The SEC’s Consolidated Audit Trail – a Threat to Liberty and Privacy

In a world where data privacy is paramount, an alarming development is poised to reshape the landscape for American investors. The Consolidated Audit Trail (CAT), a comprehensive surveillance system created by the Securities and Exchange Commission (SEC) in response to the 2010 "flash crash," is set to collect and store vast amounts of personal and financial data of every U.S. investor. While ostensibly aimed at monitoring market activity, this initiative raises significant concerns about the erosion of individual privacy and potential security risks.

The CAT's Unprecedented Scope

The CAT, conceived in 2012 and launched in 2020, was designed to meticulously record every order, cancellation, modification, and trade execution for exchange-listed equities and options across all U.S. markets. While its initial purpose was to enhance market oversight, the CAT has evolved into a data behemoth that gathers American investors' personally identifiable information, including name, addresses, and birth year.

Data Security Concerns

The CAT's colossal size poses a significant data security risk. A breach of this magnitude could expose investors' trading activity and personal information, opening the door to potential exploitation by malicious actors. In a world where cybersecurity threats are a daily concern, the lack of robust safeguards for such a vast database is deeply troubling.

A Threat to Financial Privacy and Civil Liberties

Beyond security concerns, the CAT's creation infringes upon financial privacy principles and civil liberties. Trading is a form of value expression, and the CAT's sweeping surveillance interferes with Americans' Fourth Amendment rights to be free from unreasonable government searches and seizures.

The Need for Alternatives

While the SEC has legitimate reasons to monitor market activities, some alternatives would protect individual privacy without compromising its law enforcement ability. Suggestions include prohibiting personal information from the CAT database and allowing the SEC to request data from brokers on a case-by-case basis when necessary. Other proposals advocate for a more limited database focused on institutional investor trading or improving existing systems.

Stay informed and vigilant as we continue to monitor this important issue. Your privacy and civil liberties matter. Investors who want to protect their data from CAT must take measures. We will gladly support you in establishing your personal trading LLC.

Marius Krause, Law Clerk, BridgehouseLaw Charlotte

Driver's license, insurance, and blood sample, Sir.

I blame the unseasonably warm weather, perhaps the election season circus, or possibly the fact other cases before the Supreme Court tackle sexier issues like the separation of powers or the enforceability of voting rights, for the reason more coverage is necessary on a fundamental privacy issue currently before the court in Birchfield v. North Dakota.

The case raises the critical question, whether, in the absence of a warrant, a State may make it a crime for a person to refuse to take a chemical test to detect the presence of alcohol in the person's blood. Immediately, I am confronted by challenges to individual liberty, biomedical ethics, objective expectations of privacy and even the integrity of the body itself. For this analysis I will differ to the wisdom of the highest court. In the interest of keeping our readers informed and keeping this essay short, instead what I would like to examine is exactly what is being asked of the court.

First, examine the actors involved, 'the State' and a 'person'. This tells us that we may be examining protections protected by the Bill of Rights. Procedural history proves this assumption correct; this is an action of the State, simply meaning government in its broadest sense, against a person, meaning all those protected by the Bill of Rights.

Second, what does the State want to do exactly? The State in this instance wants to criminalize a behavior. No real red-flags here, most people recognize the essential function of government to criminalize morally repugnant or otherwise socially destructive behavior.

It is the targeted behavior that sends up the red flags and sets the stage for the controversy. The 'would be' criminal behavior is the refusal to take a chemical test. The pertinent North Dakota statute reads, "chemical test, or tests, of the individual's blood, breath, or urine to determine the alcohol concentration or presence of other drugs, or combination thereof, in the individual's blood, breath, or urine,..." This leaves us with a criminal charge for refusing to submit to a blood, breath, or urine testing at the request of law enforcement.

This isn't unusual and most jurisdictions criminalize this refusal in a number of ways under a theory that wrongdoers should not be allowed an advantage by refusing to assist the State in its evidence gathering. The rationale of these laws is that implicit in the issuing of driver privileges is the implied consent to chemical tests necessary to prevent and prosecute drunk or otherwise impaired driving. The chemical tests and implied consent only become problematic because of the lower, Supreme Court of North Dakota holding that the implied consent is also present in situations where there is no warrant.

Warrants protect people and their paper, from unreasonable searches and seizures. What makes this question significant is the fact that taken broadly, the Supreme Court of North Dakota would approve of criminalizing constitutionally protected behavior. Refusing warrantless searches (make no doubt that drawing blood is indeed a search implicating 4th Amendment protections) is widely held as constitutional.

Perhaps not, while driving through North Dakota. Do you think that it is subjectively reasonable to search a person with chemical testing of blood, breath or urine where there is neither warrant nor exception? Send your comments to your favorite BridgehouseLaw attorney and wait patiently at the next DWI checkpoint to submit your biological data. 

by: Ian Morris (BridgehouseLaw Charlotte)

When can Workers be Fired for Posts and Tweets on Social Media?

(c) freedigitalphotos.net

A young woman was having a bad day when she posted on Facebook, around the first anniversary of her mother's death, that some days she wished she were fired so she could just stay at home. The next day she got her wish: her employer fired her.1

A waitress posted a bill that her coworker picked up after serving a large party at the restaurant. The restaurant had automatically added a gratuity of 18 percent. Instead of leaving the tip, the customer wrote a message for the waiter on the check: "I give God 10 percent, why should you get 18?" Thinking it was funny, the worker posted a picture of the bill. However, the customer's signature on the bill was clearly legible. After he found out and complained to the restaurant's manager about the post, the employer fired the worker for infringing upon customer privacy.2

These are just two examples of posts that resulted in people getting fired. Each case raises the question: Was firing them excessive or justified?

Facebook's mission is to make the world a "more open and connected" place. Social networks are exploding in popularity, with almost half of all Americans twelve or older maintaining a profile on at least one site, according to a recent Edison Research study. And as more people visit the sites, more are crossing boundaries their employers don't want crossed.

Unfortunately, the site's users can sometimes be a bit too open, posting pictures, opinions, videos, and 'jokes' via the social networking site that give employers pause and employees the boot. One potential pitfall for companies is worker criticism of employers on social media posts. Workers who gripe about their boss or colleagues on Facebook may again be at risk of getting fired.

The City of Charlotte's recently adopted policy warns employees to "exercise sound judgment and discretion" on their personal sites "to ensure a distinct separation between personal and organizational views."

Inappropriate use, the policy notes, "may be grounds for disciplinary action."

"Such social networking references are becoming more and more important and helpful both for employers and employees" , says Reinhard von Hennigs, Managing Partner of BridgehouseLaw Charlotte and a North Carolina attorney who counsels employers on handling workers and social networks.

Author: Andreas Weitzell, Trainee Charlotte Office

1http://www.ABAJournal.com
2http://www.daily49er.com

Settlement Reached between F.T.C. and Facebook over Privacy Issue

Yesterday, the Federal Trade Commission in Washington announced a broad settlement with Facebook that requires the company to respect the privacy wishes of its users.

The order requires Facebook to obtain its users’ “affirmative express consent” before it can override their own privacy settings. Facebook is also obliged to undergo an independent privacy audit every two years for the next 20 years, according to the terms of the settlement.

The order stems largely from changes that Facebook made to the way it handled its users’ information in December 2009. The Commission accused Facebook of engaging in “unfair and deceptive” practices.

No fines were levied and the Commission did not accuse Facebook of intentionally breaking the law. However, if Facebook violated the terms of the settlement in the future, it would be liable to pay a penalty of $16,000 a day for each count, the F.T.C. said.

To read the full story, click here.

(c) Picture: facebook.com

TSA to Publish Radiation Test Results from Airport Scanners

We have reported several times on our Blog about the outrage the implementation of full-body scanners at U.S. airports provoked among travelers. Last week, the Transportation Security Administration (TSA) announced that it will start publishing radiating results from airport passenger and luggage screening equipment. By doing so, TSA hopes to calm the lingering fears among travelers and airline crews about potential health risks repeated exposure to radiation from body scanners may pose.

(Reuters) - TSA has said repeatedly the radiation emitted is minimal and not dangerous, citing experts from the Food and Drug Administration and other third-party scientists. The agency is also testing new software to address privacy concerns.

There are about 486 full-body scanners in 78 airports around the United States, of which 247 are so-called backscatter machines made by Rapiscan Systems, a unit of OSI Systems Inc, and expose a person to about 0.0025 millirem of radiation. The machines cannot produce more than 0.005 millirem per scan, according to TSA.

In comparison, a chest X-ray will expose someone to 10 millirem of radiation and the maximum recommended exposure to radiation from man-made sources is 100 millirem per year, according to TSA.

The radiation test reports, conducted at least once a year on the machines, will be posted to the TSA website, www.tsa.gov.

To read the full article, please click here.

(c) Picture: renjith krishnan - http://www.freedigitalphotos.net/images/Human_body_g281-Skeleton_p14552.html

Google Fights to Keep Documents Secret in Trademark Appeal

Google is famous for bringing all information including private one to the Internet, but now the company hopes to keep several documents secret in a pending appeal.

Language software maker Rosetta Stone appealed after a federal judge ruled for Google in a trademark dispute. and now Google presented a lot of redacted documents.

It seems that privacy matters. Hopefully for all!

An Advance for Google in Germany

Germany -- After months of public opposition, Google Street View went online on Thursday with panoramic images from 20 large German cities, including Berlin, Munich, Hamburg and Frankfurt.

As a result of resistance from politicians and privacy advocates who said that the service violated privacy by providing detailed images of buildings and front yards, more than 244,000 residents — about 3 percent of the households in those cities — requested that their homes be blurred, as Google had offered.

German employers may be prevented from viewing a job applicant's FB page; US Employers, however, could still see those Spring Break photos...

From the Associated Press:

BERLIN — Ever thought twice about posting a party picture on Facebook, fearing it could someday hurt your chance at a dream job?

A draft German law is supposed to solve the problem by making it illegal for prospective employers to spy on applicants' private postings.

The draft law on employee data security presented by Interior Minister Thomas de Maiziere on Wednesday is the government's latest attempt to address privacy concerns about online services including social networks and Google "Street View".

It is also a reaction to corporations checking on employee e-mails and filming sales clerks during coffee breaks — which has triggered public outrage in Germany.

De Maiziere acknowledged that some of the new regulations — which have yet to be discussed and passed by parliament — might be complicated to enact.

For example, employers will still be allowed to run a search on the Web on their applicants, de Maiziere said. Anything out in public is fair game, as are postings on networks specifically created for business contacts, such as LinkedIn.

In contrast, it will be illegal to become a Facebook friend with an applicant in order to check out private details, he said, adding that some people seem to be indiscriminate about whom they accept as a friend.

"If an employer turns down an application with another reasoning it might be difficult to prove" that the negative answer was based on the Facebook postings, de Maiziere said.

A rejected job applicant who proves he or she was turned down based on violation of the new law could take the company to court and claim damages, he said.

The new law will also prevent clandestine video surveillance in the workplace, particularly in private spaces like lavatories or locker rooms, de Maiziere said. An employer ignoring the new rule could be charged fines of up to euro300,000 (about $379,000).

However, cameras will be allowed in public spaces like supermarkets and some factories or warehouses, if employees know about them, he said.

"Overall, the new rules passed by the cabinet keep a good balance between employees' interests on the hand and companies' interests on the other," de Maiziere said.

The BDA employers' federation called the draft is too imprecise in some points, adding that it thinks some of de Maiziere's proposals would hinder the fight against corruption and crime.

The retailers' association HDE said some of the regulations go much too far, and outlawing clandestine video surveillance would be wrong.

"Here we hope for changes in the government draft," HDE said in a press release.

Germany's data protection watchdog, Peter Schaar, applauded the government's effort, calling it long overdue.

It is "a substantial improvement on the status quo in dealing with employee's data," he said.

De Maiziere said he does not know yet when the law will go into effect.

Copyright © 2010 The Associated Press. All rights reserved.

Link to the original story can be accessed here.

Employers can Search your Company Phone, Pager

In the first ruling on workplace texting, the U.S. Supreme Court ruled yesterday that an Employer can search through a company-owned pager, and that this does not violate the employee's right to privacy.

The case of City of Ontario, California vs. Quon described the City's search of Police Sergeant Quon's text messages - and discovered several texts that were private and sexually explicit. The reason for their search? The City of Ontario was trying to determine if city-employees needed additional numbers of minutes on their pagers (the pagers and cell phones were, of course, provided to the employees by the City). Sergeant Quon challenged the search, along with several of recipients of his text messages.

As long as the search was "not excessive in scope" and "motivated by a legitimate work purpose," it should be considered legal.

Although this case deals with a public employee, the same rationale could certainly be used for the private sector as well. Bottom line: "Work" phones, pages, PDAs are for business purposes only.