CAL. CIV. CODE § 1798.29(a), § 1798.82 (West 2007). Effective January 1, 2012, the landmark California statutes were amended to increase the detail of required notices in the event of a data security breach as well as expand the scope of necessary recipients of data security breach notices. Anna T. Ferrari, Nathan D. Taylor, & Christine E. Lyon, California Expands Security Breach Notification Requirements, MORRISON & FOERSTER (Sep. 1, 2011), http://media.mofo.com/files/Uploads/Images/110901-CA-Security-Breach-Notification.pdf.
n349 See, e.g., Jennifer Steinhauer, Verdict in MySpace Suicide Case, N.Y. TIMES (Nov. 26, 2008), http://www.nytimes.com/2008/11/27/us/27myspace.html?_r_1&hp (discussing a teenage girl who committed suicide after being bullied via MySpace by the mother of one of her classmates).
n350 E.g., NEV. REV. STAT. § 388.123 (2009); MASS. GEN. LAW ch. 71, § 37O (2010).
n351 See, Steven D. Hazelwood & Sarah Koon-Magnin, Cyber Stalking and Cyber Harassment Legislation in the United States: A Qualitative Analysis, 7 INT'L J. OF CYBER CRIMINOLOGY 155 (2013) (evaluating state cyber stalking and cyber harassment legislation); David Gray, Danielle Keats Citron, & Liz Clark Rinehart, Fighting Cybercrime After United States v. Jones, 103 J. CRIM. L. & CRIMINOLOGY 745 (2013) (discussing cyberstalking, cyberharassment, and sextortion).
n352 In the Meier case, for example, the defendant could only be charged under the Computer Fraud and Abuse Act (18 U.S.C. § 1030), which is intended to prevent unauthorized access to computer systems, and was eventually acquitted. See Kim Zetter, Judge Acquits Lori Drew in Cyberbullying Case, Overrules Jury, WIRED (July 2, 2009), http://www.wired.com/2009/07/drew_court/.
n353 Sameer Hinduha & Justin W. Patchin, State Cyberbullying Laws, CYBERBULLYING RES. CTR. 1, http://www.cyberbullying.org/Bullying-and-Cyberbullying-Laws.pdf (last updated January 2016).
n354 Arkansas, California, Connecticut, Florida, Hawaii, Illinois, Kansas, Louisiana, Maine, Massachusetts, Michigan, Minnesota, Missouri, Nevada, New Hampshire, New York, North Carolina, Oregon, Tennessee, Utah, Virginia, Washington.
n355 Sameer Hinduha & Justin W. Patchin, State Cyberbullying Laws, CYBERBULLYING RES. CTR. 1, http://www.cyberbullying.org/Bullying-and-Cyberbullying-Laws.pdf (last updated July 2015).
n356 See, e.g., Megan Meier Cyberbullying Prevention Act, H.R. 6123, 110th Cong. (2009); SAFE Internet Act of 2009, S. 1047, 111th Cong. (2009). This bill did not make it out of the House Committee on the Judiciary.
n357 See Alison Virginia King, Constitutionality of Cyberbullying Laws: Keeping the Online Playground Safe for Both Teens and Free Speech, 63 VAND. L. REV. 845, 865-874 (2010) (noting that there is uncertainty as to whether the Supreme Court's rulings in the area of student speech apply to "online expression created off-campus").
n358 Bell v. Itawamba Cnty. Sch. Bd., 799 F.3d 379, 394 (5th Cir. 2015);Wynar v. Douglas Cnty. Sch. Dist., 728 F.3d 1062, 1069 (9th Cir. 2013); D.J.M. ex rel. D.M. v. Hannibal Pub. Sch. Dist. No. 60, 647 F.3d 754, 766-67 (8th Cir. 2011);Kowalski v. Berkeley Cnty. Schs., 652 F.3d 565 (4th Cir. 2011), cert. denied 132 S. Ct. 1095 (2012);Doninger v. Niehoff, 527 F.3d 41, 48-50 (2d Cir. 2008). The Third Circuit has not definitively decided that Tinker applies in such cases. SeeLayshock v. Hermitage Sch. Dist., 650 F.3d 205, 219-20 (3d Cir. 2011) (en banc) (Jordan, J., concurring) (noting that Third Circuit has not resolved whether Tinker applies to off-campus speech); see also J.S. ex rel. Snyder v. Blue Mountain Sch. Dist., 650 F.3d 915, 931 (3d Cir. 2011) (en banc) (assuming, without deciding, that Tinker applies to harassing online speech). As of October 2015, remaining circuit courts have not addressed this issue. See Bell, 799 F.3d at 394.
n359 King, supra note 357, at 869-70.
n360 Bell, 799 F.3d at 396 (holding that Tinkergoverns analysis, "when a student intentionally directs at the school community speech reasonably understood by school officials to threaten, harass, and intimidate a teacher"); Wynar, 728 F.3d at 1069 (holding that schools may take disciplinary action meeting requirements of Tinker when "faced with an identifiable threat of school violence"); Kowalski, 652 F.3d at 573 (holding that Tinker applies whenever there is a "sufficiently strong" nexus between student's speech and school's interests so as to "justify the action taken by school officials in carrying out their role as the trustees of the student body's well-being"); Doninger, 527 F.3d at 48 (holding that Tinker applies if speech "'would foreseeably create a risk of substantial disruption within the school environment,' at least when it was similarly foreseeable that the off-campus expression might also reach campus" (quoting Wisniewski v. Bd. of Educ., 494 F.3d 34, 40 (2d Cir. 2007))).
n361 WIS. STAT. § 939.03 (2015).
n362 Ala. Code § 15-2-4 (2015).
n363 CAL. PENAL CODE § 778 (2015).
n364 S.D. CODIFIED LAWS § 23A-16-2 (2015).
n365 Compare NATIONAL WHITE COLLAR CRIME CENTER & FEDERAL BUREAU OF INVESTIGATION, IFCC 2001 INTERNET FRAUD REPORT 3 (2001), http://www.ic3.gov/media/annualreport/2001_IFCCReport.pdf (49,711 complaints), with FEDERAL BUREAU OF INVESTIGATION INTERNET CRIME COMPLAINT CENTER, 2014 INTERNET CRIME REPORT 22, https://www.fbi.gov/news/news_blog/2014-ic3-annual-report (246,620 complaints).
n366 Erika Aguilar, Report: Local law enforcement struggle to keep up with cybercrime, KPCC (Apr. 25, 2014), http://www.scpr.org/news/2014/04/25/43714/report-local-law-enforcement-struggle-to-keep-up-w/ ("[T]he FBI believes [IC3 statistics] only represents about 10 percent of all cybercrime."); see Federal Bureau of Investigation Internet Crime Complaint Center, supra note 365, at 6 ("Only an estimated 15 percent of the nation's fraud victims report their crimes to law enforcement, while IC3 estimates less than 10 percent of victims file directly through www.ic3.gov.").
n367 POLICE EXECUTIVE RESEARCH FORUM, THE ROLE OF LOCAL LAW ENFORCEMENT AGENCIES IN PREVENTING AND INVESTIGATING CYBERCRIME 12, 27 (Apr. 2014), http://www.policeforum.org/assets/docs/Critical_Issues_Series_2/the%20role%20of%20local%20law%20enforcement%20agencies%20in%20preventing%20and%20investigating%20cybercrime%202014.pdf.
n368 Id. at 14.
n370 See generally Kate Reder, Ashcroft v. ACLU: Should Congress Try, Try, and Try Again, or Does the International Problem of Regulating Internet Pornography Require an International Solution?6 N.C. J. L. & TECH. 139 (2004);Press Release, DOJ, U.S. Dep't of Justice Promotes Int'l Network to Combat Intellectual Prop. Crime (Mar. 9, 2011), http://www.justice.gov/opa/pr/2009/March/09-crm-217.html.
n371 SeeReno v. ACLU, 521 U.S. 844, 851 (1997) (defining cyberspace as a "unique medium . . . located in no particular geographical location but available to anyone, anywhere in the world, with access to the Internet").
n372 See Walter Gary Sharp, Sr., Note, Redefining National Security in Today's World of Information Technology and Emergent Threats, 9 DUKE J. COMP. & INT'L L. 383, 384 (1999);see also Jon P. Jurich, Note, Cyberwar and Customary International Law: The Potential of a "Bottom-up" Approach to an International Law of Information Operations, 9 CHI. J. INT'L L. 275 (2008); Steve Shackelford, Note, Computer-Related Crime: An International Problem in Need of an International Solution, 27 TEX. INT'L L.J. 479, 494 (1992).
n373 Michael A. Sussmann, The Critical Challenges From International High-Tech and Computer-Related Crime at the Millennium, 9 DUKE J. COMP. & INT'L L. 451, 482 (1999); Council of Europe, Chart of Signatures and Ratifications, http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185/signatures?p_auth_Ul03cccH (last visited Oct. 24, 2015).
n374 Council of Europe, Chart of Signatures and Ratifications, http://www.coe.int/en/web/conventions/fulllist/-/conventions/treaty/185/signatures?p_auth_Ul03cccH (last visited Oct. 24, 2015).
n376 Council of Europe, Convention on Cybercrime, opened for signature Nov. 23, 2001, C.E.T.S. No. 185, http://conventions.coe.int/Treaty/en/Treaties/Word/185.doc (last visited Mar. 6, 2016).
n377 Council of Europe, Chart of Signatures and Ratifications, http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT_185&CM_1&DF_08/11/2010&CL_ENG (last visited Mar. 6, 2016).
n378 Sussmann, supra note 373, at 482.
n380 See supra note 7 and accompanying text (discussing victims' reluctance to report); Mike McGuire & Samantha Dowling, CYBER CRIME: A REVIEW OF THE EVIDENCE, HOME OFFICE RESEARCH REPORT 75 (October 2013), https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246749/horr75-summary.pdf (describing that in the U.K., "[u]nder-reporting of both cyber-dependent and cyber-enabled crimes is an issue amongst the general public and businesses"); John Esterbrook, Many Hack Attacks Go Unreported, CBS NEWS (Apr. 7, 2002), http://www.cbsnews.com/news/many-hack-attacks-go-unreported/ (describing an FBI survey of large corporations and government agencies finding that ninety percent of respondents detected computer security breaches in the past year but only thirty-four percent reported those attacks to authorities).
n381 See, e.g., Press Release, FTC, FTC Files Complaint Against LabMD for Failing to Protect Consumers' Privacy (Aug. 29, 2013), http://www.ftc.gov/news-events/press-releases/2013/08/ftc-files-complaint-against-labmd-failing-protect-consumers (describing FTC complaint against medical testing laboratory alleging that the company, in two separate incidents, "exposed the personal information of approximately 10,000 consumers"); Press Release, FTC, FTC Files Complaint Against Wyndham Hotels For Failure to Protect Consumers' Personal Information (Jun. 26, 2012), http://www.ftc.gov/news-events/press-releases/2012/06/ftc-files-complaint-against-wyndham-hotels-failure-protect (describing FTC suit against Wyndham Worldwide Corporation for alleged data security failures that "led to fraudulent charges on consumers' accounts, millions of dollars in fraud loss," and the export of consumer payment information to a domain name registered in Russia).
n382 See, e.g., Nicole Perlroth & David E. Sanger, F.B.I. Director Repeats Call That Ability to Read Encrypted Messages Is Crucial, N.Y. TIMES, Nov. 19, 2015, at A17.
n383 See Office for Civil Rights, What is Encryption?, U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES (last visited Mar. 3, 2016), http://www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/2021.html ("If information is encrypted, there would be a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (translate) the text and convert it into plain, comprehensible text."); see alsoIn Re Grand Jury Subpeona Duces Tecum, 670 F.3d 1335, 1339 (11th Cir. 2012) ("The grand jury subpoena issued because the forensic examiners were unable to view the encrypted portions of the drives. The subpoena required Doe to produce the "unencrypted contents" of the digital media, and "any and all containers or folders thereon.").
n384 Jason Weinstein, Forced Decryption in Government Investigations, LAW JOURNAL NEWSLETTERS: BUSINESS CRIMES BULLETIN (2014), http://www.lawjournalnewsletters.com/issues/ljn_buscrimes/21_7/news/Forced-Decryption-in-Government-Investigations159229-1.html.
n385 See, e.g., In re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (reversing District Court's order which held the target in contempt for refusing to provide unencrypted contents of seized hard drives).
n386 Id. at 1341.
n387 Id. at 1342.
n388 See e.g., In re Boucher, No. 2:06-mj-91, 2009 WL 424718 (D. Vt. 2009) (requiring defendant to produce an unencrypted version of his laptop's drive files would not constitute compelled testimonial communication); United States v. Pearson, 2006 U.S. Dist. Lexis 32982 (N.D.N.Y. 2006) (deciding to hold a pretrial hearing on defendant's motion to quash a trial subpoena compelling him to produce passwords for seized hard drives and flash drives); Commonwealth v. Gelfgatt, 468 Mass. 512, 524 ("The commonwealth's motion to compel decryption does not violate the defendant's rights under the Fifth Amendment because the defendant is only telling the government what it already knows.").
n389 See Will Bourne, The Revolution Will Not Be Monetized, INC, Jul.-Aug. 2014, http://www.inc.com/magazine/201407/ceo-of-wickr-leads-social-media-resistance-movement.html (describing the rise of companies like Wickr); Danny Yadron, Yahoo Joins Google Effort to Encrypt Email, WALL STREET J., Aug. 7, 2014, http://blogs.wsj.com/digits/2014/08/07/yahoo-joins-google-effort-to-encrypt-email/ (describingYahoo's announcement "to create an encrypted email system by next year that could make it mathematically impossible to hand over users' messages to a court.").
n390 See Bourne article, supra note 389.
n392 The Most Personal Technology Must Also Be The Most Private, APPLE (2016), https://www.apple.com/privacy/privacy-built-in/.
n393 James B. Comey, Director, FBI, Address at the Brookings Institution (Oct. 16, 2014), http://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course ("Encryption isn't just a technical feature; it's a marketing pitch. But it will have very serious consequences for law enforcement and national security agencies at all levels.").
n394 See generally, Susan W. Brenner & Bert-Jaap Koops, Approaches to Cybercrime Jurisdiction, 4 J. HIGH TECH. L. 1 (2004) (discussing state, federal, and international approaches to cybercrime jurisdiction).
n395 Ellen S. Podgor, International Computer Fraud: A Paradigm for Limiting National Jurisdiction, 35 U.C. Davis L. Rev. 267, 282 (2002).
n397 Press Release, FBI, GameOver Zeus Botnet Disrupted: Collaborative Effort Among International Partners (Jun. 2, 2014), http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted.
n399 SeeSEARCHING AND SEIZING COMPUTERS, supra note 148, at 191-207 (providing thorough description of the evidentiary challenges presented by computer records).
n401 Fed. R. Evid. 801(c); see also SEARCHING AND SEIZING COMPUTERS supra note 148 at 191-197.
n402 SeeFed. R. Evid. 803(6); SEARCHING AND SEIZING COMPUTERS supra note 148 at 194.
n403 See, e.g., United States v. Shah, No. 5:13-CV-328-FL, 2015 WL 3605077 (E.D.N.C. June 5, 2015) (holding that because emails were not "the collective effort of 'business insiders,' who share a duty to ensure the accuracy of their statements," the court could not allow those emails into evidence under the business records exception).
n404 Fed. R. Evid. 803(8); see SEARCHING AND SEIZING COMPUTERS supra note 148 at 195; see also, e.g., United States v. Gonzales-Perales, 313 F. App'x 677, 681 (5th Cir. 2008) (holding that report generated by Customs officials to record encounters with aliens as part of frequently used computer system were admissible under public records exception because they reflected "routine, objective observations, made as part of the everyday function of the preparing official or agency").
n405 Fed. R. Evid. 801(d)(2); see SEARCHING AND SEIZING COMPUTERS supra note 148 at 195; see, e.g., United States v. Burt, 495 F.3d 733, 738-39 (7th Cir. 2007) (finding logs of online chat between defendant and witness admissible because defendant's half of conversation constituted "admissions," and the witness's half admissible as necessary context for those admissions); see also, e.g., United States v. Safavian, 435 F. Supp. 2d 36, 43-44 (D.D.C. 2006) (finding certain emails admissible as adoptive admissions where "context and content . . . demonstrate clearly that [defendant] 'manifested an adoption or belief' in the truth of the statements of other people as he forwarded their e-mails").
n406 See Orin S. Kerr, Computer Records and the Federal Rules of Evidence, 49 UNITED STATES ATTORNEYS' BULLETIN, March 2001, at 25-32 (March 2001), http://www.justice.gov/usao/eousa/foia_reading_room/usab4902.pdf (describing this analytical framework).