Home | About | RSS Feed | Contact and Publicity Guidelines | Comment Policy the Law, the Universe, and Everything 

Search


Concurring Opinions is a
general-interest legal blog
operated by Concurring
Opinions LLC, a Pennsylvania
Limited Liability Corporation.

jr_114_9780195367195_bnr

jr_114_9780195383768_bnr

advertise-here4


FC-CO(SS)

Our Podcast

Subscribe to Law Talk

law-rev-contents2.jpg


  • Posts by Author

  • Categories

  • Archives


  • Recent Comments

    • flood pictures on Public opinion on same-sex marriage

    • gtownstudent on And Justache For All at GW Law

    • AF on Ricci and Briscoe as Disparate Impact Cases

    • RJ on Ricci and Briscoe as Disparate Impact Cases

    • Maryland Conservatarian on Ricci: Color-Blind Standards in a Race Conscious Society?

    • Daniel S. Goldberg on Negligent Corpse Mishandling

    • PrometheeFeu on KSM on Trial

    • Tom S. on Negligent Corpse Mishandling

    • Deven on Ozymandias Lessons for Copyright

    • Lawrence Cunningham on Must Law Practice and Scholarship be Exciting?

    • Lawrence Cunningham on And Justache For All at GW Law

    • Joe on At CELS, Hoping to Blog

    • EJFer on And Justache For All at GW Law

    • RJ on Ricci and Briscoe as Disparate Impact Cases

    • A.J. Sutter on Ozymandias Lessons for Copyright

    •  

    Site Meter

Archive for the ‘Privacy (Consumer Privacy)’ Category

Consumer Attitudes on Privacy and Behavioral Marketing

posted by Daniel Solove

Joseph Turow, Chris Hoofnagle, Jennifer King, Amy Bleakley, and Michael Hennessy have just issued a very interesting consumer survey on privacy and behavioral marketing entitled, Americans Reject Tailored Advertising and Three Activities that Enable It.

Some of the survey’s findings:

* Even when they are told that the act of following them on websites will take place anonymously, Americans’ aversion to it remains: 68% “definitely” would not allow it, and 19% would “probably” not allow it. (p. 2)

* 69% of American adults feel there should be a law that gives people the right to know everything that a website knows about them. (p. 2)

* 92% agree there should be a law that requires “websites and advertising companies to delete all stored information about an individual, if requested to do so.” (p. 2)

* Signaling frustration over privacy issues, Americans are inclined toward strict punishment of information offenders. 70% suggest that a company should be fined more than the maximum amount suggested ($2,500) “if a company purchases or uses someone’s information illegally.” (p. 3)

* Our survey did find that younger American adults are less likely to say no to tailored advertising than are older ones. Still, more than half (55%) of 18- 24 year-olds do not want tailored advertising. And contrary to consistent assertions of marketers, young adults have as strong an aversion to being followed across websites and offline (for example, in stores) as do older adults. 86% of young adults say they don’t want tailored advertising if it is the result of following their behavior on websites other than one they are visiting, and 90% of them reject it if it is the result of following what they do offline. (p. 2)

These are just a few of the many findings in this fascinating survey.  The New York Times has coverage of the survey here.

  September 29, 2009 at 6:28 pm   Posted in: Privacy, Privacy (Consumer Privacy)  Print This Post Print This Post   No Comments

Tweeting for the Party

posted by Danielle Citron

120px-Twitter_Badge_1During the 2008 election, Democrats effectively used Web 2.0 platforms to garner interest in the campaign and win supporters.  President Obama has been widely hailed as the first “Tech President,” and he seems to have trounced the Facebook landscape.  To date, President Barack Obama has over 6.6 million Facebook friends, while Sarah Palin only has 848, 614 Facebook pals and Mitt Romney has 70, 130.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor now that they are in the minority.  AMERICAblogs’ John Aravosis worries that Democrats have ceded their online advantage.

No matter the current political victor in this social media landscape, Government 2.0 is here to stay.  It surely has great potential to shine light on government policymaking and to marshal public participation, especially from people who otherwise wouldn’t bother getting involved with government policymaking.  Adding the President as a friend on MySpace and joining live chats may seem to be a relatively costless endeavor as compared to writing letters or commenting on agency rulemakings.  But Government 2.0 also poses privacy risks: social media sites not only give government access to people’s policy insights but also access to all of individuals’ social media data, such as their videos, photos, walls musings, “Top 25 things you don’t know about me” lists, and the like.  Soon, I will be posting on SSRN a draft of my essay “The One-Way Mirror: Enhancing Participation and Securing Privacy for Government 2.0″ (forthcoming George Washington Law Review) and hope to get your feedback.

  September 28, 2009 at 12:11 pm   Posted in: Cyberlaw, Google & Search Engines, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Social Network Websites, Technology, Uncategorized  Print This Post Print This Post   No Comments

Burglars Like Facebook, Too

posted by Danielle Citron

111px-Digitale-crimiFacebook offers much to law enforcement, perhaps more than many might think.  Last week, a Pennsylvania man was arraigned for felony burglary, having allegedly broken into a woman’s home and stolen jewelry.  The defendant seemingly played a big role in ensuring his capture: he checked his Facebook page during the burglary.  The victim noticed that the defendant’s Facebook account appeared on her computer after the burglary.  No joke.  This takes harming oneself through social networking to a new level.

  September 22, 2009 at 11:53 am   Posted in: Anonymity, Criminal Law, Privacy, Privacy (Consumer Privacy), Privacy (Law Enforcement), Technology, Uncategorized, Weird  Print This Post Print This Post   No Comments

Facebook Settles Beacon Lawsuit

posted by Daniel Solove

facebook3.jpgA while ago, I wrote a lot about Facebook’s Beacon on this blog:

* The Facebook-Fandango Connection: Invasion of Privacy?

* Facebook’s Beacon: News Feeds All Over Again?

* Facebook and the Appropriation of Name or Likeness Tort

* The New Facebook Ads — Starring You: Another Privacy Debacle?

* Facebook — the New DoubleClick?

* Facebook Listens and Responds

* Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act

A class action suit was initiated against Facebook, and recently, a settlement agreement has been reached.  According to the WSJ:

Facebook Inc. said Friday it settled a class-action lawsuit related to its Beacon Web product, a controversial service that displayed actions that users took on other Web sites back on Facebook.

As part of the settlement, which is pending approval in the U.S. District Court of the Northern District of California, the social-network concern will shut down the Beacon service, which it has been phasing out but which is still being used by a small number of Web sites, according to a Facebook spokesman.

The company will also pay $9.5 million to create a foundation to fund products that promote online privacy, safety and security, the spokesman said. The settlement was submitted to the court late Friday evening.

  September 21, 2009 at 10:00 pm   Posted in: Privacy, Privacy (Consumer Privacy), Social Network Websites, Web 2.0  Print This Post Print This Post   No Comments

Understanding Privacy in Paperback

posted by Daniel Solove

Cover 5 medium.jpgI’m pleased to announce that my book, Understanding Privacy, has just come out in paperback from Harvard University Press, with a price that’s much more reasonable and affordable than the hardcover.

Understanding Privacy offers a comprehensive overview of the many difficulties involved in discussions of privacy. Drawing from a broad array of interdisciplinary sources, I set forth a framework for understanding privacy that provides clear practical guidance for engaging with privacy issues.

  September 14, 2009 at 7:36 am   Posted in: Articles and Books, Book Reviews, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical), Privacy (National Security)  Print This Post Print This Post   No Comments

I See Code: Plain View and Computer Searches

posted by Deven Desai

The Ninth Circuit has taken a swat computer searches and the plain view doctrine (pdf). I have not yet read the entire opinion but Orin Kerr has a series of posts about the decision here. And Shaun Martin, for whom I have a ton of respect as well, covers the case here. Shaun’s post captures how well-written the opinion is: “In my dreams I could write an opinion this good. It’s clear. It’s concise. It provides meaningful, systemic guidelines. It’s just. It’s got a keen sense of both the practical way the world works as well as the dangers inherent in certain conduct. In short, it’s exactly what I want in a wide-ranging opinion that makes meaningful precedent. … If you only read a dozen Ninth Circuit opinions this year, this should be amongst them.”

Dan and others will likely have more to say, so stay tuned, folks. As Orin notes, “This is really new territory, so it will be interesting to see how it plays out. I suspect we’ll find out soon, as there are a lot of these cases.” In the interim, here are three paragraphs worth reading:

The point of the Tamura procedures is to maintain the privacy of materials that are intermingled with seizable materials, and to avoid turning a limited search for particular information into a general search of office file systems and computer databases. If the government can’t be sure whether data may be concealed, compressed, erased or booby-trapped without carefully examining the contents of every file—and we have no cavil with this general proposition—then everything the government chooses to seize will, under this theory, automatically come into plain view. Since the government agents ultimately decide how much to actually take, this will create a powerful incentive for them to seize more rather than less: Why stop at the list of all baseball players when you can seize the entire Tracey Directory? Why just that directory and not the entire hard drive? Why just this computer and not the one in the next room and the next room after that? Can’t find the computer? Seize the Zip disks under the bed in the room where the computer once might have been. See United States v. Hill, 322 F. Supp. 2d 1081 (C.D. Cal. 2004). Let’s take everything back to the lab, have a good look around and see what we might stumble upon.

This would make a mockery of Tamura and render the carefully crafted safeguards in the Central District warrant a nullity. All three judges below rejected this construction, and with good reason. One phrase in the warrant cannot be read as eviscerating the other parts, which would be the result if the “otherwise legally seized” language were read to permit the government to keep anything one of its agents happened to see while performing a forensic analysis of a hard drive. The phrase is more plausibly construed as referring to any evidence that the government is entitled to retain entirely independent of this seizure.

To avoid this illogical result, the government should, in future warrant applications, forswear reliance on the plain view doctrine or any similar doctrine that would allow it to retain data to which it has gained access only because it was required to segregate seizable from non-seizable data. If the government doesn’t consent to such a waiver, the magistrate judge should order that the seizable and non-seizable data be separated by an independent third party under the supervision of the court, or deny the warrant altogether.

  August 27, 2009 at 6:01 am  Tags: Balco, Fourth Amendment, Judge Kozinski, Ninth Circuit  Posted in: Cyberlaw, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security)  Print This Post Print This Post   One Comment

Booze, Budget Cuts, and Politics: A Facebook Tell-All

posted by Danielle Citron

Every summer, the Maryland Association of Counties (MACO) sponsors a networking bonanza where pols solidify contacts over drinks.  With the budget disaster, Maryland Governor Martin O’Malley promised a “sober” MACO outing.  Surely, partying on the state’s dime would seem in poor taste given the state’s continued layoffs and furloughs.  Well, that was the plan, at least in theory.

During the MACO conference, a gubernatorial staffer posted 115 party pics on Facebook, documenting the Gove111px-Party_shooterrnor, Mayor, county executives, and staffers having drinks during the event.  It took little time for the pictures to leak: they now reside on the blog Maryland Politics Watch despite the staffer’s delection of the pictures from his Facebook page.

Why would the staffer post the party pics given the Governor’s admonition for a sober event and given the dour economic outlook in the state?  Guest blogger James Grimmelmann’s important “Saving Facebook” article, just published in the Iowa Law Review, explains why.  Social network site users have a powerful sense of privacy.  Facebook’s design produces the sense that users engage in private conversations.  Users see their friends’ pictures and names when they send messages and post wall missives, pictures, and videos.  They sense that users are “just like them” and thus would be unlikely to betray them.  We also trust others because double nuclear annihilation lurks.  If we publicize our friends’ pictures and videos beyond the Facebook walls, we can expect the same in turn.  As Grimmelmann convincingly develops, social network site users cannot appreciate the real privacy risks of sharing on Facebook: we are cognitively limited in that way.  Grimmelmann’s piece develops a strategy for addressing these issues and is a must read.

  August 24, 2009 at 7:15 am   Posted in: Culture, Current Events, Privacy, Privacy (Consumer Privacy), Uncategorized  Print This Post Print This Post   4 Comments

The Convergence of the Public and Private in Online Spaces

posted by Danielle Citron

1003297_workman_sign

Last month, Government Technology had an article entitled “Blurring the Line,” which discussed the increasingly public nature of online social networking sites.  Employers now “friend” employees, leaving the employed likely to accept those friendships out of fear for losing their jobs.  The article discusses the problems attendant to the convergence of of our work, social, and family worlds and asks whether this phenomenon will alter the nature of those spaces from a sharing free-for-all to a more buttoned-down, “not afraid for the boss to see” experience.

In reading the article, I wondered if the story will play out in a different way, one that will meet employers’ desire to harness the connectivity of social networking sites without compromising its current incarnation.  As we have seen in the government sector with internal wikis like Intellipedia, we may see employers increasingly adopt in-house social networking sites, say a [Name] Company Connect.org, just as we have seen employers wade into the Twitter space.  We may already be doing this (and it would be really interesting to learn about it), but perhaps such sites would nip in the bud employers/managers/supervisors’ desire to friend their underlings.  This may detract from the goal of monitoring employees, but we surely have enough of that in the workplace already (as well as the ability to view employees’ profiles for the very many people who fail to set rigorous privacy settings, as ACM studies show).  And it may save employers from having looked at employees’ damning wall musings and pictures and figuring out just what to do about it.

  August 5, 2009 at 7:02 am   Posted in: Cyberlaw, Google & Search Engines, Privacy, Privacy (Consumer Privacy), Technology, Uncategorized  Print This Post Print This Post   2 Comments

Zuckerberg’s Law on Data Sharing, Not Puffery

posted by Danielle Citron

As I noted in a blog post late last year, Mark Zuckerberg, chief executive of Facebook, has predicted that “next year, people will share twice as much information as they share this year, and that next year, they will be sharing twice as much as they did the year before.”  He explained that “people are ever more willing to tell others what they are doing, who their friends are and even what they look like as they crawl home from a college party.  Recent statistics support his optimism (and then some).  Yesterday, Zuckerberg announced that his social networking site now has 250 million active users, up from 200 million users just three months ago and 150 million in January.

This development has much significance.  It tells us that social networking is no passing fad — it is deeply embedded in our daily lives and will likely remain so despite many parents’ dismay.  It suggests that we are more connected personally (and perhaps more distracted professionally).  And it 120px-facebook_svgmeans that we entrust Facebook with an exponentially increasing amount of data.  Facebook’s information security practices and privacy policies are thus worth watching carefully.  No doubt, this development will have other far-reaching impacts so your comments are most welcome.

Wikimedia Commons Image

  July 16, 2009 at 12:32 pm   Posted in: Architecture, Privacy, Privacy (Consumer Privacy), Technology, Uncategorized, Web 2.0  Print This Post Print This Post   One Comment

Predicting Social Security Numbers from Public Data

posted by Daniel Solove

ssnAlessandro Acquisti and Ralph Gross have recently published their provocative article, Predicting Social Security Numbers from Public Data in the Proceedings of the National Academy of Sciences.  According to the abstract:

Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums.

Acquisti and Gross’s study has generated significant media attention.  Here’s an article by Bob Sullivan for MSNBC and by Hadley Leggett for Wired.  As Sullivan writes:

The two say they can guess the first 5 digits of the Social Security number of anyone born after 1988 within two guesses, knowing only birth date and location. The last four digits, while harder to guess, can be had within a few hundred guesses in many situations — a trivial hurdle for criminals using automated tools.

SSNs are currently used by numerous businesses and organizations to allow access to accounts – they function as a kind of password. They are also used to verify identity when people sign up for a new credit card or other account. They are thus a very useful tool for identity thieves and fraudsters who want to impersonate people to improperly access their accounts or obtain credit cards in their name.

The current focus of policymakers has been to provide better protections against the disclosure of SSNs.

Acquisti and Gross’s paper provides a powerful demonstration that protecting against the disclosure of SSNs is not providing enough protection to consumers.  The article shows that no matter how much protection against the disclosure of SSNs, SSNs can be determined with other public information.

Congress or the FTC should prohibit companies from using SSNs as a means to verify identity. Companies, organizations, and government entities should be prohibited from using SSNs as a means of verifying identity to provide access to accounts or to create new accounts. Merely protecting against the disclosure of SSNs is insufficient since Acquisti and Gross demonstrate they can readily be predicted.

The government and businesses are at fault here.  Too many business and organizations use the SSN improperly as a means to verify identity.  And the government is at fault for creating the SSN and allowing it to be used improperly in ways that harm people.

  July 6, 2009 at 8:41 pm   Posted in: Articles and Books, Privacy, Privacy (Consumer Privacy), Privacy (ID Theft)  Print This Post Print This Post   2 Comments

New Developments in Cryptography and Privacy

posted by Deven Desai

ofb_encryptionAccording to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.

As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.

All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.

Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)

  June 30, 2009 at 11:35 am  Tags: cloud computing, cryptography, Privacy  Posted in: Cyberlaw, Google & Search Engines, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Technology  Print This Post Print This Post   7 Comments

Why We Should Care About Privacy in a Government 2.0 World

posted by Danielle Citron

1151047_women_color_4Yesterday, I wrote about the public’s expectations regarding privacy when interacting with government on social networking sites such as Facebook, MySpace, Flickr among others.  Why should we care if agencies collect our musings, videos, and pictures that we have willingly shared with online “friends,” both real and imaginary ones?

Here are some practical concerns: the personal information on MySpace pages could be collected and joined with other data gathered from private data mining companies, public sector databases, etc.  (Oftentimes, data about us collected by third parties is often faulty).  All together, the information could suggest (albeit falsely) that we constitute a threat to society.  Law enforcement could be informed and our names could be put on watch lists.  This is not a hypothetical problem, see here.  If federal agencies collected and maintained that data in their systems, it would be covered by the Privacy Act of 1974.  Nonetheless, you would still appear on a watch list or assigned another ignominious fate by an automated government system.

As a normative matter, the absence of privacy vis-a-vis government on online social networking sites is unappealing.  It would likely have an impact on our willingness to friend government agencies.  We would be less likely to join online conversations that the Open Government directive hopes to generate.  Or if we friend a government agency because we want to peer inside its operations, we may edit what we include on our profiles.  As Julie Cohen has elegantly developed in her work, the lack of privacy would chill our creativity and desire to experiment with different aspects of our personalities.  And Patricia Sanchez Abril has a superb piece entitled “A (My)Space of One’s Own: On Privacy and Online Social Networks” that discusses the social implications of a “no privacy” presumption in information we share with our friends on social networking sites.  Justice Douglas’s remark that “monitoring, if prevalent, certainly kills free discourse and spontaneous utterances” should not be lost to us here.

Wikimedia Commons Image

  June 19, 2009 at 9:34 am   Posted in: Cyberlaw, Privacy, Privacy (Consumer Privacy), Privacy (Law Enforcement), Technology, Uncategorized  Print This Post Print This Post   2 Comments

The Privacy Implications of “Friending” the White House (Part II)

posted by Danielle Citron

1063773_friendsSince I last wrote about President Obama’s Facebook friends, Government 2.0 has  steadily progressed.  Since early May, our Commander-in-Chief has added more than 150,000 new friends.  The FDA has initiated its Transparency Blog and will soon add a Twitter feed and Facebook page.  More state agriculture agencies reach the public through social networking sites.  Of course, the government social-networking phenomenon is not brand new:  since 2007, the Commerce Department’s National Oceanic and Atmospheric Administration has maintained a virtual island in Second Life  and the CDC has had a MySpace page.   Nonetheless, it is a particularly auspicious time to think about this trend’s privacy implications especially in light of the GSA’s recent agreement with video-sharing and social networking sites to permit agencies to use their services.

What are the public’s privacy expectations when using government social media?  It is surely too early to identify a clear sense of our expectations, at least in any well-studied way.  But the Obama Administration has provided some sense of what we should expect when we join a future Facebook group sponsored by OMB or engage in virtual conversations with agency officials in Second Life.  How so?  The current push for agencies to use Web 2.0 platforms stems from President Obama’s January 21, 2009 Open Government memorandum.  The memorandum urges executive departments and agencies to be more transparent, participatory, and collaborative.  Agencies “should harness new technologies to put information about their operations and decisions online and readily available to the public.”  They should “offer Americans increased opportunities to participate in policymaking and to provide their Government with the benefits of their collective expertise and information.”  And they should use “innovative tools, methods, and systems to cooperate” and collaborate with the public and private sectors in making policy.  USA.gov’s Sheila Campbell has explained that agencies will appoint directors of new media to determine how they can use social networking tools to meet mission goals and comply with President Obama’s Open Government directive.  As White House CIO Vivek Kundra has noted, public comment on programs will hopefully be a “two-way interaction between government and its citizens.”  White House spokesperson Moira Mack clarified the point:  “we are focused on opening government to the people (and not the other way around), and like with any other online friends, the individual users can still choose to keep information private using their privacy settings.”

So what does all of this signal about our privacy when interacting with government agencies via Facebook, MySpace, Twitter, You Tube, etc.?  The Open Government directive tells us that government wants to shine light on its activities and get our opinions and expertise on policy matters.  It says nothing about government’s interest in our personal lives, i.e., what we write on our friends’ walls, the 25 things you don’t know about us, our network of friends, etc.  Our personal lives seem downright out of place in any discussion of the Open Government directive.  This seems to create a presumption of openness as to policy-related matters and a presumption of privacy as to individuals’ personal matters.

Read the rest of this post »

  June 18, 2009 at 10:41 am   Posted in: Administrative Law, Google & Search Engines, Privacy, Privacy (Consumer Privacy), Technology, Uncategorized  Print This Post Print This Post   7 Comments

Credit Cards, Data Mining, and Privacy

posted by Daniel Solove

creditcard-7The New York Times Magazine has an interesting article entitled What Does Your Credit Card Company Know About You? From the article:

Put another way, credit-card companies are becoming much more interested in understanding their customers’ lives and psyches, because, the theory goes, knowing what makes cardholders tick will help firms determine who is a good bet and who should be shown the door as quickly as possible.

Luckily for the industry, small groups of executives at most of the large firms have spent the last decade studying cardholders from almost every angle, and collection agencies have developed more sophisticated dunning techniques. They have sought to draw psychological and behavioral lessons from the enormous amounts of data the credit-card companies collect every day. They’ve run thousands of tests and crunched the numbers on millions of accounts. One result of all that labor is the conversation between Santana — a former bouncer whose higher education consists solely of corporate-sponsored classes like “the Psychology of Collections” — and the man from Massachusetts. When Santana contacted the man last month, he was armed with detailed information about his life and trained in which psychological approaches were most likely to succeed.

The article goes on to say:

Read the rest of this post »

  May 18, 2009 at 10:35 am   Posted in: Privacy, Privacy (Consumer Privacy)  Print This Post Print This Post   No Comments

Justice Scalia’s Dossier: Joel Reidenberg Responds

posted by Daniel Solove

Reidenberg-Joel.jpgProfessor Joel Reidenberg has asked me to post the following response to the story regarding his Justice Scalia dossier class assignment:

There seems to be significant misinformation circulating in the blogosphere relating to the nature of my class exercise, its instructional use, and how the exercise became public.

The exercise was part of my Information Privacy Law class this semester. The course, in exploring the origins and scope of privacy law, examined the ways technology can both invade and protect personal information and examined how the law related to those technologies. We used a traditional case book, Solove & Schwartz, and I supplemented the book with two concurrent exercises that are treated as course materials: 1) each week the students posted links on the course discussion board to news stories related to privacy issues so that we could discuss them in class and make connections to the casebook reading assignments; and, 2) throughout the semester, the students posted on a class discussion board links to information found on the web related to the class research exercise.

The research exercise is designed for class discussion to illustrate law and policy issues associated with readily available information, contextual use, social norms and the scope of legal protection. The exercise seeks to provide a first-hand experience for discussions of the boundary between public and private information, the loss of practical obscurity and the capacity of law to respond to these issues. For the exercise last year, I framed the research as a challenge to the class to find a specific piece of esoteric information about me. The class was surprised at how much information could be found readily. This year, I planned for the course to focus more attention on the blurring of public and private information and decided to frame the research exercise as a challenge to find information about a public figure. Very early in the semester, a news report about Justice Scalia’s speech was posted on the class discussion board as one of the weekly news items. He was reported to have made the comment that treating much of the information on the web as private was “silly.”

Read the rest of this post »

  May 1, 2009 at 10:43 am   Posted in: Privacy, Privacy (Consumer Privacy), Supreme Court  Print This Post Print This Post   41 Comments

Justice Scalia’s Dossier: Interesting Issues about Privacy and Ethics

posted by Daniel Solove

justice-scalia.jpgEarlier this year, I blogged about Justice Scalia’s remarks about privacy at the Institute of American and Talmudic Law. According to media accounts:

“Every single datum about my life is private? That’s silly,” Scalia [said]. . . .

Scalia said he was largely untroubled by such Internet tracking. “I don’t find that particularly offensive,” he said. “I don’t find it a secret what I buy, unless it’s shameful.”

He added there’s some information that’s private, “but it doesn’t include what groceries I buy.” . . . .

Considering every fact about someone’s life private is “extraordinary,” he said, noting that data such as addresses have long been discernible, even if technology has made them easier to find.

At a recent conference at Fordham University sponsored in part by the Center on Law and Information Policy, Professor Joel Reidenberg discussed an assignment he gave to his class this past semester — find any public information about Justice Scalia and compile it into a dossier. As Kashmir Hill reports at Above the Law:

“Justice Scalia said he doesn’t care what people find out about him on the Internet,” said Reidenberg during his presentation on the transparency of personal information. “So I challenged my class to compile a dossier on him.”

Now four months later, at the end of the semester, the dossier (available online somewhere, but password protected) is 15 pages long. Among its contents are Nino’s home address, his home phone number, the movies he likes, his food preferences, his wife’s personal e-mail address, and “photos of his lovely grandchildren.”

“When the discrete bits of personal information were assembled at the end of the semester, the extent of the overall dossier and some of the particular items of readily available information on the web concerning his family and family life were astonishing to the class,” Reidenberg wrote to us.

Before the news of the dossier was reported by Above the Law, Reidenberg had sent a letter informing Justice Scalia about the dossier and offering to allow him to see it if he desired. The dossier was not made public.

Justice Scalia recently responded to the Above the Law post about Joel Reidenberg’s experiment:

Read the rest of this post »

  April 29, 2009 at 10:43 am   Posted in: Privacy, Privacy (Consumer Privacy), Supreme Court  Print This Post Print This Post   52 Comments

Surveillance Cameras: Putting on Our Skis to Ride Down that Slippery Slope

posted by Danielle Citron

In 2003, Eugene Volokh published an essay adaptation of his Harvard Law Review article, “The Mechanisms of the Slippery Slope.” The essay defends the slippery slope metaphor in two interesting ways. It argues that because law plays a powerful expressive role, it changes our thinking about certain behaviors. It can condition us to accept future policies that to today’s sensibilities would be unappealing. Today’s rules alter our attitudes and, in turn, de-sensitize us for more extreme changes in the law. These changes also can lead us to perilous decisions in the future by lowering the costs of certain activities, making future changes in policy politically attractive because they won’t cost us much.

120px-Ski_Dubai_Slope.jpg

In reading the essay today, I was struck by an example that Volokh provides as demonstrating the perils of the slippery slope: surveillance cameras. The essay asks us to consider a proposal to install video cameras on street lights to deter or catch criminals. Volokh explains that “[o]n its own, the plan may not seem that susceptible to police abuse, as long as the tapes are viewed only when someone reports a crime and otherwise recycled every day or two. Many people may be inclined to support installing the cameras, even if they would oppose a more intrusive extension of that policy, such as linking the cameras to face-recognition software or permanently archiving the tapes.” The slippery slope concern is that once government invests in buying and wiring these cameras, the cost of implementing comprehensive surveillance falls dramatically. This may persuade swing voters to endorse a broader surveillance plan, even if they would have opposed it on cost grounds at the outset. Moreover, the introduction of surveillance cameras changes our view of them: government thought them an effective way to combat crime (and terrorism) and hence broader surveillance may prove useful too. Perhaps we barely notice the cameras as we drive by them; our attitudes and fears have been changed, yet what led us to fear those cameras in the first place has not.

Volokh was spot on in his intuitions: today, six years after the essay’s publication, states and localities across the country employ surveillance cameras that do not just stream video to police departments for short time periods. Instead, in many states and localities, street surveillance cameras wirelessly transmit video footage to state and locallly-run fusion centers that use facial recognition software and other analytical tools like data mining to draw inferences about those images, all in the name of detecting and preventing future crimes and “hazards.” Whatever misgivings we may have had about surveillance cameras in 2003, they serve expansive ends in 2009. Perhaps, in a post 9/11 environment, we have become de-sensitized to surveillance aimed to combat terrorism, even though those cameras may very well be used in ways that having little to do with national security. Perhaps because the federal government gave states and localities the money to purchase them, they become more politically palatable. And perhaps it is because the public knows little about their use. No matter the reason, we seem to be skiing down the slippery slope.

  April 12, 2009 at 1:16 pm   Posted in: Privacy (Consumer Privacy), Technology  Print This Post Print This Post   2 Comments

Lessons from the Identity Trail

posted by Daniel Solove

lessons-from-the-identity-trail.jpgThere’s a terrific new book of essays about privacy out from Oxford University Press — LESSONS FROM THE IDENTITY TRAIL: ANONYMITY, PRIVACY AND IDENTITY IN A NETWORKED SOCIETY (Oxford University Press 2009). It’s edited by Ian Kerr, Valerie Steeves, and Carole Lucock. The essays are fascinating and are written by a number of very prominent privacy scholars. Highly recommended!

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on our special Concurring Opinions Oxford University Press promo page for 20% off.

Here’s the table of contents:

Read the rest of this post »

  April 8, 2009 at 10:01 pm   Posted in: Anonymity, Articles and Books, Book Reviews, Privacy, Privacy (Consumer Privacy), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical)  Print This Post Print This Post   No Comments

Unsending an Email

posted by Daniel Solove

email1a.jpgFrom CNN:

Most of us have done it.

Instead of hitting “reply” to an e-mail, we accidentally push “reply all,” sending a potentially embarrassing or insulting message to those we didn’t intend to see it.

To address this problem, Google Inc.’s Gmail Labs has launched an experimental feature called “Undo Send” that gives users a chance to rewrite their message, correct settings or simply fix typos.

When a Gmail user who enables this feature sends an e-mail, a button that says “Undo” will pop up on their screen for five seconds. If the user hits the button within that time, the service will retrieve the e-mail in draft form — allowing the user to make changes or cancel the message altogether.

I assume that this service works by delaying sending out an email after the user hits the send button. Suppose that Google offered a different service, one that allowed users to edit or delete emails sent after being received by recipients. Currently, I don’t think it would be possible within the technical architecture of email systems, but I wonder whether there’s a way it could be possible and/or legal. Would such a service be desirable? It would certainly be so for senders, who may want to zap the existence of emails they later came to regret. But what about the recipients, who would suddenly see emails vanish from their inboxes or change in content?

  March 25, 2009 at 7:31 pm   Posted in: Privacy, Privacy (Consumer Privacy), Technology  Print This Post Print This Post   15 Comments

FreeCreditReport.com Spoof Song

posted by Daniel Solove

I’ve blogged in the past about FreeCreditReport.com and the fact that I think it ought to be shut down. This is one of the rather obnoxious attempts by the credit reporting agencies to exploit people’s fears of identity theft as a tool to generate money.

FreeCreditReport.com is not free. You can get your free credit report at the official site, AnnualCreditReport.com.

Here’s a terrific spoof of a FreeCreditReport.com commercial. These commercials appear all over cable TV with jingles about how people’s lives were ruined by identity theft or bad credit and how all their woes could have been averted if they only used FreeCreditReport.com:

The Fair Credit Reporting Act (FCRA) requires that credit reporting agencies “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.” 15 U.S.C. § 1681 e(b). If services like FreeCreditReport.com are really necessary to protect oneself from inaccuracies, then why wouldn’t these be required by the FCRA for free? If such services are unnecessary, then the advertisements are doubly false — trying to sell consumers a “free” service that’s not really free plus selling a service as essential and necessary yet that’s unnecessary.

As I wrote in my previous post:

The other irony is this: It is the practices of the credit reporting agencies that have put many consumers at risk for identity theft. Now, they are selling consumers protection from a problem that is at least in part their own making. It reminds me of the scene in The Godfather Part II, where the mob would rob and pillage people’s stores and then offer security protection for a fee.

Hat tip: BoingBoing

  February 22, 2009 at 2:37 pm   Posted in: Humor, Privacy, Privacy (Consumer Privacy)  Print This Post Print This Post   6 Comments


  • « Older Entries

Authors

Daniel J. Solove

Website
Understanding Privacy

Kaimipono Wenger

Website
SSRN Page

Dave Hoffman

Website
SSRN Page

Nate Oman

Website
SSRN Page

Frank Pasquale

Website
SSRN Page

Deven Desai

Website
SSRN Page

Danielle Citron

Website
SSRN Page

Lawrence Cunningham

Website
SSRN Page

Sarah Waldeck

Website
SSRN Page

Jaya Ramji-Nogales

Website
SSRN Page

Solangel Maldonado

Website
SSRN Page

Gerard Magliocca

Website
SSRN Page


Guests

Rachel Godsil
Alex Kreit
Anita Krishnakumar
Matthew Sag
Michael Zimmer






Previous Guests

Michael Abramowicz
Michelle Adams
Robert Ahdieh
Michelle Anderson
Laura Appleman
Ann Bartow
Francesca Bignami
Jeremy Blumenthal
Kathleen Boozang
Bruce Boyden
Donald Braman
Al Brophy
Neil H. Buchanan
Bill Burke-White
Scott Burris
Paul Butler
Naomi Cahn
Anupam Chander
Miriam Cherry
Jack Chin
Jennifer Collins
Allison Danner
Brannon Denning
Deven Desai
Mike Dimino
Mark Edwards
David Fagundes
Christine Haight Farley
Kim Ferzan
Dan Filler
Michael Froomkin
Amanda Frost
Timothy Glynn
Rachel Godsil
Eric Goldman
David Gray
Craig Green
Tristin Green
Jeffrey Harrison
Erica Hashimoto
Carissa Hessick
Laura Heymann
Robert Hillman
Christine Hurt
Darian Ibrahim
John Ip
Kevin Johnson
Dan Kahan
Brian Kalt
Sam Kamin
Michael Kang
Chimène Keitner
Orin Kerr
Nancy Kim
Heidi Kitrosser
Adam Kolber
Russell Korobkin
Anita S. Krishnakumar
Susan Kuo
Greg Lastowka
Sarah Lawsky
Erik Lillquist
Jeff Lipshaw
Jonathan Lipson
Jacqueline Lipton
Joseph Liu
Michael Madison
Solangel Maldonado
Jason Mazzone
Linda McClain
William McGeveran
Salil Mehra
Carrie Menkel-Meadow
Max Minzner
Scott Moss
Eric Muller
Jaya Ramji-Nogales
Helen Norton
Elizabeth Nowicki
Paul Ohm
Michael O'Shea
David Opderback
Kristen Osenga
Rafael Pardo
Marcy Peek
Eduardo Peñalver
Robert Percival
David Post
Shruti Rana
Geoffrey Rapp
Neil Richards
Lori Ringhand
Alice Ristroph
Susan Scafidi
Paul Secunda
Jonathan Siegel
Jessica Silbey
Peter Smith
Charles Sullivan
Rick Swedloff
Steph Tai
Andrew Taslitz
Robert Tsai
Jenia Turner
Steve Vladeck
Sarah Waldeck
Melissa Waters
Alfred Yen
David Zaring
Timothy Zick
Spencer Weber Waller
Howard Wasserman
Frank Wu
Corey Yung
Jonathan Zittrain

Blogroll

Above the Law
ACS Blog
Althouse
Balkinization
Becker-Posner Blog
BlackProf
BoingBoing
Chicago Law Faculty Blog
Conglomerate
CrimLaw
Crime & Federalism
CrimProf Blog
Crooked Timber
Discourse.net
Dorf on Law
Election Law
Emergent Chaos
The Faculty Lounge
Feminist Law Profs
43(B)log
Freakonomics Blog
Freedom to Tinker
Google Blogoscoped
How Appealing
Ideoblog
Info/Law
Instapundit.com
Juris Novus
Jurisdynamics
Law and Humanities Blog
Law and Letters
Law Librarian Blog
Legal Profession Blog
Legal Theory Blog
Legal Times Blog
Leiter Reports
Brian Leiter's Law School Reports
Lessig Blog
Madisonian Theory
Media Law Blog
Mirror of Justice
The Moderate Voice
National Security Advisors
Opinio Juris
Point of Law
PrawfsBlawg
ProfessorBainbridge.com
Property Prof Blog
Red Tape Chronicles
The Right Coast
Schneier on Security
SCOTUSBlog
Security Dilemmas
Sentencing Law and Policy
Simple Justice
Sivacracy.net
The Situationist
Susan Crawford
TalkLeft
Talking Points Memo
TaxProf Blog
Tech & Marketing Law
Truth on the Market
Volokh Conspiracy
WorkPlace Prof Blog
WSJ Law Blog
Wonkette
The Yin Blog


© Concurring Opinions

Powered by WordPress