Author: Daniel Solove

2

The Potentially Profound Implications of United States v. Jones

I must respectfully disagree with a recent post by Renee Hutchins on our blog about the recent U.S. Supreme Court case, United States v. Jones.    She concludes:

With full knowledge of this history, the Jones decision should give us pause. It is widely believed that the test the court enunciated nearly a half-century ago better protects the privacy interest of citizens in the face of advancing technology. By reverting to the language of trespass, the court this week took a step back when it could have taken a bold step forward. Moreover, by failing to engage the admittedly “thorny” question of whether the monitoring of the GPS device alone violated Mr. Jones’ constitutional rights, the court missed a momentous opportunity to speak clearly in a brave new world.

Although it is true that the majority opinion is narrow, the concurring opinions indicate five votes for a broader more progressive view of the Fourth Amendment, one which breaks from some of the Court’s antiquated notions of privacy. When I read Jones, I see cause for celebration rather than disappointment.

I have long argued that the Court has failed to understand that aggregated pieces of information can together upend expectations of privacy. See Privacy and Power 1434-35 (2001), The Digital Person 44-47 (2004), Understanding Privacy 117-21 (2008).  I have also critiqued what I call the “secrecy paradigm” where the Court has held that privacy is only invaded by revealing previously concealed information.  See The Digital Person 42-44 (2004), Understanding Privacy 106-12 (2008).  I have argued that privacy can be invaded even by public surveillance.  More recently, in Nothing to Hide 178 (2011), I argued:

The problem with the secrecy paradigm is that we do expect some degree of privacy in public.  We don’t expect total secrecy, but we also don’t expect somebody to be recording everything we do. Most of the time, when we’re out and about, nobody’s paying any special attention to us. We do many private things in public, such as buy medications and hygiene products in drug stores and browse books and magazines in bookstores. We expect a kind of practical obscurity—to be just another face in the crowd.

In Justice Alito’s concurring opinion, he seemingly recognizes both of the concept of aggregation and the fact that the extent of the surveillance matter more than merely whether it occurs in public or private:

Under this approach, relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable.  But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.  For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.

Justice Sotomayor discusses this passage with approval in her concurrence, indicating five votes for this view.  Indeed, she would go even further than Justice Alito.

I see profound implications in Jones for the future direction of the Fourth Amendment and privacy law more generally.  I explain this in detail in a recent essay, United States v. Jones and the Future of Privacy Law: The Potential Far-Reaching Implications of the GPS Surveillance Case, Bloomberg BNA Privacy & Security Law Report (Jan. 30, 2012).  From the essay:

The more contextual and open-ended view of privacy articulated by Justice Alito has five votes on the Court.  This is a sophisticated view of privacy, one that departs from the antiquated notions the Court has often clung to.  If this view works its way through Fourth Amendment law, the implications could be quite profound.  So many of the Court’s rationales under the reasonable expectation of privacy test fail to comprehend how technology changes the dynamic of information gathering, making it ruthlessly efficient and making surveillance pervasive and more penetrating.  We might be seeing the stirrings of a more modern Fourth Amendment jurisprudence, one that no longer seems impervious to technological development.

I continue:

Read More

0

Privacy Torts in Canada and the International Convergence of Privacy Law

Over at the HL Chronicle of Data Protection, I have a post entitled Privacy Torts in Canada and the International Convergence of Privacy Law. The post discusses a recent privacy tort case from Ontario, Canada that recognizes the Warren and Brandeis’ privacy tort of intrusion upon seclusion.  From the post:

The recognition of the US privacy torts by a Canadian court is further demonstration of a general trend – the convergence of privacy law across countries around the world.  Although profound differences in the law remain between countries, there has also been significant convergence.

Read the rest of the post over at HL Chronicle.

2

The Demi Moore 911 Call: A Breach of Medical Confidentiality?

I’ve written before on the issue of whether 911 calls should be public.  The recent release of the Demi Moore 911 call raises the issues once again.  From CBS News:

The tape of the frantic 911 call from actress Demi Moore’s Beverly Hills home Monday night is out and, reports CBS News national correspondent Lee Cowan, the scene sounds a lot more dire than her publicist had let on.

After Moore was rushed to the hospital, a statement said she ‘d be seeking professional help for exhaustion and her overall health.

“The 911 tape really indicates that this is a much more serious situation than we were first led to believe,” says US Weekly’s Melanie Bromley. “We’ve been told it’s exhaustion that she’s suffering from, but you can tell from the tape that there’s a very desperate situation there. She’s having convulsions and she’s almost losing consciousness. It’s a very scary tape to listen to.”

Why is this public?   Many 911 calls, like the one with Demi Moore, involve requests for medical treatment.  Typically, whenever any doctor, nurse, or healthcare professional learns information about a person, it is stringently protected.  A healthcare provider who breaches medical confidentiality can face ethical charges as well as legal liability for the breach of confidentiality tort.  In addition, there may be HIPAA violations of the healthcare provider is HIPAA-regulated.  911 call centers are not HIPAA-regulated, but the operators are in a special position of trust and are often providing healthcare advice (and calling for healthcare services such as ambulances).  If the call from Demi Moore’s home had been to a hospital or a doctor or any other type of healhcare provider, public disclosure of the call would be forbidden.  Why isn’t a 911 call seen in the same light?

As I pointed out in my earlier post about the issue, I believe the release of 911 call transcripts to the public violates the constitutional right to information privacy.  The cases generally recognize strong privacy rights whenever health information is involved.  States with laws, policies, or practices that infringe upon the constitutional right to information privacy might be liable in a Section 1983 suit.  I have not seen one yet, but it is about time something sparks states to rethink their policies about making the calls public.

The rationale for making the calls public is to provide transparency about the responsiveness of 911 call centers.  But this can be done in other ways without violating the privacy of individuals.  The main use of the Demi Moore call being public is to serve as grist for the media to learn about her problems.  This doesn’t make the 911 system safer or better; it just makes the tabloids sell faster.

3

United States v. Jones — The Fourth Amendment and GPS Surveillance

The U.S. Supreme Court has decided United States v. Jones, concluding that when the government installs a GPS surveillance device on a car, it is a Fourth Amendment search.  The majority uses a property-based rationale and the concurring opinion (Alito, Ginsburg, Breyer, and Kagan) uses a privacy-based rationale.   More thoughts and analysis to come later.

I also want to congratulate my colleague Orin Kerr, who is cited in both the majority opinion and in a concurring opinion for his article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution, 102 Mich. L. Rev. 801 (2004).  The majority opinion relies heavily on Orin’s theory of the Fourth Amendment and property that he sets forth in the first part of his article.

0

The Intersection of Privacy and Security: Data Privacy Day Event at GW Law School

The National Cyber Security Alliance Presents:

Data Privacy Day 2012

The Intersection of Privacy & Security

Featuring: The Honorable Julie Brill
Commissioner, Federal Trade Commission

Data Privacy Day Logo

 Event Sponsored by:

Sponsor Logos

Thursday, January 26, 2012 | 9:00am – 11:45amGeorge Washington Law School – Moot Court Room
2000 H Street, NW • Washington, DC 20052

 


The convergence of privacy and security: how do we overcome the conflict that seems to be inherent between the two? Is it a philosophical impossibility or an aspiration to be achieved?

Data security, according to common definition is the “confidentiality, integrity and availability” of data. It is the practice of ensuring that the data being stored is safe from unauthorized access and use, ensuring that the data is reliable and accurate and that is available for use when it is needed. Privacy on the other hand, is the appropriate use of data.

Our panel will consider the implications of how privacy and security are two sides of the same coin and what companies can and should do to ensure privacy and security are protected while allowing innovation to flourish.


Agenda

9:00 Registration
9:30 Welcome

  • Michael Kaiser
    Executive Director, National Cyber Security Alliance
  • Dan Solove
    John Marshall Harlan Research Professor of Law, The George Washington University School of Law
  • Paul Schiff Berman
    Dean and Robert Kramer Research Professor of Law, The George Washington University School of Law

9:40 Keynote

The Honorable Julie Brill
Commissioner, Federal Trade Commission

10:10 Panel Discussion

Reflections & Aspirations: The Past, The Present & The Future

Moderator
Christopher Wolf
Founder & Co-Chair, Future of Privacy Forum and Partner, Hogan Lovells US LLP

Panelists

  • David Hoffman
    Director of Security Policy and Global Privacy Officer, Intel
  • Gerard Lewis
    Vice President, Deputy General Counsel & Chief Privacy Officer, Comcast Cable
  • Ari Schwartz
    Senior Internet Policy Advisor, Office of the Secretary, U.S. Department of Commerce

10:50 Panel Discussion

Privacy & Security: Best Practices in Action

Moderator
Christopher Wolf
Co-Chair & Founder, Future of Privacy Forum and Partner, Hogan Lovells US LLP

Panelists

  • Rick Buck
    Head of Privacy GSI, eBay
  • Erin Egan
    Chief Privacy Officer, Policy, Facebook
  • JoAnn C. Stonier
    Global Privacy & Data Protection Officer, MasterCard Worldwide
  • Bob Quinn
    Senior Vice President-Federal Regulatory & Chief Privacy Officer, AT&T

 

 

 

 


 

0

More on the Student Data Grab

Here’s another piece critiquing the Education Department’s student data grab.   I am a bit dismayed that this story has barely received coverage from the mainstream media or much general concern by the public.  Many privacy advocacy organizations have been very quiet about it.  I think that these developments are quite troublesome — they are a George W. Bush-esque endeavor, but this time, the reaction is largely ho-hum.  It shouldn’t be.

0

Data Security in Healthcare: Some Startling Statistics

A new report by the Ponemon Institute reveals some startling statistics about data security in healthcare:

The frequency of data breaches among organizations in this study has increased 32 percent from the previous year.  In fact, 96 percent of all healthcare providers say they have had at least one data breach in the last two years. Most of these were due to employee mistakes and sloppiness—49 percent of respondents in this study cite lost or stolen computing devices and 41 percent note unintentional employee action. Another disturbing cause is third-party error, including business associates, according to 46 percent of participants.

There is a lot more alarming information in the report.

Self-interest alert: I provide privacy and data security programs to healthcare institutions.

0

Posting about Patients on Social Media Sites

An increasing problem is caused when medical personnel post details about patients on their social media websites.  From Daily News:

Providence Holy Cross Medical Center officials are investigating an employee who allegedly posted a patient’s medical information on his Facebook page, apparently to make fun of the woman and her medical condition.

According to a printout of the Facebook page obtained by the Daily News, the employee displayed a photo of a medical record listing the woman’s name and the date she was admitted, and posted the comment: “Funny but this patient came in to cure her VD and get birth control.”

Providence officials said the employee was provided by a staffing agency.

An interesting fact in this article is that most healthcare institutions lack policies for employee use of social media:

Only about a third of all hospitals are believed to have specific policies in place regarding patient information and social media sites, such as Facebook and Twitter, according to published reports.

I expect this to change in the next few years.

Hat Tip: Pogo Was Right

0

Who Owns Twitter Followers?

A bizarre lawsuit by a company claiming that it owns a former employee’s Twitter followers:

An Internet company has sued one of its former employees, saying the worker cost the company thousands of dollars in lost business when he took 17,000 Twitter followers with him when he left the firm.

PhoneDog LLC filed a lawsuit in July against Noah Kravitz, a writer who worked for the Mount Pleasant, S.C., company from 2006 until last year. Attorneys for the website, which reviews mobile devices like phones and tablets, said Kravitz owes them $340,000.

The company said when Kravitz resigned, he changed his Twitter name from PhoneDog_Noah to noahkravitz, and kept his 17,000 followers. The company said the followers should be treated like a customer list, and therefore PhoneDog’s property.

PhoneDog said Kravitz should pay $2.50 per follower per month for eight months, or a total of $340,000.

0

The Year in Privacy Books 2011

Here’s a list of notable privacy books published in 2011.

Previous lists:

Privacy Books 2010

Privacy Books 2009

Privacy Books 2008

 

Saul Levmore & Martha Nussbaum, eds., The Offensive Internet (Harvard 2011)

 

This is a great collection of essays about the clash of free speech and privacy online.  I have a book chapter in this volume along with Martha Nussbaum, Cass Sunstein, Brian Leiter, Danielle Citron, Frank Pasquale, Geoffrey Stone, and many others.

Daniel J. Solove, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011)

 

Nothing to Hide “succinctly and persuasively debunks the arguments that have contributed to privacy’s demise, including the canard that if you have nothing to hide, you have nothing to fear from surveillance. Privacy, he reminds us, is an essential aspect of human existence, and of a healthy liberal democracy—a right that protects the innocent, not just the guilty.” — David Cole, New York Review of Books

Jeff Jarvis, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live (Simon & Schuster 2011)

 

I strongly disagree with a lot of what Jarvis says, but the book is certainly provocative and engaging.

Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (IAPP 2011)

 

“A key resource for busy professional practitioners. Solove and Schwartz have succeeded in distilling the fundamentals of privacy law in a manner accessible to a broad audience.” – Jules Polonetsky, Future of Privacy Forum

Eli Pariser, The Filter Bubble (Penguin 2011)

 

An interesting critique of the personalization of the Internet.  We often don’t see the Internet directly, but through tinted goggles designed by others who determine what we want to see. 

Siva Vaidhyanathan, The Googlization of Everything (U. California 2011)

 

A vigorous critique of Google and other companies that shape the Internet.  With regard to privacy, Vaidhyanathan explains how social media and other companies encourage people’s sharing of information through their architecture — and often confound people in their ability to control their reputation.

Susan Landau, Surveillance or Security? The Risk Posed by New Wiretapping Technologies (MIT 2011)

 

A compelling argument for how designing technologies around surveillance capabilities will undermine rather than promote security.

 


Kevin Mitnick, Ghost in the Wires (Little Brown 2011)

 

A fascinating account of the exploits of Kevin Mitnick, the famous ex-hacker who inspired War Games.  His tales are quite engaging, and he demonstrates that hacking is often not just about technical wizardry but old-fashioned con-artistry.

Matt Ivester, lol . . . OMG! (CreateSpace 2011)

 

Ivester created Juicy Campus, the notorious college gossip website.  After the site’s demise, Ivester changed his views about online gossip, recognizing the problems with Juicy Campus and the harms it caused.  In this book, he offers thoughtful advice for students about what they post online.

Joseph Epstein, Gossip: The Untrivial Pursuit (Houghton Mifflin Harcourt 2011)

 

A short engaging book that is filled with interesting stories and quotes about gossip.  Highly literate, this book aims to expose gossip’s bad and good sides, and how new media are transforming gossip in troublesome ways.

Anita Allen, Unpopular Privacy (Oxford 2011)

 

My blurb: “We live in a world of increasing exposure, and privacy is increasingly imperiled by the torrent of information being released online. In this powerful book, Anita Allen examines when the law should mandate privacy and when it shouldn’t. With nuance and thoughtfulness, Allen bravely tackles some of the toughest questions about privacy law — those involving the appropriate level of legal paternalism. Unpopular Privacy is lively, engaging, and provocative. It is filled with vivid examples, complex and fascinating issues, and thought-provoking ideas.”

Frederick Lane, Cybertraps for the Young (NTI Upstream 2011)

 

A great overview of the various problems the Internet poses for children such as cyberbullying and sexting.  This book is a very accessible overview for parents.

Clare Sullivan, Digital Identity (University of Adelaide Press 2011)

 

Australian scholar Clare Sullivan explores the rise of “digital identity,” which is used for engaging in various transactions.  Instead of arguing against systematized identification, she sees the future as heading inevitably in that direction and proposes a robust set of rights individuals should have over such identities.  This is a thoughtful and pragmatic book, with a great discussion of Australian, UK, and EU law.