other users from accessing some of your information. We share your information with third parties when we believe the sharing is permitted by you, reasonably necessary to offer our services, or when legally required to do so.
  • 20. The Evolution of Privacy on Facebook
    Facebook Privacy Policy circa 2005:
    “No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.”
  • 21. The Evolution of Privacy on Facebook
    Facebook Privacy Policy, April 2010:
    “When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.”
  • 22. The Evolution of Privacy on Facebook
    Matt McKeon’s graphical depiction of the evolution of Facebook’s Privacy Policy from 2005 to 2010.
    http://mattmckeon.com/facebook-privacy/
  • 23. The evolution of Facebook’s privacy policy
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. Invisible Intrusions With Technology in 2011
  • 30. Do Invisible Intrusions With Technology Constitute a Search?
    “There are pretty sound reasons to hope that when you search for a job online, that fact isn't broadcast to dozens of companies you've never heard of — but that's precisely what's happening here (at CareerBuilder.com).”
    (https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks )
  • 31. Seven Companies Tracking You Over Your Entire Lifetime
    Rubicon Project
    AdSonar (division of AOL advertising)
    Advertising.com (division of AOL advertising)
    Tacoda.net (division of AOL advertising)
    Quantcast
    Pulse 360Undertone
    AdBureau (part of Microsoft Advertising)
    Traffic Marketplace
    DoubleClick (which is owned by Google).
    (https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks )
  • 32. How 3rd parties build lifetime profiles of you
    Each of these tracking companies use either cookies, or hard-to-delete "super cookies", to link their records of each new page they see you visit to their records of all the pages you've visited in the previous minutes, months and years.
    (https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks)
  • 33. They can track us, but do they know who we are?
    “A recent research paper by Balachander Krishnamurthy and Craig Wills shows that social networking sites like Facebook, LinkedIn and MySpace are giving the hungry cloud of tracking companies an easy way to add your name, lists of friends, and other profile information to the records they already keep on you.”
    “In some cases, the leakage may be unintentional, but in others, there is clever and surreptitious anti-privacy engineering at work.”
    (http://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks)
  • 34. NoScript Kills Most Invisible Intrusions
    Who is tracking us at:
    Careerbuilder.com
    Monster.com
    Bloomberg.com
    Found at: http://noscript.net/
  • 35. Lifetime Profiles as Discovery Targets?
    Please discuss potential offensive and defensive uses of these lifetime profiles of billions of people:
    For example: Are the profiles a good target for subpoenas for enterprising plaintiffs firm wishing to prove discriminatory lending / pricing or other commercial practices??
    Lots of patterns to be found in profiles.
  • 36. Identity & Anonymity
  • 37. Is online anonymity possible?
    Although very difficult, it is possible to appear anonymously on the internet using tools such as Tor.
  • 38. What is Tor?
    “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.”
    http://www.torproject.org/
  • 39. “Why we need Tor”
    Knowing the source and destination of your Internet traffic allows others to track your behavior and interests.
    This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin.
    It can even threaten your job and physical safety by revealing who and where you are. For example, if you're travelling abroad and you connect to your employer's computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.”
    http://www.torproject.org/about/overview.html.en#thesolution
  • 40. Tor Demonstration
    Tor masks the identity of the user by routing traffic in an untraceable fashion across thousands of Tor servers.
  • 41. Ethical uses of Tor in civil litigation
    Activities conducted by a party using Tor might make identification of evidence source and activities impossible in some circumstances.
    LE uses Tor to protect online investigative activities. My legal professionals do the same without fear?
  • 42. FREE SPEECH
  • 43. Free Speech Considerations
    On Facebook, Katherine Evans states:
    “Ms. Sarah Phelps is the worst teacher I’ve ever met! To those select students who have had the displeasure of having Ms. Sarah Phelps, or simply knowing her and her insane antics: Here is the place to express your feelings of hatred. (p. 1)
    Principal Peter Bayer learns of post and suspend Ms. Evans for, “Bullying/Cyber Bullying/Harassment towards a staff member” and “Disruptive behavior.” (p. 2)
    Evans sues Bayer for damages, injunctive relief and declatory relief
    Bayer argues qualified immunity as public official and issue motion to dismiss
    Florida District court denies motion
    CASE NO. 08-61952-CIV-GARBER (2/12/2010)
  • 44. PROTECTED SPEECH
  • 45. NLRB Case 34-CA-012576
    Sayeth the NLRB:
    “Such (policy) provisions constitute interference with employees in the exercise of their right to engage in protected concerted activity.”
    Do employees need to be unionized to be protected from supervisor retaliation to Facebook postings?
    (Source: NLRB Press Release 11/2010)
  • 46. NLRB Case 34-CA-012576 - Settled
    Under the terms of the settlement approved today by Hartford Regional Director Jonathan Kreisberg, the company agreed to revise its overly-broad rules to ensure that they do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions. 
    (Source: http://www.nlrb.gov/print/365 February 8th, 2011)
  • 47. Are unionized employee’s Facebook pages private?
    Blogginq and Internet Posting Policy
    Employees are prohibited from posting pictures of themselves in any media, including but not limited to the Internet, which depicts the Company in any way, including but not limited to a Company uniform, corporate logo or an ambulance, unless the employee receives written approval from the EMSC Vice President of Corporate Communications in advance of the posting;
    Employees are prohibited from making disparaging, discriminatory or defamatory comments when discussing the Company or the employee's superiors, co-workers and/or competitors.
    COMPLAINT AND NOTICE OF HEARING Case No. 34-CA-12576
  • 48. REGULATED SPEECH
  • 49. Recordkeeping Responsibilities According to FINRA (10-06) January 2010
    Are firms required to retain records of communications related to the broker dealer’s business that are made through social media sites?
    Yes. Every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications as required.
    FINRA does not endorse any particular technology necessary to keep such records, nor is it certain that adequate technology currently exists.
  • 50. Suitability Responsibilities - FINRA (10-06) January 2010
    If a firm or its personnel recommends a security through a social media site, does this trigger the requirements of NASD Rule 2310 regarding suitability?
    Yes. Whether a particular communication constitutes a “recommendation” for purposes of Rule 2310 will depend on the facts and circumstances of the communication. Firms should consult Notice to Members (NTM) 01-23 (Online Suitability) for additional guidance concerning when an online communication falls within the definition of “recommendation” under Rule 2310.
  • 51. Factors to Consider When Recommending Specific Investment Products in Social Media Sites:
    As a best practice, firms should consider prohibiting all interactive electronic communications that recommend a specific investment product and any link to such a recommendation unless a registered principal has previously approved the content.
    Firms also should consider adopting policies and procedures governing communications that promote specific investment products, even if these communications might not constitute a “recommendation” for purposes of our suitability rule or otherwise.
  • 52. What restrictions should firms place on which personnel may establish an account with a social media site?
    Firms must have a general policy prohibiting any associated person from engaging in business communications in a social media site that is not subject to the firm’s supervision.
    As firms develop their policies, they should consider prohibiting or placing restrictions on any associated person who has presented compliance risks in the past, particularly compliance risks concerning sales practices, from establishing accounts for business purposes with a social media site.
    In its supervision of social networking sites, each firm must monitor the extent to which associated persons are complying with the firm’s policies and procedures governing the use of these sites.
  • 53. SOCIAL MEDIA POLICIES
  • 54. Why define a social media policy for your organization?
    Huge opportunity for career and employer brand building
    However, when does building your brand become crisis management?
    Define when employees are representing company versus themselves when they are posting to Facebook.
    Define rules for employees when posting to Facebook information regarding employer, customers and business community at large.
    Policy must consider free and protected speech
    http://mariosundar.com/2010/03/05/company-social-media-policy/
  • 55. Online database of 164 companies’ social media policies
    http://socialmediagovernance.com/policies.php
  • 56. Baker & Daniels social media policy
    Remember that the Internet is not anonymous, nor does it forget.
    Everything written on the Web can be traced back to its author one way or another and very easily. Information is backed up often and repeatedly and posts in one forum are usually replicated in others through trackbacks and reposts or references.
    There is no clear line between your work life and your personal life. Always be honest and respectful in both capacities.
    With the ease of tracing authors back from their posts and the amount of information online, finding the actual identity of a poster from a few posts and a screen name is not impossible. This creates an avenue for outside parties to link your personal writings to those you've done in a professional capacity. Always write as if everyone knows you. Never write anything you wouldn't say out loud to all parties involved.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 57. Baker & Daniels social media policy
    Avoid hazardous materials. Do not post or link to any materials that are defamatory, harassing or indecent.
    Don't promote other brands with the firm's brand.
    Do not promote personal projects or endorse other brands, causes or opinions. Be sure to respect third party copyrights. If a personal opinion must be posted, clearly state to all readers this does not represent the opinions of the firm.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 58. Baker & Daniels social media policy
    Keep confidentiality. Do not post any confidential or proprietary information in regards to the firm or its clients.
    Don't pad your own stats.
    Do not create anonymous or pseudonym online profiles in order to pad link or page view stats. Also, do not comment on your own or another's posts in order to create a false sense of support.
    Always trackback.
    When reposting or referencing a post on one of the firm's online sites, provide a link to the original post or story.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 59. Baker & Daniels social media policy
    Identify yourself. When relevant, identify your affiliation with the firm and your area of concentration.
    Do not pat yourself on the back. Do not post self-laudatory statements regarding your work nor the firm's.
    Do not qualify your work. Do not post statements regarding the quality of your work nor the firm's.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 60. Baker & Daniels social media policy
    Do not approve recommendations or testimonials.
    Recommendations and testimonials violate the ethics rules under which the firm operates. Individuals with the firm do not need to discourage others from posting promotional materials about the firm, however, the firm cannot link to them or have them posted on the firm's sites.
    Do not promote successes.
    Don’t report firm results or outcomes or use words like “successfully”, "favorably”, “won” or “prevailed” in describing the firm’s representations. The promotion of successes is prohibited for law firms. It also violates the ethics rules under which the firm operates.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 61. Baker & Daniels social media policy
    Identify yourself. When relevant, identify your affiliation with the firm and your area of concentration.
    Do not pat yourself on the back. Do not post self-laudatory statements regarding your work nor the firm's.
    Do not qualify your work. Do not post statements regarding the quality of your work nor the firm's.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 62. Baker & Daniels social media policy
    Do not approve recommendations or testimonials.
    Recommendations and testimonials violate the ethics rules under which the firm operates. Individuals with the firm do not need to discourage others from posting promotional materials about the firm, however, the firm cannot link to them or have them posted on the firm's sites.
    Do not promote successes.
    Don’t report firm results or outcomes or use words like “successfully”, "favorably”, “won” or “prevailed” in describing the firm’s representations. The promotion of successes is prohibited for law firms. It also violates the ethics rules under which the firm operates.
    (http://www.bakerdstreamingvid.com/publications/Baker_Daniels_Social-Media-Policy.pdf)
  • 63. Social Media Subpoenas
  • 64. Information to specify in a subpoena to Facebook
    Expanded Subscriber Content (sometimes referred to as Neoprint) will be delivered in PDF format and may include:
    Profile Contact Information
    Mini-­‐Feed
    Status Update History
    Shares
    Notes
    Wall Postings
    Friend Listing, with Friends Facebook ID’s
    Groups Listing, with Facebook Group ID’s
    Future and Past Events
    Video Listing, with filename
  • 65. Evidence Identification and Gathering Methods
  • 66. “Obtaining and Using Evidence from Social Networking Sites” DOJ Class
    Authors:
    John Lynch
    Deputy Chief, Computer Crime
    Computer Crime & Intellectual Property Section
    Jenny Ellickson
    Trial Attorney
    Computer Crime & Intellectual Property Section
  • 67. “Obtaining and Using Evidence from Social Networking Sites” DOJ Class
    Evidence from social-networking sites can :
    Reveal personal communications
    Establish motives and personal relationships
    Provide location information
    Prove and disprove alibis
    Establish crime or criminal enterprise
    Networks of targets
    Also: instrumentalities or fruits of crime
  • 68. Federated Identity Issues
    “Example: A user can log in to a Facebook account using Google credentials.
    After a link is established between two accounts, Google will check and vouch for identity of its user
    Authentication information split from activity information
    In turn, a Facebook login may be used to authenticate toother sites
    If Attribution is necessary, one must determine the identity provider, not just the “Google” domain.”
  • 69. WITNESSES & SOCIAL NETWORKS
    “Many witnesses have social-networking pages
    Valuable source of info on defense witnesses
    Potential pitfalls for government witnesses
    Knowledge is power
    Research all witnesses on social-networking sites
    Discovery obligations?
    Advise your witnesses:
    Not to discuss cases on social-networking sites
    To think carefully about what they post” DOJ Class
  • 70. Evidence Identification and Gathering Methods: RiverGlass
  • 71. CONCLUSION
  • 72. Thank you very much!
    Larry Lieb
    Chief Innovation Officer
    Scarab Consulting LLC
    llieb@consultscarab.com
    312-860-8250