Wired Coverage of Computers, Freedom, and Privacy Conference
posted by Frank Pasquale
I’ve been at the Computers, Freedom, and Privacy conference this week–there were many interesting panels which I hope to blog about soon. Wired has some good coverage of it, including this commentary on a panel I organized:
[P]rofessor Samir Chopra [asked] “Suppose Google was subject to a law which required all persons to report knowledge of a crime to the authorities. . . . Could Google be sued for breach of statutory duty if AdSense knew about people using drugs?”
While that’s still hypothetical, other panelists emphasized that computer systems are already acting as agents in our world, making decisions about whether someone is a known terrorist, a likely threat at the border or a deadbeat parent late on child support. Or put another way, software is already policy. [As] panelist Danielle Citron, a University of Maryland law professor put it: “Where agencies used to use computers to store data to help agencies make decisions, now computers make decisions.”
On the comments to Ryan Singel’s post, Chopra notes:
[Our] comfort with Adsense, and our intuitions about it, would be shaken very quickly if the interface for Gmail was slightly different (with no change in functionality). Right now, the ads just show up unobtrusively. What if the interface was modified so that a little figure would pop up as you reading your email, and say “Hey, I see you are writing about Australia. Would you like me to show you ads for cheap flights to Australia?”. I suggest that people’s sense of there being nothing untoward would be shaken and yet, this would have happened with no difference in the underlying functionality.
Our “reasonable expectations of privacy” may be quite deeply affected by seemingly superficial design decisions.
Other conference highlights included:
1. Paul Ohm on potential lawbreaking by ISPs:
University of Colorado law professor Paul Ohm, a former federal computer crimes prosecutor, argues that ISPs such as Comcast, AT&T and Charter Communications that are or are contemplating ways to throttle bandwidth, police for copyright violations and serve targeted ads by examining their customers’ internet packets are putting themselves in criminal and civil jeopardy.
“These ISPs are getting close to the line of illegality and may be violating the law,” Ohm told conference goers at the Computers, Freedom and Privacy conference Thursday.
2. McCain campaign not quite as pro-rule-of-law as they’d appeared at the conference:
It’s official, John McCain still supports amnesty for telephone and internet companies that helped the Bush Administration target Americans for wiretapping for five years, without getting any court orders.
The confusion resulted from a tech policy discussion in New Haven, Connecticut Wednesday where a surrogate for presumptive Republican presidential nominee John McCain said that as president, McCain would require strict conditions for amnesty. . . . His comments were remarkable, since in February, McCain voted against an amendment that would have stripped from a spying bill amnesty for telecoms that helped with the government’s five-year warrantless wiretapping in volation of federal privacy laws. . . .
McCain’s online outreach manager Patrick Hynes wrote THREAT LEVEL to say the story “incorrectly represented” McCain’s position on freeing telecoms from the civil suits pending against them, saying the campaign regretted any confusion.
Too bad.
May 23, 2008 at 6:07 pm
Posted in: Privacy
Print This Post
Responses (3)
Jon Garfunkel - May 27, 2008 at 3:57 am
Frank– thanks.
I was in fact in attendance for Paul’s panel, but I didn’t digest it until now. (I *was* on my laptop during the session, but not looking at the right pages…)
So here’s my challenge for Paul: Good point on NebuAd and the copyright-violation filtering. But I think your case against throttling is the weakest.
I assume you are deriving a tort out of § 2510 (2)(a)(i): “a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.”
So what is meant by “service observing and random monitoring”? Clearly Chapter 119 indicates that the crime is to intercept content — “any information concerning the substance, purport, or meaning of that communication.” (In other words, as Samir argues, what is “knowable”). But Comcast has only been inspecting TCP packets to determine if they are in fact BitTorrent, it is presently of no concern to BitTorrent what is being communicated *in* the packet.
This seems to me to be equivalent to the postal service weighing a package to ensure that there is enough postage on it. Though there’s an interesting twist with Media Mail, which is intended for shipping books or computer media: According to a 2005 article in the USC Daily Trojan, if the USPS sees a Media Mail that is heavier than paper or plastic ought to weigh, they will open it to check (!)
Not to excuse the USPS, but it appears that Comcast checking BitTorrent packets is nowhere near as intrusive as that. And thus I’m hard-pressed to see such activity as violating either the letter or the spirit of the law.
Jon
Paul Ohm - May 27, 2008 at 1:56 pm
Jon,
Thanks for the good questions. Andy Oram over at the O’Reilly blog raised similar questions, and I posted a comment to that post raising some of the points I’m going raise now.
I agree that Comcast has much less to worry about than AT&T and Charter, and I said so during my talk.
But you’re missing something in your analysis. Comcast does not need to worry about the Wiretap Act (for the reasons you mention), but it should worry about the Pen Register, Trap & Trace Act. In particular, 18 U.S.C. § 3121(a) forbids the use of a pen register which is defined in § 3127(3) as “a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted . . . .”
But there are three reasons why Comcast need not worry much about this law: First, the Pen Register Act provides somewhat broader provider exceptions than the Wiretap Act. (For example, the Pen Register Act allows monitoring for “the protection of users of that service from abuse of service or unlawful use of service.”)
Second, the Pen Register Act does not provide a civil cause of action. Third, violations of the Pen Register Act are misdemeanors. § 3121(d).
But Comcast isn’t completely in the clear. Not only do they monitor, they also send forged RST packets to throttle Bittorrent communications. Two years ago, in an unrelated context, I argued in a comment thread on Ed Felten’s blog that this might violate the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. There are many reasons to think that Comcast isn’t violating the CFAA, but I wonder if Comcast’s lawyers even took the law into consideration.
Jon Garfunkel - May 27, 2008 at 11:37 pm
Paul–
Sorry to have relied on Ryan’s notes! Thanks for the clarification. I’m not sure if you realized it, but a CFAA violation was cited in Hart v. Comcast filed last November, which incidentally Ryan Singel reported on.
Also, I just caught up on the news that Comcast is working with BitTorrent (the company) to make it (the protocol) easier to network-manage. I am curious whether Hart still sees the need to carry through with the suit.
Jon
Leave a Reply