The amendment says that an employer conducting an investigation may require or demand access to a personal account if an employee or prospective employee has allegations of work-place misconduct or giving away an employer’s proprietary information. The amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements.

Under the amendment, employees would be present when their social network profiles are searched and whatever information found is kept confidential, unless it is relevant to a criminal investigation.

This amendment "says they have a right to enter your digital home," [Dave] Maass said. "It's astounding that they would try to codify this and that all employers could do this… the national trend is to move away from this. It's shocking that the amendment is going in the right opposite direction."

• First up, we've got the Automatic Link, a tiny device that plugs into your car's dataport and provides data directly to your smartphone. They even make it into a bit of a game, with a weekly "drive score" that helps you drive smarter to save gas. It has a number of other features as well, including automatically dialing 911 if it senses a serious car accident, and also a car locator feature, so you can always find your car via your smartphone in case you forgot where you parked or if you're sharing your car with someone else. For quite some time, the car's dataport was solely the domain of mechanics, and they'd use it when you went in to find out what the "check engine" light meant. A few devices have come on the market that you can buy to plug in and see what a check engine light means, but that's their entire purpose, for the most part. The Automatic Link does that too, but it's almost like a minor feature among all of the other features that make it an interesting device.
  
  This is another one that's not on Kickstarter, though it feels like it should be, but rather they're just taking pre-orders directly off their site, for $69.95 (and no service fees).
  
• Next up, we've got the HeatMeter, which is a creatively designed device to measure and track the heating usage in your home. There are tons of electricity meters on the market to measure how you use electricity, but heating is a different realm altogether. Most of the attempts to deal with this have been focused on various smart thermostats like the Nest, but the Heatmeter goes right to the source, by attaching to the outside of your furnace or boiler with magnets, and then its sensors actually can detect when the flame turns on and off, sending this bit of info over your home WiFi system to your phone. And, of course, you can track a bunch of info via your smartphone. Unfortunately, there are just a few days left on this Kickstarter and it looks like it won't meet its threshold. Looking through the details, this isn't a huge surprise. Even if the concept is cool, there are a few things that might scare people off. The design of the device itself has a bit of an amateurish feel to it, especially compared to many other Kickstarter projects. I wonder if a redesigned, sleeker, more modern version might pick up some more steam (ditto for their intro video). The second red flag for me is the price. $150 seems pretty high for most people to take a chance on something like this, especially if it's not entirely clear that it will help you save money. With the Automatic Link above, it makes a good, strong, easy to understand case as to why you'll save money with the device -- and the device is less than half the cost of this one, and seems at least more likely to be in the "I'll give it a shot" range for many people. And, finally, I wonder if a lot of people wonder how well the Heatmeter actually works. I could see some people wondering just how good a magnetic device you stick to the outside of your furnace will be at accurately tracking heating usage. It may work perfectly, but I could see how skepticism might be an issue, especially at that price (in contrast, again, people understand that the data port in their cars works to provide data).
  
  
• Finally, we move away from those kinds of sensors to the myIDkey device for tracking all your passwords. This is a little USB dongle that combines voice activation, fingerprint scanning and secure access to all your passwords (it'll even generate secure ones for you). Oh yeah, and it works with your mobile devices via Bluetooth as well. And, if you lose the device, you can quickly deactivate it over the web -- and you can resync a new one via its online storage. The device has an OLED display that will show you the password once you've proven that you're you, and it can include a bit of additional info as well. The myIDkey has already far surpassed its original funding goal, so this project is definitely moving forward.

Officer Alvarado turned on the devices and opened and viewed image files while the Cottermans waited to enter the country. It was, in principle, akin to the search in Seljan, where we concluded that a suspicionless cursory scan of a package in international transit was not unreasonable.

It is the comprehensive and intrusive nature of a forensic examination—not the location of the examination—that is the key factor triggering the requirement of reasonable suspicion here....

Notwithstanding a traveler’s diminished expectation of privacy at the border, the search is still measured against the Fourth Amendment’s reasonableness requirement, which considers the nature and scope of the search. Significantly, the Supreme Court has recognized that the “dignity and privacy interests of the person being searched” at the border will on occasion demand “some level of suspicion in the case of highly intrusive searches of the person.” Flores-Montano, 541 U.S. at 152. Likewise, the Court has explained that “some searches of property are so destructive,” “particularly offensive,” or overly intrusive in the manner in which they are carried out as to require particularized suspicion. Id. at 152, 154 n.2, 155–56; Montoya de Hernandez, 473 U.S. at 541. The Court has never defined the precise dimensions of a reasonable border search, instead pointing to the necessity of a case-by-case analysis....

• You mostly store everything on your laptop. So, unlike a suitcase that you're bringing with you, it's the opposite. You might specifically choose what to exclude, but you don't really choose what to include.
• The reason you bring the contents on your laptop over the border is because you're bringing your laptop over the border. If you wanted the content of your laptop to go over the border you'd just send it using the internet. There are no "border guards" on the internet itself, so content flows mostly freely across international boundaries. Thus if anyone wants to get certain content into a country via the internet, they're not doing it by entering that country through border control.

The amount of private information carried by international travelers was traditionally circumscribed by the size of the traveler’s luggage or automobile. That is no longer the case. Electronic devices are capable of storing warehouses full of information. The average 400-gigabyte laptop hard drive can store over 200 million pages—the equivalent of five floors of a typical academic library.... Even a car full of packed suitcases with sensitive documents cannot hold a candle to the sheer, and ever-increasing, capacity of digital storage.

The nature of the contents of electronic devices differs from that of luggage as well. Laptop computers, iPads and the like are simultaneously offices and personal diaries. They contain the most intimate details of our lives: financial records, confidential business documents, medical records and private emails. This type of material implicates the Fourth Amendment’s specific guarantee of the people’s right to be secure in their “papers.”.... The express listing of papers “reflects the Founders’ deep concern with safeguarding the privacy of thoughts and ideas—what we might call freedom of conscience—from invasion by the government.”... These records are expected to be kept private and this expectation is “one that society is prepared to recognize as ‘reasonable.’”

Electronic devices often retain sensitive and confidential information far beyond the perceived point of erasure, notably in the form of browsing histories and records of deleted files. This quality makes it impractical, if not impossible, for individuals to make meaningful decisions regarding what digital content to expose to the scrutiny that accompanies international travel. A person’s digital life ought not be hijacked simply by crossing a border. When packing traditional luggage, one is accustomed to deciding what papers to take and what to leave behind. When carrying a laptop, tablet or other device, however, removing files unnecessary to an impending trip is an impractical solution given the volume and often intermingled nature of the files. It is also a time-consuming task that may not even effectively erase the files.

It is as if a search of a person’s suitcase could reveal not only what the bag contained on the current trip, but everything it had ever carried.

With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic.12 In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border. With access to the cloud through forensic examination, a traveler’s cache is just a click away from the government.

To these factors, the government adds another—the existence of password-protected files on Cotterman’s computer. We are reluctant to place much weight on this factor because it is commonplace for business travelers, casual computer users, students and others to password protect their files. Law enforcement “cannot rely solely on factors that would apply to many law-abiding citizens,” ... and password protection is ubiquitous. National standards require that users of mobile electronic devices password protect their files.... Computer users are routinely advised—and in some cases, required by employers—to protect their files when traveling overseas....

Thus, the law assumes that social media accounts have only two states: personal or not-personal. Sadly, that’s completely contrary to the cases I’m seeing in court right now. Instead, social media accounts fit along a continuum where the endpoints are (1) completely personal, and (2) completely business-related–but many employees’ social media accounts (narrowly construed, ignoring the statutory overbreadth problem) fit somewhere in between those two endpoints. Indeed, employers and employees routinely disagree about whether or not a social media account was personal or business-related. See, e.g., Insynq v. Mann, Eagle v. Sawabeh, Maremont v. SF Design Group, Kremer v. Tea Party Patriots, and PhoneDog v. Kravitz.

Putting the two concepts together, employers should require that employees provide them with login credentials for social media accounts relating to their business; but the law makes it illegal for employers to ask for login credentials to “personal” accounts. This puts employers in an obvious squeeze: employers may not know which employee accounts are purely personal and which are a mix of personal and business-related; the statute doesn’t expressly allow employers to access mixed account; and the statute doesn’t give employers a defense if they demand the login credentials because they reasonably but mistakenly thought the account was all or partially business-related. Courts will likely have to create common law exclusions for employers trying to get access to mixed accounts, but only after much angst, confusion and costly–and avoidable–litigation.

R.S. was a twelve year old student at a Minnewaska Area middle school. She posted a message to her Facebook page about an adult hall monitor at her school:

"[I hate] a Kathy person at school because [Kathy] was mean to me."

The post was only accessible to her friends. One of her friends brought the post to the attention of the administration. The principal called R.S. into his office and told R.S. “that he considered the message about Kathy to be impermissible bullying.” (???) As a result of the message, R.S. was required to apologize, given detention, and received a disciplinary notation in her records. R.S. was disciplined a second time when she expressed her chagrin that someone had told on her (“I want to know who the f%$# told on me.”) [“f%$#” in original] This time she was disciplined for “insubordination” and “dangerous, harmful, and nuisance substances and articles.” (???)

First Amendment claims: The court has no trouble concluding that assuming the facts as alleged as true, school officials violated R.S.’s First Amendment rights. The court says that posts on social networks are protected unless they are “true threats” or are reasonably calculated to reach the school environment and pose a safety risk or a risk of substantial disruption of the school environment. R.S.’s posts were not true threats. Even assuming the statements were reasonably calculated to reach the school audience, there was no possibility of disruption.

Fourth Amendment claims: The court also says that the school officials violated R.S.’s Fourth Amendment rights to the extent they rummaged around in her Facebook page and her private email account. Private emails were like letters of other private conversations, and subject to Fourth Amendment protections. Private Facebook messages are no different. There was no evidence that the officials tailored their search to minimize the intrusion. Even if they had, they had no underlying basis to search in the first place.

[I]t's a good example of how administrators might use the "bullying" label as a pretextual justification for punishment. The term "bullying" has way too much semantic ambiguity, but it should never stretch as far as calling another person "mean."

For more than forty years, the United States courts have recognized that students do not check their First Amendment rights at the schoolhouse door.

"How many times is this going to happen before Congress finally wakes up and takes action?" said Rep. Mary Bono Mack, R-Palm Springs, who heads a House Energy and Commerce subcommittee that has looked at online-privacy issues, in a statement. "This latest incident once again brings into sharp focus the need to pass data protection legislation."

"Reports of another major data breach should give pause to American consumers who, now more than ever, share sensitive personal information in their online transactions and networking," Leahy said in a statement provided to The Hill. "Congress should make comprehensive data privacy and cybercrime legislation a top priority.”

People with a credit card stored on their account do little to increase their security other than avoiding very weak passwords such as "123456". Unsurprisingly, people who change their password from time to time tend to select the strongest ones.

Password strength is measured in bits, where cracking one bit is equivalent to the chance of correctly calling a fair coin toss, and each additional bit doubles the password's strength. On average, Bonneau found that user-chosen passwords offer less than 10 bits of security against online attacks, meaning it would only take around 1000 attempts to try every possible password, and around 20 bits of security against offline attacks.

That's surprising, because even a randomly chosen six-character password composed of digits and upper and lower case letters should offer 32 bits of security. Bonneau says the discrepancy is due to people picking much easier passwords than those theoretically allowed. He suggests assigning people randomly chosen nine-digit numbers instead, which would offer 30 bits of security against every type of attack – a 1000-fold increase in security on average. "I think it's reasonable to expect people to have the capacity to remember that, because they do it for phone numbers," he says.

In “normal” discovery, a litigant is usually asked to turn over “responsive material” not the keys to access all that material and more...

PhoneDog has sufficiently described the subject matter of the trade secret with sufficient particularity and has alleged that, despite its demand that Mr. Kravitz relinquish use of the password and Account, he has refused to do so. At this stage, these allegations are sufficient to state a claim. Further, to the extent that Mr. Kravitz has challenged whether the password and Account followers are trade secrets and whether Mr. Kravitz's conduct constitutes misappropriation requires consideration of evidence beyond the scope of the pleading.

Alongside the many issues and problems that death raises in the physical world, there are also new ones in the online sphere. For example: what happens to your digital presence - social networking accounts, email etc. - when you die? Who will have the passwords that will allow them to access your online spaces in the same way that spare keys given to relatives and friends will unlock your home?

That's the question that a new service called PassMyWill.com - one of a number in this field - hopes to answer:

On the site you create an account with your name and enter who your next of kin is and their email address. You also enter an encryption key that the recipient would know (i.e. the last four digits of your social security number). And then you enter the data, passwords and more that you want your next of kin to takeover once you pass. When you die, this information will be passed on to the recipient.

One intriguing issue is determining when you have passed on:

So how does PassMyWill figure out when you are actually dead? You connect your Facebook and Twitter accounts on the site, and the startup will monitor how often you are posting and what is being posted on your wall. Once PassMyWill is convinced you may be gone, your next of kin receives the 'Dead Man’s Switch' e-mail.

False positives could be a problem here, but there's a more serious issue: what happens if the company offering this kind of backup service itself closes? After all, startups are even more mortal than humans.

These and related questions are going to become ever-more pressing as the population of computer users ages, and more of them die, leaving their digital selves trapped in a strange, modern kind of limbo. Now might be a good time to start thinking about how to solve these novel problems – while we are still alive.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

• Name
• Address
• Country
• Email
• Birthdate
• PlayStation Network/Qriocity password and login

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

Lying on his family room floor with assault weapons trained on him, shouts of "pedophile!" and "pornographer!" stinging like his fresh cuts and bruises, the Buffalo homeowner didn’t need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He'd gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.

"We know who you are! You downloaded thousands of images at 11:30 last night," the man's lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, "Doldrum."

"No, I didn't," he insisted. "Somebody else could have but I didn't do anything like that."

"You're a creep ... just admit it," they said.

1. Why is law enforcement sending in a SWAT team for child porn downloads? You could potentially see it in cases of production, but with downloads, can't they just do a standard arrest?
2. Why didn't they do a simple check beforehand to see if the router was open before bursting into the home with assault weapons and unproven assertions?
3. How come none of the "cautionary lessons" involve law enforcement folks realizing that they overreacted?

According to the decree with immediate application (so in force since 1 March 2011), the data to be preserved include: the identifier of the connection at the origin of the communication, the identifier attributed by the information system to the content that makes the object of the operation, the types of protocols used for the connection and for the content transfer, the nature of the operation, the date and hour of the operation and the identifier used by the author of the operation, when provided. Moreover, the hosting companies must also preserve, for one year after the deletion of an account, even more sensitive data such as the date and time when an account is created and the identifier of the connection, his/her complete name, pseudonyms, associated post addresses, e-mail and associated addresses, telephone numbers and even password.

In case the service subscribed is a paid one, the hosting companies must also retain data related to the payment method, the amount paid and date and hour of the transaction. Furthermore, they must preserve, for one year after the contribution to the content creation, data including the connection identifier, the identifier attributed to the subscriber, the identifier of the terminal used for the connection, the date and hour of the beginning and end of the connection and the features of the subscriber's line.

Information furnished when agreeing to a contract or opening an account, including first name, last name, business name, associated mailing addresses, and pseudonyms utilized, associated e-mail addresses and accounts, telephone numbers, and passwords as well as data permitting the verification or modification of the password.

These companies must also keep all user id's and passwords for any internet connection, the IP address of the terminal used to connect, the time and date of every connection, and...

Here's the kicker: for EVERY action of a user on the internet, these companies are now required to record the nature of the operation, whether it is writing an e-mail or downloading an image or video.

"Your 'experts' are talking complete rubbish. If someone's lunatic ex-partner wants to access a flight booking and pay for priority boarding or extra baggage for the person they just split up from then they all have a lot more to worry about than a simple amended flight booking. It is everyone's individual responsibility to keep their personal information personal."

Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.

Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.

"Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation," the court said.

In the 18 months I have worked at SitePoint, barely a week has gone by where I have not received at least a couple of emails from customers questioning the logic behind our password protection policy. My response, based on the SitePoint philosophy, was always that we were taking an ethical (if largely symbolic) stance on the piracy issue. But how long could we maintain that line while simultaneously placing primacy on the customer experience, as all the while more and more requests to remove password protection poured in.

As a web development resource and learning centre, we know that we must embrace the state of flux -- not as a lofty ideal, but as a normative imperative. You can't claim to be all about the cutting edge when you're stubbornly clinging to old, outmoded processes -- especially when your own beloved customers are urging you to move on. And if we're not keeping pace with the constantly evolving face of web design and development, then we're neither a resource nor a learning centre -- we're a museum.