National Labor board: Can't fire employees for Facebook comments

Monika Plocienniczak reports on CNN.com that the National Labor Relations Board (NRLRB) issued a complaint against American Medical Response, an Ambulance company that fired one of their employees after she had made some negative comments about her job on Facebook.

AMR, of course, denies that the woman was fired for her Facebook comments. They say that she was fired because of multiple complaints about job performance and her treatment of patients.

In some ways it doesn't matter why she was fired. It does matter what the final decision is. If a court agrees with the NLRB, then venting about your boss on Facebook becomes protected speech under the National Labor Act. That is very important. Right now employers can monitor Facebook and determine who is hired, who is promoted, who is demoted using what they find there. If Facebook comments fall under the National Labor Act then the won't be able to do that. It may not prevent employers from using social media to look at prospective employees, but it will make it illegal for social media to be used to determine who to fire, promote or give raises.

One of the biggest problems with social media is that it makes parts of our lives that used to (and still should) remain private are public. Now those private things are being used to determine whether persons would make good employees. We know things now about past Presidents that might have, had they been generally known at the time, been major scandals. Maybe even have derailed their presidency. John Kennedy was a womanizer. So was Clinton. Whatever you may think of his womanizing (and his politics), Clinton was one of the most astute statesmen the U.S. has had in the Oval Office.

Much of what is on Facebook is "not safe for work" and much isn't safe for your career (current or future) either. The bad thing is, much of that isn't really a good indicator of what kind of employee a person will be. Employers shouldn't be allowed to use it for that purpose.

Using stolen Social Security number isn't identity theft

The Colorado Supreme Court has overturned the identity theft conviction of Felix Montes-Rodriguez. This case is important because according to the courts decision, the fact that he used a stolen Social Security number did not make his action identity theft:

Montes-Rodriguez admitted to using the false social security number. However, he contested the criminal impersonation charge. He argued that he did not assume a false identity or capacity under the statute because he applied for the loan using his proper name, birth date, address, and other identifying information.

and further down:

We reverse. Consistent with previous Colorado case law, we hold that one assumes a false or fictitious capacity in violation of the statute when he or she assumes a false legal qualification, power, fitness, or role. We also reaffirm our earlier holding that one assumes a false identity by holding one’s self out to a third party as being another person.

When I first saw this decision I thought, "No Way! How could they say that?!"

But after rereading, I realized that the court was right. This particular criminal didn't steal anyones identity, he just committed fraud. He never claimed to be someone else. He used all of his own identifying information except for his Social Security number. By the definition of identity theft in Colorado law, he didn't steal anyone's identity.

That doesn't make his crime less serious. It should make it easier to get any bad marks on credit report removed, since it's fairly easy to prove they were the result of fraud by a third party. It should. In practice it may not be so easy. If a car dealer or bank was willing to accept a Social Security number that was not connected in any way to any of the other identifying information given, and approve a loan based in part upon that number, then the financial reputation and identity of the rightful holder of the number has been stolen. It doesn't matter that the name, address, phone number and everything else on the application belongs to the actual applicant. The credit score(s) attached to the Social Security number is a, possibly the, major factor in the approval of the loan.

Forty years ago the idea that a Social Security number isn't tied to identity might have worked. Today it is so entwined with our identities that it can be difficult to do anything without one. The law needs to catch up to that reality and recognize that sometimes the financial history attached to a Social Security number can be more important than the name - as evidenced by this case.

Using stolen Social Security number isn't identity theft

The Colorado Supreme Court has overturned the identity theft conviction of Felix Montes-Rodriguez. This case is important because according to the courts decision, the fact that he used a stolen Social Security number did not make his action identity theft:

Montes-Rodriguez admitted to using the false social security number. However, he contested the criminal impersonation charge. He argued that he did not assume a false identity or capacity under the statute because he applied for the loan using his proper name, birth date, address, and other identifying information.

and further down:

We reverse. Consistent with previous Colorado case law, we hold that one assumes a false or fictitious capacity in violation of the statute when he or she assumes a false legal qualification, power, fitness, or role. We also reaffirm our earlier holding that one assumes a false identity by holding one’s self out to a third party as being another person.

When I first saw this decision I thought, "No Way! How could they say that?!"

But after rereading, I realized that the court was right. This particular criminal didn't steal anyones identity, he just committed fraud. He never claimed to be someone else. He used all of his own identifying information except for his Social Security number. By the definition of identity theft in Colorado law, he didn't steal anyone's identity.

That doesn't make his crime less serious. It should make it easier to get any bad marks on credit report removed, since it's fairly easy to prove they were the result of fraud by a third party. It should. In practice it may not be so easy. If a car dealer or bank was willing to accept a Social Security number that was not connected in any way to any of the other identifying information given, and approve a loan based in part upon that number, then the financial reputation and identity of the rightful holder of the number has been stolen. It doesn't matter that the name, address, phone number and everything else on the application belongs to the actual applicant. The credit score(s) attached to the Social Security number is a, possibly the, major factor in the approval of the loan.

Forty years ago the idea that a Social Security number isn't tied to identity might have worked. Today it is so entwined with our identities that it can be difficult to do anything without one. The law needs to catch up to that reality and recognize that sometimes the financial history attached to a Social Security number can be more important than the name - as evidenced by this case.

You've probably never heard of Oliver Drage

I hadn't until I checked the "Conspicuous Chatter" blog and saw the latest entry about enforcement of Britians Regulations of Investigatory Powers Act 2000(RIPA).

Mr. Drage has been convicted of not giving his encryption key to investigators when they requested it, which is a violation of RIPA. He's been convicted of that crime and sentenced to 16 weeks in jail. Conspicuous Chatter is very clearly on the side of Mr. Drage and not happy with the way the BBC reports the story so I checked out what the BBC said.

The BBC reports that Oliver Drage was arrested by police investigating "Child Sexual Exploitation." Apparently they had enough evidence to arrest him and confiscate his computer, but not enough to charge him. His 50 character encryption key had them stumped, so they asked him for it. He refused. They charged him with violating RIPA and convicted him. The police reaction to the conviction and 16 week sentence:

Det Sgt Neil Fowler, of Lancashire police, said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence.

I don't know British law, but I have to assume that 16 weeks is the stiffest sentence allowed for failing to surrender your password. Otherwise I can't imagine a judge not giving a longer sentence when the purpose is to get a man accused of sexually abusing children to give up the encryption key to his computer.

I don't know if he is guilty, and it's important to remember that although it looks incriminating, he could have perfectly legitimate reasons for not giving police the key. It could be principle. He could have some other type of incriminating evidence on his computer but be innocent of child sexual exploitation. It could be some other reason.

This is a question that is still being decided in the U.S. Is your encryption key protected by the Fifth Amendment? Should it be? I think the answer to both questions is yes. But cases like this one raise questions, I admit.

What do you think?

The first free anti-virus for OS X

On November 2nd PCMag.com reported that Sophos is releasing a free antivirus for the Mac. Other security companies are releasing software for the Mac, but Sophos is the only one to release free AV software.

The recent release of Koobface for Mac is only the latest malware designed for Mac. It was dead on arrival, but that was most likely a coding error, so a virulent version could show up any time. Sophos free software is available now and offers protection against Koobface and the other known Mac malware. There is a forum for discussing the software here and you can download it here

There are still people who argue that anti-virus on a Mac is unnecessary. Well, that may be true for now, but that will soon change as Koobface Mac was a hairs breadth from being the real deal. Mac users can't afford to keep being complacent about malware.

Britian proposes allowing site takedowns with just complaint

http://www.ispreview.co.uk/story/2010/10/30/uk-government-make-isps-responsible-for-third-party-content-published-online.html

The U.S. wants to wiretap the internet. The UK wants to make it easy to get 3rd party content removed. MarkJ reports on ISPreview.com that:

The UK governments Minister for Culture, Communications and Creative Industries, Ed Vaizey, has ominously proposed that broadband ISPs could introduce a new Mediation Service that would allow them the freedom to censor third party content on the internet, without court intervention, in response to little more than a public complaint.

The proposal is supposed to be for the benefit of regular citizens, but it is easy to imagine the abuse by corporations and organizations (RIAA, MPAA, et al) who would use it as a club to attempt to force consumers to conform to industry ideas of how things should be.

It is sad that proposals to help protect citizens must be either be so carefully crafted and limited almost to the point of uselessness or risk abuse that does more harm than not having legislation would have.

Do us all a favor. Vote.

It's election day, and every eligible citizen should go vote. I'd say I don't care how you vote, but that would be a lie. I'd prefer you vote for conservative candidates who believe in citizens and states rights.

But regardless of my preferences, for our government to work the way it's supposed to every eligible voter needs to vote. We get the government we deserve, whether it's because we don't make our will known, or because we do. If you vote you are making your opinion known. Even if your candidate loses, how much or how little he (or she) loses by sends a message. That message can be more important than winning, if it tells other politicians they need to pay attention to what their constituents want.

So whatever your politics, go vote.

Predicting employee behavior available now

In a column titled, "'Pre-crime' Comes to the HR Dept.", Mike Elgin talked about a new industry, fortune telling.

Ok, he's not actually talking about fortune telling in the traditional sense. He is talking about predicting how people and companies will act in the future based on how they've acted in the past. He talks about two companies. The first is Social Intelligence, a company that scours social networks to provide information on prospective employees to companies. The idea is that information found on social networks is a better indicator of what kind of employee you will be than your resume.

The second company he talks about is Recorded Future. Recorded Future also scours the web to predict the future actions of people and companies. It attempts to find logical links that make it possible to make those predictions.

These are two companies, but how long before this type of algorithm is common in HR departments? What happens when hiring, firing and promotions are determined by predictions of future performance rather than past performance? What happens when software predicts that you will leave within 6 months? Will the company fire you preemptively?

For many of us, having an online presence is unavoidable, or even necessary. What does our online presence say about us? What kind of impression are we giving, and what kind of predictions can be made from it? As new and better predictive algorithms are developed the tidbits we leave online will become more important. Having control over as many as those tidbits as possible is the only way to have any control over our own lives. As things are now, we are at the mercy of the data miners who build profiles to predict what we like, what we don't like and how to convince us we need things. In the near future they will also be determining whether and how much money we have by telling our employers whether we should be given a raise, a promotion, or even a job.