Author: Daniel Solove

0

“The App from Hell” — A Short Comical Cartoon About Apps and Privacy

For my privacy and security training company, TeachPrivacy, I recently created this 2-minute comical cartoon vignette to teach about the importance of privacy and apps.  No login is required.  Click the link above or the image below to see the video.

15

Harvard Law Review Symposium on Privacy & Technology

This Friday, November 9th, I will be introducing and participating in the Harvard Law Review’s symposium on privacy and technology.  The symposium is open to the public, and is from 8:30 AM to 4:30 PM at Harvard Law School (Langdell South).

I have posted a draft of my symposium essay on SSRN, where it can be downloaded for free.  The essay will be published in the Harvard Law Review in 2013.  My essay is entitled Privacy Self-Management and the Consent Paradox, and I discuss what I call the “privacy self-management model,” which is the current regulatory approach for protecting privacy — the law provides people with a set of rights to enable them to decide for themselves about how to weigh the costs and benefits of the collection, use, or disclosure of their data. I demonstrate how this model fails to serve as adequate protection of privacy, and I argue that privacy law and policy must confront a confounding paradox with consent.  Currently, consent to the collection, use, and disclosure of personal data is often not meaningful, but the most apparent solution — paternalistic measures — even more directly denies people the freedom to make consensual choices about their data.

I welcome your comments on the draft, which will undergo considerable revision in the months to come.  In future posts, I plan to discuss a few points that I raise my essay, so I welcome your comments in these discussions as well.

The line up of the symposium is as follows:

Symposium 2012:
Privacy & Technology

Daniel J. Solove
George Washinton University
“Introduction: Privacy Self-Management and the Consent Paradox”

Jonathan Zittrain
Harvard Law School

Paul Schwartz
Berkeley Law School
“The E.U.-U.S. Privacy Collision”

Lior Strahilevitz
University of Chicago
“A Positive Theory of Privacy”

Julie Cohen
Georgetown University
“What Privacy is For”

Neil Richards
Washington University
“The Harms of Surveillance”

Danielle Citron
University of Maryland

Anita Allen
University of Pennsylvania

Orin Kerr
George Washington University

Alessandro Acquisti
Carnegie Mellon University

Latanya Sweeney
Harvard University

Joel Reidenberg
Fordham University

Paul Ohm
University of Colorado

Tim Wu
Columbia University

Thomas Crocker
University of South Carolina

Danny Weitzner
MIT

0

Introducing Guest Blogger Omer Tene

I’m delighted to introduce as a guest blogger Professor Omer Tene, who is an Associate Professor at the College of Management School of Law, Rishon LeZion, Israel, currently visiting at the Berkeley Center for Law and Technology. Omer writes about privacy and data protection law. His recent articles concern issues such as the challenges posed to the privacy framework by “big data”; online behavioral advertising and the “do-not-track” initiative; government access to private sector data; and privacy and digital identity in the social networking context.

In addition to his research, Omer serves as rapporteur to the OECD for its review of its 1980 Privacy Guidelines. He consulted the Government of Israel in its application for an adequacy decision under the European Data Protection Directive. He headed the Steering Committee for the 32nd Annual Conference of Privacy and Data Protection Commissioners.

Omer is also an Affiliate Scholar at the Stanford Center for Internet and Society; a Senior Fellow at the Future of Privacy Forum; and a member of the Editorial Board of International Data Privacy Law (Oxford University Press).

Omer tweets at https://twitter.com/omertene and blogs at http://cyberlaw.stanford.edu/about/people/omer-tene.

His SSRN page is here.   His recent publications include:

Omer Tene, Systematic Government Access to Private-Sector Data in Israel, __ International Data Privacy Law __ (forthcoming 2012).

Omer Tene & Jules Polonetsky, Privacy in the Age of Big Data: A Time for Big Decisions, 64 Stan. L. Rev. Online 63 (2012).

Omer Tene, Me, Myself and I: Aggregated and Disaggregated Identities on Social Networking Services, __ J. Int’l Comm. L. & Tech. __ (forthcoming Fall 2012)

Omer Tene & Jules Polonetsky, To Track or ‘Do Not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising, 13 Minn. J. L. Sci. & Tech. 281 (2012).

1

New Titles from NYU Press

Here are some recent titles from NYU Press:

Killing McVeigh: The Death Penalty and the Myth of Closure
Jody Lynee Madeira

 
Life without Parole: America’s New Death Penalty?
Edited by Charles J. Ogletree, Jr. and Austin Sarat

 

Run for the Border: Vice and Virtue in U.S.-Mexico Border Crossings
Steven W. Bender

 

At Liberty to Die: The Battle for Death with Dignity in America
Howard Ball

 

Not Guilty: Are the Innocent Acquitted?
Daniel Givelber and Amy Farrell

 

The Right to Be Parents: LGBT Families and the Transformation of Parenthood
Carlos A. Ball

 

Papa’s Baby: Paternity and Artificial Insemination
Browne C. Lewis

 

Please check out the above books. You can propose a review of one of these books or another recent title not on the list. We’re aiming for reviews between 500 – 2000 words, ideally about 1000 words. Please email your proposals to me.

0

Introducing Guest Blogger Nicole Huberfeld

I am delighted to welcome Professor Nicole Huberfeld who will be blogging with us this month.

Nicole Huberfeld is in the process of being promoted to Professor of Law at the University of Kentucky College of Law and is a Bioethics Associate at the University of Kentucky College of Medicine. Nicole teaches structural constitutional law and a variety of healthcare law courses. Her scholarship focuses on the cross-section of constitutional law and federal healthcare programs with a particular interest in federalism and Spending Clause jurisprudence. Her latest article, Post-Reform Medicaid before the Court: Discordant Advocacy Reflects Conflicting Attitudes, is forthcoming in the Annals of Health Law. She also recently published Federalizing Medicaid in the University of Pennsylvania Journal of Constitutional Law and a book review of The Politics of Medicaid with the Journal of Legal Medicine. She was the recipient of the Duncan Teaching Award, a nominee for the University of Kentucky Great Teacher Award, and a nominee for the ALI Young Scholars Medal. Previously, she was the Health Law Faculty Fellow at Seton Hall Law School. While at Seton Hall, she created and was Director of the Health Care Compliance Certification Program, which educates compliance officers of pharmaceutical and medical device companies in corporate and healthcare compliance. Prior to academic life, she practiced regulatory and transactional healthcare law in New York and New Jersey.

Nicole’s recent works include:

Post-Reform Medicaid before the Court: Tension between Reinvention and Path Dependence (forthcoming symposium issue, Annals Health L.)

Challenging the Stakeholders: A Review of Laura Katz Olson, The Politics Of Medicaid (forthcoming, J. Legal Med.)

Federalizing Medicaid, 14 U. Pa. J. Const. L. ___ (2011)

Conditional Spending and Compulsory Maternity, 2010 U. Ill. L. Rev. 751

Bizarre Love Triangle: The Spending Clause, Section 1983, and Medicaid Entitlements, 42 U.C. Davis L. Rev. 413 (2008)

Clear Notice for Conditions on Spending, Unclear Implications for States in Federal Healthcare Programs, 86 N.C. L. Rev. 441 (2008)

You can find Nicole’s SSRN author page here.

2

Ravi Sentenced in Tyler Clementi Case

Dharun Ravi was sentenced today for his violations of Tyler  Clementi’s privacy.  From Yahoo:

A New Jersey judge sentenced a former Rutgers student to 30 days in jail for using a webcam to spy on his roommate kissing another man.

Dharun Ravi, 20, was convicted on two second-degree bias intimidation charges in a case that garnered national headlines because his roommate, Tyler Clementi, committed suicide after the spying.

Clementi, 18, jumped from the George Washington Bridge three days after learning that a September 2010 encounter with an older man was seen by a computer-mounted camera Ravi had set up in their dorm room. The case highlighted the issues of gay bullying and teen suicide.

The judge also placed three years of probation. Rave faced a maximum sentence of 10 years in prison. The judge spared the prison time and did not recommend Ravi be deported to India, where he was born and remains a citizen. Ravi was also ordered to get counseling and to pay $10,000 towards a program to help victims of bias crimes.

Update: Just after I posted this, I saw that Danielle Citron got to this first.  Check out her post here.

2

Harvard Law Review Symposium on Privacy and Technology: Call for Papers

The Harvard Law Review is hosting a Symposium this November on the topic of Privacy & Technology.  The Law Review is currently accepting abstracts for papers to be considered for publication in the Symposium Issue.  To be considered for publication, please send an abstract of no more than 750 words to HLRsymposium2012@gmail.com by June 15.  Space in the issue is limited and papers will be selected on a rolling basis, so early submission is recommended.  We strongly prefer abstracts for shorter essays that can be executed in fewer than 12,500 words (about 25 law review pages).

The following proposal gives a taste of what kinds of inquiries we are interested in. We are most interested in papers that challenge old concepts and categories and propose new ones that could potentially drive the development of privacy law in the following decades.

Today, we are witnessing astounding new technologies that efficiently gather, use, and analyze massive amounts of data.  These changes have created a set of profound challenges for regulating privacy, as existing regulatory approaches are straining to keep up with rapid technological advances.  The regulatory ideas and frameworks over the past few decades have failed to adequately respond to the constantly shifting technological landscape. Policymakers—among many different stakeholders—recognize that a new direction is needed for privacy law, but there remains much to be resolved about what direction it should head.  Moreover, deep divides have emerged in how different societies regulate privacy despite the increased need for governments and businesses to share information across borders.  These changes present challenges for the core conceptual underpinnings of privacy itself.  We thus stand at a crossroads about how to regulate privacy and even how to think about privacy.  The road forward will require a deep re-imagining of privacy in both theory and practice.

Read More

1

BRIGHT IDEAS: Q&A with Bruce Schneier about Liars and Outliers

Bruce Schneier has recently published a new book, Liars and Outliers: Enabling the Trust that Society Needs to Thrive (Wiley 2012).  Bruce is a renowned security expert, having written several great and influential books including Secrets and Lies and Beyond Fear.

Liars and Outliers is a fantastic book, and a very ambitious one — an attempt to conceptualize trust and security.  The book is filled with great insights, and is a true achievement. And it’s a fun read too.  I recently conducted a brief interview with Bruce about the book:

Q (Solove): What is the key idea of your book?

A (Schneier): Liars and Outliers is about trust in society, and how we induce it. Society requires trust to function; without it, society collapses. In order for people to have that trust, other people must be trustworthy. Basically, they have to conform to the social norms; they have to cooperate. However, within any cooperative system there is an alternative defection strategy, called defection: to be a parasite and take advantage of others’ cooperation.

Too many parasites can kill the cooperative system, so it is vital for society to keep defectors down to a minimum. Society has a variety of mechanisms to do this. It all sounds theoretical, but this model applies to terrorism, the financial crisis of 2008, Internet crime, the Mafia code of silence, market regulation…everything involving people, really.

Understanding the processes by which society induces trust, and how those processes fail, is essential to solving the major social and political problems of today. And that’s what the book is about. If I could tie policymakers to a chair and make them read my book, I would.

Okay, maybe I wouldn’t.

Q: What are a few of the conclusions from Liars and Outliers that you believe are the most important and/or provocative?

A: That 100% cooperation in society is impossible; there will always be defectors. Moreover, that more security isn’t always worth it. There are diminishing returns — spending twice as much on security doesn’t halve the risk — and the more security you have, the more innocents it accidentally ensnares. Also, society needs to trust those we entrust with enforcing trust; and the more power they have, the more easily they can abuse it. No one wants to live in a totalitarian society, even if it means there is no street crime.

More importantly, defectors — those who break social norms — are not always in the wrong. Sometimes they’re morally right, only it takes a generation before people realize it. Defectors are the vanguards of social change, and a society with too much security and too much cooperation is a stagnant one.

Read More

3

Ravi Trial Verdict for Invading the Privacy of Clementi

Dharun Ravi was found guilty of invasion of privacy when he used a webcam to watch and broadcast online Clementi’s intimate activities with another man in their shared dorm room.  From CNN:

A former Rutgers University student accused of spying on and intimidating his gay roommate by use of a hidden webcam was found guilty on all counts, including invasion of privacy and the more severe charges of bias intimidation, in a case that thrust cyberbullying into the national spotlight.

Dharun Ravi, 20, could now face up to 10 years in jail and deportation to his native India. He was also found guilty of witness tampering, hindering apprehension and tampering of physical evidence.

The jury was confronted with a series of questions on each charge. Though it found Ravi not guilty on several questions within the verdict sheet, because he was found guilty on at least one question on each main count, he could now face the maximum penalty.

From ABC News:

A New Jersey jury today found former Rutgers student Dharun Ravi guilty on all counts for using a webcam to spy on his roommate, Tyler Clementi, having a gay sexual encounter in 2010.

Ravi, 20, was convicted of invasion of privacy, bias intimidation, witness tampering and hindering arrest, stemming from his role in activating the webcam to peek at Clementi’s date with a man in the dorm room on Sept. 19, 2010. Ravi was also convicted of encouraging others to spy during a second date, on Sept. 21, 2010, and intimidating Clementi for being gay.

Ravi was found not guilty of some subparts of the 15 counts of bias intimidation, attempted invasion of privacy, and attempted bias intimidation, but needed only to be found guilty of one part of each count to be convicted.

I blogged about this case here and here and here.

Here is New Jersey’s invasion of privacy statute:

Read More

2

The Potentially Profound Implications of United States v. Jones

I must respectfully disagree with a recent post by Renee Hutchins on our blog about the recent U.S. Supreme Court case, United States v. Jones.    She concludes:

With full knowledge of this history, the Jones decision should give us pause. It is widely believed that the test the court enunciated nearly a half-century ago better protects the privacy interest of citizens in the face of advancing technology. By reverting to the language of trespass, the court this week took a step back when it could have taken a bold step forward. Moreover, by failing to engage the admittedly “thorny” question of whether the monitoring of the GPS device alone violated Mr. Jones’ constitutional rights, the court missed a momentous opportunity to speak clearly in a brave new world.

Although it is true that the majority opinion is narrow, the concurring opinions indicate five votes for a broader more progressive view of the Fourth Amendment, one which breaks from some of the Court’s antiquated notions of privacy. When I read Jones, I see cause for celebration rather than disappointment.

I have long argued that the Court has failed to understand that aggregated pieces of information can together upend expectations of privacy. See Privacy and Power 1434-35 (2001), The Digital Person 44-47 (2004), Understanding Privacy 117-21 (2008).  I have also critiqued what I call the “secrecy paradigm” where the Court has held that privacy is only invaded by revealing previously concealed information.  See The Digital Person 42-44 (2004), Understanding Privacy 106-12 (2008).  I have argued that privacy can be invaded even by public surveillance.  More recently, in Nothing to Hide 178 (2011), I argued:

The problem with the secrecy paradigm is that we do expect some degree of privacy in public.  We don’t expect total secrecy, but we also don’t expect somebody to be recording everything we do. Most of the time, when we’re out and about, nobody’s paying any special attention to us. We do many private things in public, such as buy medications and hygiene products in drug stores and browse books and magazines in bookstores. We expect a kind of practical obscurity—to be just another face in the crowd.

In Justice Alito’s concurring opinion, he seemingly recognizes both of the concept of aggregation and the fact that the extent of the surveillance matter more than merely whether it occurs in public or private:

Under this approach, relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable.  But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.  For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.

Justice Sotomayor discusses this passage with approval in her concurrence, indicating five votes for this view.  Indeed, she would go even further than Justice Alito.

I see profound implications in Jones for the future direction of the Fourth Amendment and privacy law more generally.  I explain this in detail in a recent essay, United States v. Jones and the Future of Privacy Law: The Potential Far-Reaching Implications of the GPS Surveillance Case, Bloomberg BNA Privacy & Security Law Report (Jan. 30, 2012).  From the essay:

The more contextual and open-ended view of privacy articulated by Justice Alito has five votes on the Court.  This is a sophisticated view of privacy, one that departs from the antiquated notions the Court has often clung to.  If this view works its way through Fourth Amendment law, the implications could be quite profound.  So many of the Court’s rationales under the reasonable expectation of privacy test fail to comprehend how technology changes the dynamic of information gathering, making it ruthlessly efficient and making surveillance pervasive and more penetrating.  We might be seeing the stirrings of a more modern Fourth Amendment jurisprudence, one that no longer seems impervious to technological development.

I continue:

Read More