Site Meter

Author: Daniel Solove

2

Ravi Sentenced in Tyler Clementi Case

Dharun Ravi was sentenced today for his violations of Tyler  Clementi’s privacy.  From Yahoo:

A New Jersey judge sentenced a former Rutgers student to 30 days in jail for using a webcam to spy on his roommate kissing another man.

Dharun Ravi, 20, was convicted on two second-degree bias intimidation charges in a case that garnered national headlines because his roommate, Tyler Clementi, committed suicide after the spying.

Clementi, 18, jumped from the George Washington Bridge three days after learning that a September 2010 encounter with an older man was seen by a computer-mounted camera Ravi had set up in their dorm room. The case highlighted the issues of gay bullying and teen suicide.

The judge also placed three years of probation. Rave faced a maximum sentence of 10 years in prison. The judge spared the prison time and did not recommend Ravi be deported to India, where he was born and remains a citizen. Ravi was also ordered to get counseling and to pay $10,000 towards a program to help victims of bias crimes.

Update: Just after I posted this, I saw that Danielle Citron got to this first.  Check out her post here.

2

Harvard Law Review Symposium on Privacy and Technology: Call for Papers

The Harvard Law Review is hosting a Symposium this November on the topic of Privacy & Technology.  The Law Review is currently accepting abstracts for papers to be considered for publication in the Symposium Issue.  To be considered for publication, please send an abstract of no more than 750 words to HLRsymposium2012@gmail.com by June 15.  Space in the issue is limited and papers will be selected on a rolling basis, so early submission is recommended.  We strongly prefer abstracts for shorter essays that can be executed in fewer than 12,500 words (about 25 law review pages).

The following proposal gives a taste of what kinds of inquiries we are interested in. We are most interested in papers that challenge old concepts and categories and propose new ones that could potentially drive the development of privacy law in the following decades.

Today, we are witnessing astounding new technologies that efficiently gather, use, and analyze massive amounts of data.  These changes have created a set of profound challenges for regulating privacy, as existing regulatory approaches are straining to keep up with rapid technological advances.  The regulatory ideas and frameworks over the past few decades have failed to adequately respond to the constantly shifting technological landscape. Policymakers—among many different stakeholders—recognize that a new direction is needed for privacy law, but there remains much to be resolved about what direction it should head.  Moreover, deep divides have emerged in how different societies regulate privacy despite the increased need for governments and businesses to share information across borders.  These changes present challenges for the core conceptual underpinnings of privacy itself.  We thus stand at a crossroads about how to regulate privacy and even how to think about privacy.  The road forward will require a deep re-imagining of privacy in both theory and practice.

Read More

1

BRIGHT IDEAS: Q&A with Bruce Schneier about Liars and Outliers

Bruce Schneier has recently published a new book, Liars and Outliers: Enabling the Trust that Society Needs to Thrive (Wiley 2012).  Bruce is a renowned security expert, having written several great and influential books including Secrets and Lies and Beyond Fear.

Liars and Outliers is a fantastic book, and a very ambitious one — an attempt to conceptualize trust and security.  The book is filled with great insights, and is a true achievement. And it’s a fun read too.  I recently conducted a brief interview with Bruce about the book:

Q (Solove): What is the key idea of your book?

A (Schneier): Liars and Outliers is about trust in society, and how we induce it. Society requires trust to function; without it, society collapses. In order for people to have that trust, other people must be trustworthy. Basically, they have to conform to the social norms; they have to cooperate. However, within any cooperative system there is an alternative defection strategy, called defection: to be a parasite and take advantage of others’ cooperation.

Too many parasites can kill the cooperative system, so it is vital for society to keep defectors down to a minimum. Society has a variety of mechanisms to do this. It all sounds theoretical, but this model applies to terrorism, the financial crisis of 2008, Internet crime, the Mafia code of silence, market regulation…everything involving people, really.

Understanding the processes by which society induces trust, and how those processes fail, is essential to solving the major social and political problems of today. And that’s what the book is about. If I could tie policymakers to a chair and make them read my book, I would.

Okay, maybe I wouldn’t.

Q: What are a few of the conclusions from Liars and Outliers that you believe are the most important and/or provocative?

A: That 100% cooperation in society is impossible; there will always be defectors. Moreover, that more security isn’t always worth it. There are diminishing returns — spending twice as much on security doesn’t halve the risk — and the more security you have, the more innocents it accidentally ensnares. Also, society needs to trust those we entrust with enforcing trust; and the more power they have, the more easily they can abuse it. No one wants to live in a totalitarian society, even if it means there is no street crime.

More importantly, defectors — those who break social norms — are not always in the wrong. Sometimes they’re morally right, only it takes a generation before people realize it. Defectors are the vanguards of social change, and a society with too much security and too much cooperation is a stagnant one.

Read More

3

Ravi Trial Verdict for Invading the Privacy of Clementi

Dharun Ravi was found guilty of invasion of privacy when he used a webcam to watch and broadcast online Clementi’s intimate activities with another man in their shared dorm room.  From CNN:

A former Rutgers University student accused of spying on and intimidating his gay roommate by use of a hidden webcam was found guilty on all counts, including invasion of privacy and the more severe charges of bias intimidation, in a case that thrust cyberbullying into the national spotlight.

Dharun Ravi, 20, could now face up to 10 years in jail and deportation to his native India. He was also found guilty of witness tampering, hindering apprehension and tampering of physical evidence.

The jury was confronted with a series of questions on each charge. Though it found Ravi not guilty on several questions within the verdict sheet, because he was found guilty on at least one question on each main count, he could now face the maximum penalty.

From ABC News:

A New Jersey jury today found former Rutgers student Dharun Ravi guilty on all counts for using a webcam to spy on his roommate, Tyler Clementi, having a gay sexual encounter in 2010.

Ravi, 20, was convicted of invasion of privacy, bias intimidation, witness tampering and hindering arrest, stemming from his role in activating the webcam to peek at Clementi’s date with a man in the dorm room on Sept. 19, 2010. Ravi was also convicted of encouraging others to spy during a second date, on Sept. 21, 2010, and intimidating Clementi for being gay.

Ravi was found not guilty of some subparts of the 15 counts of bias intimidation, attempted invasion of privacy, and attempted bias intimidation, but needed only to be found guilty of one part of each count to be convicted.

I blogged about this case here and here and here.

Here is New Jersey’s invasion of privacy statute:

Read More

2

The Potentially Profound Implications of United States v. Jones

I must respectfully disagree with a recent post by Renee Hutchins on our blog about the recent U.S. Supreme Court case, United States v. Jones.    She concludes:

With full knowledge of this history, the Jones decision should give us pause. It is widely believed that the test the court enunciated nearly a half-century ago better protects the privacy interest of citizens in the face of advancing technology. By reverting to the language of trespass, the court this week took a step back when it could have taken a bold step forward. Moreover, by failing to engage the admittedly “thorny” question of whether the monitoring of the GPS device alone violated Mr. Jones’ constitutional rights, the court missed a momentous opportunity to speak clearly in a brave new world.

Although it is true that the majority opinion is narrow, the concurring opinions indicate five votes for a broader more progressive view of the Fourth Amendment, one which breaks from some of the Court’s antiquated notions of privacy. When I read Jones, I see cause for celebration rather than disappointment.

I have long argued that the Court has failed to understand that aggregated pieces of information can together upend expectations of privacy. See Privacy and Power 1434-35 (2001), The Digital Person 44-47 (2004), Understanding Privacy 117-21 (2008).  I have also critiqued what I call the “secrecy paradigm” where the Court has held that privacy is only invaded by revealing previously concealed information.  See The Digital Person 42-44 (2004), Understanding Privacy 106-12 (2008).  I have argued that privacy can be invaded even by public surveillance.  More recently, in Nothing to Hide 178 (2011), I argued:

The problem with the secrecy paradigm is that we do expect some degree of privacy in public.  We don’t expect total secrecy, but we also don’t expect somebody to be recording everything we do. Most of the time, when we’re out and about, nobody’s paying any special attention to us. We do many private things in public, such as buy medications and hygiene products in drug stores and browse books and magazines in bookstores. We expect a kind of practical obscurity—to be just another face in the crowd.

In Justice Alito’s concurring opinion, he seemingly recognizes both of the concept of aggregation and the fact that the extent of the surveillance matter more than merely whether it occurs in public or private:

Under this approach, relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable.  But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.  For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.

Justice Sotomayor discusses this passage with approval in her concurrence, indicating five votes for this view.  Indeed, she would go even further than Justice Alito.

I see profound implications in Jones for the future direction of the Fourth Amendment and privacy law more generally.  I explain this in detail in a recent essay, United States v. Jones and the Future of Privacy Law: The Potential Far-Reaching Implications of the GPS Surveillance Case, Bloomberg BNA Privacy & Security Law Report (Jan. 30, 2012).  From the essay:

The more contextual and open-ended view of privacy articulated by Justice Alito has five votes on the Court.  This is a sophisticated view of privacy, one that departs from the antiquated notions the Court has often clung to.  If this view works its way through Fourth Amendment law, the implications could be quite profound.  So many of the Court’s rationales under the reasonable expectation of privacy test fail to comprehend how technology changes the dynamic of information gathering, making it ruthlessly efficient and making surveillance pervasive and more penetrating.  We might be seeing the stirrings of a more modern Fourth Amendment jurisprudence, one that no longer seems impervious to technological development.

I continue:

Read More

0

Privacy Torts in Canada and the International Convergence of Privacy Law

Over at the HL Chronicle of Data Protection, I have a post entitled Privacy Torts in Canada and the International Convergence of Privacy Law. The post discusses a recent privacy tort case from Ontario, Canada that recognizes the Warren and Brandeis’ privacy tort of intrusion upon seclusion.  From the post:

The recognition of the US privacy torts by a Canadian court is further demonstration of a general trend – the convergence of privacy law across countries around the world.  Although profound differences in the law remain between countries, there has also been significant convergence.

Read the rest of the post over at HL Chronicle.

2

The Demi Moore 911 Call: A Breach of Medical Confidentiality?

I’ve written before on the issue of whether 911 calls should be public.  The recent release of the Demi Moore 911 call raises the issues once again.  From CBS News:

The tape of the frantic 911 call from actress Demi Moore’s Beverly Hills home Monday night is out and, reports CBS News national correspondent Lee Cowan, the scene sounds a lot more dire than her publicist had let on.

After Moore was rushed to the hospital, a statement said she ‘d be seeking professional help for exhaustion and her overall health.

“The 911 tape really indicates that this is a much more serious situation than we were first led to believe,” says US Weekly’s Melanie Bromley. “We’ve been told it’s exhaustion that she’s suffering from, but you can tell from the tape that there’s a very desperate situation there. She’s having convulsions and she’s almost losing consciousness. It’s a very scary tape to listen to.”

Why is this public?   Many 911 calls, like the one with Demi Moore, involve requests for medical treatment.  Typically, whenever any doctor, nurse, or healthcare professional learns information about a person, it is stringently protected.  A healthcare provider who breaches medical confidentiality can face ethical charges as well as legal liability for the breach of confidentiality tort.  In addition, there may be HIPAA violations of the healthcare provider is HIPAA-regulated.  911 call centers are not HIPAA-regulated, but the operators are in a special position of trust and are often providing healthcare advice (and calling for healthcare services such as ambulances).  If the call from Demi Moore’s home had been to a hospital or a doctor or any other type of healhcare provider, public disclosure of the call would be forbidden.  Why isn’t a 911 call seen in the same light?

As I pointed out in my earlier post about the issue, I believe the release of 911 call transcripts to the public violates the constitutional right to information privacy.  The cases generally recognize strong privacy rights whenever health information is involved.  States with laws, policies, or practices that infringe upon the constitutional right to information privacy might be liable in a Section 1983 suit.  I have not seen one yet, but it is about time something sparks states to rethink their policies about making the calls public.

The rationale for making the calls public is to provide transparency about the responsiveness of 911 call centers.  But this can be done in other ways without violating the privacy of individuals.  The main use of the Demi Moore call being public is to serve as grist for the media to learn about her problems.  This doesn’t make the 911 system safer or better; it just makes the tabloids sell faster.

3

United States v. Jones — The Fourth Amendment and GPS Surveillance

The U.S. Supreme Court has decided United States v. Jones, concluding that when the government installs a GPS surveillance device on a car, it is a Fourth Amendment search.  The majority uses a property-based rationale and the concurring opinion (Alito, Ginsburg, Breyer, and Kagan) uses a privacy-based rationale.   More thoughts and analysis to come later.

I also want to congratulate my colleague Orin Kerr, who is cited in both the majority opinion and in a concurring opinion for his article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution, 102 Mich. L. Rev. 801 (2004).  The majority opinion relies heavily on Orin’s theory of the Fourth Amendment and property that he sets forth in the first part of his article.

0

The Intersection of Privacy and Security: Data Privacy Day Event at GW Law School

The National Cyber Security Alliance Presents:

Data Privacy Day 2012

The Intersection of Privacy & Security

Featuring: The Honorable Julie Brill
Commissioner, Federal Trade Commission

Data Privacy Day Logo

 Event Sponsored by:

Sponsor Logos

Thursday, January 26, 2012 | 9:00am – 11:45amGeorge Washington Law School – Moot Court Room
2000 H Street, NW • Washington, DC 20052

 


The convergence of privacy and security: how do we overcome the conflict that seems to be inherent between the two? Is it a philosophical impossibility or an aspiration to be achieved?

Data security, according to common definition is the “confidentiality, integrity and availability” of data. It is the practice of ensuring that the data being stored is safe from unauthorized access and use, ensuring that the data is reliable and accurate and that is available for use when it is needed. Privacy on the other hand, is the appropriate use of data.

Our panel will consider the implications of how privacy and security are two sides of the same coin and what companies can and should do to ensure privacy and security are protected while allowing innovation to flourish.


Agenda

9:00 Registration
9:30 Welcome

  • Michael Kaiser
    Executive Director, National Cyber Security Alliance
  • Dan Solove
    John Marshall Harlan Research Professor of Law, The George Washington University School of Law
  • Paul Schiff Berman
    Dean and Robert Kramer Research Professor of Law, The George Washington University School of Law

9:40 Keynote

The Honorable Julie Brill
Commissioner, Federal Trade Commission

10:10 Panel Discussion

Reflections & Aspirations: The Past, The Present & The Future

Moderator
Christopher Wolf
Founder & Co-Chair, Future of Privacy Forum and Partner, Hogan Lovells US LLP

Panelists

  • David Hoffman
    Director of Security Policy and Global Privacy Officer, Intel
  • Gerard Lewis
    Vice President, Deputy General Counsel & Chief Privacy Officer, Comcast Cable
  • Ari Schwartz
    Senior Internet Policy Advisor, Office of the Secretary, U.S. Department of Commerce

10:50 Panel Discussion

Privacy & Security: Best Practices in Action

Moderator
Christopher Wolf
Co-Chair & Founder, Future of Privacy Forum and Partner, Hogan Lovells US LLP

Panelists

  • Rick Buck
    Head of Privacy GSI, eBay
  • Erin Egan
    Chief Privacy Officer, Policy, Facebook
  • JoAnn C. Stonier
    Global Privacy & Data Protection Officer, MasterCard Worldwide
  • Bob Quinn
    Senior Vice President-Federal Regulatory & Chief Privacy Officer, AT&T

 

 

 

 


 

0

More on the Student Data Grab

Here’s another piece critiquing the Education Department’s student data grab.   I am a bit dismayed that this story has barely received coverage from the mainstream media or much general concern by the public.  Many privacy advocacy organizations have been very quiet about it.  I think that these developments are quite troublesome — they are a George W. Bush-esque endeavor, but this time, the reaction is largely ho-hum.  It shouldn’t be.