Here’s an intriguing question:  Does the internet make people more stupid or have they always been this stupid but the internet simply showcases it for all to see?  In yet another example of how social networking sites can work to a person’s detriment, 20 year-old college junior Joshua Lipton attended a Halloween party dressed as a prisoner in a striped black & white shirt and orange jumpsuit with the word “Jail Bird” emblazoned on it.

Sounds harmless, right?  Well, it would have been had Lipton not been charged in a drunk driving accident 2 weeks earlier that seriously injured another person.  While Lipton himself didn’t post these pictures, one of the other victims of the crash found them on another Facebook user’s profile that was accessible from Lipton’s Facebook page.  The end result?  The prosecutor got a hold of the pictures and presented them to the judge at the sentencing hearing and argued that they showed a lack of remorse by Lipton.

While Lipton might have only received probation, the judge sentenced him to 2 years in prison instead.  The judge later admitted that the pictures impacted his decision.  He noted that Lipton was mocking the possibility of going to prison after a near-fatal accident.  So the judge indulged him. 

The moral of the story:  ALWAYS be careful about what you post online, especially when it comes to photographs.  A picture truly is worth a thousand words.  Nowadays, embarassment should be the least of your concerns.  They can have a real impact upon your legal rights.  Just ask Joshua Lipton. 

According to a new survey by Forrester Research, 41% of large companies (those having at least 20,000 employees) either read or analyze the contents of outbound e-mail.  They’re either paying other employees to read them or presumably using any number of commercially available software programs to analyze them. 

44% of the companies surveyed investigated a confidential data breach involving e-mail in the past year, while 26% said they fired an employee for violating the company’s e-mail policy.  Companies also expressed concern over employees leaking information on message boards, blogs, and other electronic media.

Quite frankly, I’m surprised only 41% of large companies are doing this (although it depends on the industry).  I would have expected it to have been much higher given the daily parade of data and privacy breaches in the news.  After all, it’s large companies that have the financial and human resources to implement widescale e-mail monitoring systems.  Smaller companies may be in a much different situation.

Of course, many employers find it distasteful to engage in this type of monitoring.  It can, if not handled properly, be destructive to employee morale and have lasting effects.  Nevertheless—for better or worse—many employees are slowly coming to grips with their employers’ monitoring efforts.  It’s just becoming a fact of life. 

But the truth is, I’ve had clients whose employees have e-mailed confidential and sensitive company data.  Some workers do it without thinking about it, while others are far more malevolent in their intentions.  This is especially the case when employees leave their companies on bad or poor terms.  So it’s a very real problem for employers that has very real consequences.  Thus, like it or not, monitoring will only continue to increase. 

Bottom Line:  Be careful.  You don’t have any right to privacy when you’re at work.  So don’t think that anything you send—whether to a spouse, boyfriend, girlfriend, doctor, stockbroker, or anyone else—is private.  Even if you have to send it and it can’t wait until you get home, an employer is within its rights to read your e-mail, no matter how private the subject matter.  Of course, what it does with that information is another matter.

In today’s world, where fraud is just a mouse click away, it’s nice to know that every so often the good guys win.  Three international hackers were indicted by the Department of Justice (”DOJ”) last week for trying to steal and sell credit card information from customers of Dave & Buster’s, the popular restaurant/entertainment chain.

According to the indictment, the hackers were able to install “packet sniffers” on many of the company’s servers to copy credit card information as it traveled between restaurants and Dave & Buster’s corporate headquarters in Dallas.  The company detected the intrusion and alerted the authorities, but not before 5,000 credit/debit card numbers were stolen and sold to other criminals to make fraudulent purchases.

One of the foreign hackers was arrested in Miami.  No problem there.  The other two, however, were arrested in the Ukraine and in Germany by those countries’ authorities.  It’s certainly not a done deal yet.  The DOJ is seeking the extradition of the other two, but no word yet whether those efforts will be successful. 

While these sorts of arrests are still few and far between given the magnitude of data theft and online fraud, it’s a start.  The DOJ is obviously taking the problem seriously.  Hopefully, other countries will too and the cooperation will continue.  With any luck, if these hackers are extradited, tried, and found guilty, the court will make an example out of them. 

Kudos to the New Jersey Supreme Court.  Last week, the court ruled that ISPs can’t release personal information about their New Jersey users without a valid subpoena.  The court, in a unanimous 7-0 ruling, found that the New Jersey Constitution gives its residents greater protection against unreasonable searches than the U.S. Constitution does.  In the case before the court, the court ruled that the police were required to first obtain a grand jury subpoena before learning a woman’s identity from an ISP.  Her ISP apparently released this information at the request of the police. 

This is an important decision.  First, the New Jersey Supreme Court is one of the more highly regarded state courts in the United States.  Other state courts wrestling with these types of issues will undoubtedly look to see how the New Jersey court decided this case.  Second, it illustrates the continued rise of “state constitutionalism.”  People typically don’t realize that the federal constitution sets a “floor” on a person’s constitutional rights, not a “ceiling.”  In other words, a state court can’t rule that its state’s constitution gives less protection than the federal one does, but can find that the state constitution gives more—at least to its own residents.

Given the perception that the U.S. Supreme Court is less friendly (and somewhat hostile) to privacy rights—especially when it comes to the rights of law enforcement to obtain personal data in these post-9/11 times—combined with the continued paralysis in Congress over individual privacy rights, a ruling from a state’s highest court on issues such as this serves as an implicit rebuke at the lack of leadership at the federal level.  While it’s only one state so far that has now recognized a reasonable expectation of privacy for internet users, it’s got to start somewhere.  Let’s hope other states follow suit.