This is Bloomberg Law with June Brussel from Bloomberg Radio, Rachel Holliman, do you risk your life for your son? Who are you as a car park at the corner of his block? That you start walking? Allow directions? You'll left through this? How are you seeing us right now? Somebody's had In the movie Eagle Eye, two people's lives are thrown into turmoil by calls from an unknown woman who knows their every move using information and communications technology.
Big brother watching is a theme in many sci fi and action movies, but a recent hack of a massive trove of security cameras may show how close to reality
that's becoming. A group of hackers who breed security cameras start up for Kanna were able to view the live feeds and archive videos of one fifty thousand cameras inside hospitals, police departments, prisons, schools, jails, factories, gyms, and corporate offices, and one of the hackers said they've found a user name and password for an administrator account publicly exposed on the internet. Joining me is Rena baje Vala, a partner and Ice miller. What kind of privacy do you have
when you enter a public facility. Let's say you go to a hospital or a police station. Do you have any privacy rights when you're at in public The answer is it depends really on the place you are entering. For example, on one end of a spectrum, if you are in a correctional facility, your right to privacy is
very limited there. The way that the privacy laws work in the United States is sector specific, so certain types of businesses have laws relating to the collection and disclosure of private information, but as a whole, the country doesn't have a national privacy law. So if you walk into a health care facility and you are seeking treatment, you are covered by HIPPA, But walking into a retail facility,
you don't have that type of protection. You know, and businesses in this country do have the right to surveile for security purposes and other legitimate business purposes. I was shocked at some of the places where the video cam was were and some of the things that were exposed, For example, hospital staff ers pinning down a patient to a bed. Don't you have any privacy rights inside a hospital. HIPPA is one of the most protective privacy statutes that
we have in the United States. And I've seen that the company that was tacked, Kato, had a case study on one of the hospital that they work with that we're saying that it's a Hippo compliant security system. So
it's not that there are not privacy right. You know, the question will certainly be attracted through litigation in and I imagine regulators like the Department of Healthy Human Services Office for Civil Rights will be taking a close look at this situation and looking at Bocada and its relationships. But you know, hospital systems, other health facilities use vendors for a wide variety of purposes, and perhaps it's a
internal risk recording to protect the health facility against legal liability. However, the relationship with the video surveillance company was that these are supposed to be secure videos. So in a situation like that, you know that information being exposed has created the liability. Let's say that the prison sues or the school sues. What would this suit be based on? I mean, does it depend on where they are and what the laws are, or does depend on the contract. It's going
to depend on the contract between the parties. So they are going to be provisions and the contract between that correctional facility or that health care facility and vocata that indicate the scope of liability. There's there are likely detailed provisions relating to those privacy and security concerns that we're talking about, So it would be a breach of contract.
Lawsuits likely well. One of the issues be how secure the company kept the cameras and the video footage because apparently employees had super Redmond privileges and had unrestricted access to customers surveillance footage. Absolutely a critical question here is going to be access controlled and limiting those controls to
the need to know basis of individuals. And you know that there's a principle called principle of least privilege where you manage your access controlled with the default assumption that people will not have privileges unless they are required to form their jobs. So that is going to get critical question going forward. Now, what about the people who have been filmed and exposed? What kind of a lawsuit can neighboring?
So this is a unique situation because in addition to the video, there is from what I understand, some sort of people analytics service provided. So I don't know what the role of that is because that would also connect the video to a person and their history, and their vehicle history and all types of other publicly available information. But in terms of individuals, their main focus likely for
potential lawsuit would be under tort law. So there are privacy tort that include things like unlawfully intruding into someone's private affairs or disclosing someone's private information. So you can see a scenario where if somebody was in, for example, a mental health facility and that video was exposed that had an individual in a sensitive situation that was had, that individual might be able to make a privacy tort
claim in a lawsuit. And you know, in terms of who they might see, they might do all parties involved. I assume the company makes representations about the security of its cameras to potential customers. How much does it matter if the company fell short in that regard? For example, suppose it was actually quite easy for the hackers to get these admin privileges. If they fell short of their assurances of security, that would create liability under the contract
for that company. Um, you know, one place to look is at what Bricada's advertising statements are. And you know, I took a look at their website. They have a section on security on their website that goes through in detail what their security measures are. Um. You know, companies have privacy policies where they indicate in terms of us,
where they indicate how they will protect your information. All of these statements, certainly for your regulators like the FTC, will be of critical importance to determining well, if they made statements and they did not live up to those statements, that creates um exposure and liability both from a regulatory perspective and in lawsuits. What's the role of the FTC here? So the FTC in particular look at privacy policies and where companies have not satisfied their promises that are in
a privacy policy. The FTC has jurisdiction to investigate and bring enforcement actions. What are the regulatory agencies might get involved? So the Department of Health and Human Services Office for Civil Rights has jurisdiction over healthcare entities, so they would be enforcing HIPPA and high tech the related law in connection with the health care realm. And then you have attorneys general, So the California Attorney General, you know this
is a California company. We can certainly expect some investigation action from the California Attorney General. This conversation and sort of the piecemeal regulatory approach to this, heck, bring up the question do we need a federal privacy law. I think everyone agrees that we need a federal privacy law, and that's people on all ends of the spectrum of
privacy advocacy or protectionism. There is a way to comprehensively manage data that does not focus on sector specific or state by state laws, and instance like this can help motivate legislators to move forward on a federal data privacy bill. There are a lot of people have these wireless home cameras. What do you have to do to make sure that this doesn't happen? Do you have any projection from someone
accessing what's in the cloud? I think we're relying on the companies to have the security, so you know, I would I would take a look and vet um the companies, but unfortunately there's no guarantee that, uh, you know, anything that is connected can be hacked. And so that's really where we're going in terms of technology is everything is getting connected and interconnected, and we have Internet of things,
so this is a real concern to push back against that. UM, and some states are legislating two ensure that reasonable security features are in the Internet of Things devices, like California has SP three, which is IoT law. UM. But I think that the things you can do is you can do as a consumer are make sure you understand what the access rights are to your account. So if they give you a default password, change that password. That is
something that is maybe even the simplest. You know, you can inquire about what the security measures are, but you know, you can't expect every consumer to be an expert in security. So you know, the safest root is to not go connected, um, you know, and and to not have things stored in the cloud. If you can have a simpler camera that you know, records a certain amount of footage and then you know, rewrites over it. UH, that's a safer place
to be from a security perspective. UM. But you know, convenience UH and technological innovation has has trended towards winning out on those on those battles. Thanks Rina. That's Rina baje Vala of Ice Miller. The Buying Justice Department is using a controversial statute that was a that did in nineteen sixty eight, at a time of civil rights demonstrations and anti war protests, to charge more than sixty people
in the capital riots. The law had rarely been used since the Nixon administration until the Trump administration began using it to charge people in the Black Lives Matters protests. Joining me, as former federal prosecutor Michael Zelden tell us, the history of the Federal Anti Riot Act. The history of the statute, which is sort of dubious in many respects, was an effort, I think, to use the powers of law enforcement to arrest disrupt those who were engaged in
acts of civil disobedience. I think that the history of this thing was to make sure that the police were able to ensure that those who blocked the bridges in Selma or involved themselves in protests that led to shit ins and closures of commercial establishments could be charged with an offense beyond the normal still disobedient type of statutes that already were in exist. So I think they have
a very dubious history. Does that history matter in how the statute is used by law enforcement, Well, it doesn't matter in a technical legal sense. That is, if the statute was passed if its history is sort of for bad purpose, That is, they meant this as a statute to impose obedience to the state from those who are
engaged in civil disobedience. That doesn't make the statute infirm legally, meaning that if someone chose to use the statute in the future for some other purpose other than what maybe the legislators had as their original meaning, it doesn't mean the statue can't be used. So put other words, it may be bad in its intention, but it may be legal in its effect. Now, this statute hadn't been used since the Nixon era until it was used in the Trump administration. Yeah, more or less. I mean, then you
may find an odd case here or there. But as I said, these cases involved cases of civil disorder. The statute has a definition that says we shall use this when interstate commerce is interfered with in the course of a civil disorder, which means any public disturbance involving acts of violence or by assemblages of three or more people which causes immediate danger of or results in damage to injury of property your person. So these are intended to
disrupt disturbances. And yes, of course, the Nixon administration used them against anti war protesters, and the Trump administration used them against what they called the Antifa civil disobedient gatherers in Portland and Seattle and Minneapolis and other such cities. Bill Barr apparently he told his U S attorneys two pursue aggressive federal prosecution against protesters in the Black Lives Matters movement, and they used this particular statute to do that.
When Jeff Sessions became Attorney General of the United States, he reversed the policy of the Obama administration, which was to use judgment in charging criminal offensive. Sessions wanted to charge the most serious charge available bar When he became Attorney general, also said that he believed that the most serious charge availables being used, and particularly he singled out the protesters in Oregon and Minneapolis and in Seattle as
essentially inciting an insurrection. I think was some of the
languages that he used during his um press statements. And so here we find prosecutors bringing this charge eight United States Code such as two thirty one, which is this charging of people of interfering with the police or firefighters who are trying to deal with a civil disturbance, and they cite that it had a negative impact on interstate commerce as they used weapons in order to do this, and that therefore this ANSI assemblage statute, the statute really
had some sense of its origins, as I said, in targeting civil disobedient protesters. They've decided to use this statute that what they think most promperate charge in cases like this. I think that it's problematic from a a charging philosophy standpoint. I don't know why this would be the appropriate charge to bring when there are all sorts of more straightforward statutes like assault on a police officer, destruction of property,
destruction of the federal property. There are a lot of great forward state and federal statutes that governed the behavior that they things should be criminalized, and why they're using this is not easily from understandable to my politics. So more than sixty of the rioters charged in the Capital riot have been charged with this civil disobedience charge. Does it seem appropriate there? Well? My view of the law is that if it's appropriate for one category, it should
be appropriate for another category. If it's inappropriate for one category to be inappropriate for another category. So my politics is that if I were a federal prosecutor. I would not bring a charge that has this, you know, sort of terrible history behind it, and I wouldn't bring it in the Portland cases, and I wouldn't bring it in the Capital riot cases. I think that there are other statutes that get at what you want to charge people with without invoking a statue that as such a horrible
history to it. So what other statutes would they could they use in the Capital riots? Illegal entry, staying beyond your entitlement to stay, destruction of property, assault on a police officer. There may be a murder charge that comes out of this as well. So though destruction of property and and and assault styled statutes are the most easily available for prosecutors to use. You know, I understand that what took place at the Capitol was unique, and maybe
it requires a unique charge to be brought. And it's not that this is equivalent to what took place in Portland. What took place in Portland, I think is very different than what took place at the Capitol. I just don't like this statute. And we talked previously about beware of impending war on domestic terror and what would that mean in terms of the passage of new statutes with the application of old statutes to new conduct. This is what we talked about in an earlier conversation, and this is
exactly what we're seeing. This is conduct that I think, in many respects has a free speech overlaid to it. It may not be exactly on point, but it is surely there. And I just don't like statutes that criminalize anything that has to do with a free speech, right to assemble, right to protest component to it. Is one of the reasons that prosecutors are using this is that
it's a felony with up to five years in prison possible. Well, that's a great question, because you know, assault and and those types of statutes carry you hefty prison sentences as well. I think that their thought is, you know, psychoanalyzing people. I don't know, but I think their thought is that this is what these protesters did. They interfered with the application of police and fire authority in the context of a civil disobedience. So the statute is right on point,
and so they're going to charge it. So I don't assert bad motives as to these people because I don't I don't know them. I think that they do think that this statute is what is most applicable to the behavior. I just wouldn't do it myself because I don't like yes,
I said twice. Now, I don't like its history. I don't like what it's how it was intended, and I think that it may well be vague um from a First Amendment law enforcement standpoint, because you have to be part of a civil disorder um when this is taking place, and it's really not all that clear to me how one wants to define that or how one could have defined that as it relates to one's First Amendment right
to address grievances, protests symbol speak. You know, there are several cases in Oregon and where there are similar allegations to some of the cases in the Capital, and the defense there is challenging the use of this statute is their legal challenge. But as I understand it, as I best understand it, it is again that this statute, the
application of this statute to this conduct is inappropriate. That what this person did is not a violation of of of two one, that he may be chargeable with some type of assaultive conduct with respect to spraying the bare spray, But it wasn't an effort to disrupt the police in the context of a civil disorder implicating interstate and foreign commerce. I think that they're taking a technical defense. This statute doesn't apply, and in addition, if it were to apply,
it is unconstitutionally vague. And what's the prosecution's response. The prosecution is saying that we are using this statute in a very narrow context, that it is the application of the statute in respective conduct as relates to the federal government business being conducted. There was an assault on the federal courthouse, and so they're saying that in this case
has narrowly applied in the circumstances. The statute is legitimate, it's not overly broad, and it's appropriately targeted to the type of violent conduct that the individual charge with it engaged in. And they have photos of him with pepper spray and with a knife and things of that sort. But the defendant is saying, this is an overly broad statute,
it's unconstitutional, doesn't shouldn't apply to me. It should be struck down as an illegal statute, as a government saying no, no, no, as it was applied to you in this case with respect to the conduct that you engaged in at that point in time. It's perfectly appropriate, lawfully applied, and framed in a constitutionally adequate way. So our federal prosecutors in d C concerned about what happens, what the ruling is in Oregon as far as the statute is concerned. Yeah.
Of course, if this case were to go forward and the court were to rule, for example, that the statute was unconstitutionally vague, it was overbroad, or it was inappropriately applied in some way, that would have a ripple effect on the charges that were brought against the January six insurrectionists. So, because they're used in both places, any case that goes first had become president for how it's interpreted down the line.
So Yes, and UM not sure that this case will continue to go forward, that the U. S. Attorney will continue to prosecute under this statute because of that the ripple effect that they may decide and as they're doing with many other cases in Oregon, which is dismissing them and allowing the state to bring the more appropriate charges that we've been talking about, the type of assault charges, destruction of property, UH charges, failure to obey a police
officer type of charge. Those federal cases are being dismissed in favor of the more direct state cases. And we've seen this before. We've seen this. For example, in the Rodney King case, they were assault charges brought under the state laws of California. When those cases didn't proceed well, they then decided that they would bring a federal Civil
Rights Act violation charge against the officers. So normally you start with the statutes that apply most directly, in my opinion as a prosecutor, and then though in this case, those would be the state styled charges, and then you'd see how it evolved if, for example, you were able to convict the individuals that you want to convict or assault on a police officer, destruction and government five year plus, Why we do then need to bring a federal charge
using this statue. It's terrible past and possibly aspect to it when you don't have to. So I like to proceed from that which is most easily proved, most directly chargeable, and leave these more obscure statutes to another day. Despite that your preference, and you're right, the U. S. Attorney important has dropped more than thirty of the nine cases. If they decide to go forward. Is this an uphill battle for the defense to get the charges dismissed on
this basis? I think so yes, Because remember what we said at the very outset of our conversation was, while the statute has a sort of bad history, and while the proponents of it I think had bad political motives and enacting a statute like this, those motives don't in and of themselves make the statute legally infirm. And so if the statute is legally correct, the defense citing the history of it doesn't win. They maybe win in a court of public opinion, but they don't win in a
courtroom that is determining whether the statute is constitutional or unconstitutional. Usage. Thanks for being on the Bloomberg Lawn Show. Michael. That's former federal prosecutor Michael Zelden, and that's it for the sedition of the Bloomberg Law Show. Remember you can always at the latest legal news on our Bloomberg Lawn Podcast US. You can find them on Apple Podcasts, Spotify, and at www dot Bloomberg dot com, Slash podcast Slash Law. I'm
June Grosso. Thanks so much for listening. Please tune into the Bloomberg and Wall Show every week night attend in Eastern right here on Bloomberg Radio,