The abundance of paper trails of the paperless era

March 20, 2013

Law and technology(Editor’s Note: Throughout the month of March, we’ll be looking at issues involving both the law and technology, whether on the large scale or down to the small scale of an individual practice).

Week 1: Is it illegal to “unlock” your phone? Why?

Week 2: How tablets can help strengthen attorney-client relationships

We’ve heard many times over by now about how everything is “going paperless.”

This new “paperless environment” means fewer correspondences being sent in the mail, more court filings performed electronically, and increased office mobility.

Ironically, this new “paperless” atmosphere also creates more “paper trails” – written evidence of an individual’s activities.

As an attorney, more “paper trails” can be either good or bad for you or your client, depending on the case.  In nearly all circumstances, however, it’s important to be aware of them.

Further, the magnitude of the record-keeping done by online service providers – and the widespread usage of these service providers – make the existence of paper trails relevant in situations in which you may not initially believe it to be.

On several occasions in the past, I’ve written about how law enforcement uses social media sites to collect information about individuals of interest.  For the most part, though, the information collected here is what is voluntarily posted by these individuals – status updates, Tweets, photos, location check-ins, etc.  As also noted in previous posts, Facebook continues to keep a record of all content provided by users regardless of whether that content was later deleted by the user.

The information collected by these sites extends well beyond what an individual knew he or she was submitting.

What other kind of information is collected?

The Internet protocol (IP) address that a user logs in to the website from; the time and date of the login and logout; the pages visited while logged in and the amount of time spent viewing those pages; and information on any financial transactions conducted and every attempt to make such a transaction.

Regular recordkeeping of financial transactions is nothing new and shouldn’t come as a surprise to anyone.

The same likely isn’t true for the other information collected.

Although Facebook has consistently informed its users that there’s no way for others to know who has been viewing his or her page, Facebook itself does have this information.  In fact, it can not only tell whether you’ve viewed a certain page, but also how many times you have viewed a certain page, the date and time of each view, and the length of time spent on the page.  This is not only the case with social media sites like Facebook, but also nearly any other site requiring a login (including dating sites like eHarmony and Match.com).

Fortunately, there is a very limited need for this data in legal proceedings, so websites will rarely release more information than the date and time, the duration, the number of pageviews of a given session.

On the other hand, IP addresses are of great interest in most legal actions.

Although they may appear to be simply a collection of numbers (e.g. 123.456.78.9), the amount of information that can be gained may be surprising.

By using any number of freely available online services, an IP address can be used to identify the user’s geographic location.

Just having the location of the city in which the IP address’ user is located is harmless in itself, but these free services also provide the name of the Internet service provider (ISP) associated with the IP address.

With a properly executed and served subpoena, an ISP (such as Comcast) can provide identifying information about the subscriber who was using a specific IP address at a given date and time.  In addition, ISPs can also provide the physical address from which the IP address was used.

This information is discoverable even if one masks his or her IP through any number of available methods; it just takes more work (sometimes a lot more work) since there are more parties to subpoena.

What this means is that every time you use Facebook, your location is recorded – including if you use it from a mobile device.

Does this mean that you or your clients should refrain from all online activities?  Not necessarily.

But it does mean that you should be aware of the kind of information that is recorded every time you log in to a website, and that an opposing party or law enforcement will likely be able to access that information.