Logan Parker
Privacy Editor
Loyola University Chicago School of Law, LL.M. in Health Law 2017
The 2016 National Basketball Association Champions, the Golden State Warriors, have been accused of wiretapping and listening in to fans’ conversations without consent or knowledge in violation of the Electronic Communications Privacy Act (“ECPA”), also referred to as the Wiretap Act. A new amended complaint alleges the warriors recorded fans’ oral dialogue via a phone application typically used to keep fans up-to-date on team scores, schedules, news, and statistics.
Electronic Communications Privacy Act
The ECPA, 18 U.S.C. §§ 2510, et seq., passed in 1986 protects wire, oral, and electronic communications while they are conducted, in transit, and stored on computers. The ECPA also applies to email and telephone conversations, and all data stored electronically. The ECPA consists of three titles. Title I prohibits the intentional, actual, or attempted, interception, use, disclosure, or procurement of the contents of any wire, oral, or electronic communication, as well as prohibiting the admissibility of illegally obtained communications in court. Title II protects contents of files stored by service providers related to subscribers such as name and billing records. Title III covers pen registers and trap/trace devices and requires government entities to obtain a court order authorizing the installation and use of these devices.
Complaint
In Satchell v. Sonic Notify, Inc., a class action, the Warriors face federal wiretapping charges. The court originally dismissed the initial complaint in February for insufficiently alleging the wiretap claim. The amended complaint alleges the Warriors, by their third parties, Sonic Notify Inc. and YinzCam Inc., failed to inform or gain proper consent to listen to or record the private conversations of fans. The complaint further asserts that the Warriors possessed knowledge of the phone application’s ability to “constantly and continuously record and analyze” conversations and the team acted intentionally by programming the application “to specifically turn on users’ microphones.” Furthermore, the complaint discusses the technology involved, which allowed the wiretap capabilities of the application. Beacon technology employed by a platform operator, Signal360, repetitively ran in the background even when fans’ phones were turned off. The collected conversations occurred under circumstances where a person would have a reasonable expectation of privacy. The Warriors have denied such claims, but with the new amended complaint, the team and its legal representatives will have to return to court to address the issue.
Lessons Learned
From a compliance perspective, developing a mobile application poses various regulatory issues. Depending on the industry, the sheer number of privacy regulatory frameworks that apply are abundant. In this case, proper due diligence and vetting of the mobile application development procedure could have prevented the likelihood of a matter like this from occurring. Since the application targets consumers, alignment and compliance with the FTC Act and the ECPA are integral. Companies should avoid deceptive tactics and fraudulent misrepresentation of their products’ services. Of the lessons learned, the most obvious involves restraint on wiretapping or gaining sensitive information using a phone application without user consent. If the application’s goal includes obtaining user information and preferences, the developer must develop a proper and adequate Notice of Privacy Practices. Monitoring and oversight, as well as implementing proper written policies, procedures, and standards of conduct are the most relevant effective elements of a compliance program that could have prevented this situation.