The Legal Lowdown on LoJack
Chances are if you have Internet access (which you almost certainly do if you are reading this article), you spend a decent amount of time watching videos on your computer. How would you feel, though, if you found out your computer was also watching you? Cheesy plot to a horror film? Yes actually… but for one 52 year old widow this storyline was a reality.
Our story begins when Susan Clements-Jeffrey, a long-term substitute teacher, bought a non-functioning laptop for $60 from one of her students.. Although at first wiped of all software, the computer was restored to working condition by a fellow teacher at the school. Ms. Clements-Jeffrey claims she believed she had received an amazing deal and did not consider for even one second that she’d purchased stolen goods.
The substitute teacher used the laptop for a number of standard purposes, and some not-so standard, including intimate webcam conversations with her boyfriend, which she conducted in the nude. Her audience was larger than she anticipated.
Because the computer had the popular security software Lojack for Laptops installed, after it was reported missing by its owners, the Clark County School District, LoJack employees were monitoring its web activity. Screenshots of the video were taken and turned over to Springfield Police who identified her. She was arrested for possession of stolen property, though the charges were soon after dismissed.
But in 2009 Ms. Clement-Jeffrey sued the computer software company and the Springfield Police Department in Federal District Court for the Southern District of Ohio alleging violations of her Fourth Amendment right to privacy, the Electronic Communications Privacy Act (ECPA), the Stored Communications Act (SCA), and the Fourth Amendment.
The Associated Press reported that Ms. Clements-Jeffrey recently accepted a settlement of an undisclosed sum with the software developers so we’ll never know how a trial would have played out. But though we can’t hear you from your computer (we don’t work for LoJack) we’ll just assume you’re curious about a legal analysis of the case. Here goes.
First, a bit about how LoJack works. When a device is reported missing, the owner notifies Absolute, whose employees can remotely locate the device through a GPS signal or a wireless network the next time the computer gets online. The location is pinpointed by the computer’s IP address, but LoJack is able to photograph the computer’s surroundings by remotely accessing its webcam. In addition, Absolute employees can access and retrieve any documents and files located on the machine’s internal memory. According to Wired, the Clark County School District, had given Absolute’s staff “the ability to view and recover any files” on the computer.
The ECPA prohibits unauthorized persons from intentionally, actually, or even attempting to intercept, use, or disclose any personal electronic communication. Violations are punishable by fine or imprisonment for up to five years. The SCA specifies the narrow procedures law enforcement officials must follow to legally gain access to stored emails, account records, and other electronically saved data.
Absolute argued that Ms. Clements-Jeffrey was a “computer trespasser” defined in 18 U.S.C. § 2511 as “a person who accesses a protected computer without authorization and thus has no reasonable expectation of privacy in any communication transmitted to, through, or from the protected computer.” But the statute refers to law enforcement agents, or those acting under the “color of law”, as those capable of breaching these privacy rights. LoJack employees don’t exactly fit the bill.
Absolute maintained that, in fact, it was working as a law enforcement agency since it was acting on behalf of its customer, a public school district, to return stolen goods but Judge Rice stated in preliminary hearings that this defense was “wholly without merit.” The judge went on to say, “It is one thing to cause a stolen computer to report its IP address or its geographical location in an effort to track it down. It is something entirely different to violate federal wiretapping laws by intercepting the electronic communications of the person using the stolen laptop.”
While the Lojack remains available for purchase despite the troubling capabilities of the software and its developers, the biggest hurdle for Ms. Clements-Jeffrey on the path to settlement was proving she was a good-faith buyer – meaning she had not knowingly purchased a stolen device. A good-faith buyer is entitled to an expectation of privacy. A bad faith buyer? Not so much. If Ms. Clements-Jeffrey knew the laptop was stolen, she would have forfeited the law’s protection. But the court determined that although close inspection of the laptop may have indicated it was stolen, Ms. Clements-Jeffrey remained a buyer in good faith. She seemed to have a good chance of winning this case on the merits.
Still, it’s no surprise this case was settled out of court. Ms. Clements-Jeffrey received a settlement and saved herself the embarrassment of having her webcam sexual conversations being covered at the trial and discussed on the local news. Calls placed to the law firm representing Ms. Clements-Jeffrey were not immediately returned.
CORRECTION: LoJack Corporation licenses its name to Absolute Software for the LoJack for Laptops product, but that product is manufactured, marketed, sold and supported by Absolute Software and not LoJack or LoJack Corporation.