Read the "You Be the Judge" on p. 164 of the text. It is the case of Huff v. Spaw:

794 F.3d 543 United States Court of Appeals for the Sixth Circuit, 2015 FACTS: James Huff was the chairman of the Kenton County Airport Board, which manages the Cincinnati/Northern Kentucky International Airport (CVG). While at a conference in Italy with his wife Bertha and a colleague named Larry Savage, Huff used his iPhone to call Carol Spaw for help with dinner reservations. Spaw, who was the executive assistant to CVGs CEO, did not answer, so Huff hung up and put his iPhone in his jacket pocket.

Later, Huff and Savage retreated to an outdoor hotel balcony to discuss CVG personnel matters, including the possible firing of the CEO. During this conversation, Huffs iPhone inadvertently placed a call to (pocket-dialed) Spaws office phone. When Spaw answered, she quickly realized that the call was unintentional but continued to listen in anyway.

Concerned that the men were plotting against her boss, Spaw put her office phone on speaker mode and used an iPhone to record Huffs call. For one hour and thirty-one minutes, Spaw listened, recorded, and transcribed. Her iPhone first captured Huffs discussion with Savage and, later, his personal conversations with Bertha in their hotel room.

Spaw typed up her notes, hired a company to improve the quality of the iPhone recording, and shared the resulting information with other Board members.

Huff sued Spaw under the Wiretap Act, alleging that she violated his privacy when she intentionally intercepted and disclosed his confidential communications. The district court entered summary judgment for Shaw, reasoning that Huff did not have a reasonable expectation of privacy in his pocket-dialed call, and therefore the Wiretap Act did not apply. Huff appealed.

YOU BE THE JUDGE: Did Huff have a reasonable expectation of privacy in his pocket-dialed conversations?

ARGUMENT FOR HUFF: To demonstrate a reasonable expectation of privacy, Huff must first show that he had an actual expectation of privacy and, second, he must prove that his expectation was reasonable. Huff and Savage retreated to an outdoor balcony to make sure their conversation was not overheard. Seeing no one within earshot, they had an actual expectation that their conversation was private. The defendant suggests that, because Huff knew his iPhone was capable of pocket-dialing, his expectation was not reasonable. If this view were true, no one in modern society could ever expect privacy.

ARGUMENT FOR SPAW: James Huffs statements do not qualify for Wiretap Act protection because he did not have a reasonable expectation of privacy. The question is not what Huff thought, assumed, or wantedit is whether it was reasonable for him to believe he was entitled to complete privacy under the circumstances. Huff knew his phone was capable of pocket-dialing and transmitting his conversation, but he took no precautions to safeguard against this foreseeable event. He could have locked his phone or powered it down. His carelessness exposed his conversation to Spaw. If a person inadvertently undresses in front of an uncovered window, he cannot claim that he deserved privacy when a passerby takes his picture. The same concept applies here.

Accessing Email.

The Stored Communications Act (Title II of the ECPA) prohibits unauthorized access to or disclosure of stored wire and electronic communications. The definition of electronic communication includes email, voice mail, and social media. An action does not violate the ECPA if it is unintentional or if either party consents.

Under the Stored Communications Act:

Any intended recipient of an electronic communication has the right to disclose it. Thus, if you sound off in an email to a friend about your boss, the (former) friend may legally forward that email to the boss or anyone else. ISPs are generally prohibited from disclosing electronic messages to anyone other than the addressee, unless this disclosure is necessary for the performance of their service or for the protection of their own rights or property. The ECPA also applies to employers. An employer has the right to monitor workers electronic communications if

the employee consents, the monitoring occurs in the ordinary course of business, or in the case of email, if the employer provides the computer system. Thus, an employer has the right to monitor electronic communication even if it does not relate to work activities. This monitoring may include an employees social media activities.

But one thing employers cannot do is access an employees social media profile by trickery or coercion. As we saw earlier in the Ehling case, coercion may constitute an invasion of privacy. It may also violate the ECPA. When a restaurant suspected that one of its waiters was disparaging customers on a private social media page, its managers wanted proof. Since the page was private, they convinced another employee to give them her social media login information so they could log in as her. No one won: The restaurant fired the waiter and was later found in violation of the Stored Communications Act. The court concluded that the employer coerced the hostess into disclosing her password.*

Foreign Espionage Former National Security Agency (NSA) contractor Edward Snowden set off an international firestorm when he leaked information revealing the extent of U.S. surveillance on everyone from U.S. citizens to world leaders and international charities. Snowden reported that, as an NSA agent, he could, sitting at his desk, wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email. According to Snowden, the U.S. government was reading emails, mapping cell phone locations, reviewing browser histories, and monitoring just about everything that anyone does online.

The Foreign Intelligence Surveillance Act (FISA) sets out the rules that limit the use of electronic surveillance to collect foreign intelligence (otherwise known as spying) within the United States. Congress enacted FISA in 1978 after decades of abuses in the name of national security. However, in the aftermath of the 9/11 terrorist attacks, FISAs protections were weakened. Now, the FISA provides that:

To spy on people located in the United States who are communicating abroad, the government does not need a warrant, but it must obtain permission from a secret Foreign Intelligence Surveillance Court (FISC). To obtain this permission, the government need only demonstrate that the surveillance targets persons reasonably believed to be located outside the United States and seeks foreign intelligence information. This standard gives the government broad powers to collect emails, phone calls, and other electronic communications between people in the United States and anyone abroad. Government agencies must delete irrelevant and personally identifying data before providing it to other agencies. The government must notify defendants if the evidence used against them was gathered by FISA surveillance. In the aftermath of the Snowden leaks, many lawsuits challenged the U.S. governments surveillance practices. Snowden revealed that the FISC ordered Verizon to give the NSA all of its subscribers communication records, including the numbers called and the time, location, and duration of calls. An appeals court ruled that this massive, bulk collection of phone records was illegal and overbroad. The judge wrote that such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans.* The balance between privacy and national security will continue to spark heated debates.

Health Privacy Information about our health is among the most sensitive data we have. The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of medical records. The law requires healthcare providers (doctors, nurses, and their staff), health plans, and their business associates to protect patient information from unauthorized disclosure. It also gives patients the rights to examine, obtain copies of, and request corrections in their health records.

Note that HIPAA does not apply to employers, schools, or individuals unless they are healthcare providers or health plans. During the COVID-19 pandemic, some businesses worried that temperature checks would violate HIPAA. But they need not have been concerned because HIPAA does not apply to health information people give to non-healthcare businesses.

Student Privacy If you are reading this textbook as part of a class, you are protected by the Family Educational Rights and Privacy Act (FERPA) . This federal law protects the privacy of student education records, including grades. FERPA applies to all schoolselementary through graduate school, public and privatewho receive funds from the U.S. Department of Education. Generally, schools must obtain student consent to share or discuss education records. They do not need permission to make disclosures to appropriate parties in connection with an audit, student transfer, financial aid request, or in the case of an emergency or lawfully issued subpoena.

Before students turn 18 years old, their parents have legal control of their educational records, but after that students alone have the right to disclose their grades or even the fact that they are attending a particular institution. Moral of the story: Your professors cannot legally discuss your grades with your parents, your partner, or a potential employer without your consent.

THEN:

Review the facts, and the arguments of each party in the case.

The issue is: did the Huffs have a reasonable expectation of privacy and did Spaw violate the Wiretap Act?

First:

1. What are the requirements for a reasonable expectation of privacy in section 9-2a and the requirements that apply from the Wiretap Act in section 9-2c.

2. Were the requirements met for Jim?

3. Were the requirements met for Bertha?

4. What what would you do ethically if you were Spaw in this situation?

As the judge, decide for one party or the other. Consider each issue.

Note that the call was from Italy to Kentucky (which is a one-party consent state). Remember that the call was technically placed by Huff to Spaw so Spaw was a party to the call.

State your reasoning. Go beyond reiterating the arguments given in the text. Also, don't rely on your instinct. Apply the law.