If one has a weak password for one’s web-based personal information, is it reasonable to conclude that one has a reduced expectation of privacy with respect to that information?
(Here’s an English list [1] (from 2006) of the 10 most common password and a list of the 500 worst ones [2], from the point of view of security.)
If someone uses “password” as his or her password, should he or she really be able to claim some privacy interest in the information behind it?
What about file sharing? If one has files or folders or most of one’s computer accessible to peer-to-peer sharing, does one still have some expectation of privacy in the contents somewhere?
Does it matter that unauthorized use of computer resources is illegal? In a prosecution for that offence, one cannot claim authority because of a weak password. After all, it is illegal to trespass on property if there’s a plain, non-threatening sign saying ‘do not trespass’ or ‘keep off’, even without a fence. (For that matter, many trespass laws bar trespass if the trespasser ought to have known the property was private, even without a sign or fence.) Is trespass a good analogy for privacy infringement?
Presumably one does not sacrifice one’s privacy by using P2P just because some uses of P2P may violate copyright (and some don’t).
Enough speculation: do you know of any case law or privacy officer decisions based on such reasoning? I don’t, but maybe I haven’t looked hard enough.
I know that the various governors of the legal profession (law societies, bar associations etc) tend to say that use of email generally or even unencrypted email does not waive any expectation of privacy, and, more important (perhaps), does not negate any privilege in the documents communicated by this method. Lawyers are advised to discuss communications security with their clients (and the subtle advisors warn that the clients may not be very knowledgeable about that topic, and one can’t hide behind that ignorance to establish a permission); but the general rule is that ordinary, unencrypted email is OK. VPNs and Extranets are generally considered OK too — which takes us back to the first question: does it matter how secure the password protection is for such networks?
Any relevant case law on the legal profession’s share of the question?