Category: Privacy (Consumer Privacy)

14

The New Facebook Ads — Starring You: Another Privacy Debacle?

facebook.jpgFacebook recently announced a new advertising scheme. Instead of using celebrities to hawk products, it will use . . . you! That’s right, pictures of you and your friends will appear on Facebook ads to make products more enticing to Facebook customers.

As Facebook’s website describes its new “Social Ads” program:

Facebook Social Ads allow your businesses to become part of people’s daily conversations. Ads can be displayed in the left hand Ad Space — visible to users as they browse Facebook to connect with their friends — as well as in the context of News Feed — attached to relevant social stories. The social stories, such as a friend’s becoming a fan of your Facebook Page or a friend’s taking an action on your website, make your ad more interesting and more relevant. Social Ads are placed in highly visible parts of the site without interrupting the user experience on Facebook.

Here’s the sample ad that Facebook includes on its social ad description page:

facebook-social-ad.jpg

According to the NY Times:

Facebook wants to put your face on advertisements for products that you like.

Facebook .com is a social networking site that lets people accumulate “friends” and share preferences and play games with them. Each member creates a home page where he or she can post photographs, likes and dislikes and updates about their activities.

Yesterday, in a twist on word-of-mouth marketing, Facebook began selling ads that display people’s profile photos next to commercial messages that are shown to their friends about items they purchased or registered an opinion about.

For example, going forward, a Facebook user who rents a movie on Blockbuster.com will be asked if he would like to have his movie choice broadcast out to all his friends on Facebook. And those friends would have no choice but to receive that movie message, along with an ad from Blockbuster.

At this point in reading the article, it seems as though participation in the ads (by the person being used in the ad) is fully consensual. But the article goes on to say:

Read More

3

The Future of Reputation: Gossip, Rumor, and Privacy on the Internet

Cover-new.jpgI‘m very excited to announce that my new book, The Future of Reputation: Gossip, Rumor, and Privacy, is now hot off the presses! Copies are now in stock and available on Amazon.com and Barnes & Noble’s website. Copies will hit bookstores in a few weeks.

From the book jacket:

Teeming with chatrooms, online discussion groups, and blogs, the Internet offers previously unimagined opportunities for personal expression and communication. But there’s a dark side to the story. A trail of information fragments about us is forever preserved on the Internet, instantly available in a Google search. A permanent chronicle of our private lives—often of dubious reliability and sometimes totally false—will follow us wherever we go, accessible to friends, strangers, dates, employers, neighbors, relatives, and anyone else who cares to look. This engrossing book, brimming with amazing examples of gossip, slander, and rumor on the Internet, explores the profound implications of the online collision between free speech and privacy.

Daniel Solove, an authority on information privacy law, offers a fascinating account of how the Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations. Focusing on blogs, Internet communities, cybermobs, and other current trends, he shows that, ironically, the unconstrained flow of information on the Internet may impede opportunities for self-development and freedom. Long-standing notions of privacy need review, the author contends: unless we establish a balance between privacy and free speech, we may discover that the freedom of the Internet makes us less free.

For quite some time, I’ve been thinking about the issue of how to balance the privacy and free speech issues involved with blogging and social networking sites. In the book, I do my best to propose some solutions, but my primary goal is to spark debate and discussion. I’m aiming to reach as broad an audience as possible and to make the book lively yet educational. I hope I’ve achieved these goals.

I welcome any feedback. Please let me know what you think of the book, as I’d be very interested in your thoughts.

1

The Do Not Call List’s Memory Lapse

DNC-List.gifSo you signed up for the federal Do Not Call List and expect not to receive any more of those annoying telemarketing calls ever again. Think again. Signing up expires after 5 years, so if you signed up back when the list first came into existence, you’ll need to sign up all over again soon. It’s the FTC’s way of making us feel like Sisyphus. Lame.

According to the AP:

The cherished dinner hour void of telemarketers could vanish next year for millions of people when phone numbers begin dropping off the national Do Not Call list.

The Federal Trade Commission, which oversees the list, says there is a simple fix. But some lawmakers think it is a hassle to expect people to re-register their phone numbers every five years.

Numbers placed on the registry, begun in June 2003, are valid for five years. For the millions of people who signed onto the list in its early days, their numbers will automatically drop off beginning next June if they do not enroll again.

The article also states:

Since the registry began, the government has filed cases against more than 30 companies, resulting in $8.8 million in civil penalties and $8.6 million in redress to consumers and forfeitures.

Only a few more than 30? That’s it? I strongly doubt compliance with the Do Not Call List has been this good. Smells like weak enforcement to me.

Hat tip: Adler at the VC

0

Information Privacy Law Casebook Update

casebook2.jpgI’m pleased to announce that Paul Schwartz and I have just completed an update to our casebook, Information Privacy Law (Aspen 2006). The update is 111 pages, and is available for download (free of charge) at the casebook’s website. Among other things, it includes excerpts of many new cases: Bonome v. Kaysen, Barrett v. Rosenthal, MacWade v. Kelly, US v. Andrus, Warshak v. US, Doe v. Cahill, US v. Ellison, Gonzales v. Google, Georgia v. Randolph, Copland v. UK, and more. It also includes discussions of the NSA surveillance program, the litigation regarding the NSA surveillance, the Protect America Act of 2007 (amending FISA), national security letter litigation, the Virginia Tech shooting and privacy laws, data security breaches, US-EU sharing of airline passenger data, and more. Additionally, it includes excerpts from many new scholarly books and articles.

A new edition is in the works, and it will be ready for use in the spring 2009 semester. The book will be available in late 2008 so instructors can plan their courses. If you’re a professor currently using the book or are considering using the book in a class, please email me with any comments and suggestions for the next edition.

0

Why There’s No First Amendment Right to Sell Personal Data

There are a number of really interesting cases pending in the First Circuit and its lower federal courts that raise questions of confidentiality and free speech in the context of the commercial trade in prescription drug information. In New Hampshire, Maine, and Vermont, data mining companies have raised First Amendment challenges to state laws that restrict the ability of pharmacists to sell information about which doctors prescribed which drugs. More information about these cases from the AP can be found here. I’ve written about this phenomenon here, arguing that there are sound doctrinal, jurisprudential, and policy reasons to reject any idea that regulation of the commercial data trade raises any serious First Amendment problems.

These cases all involve laws passed by states concerned about the sale of prescription information to data mining companies, who buy information about which doctors prescribe which drugs from pharmacies and then massage the data for use in marketing and other industry purposes. The laws vary in their particulars, but basically forbid or regulate the ability of pharmacies to sell the information. In April, a federal district court in the New Hampshire case struck down New Hampshire’s law under the Central Hudson test as violating the companies’ free speech rights. The First Amendment argument can be boiled down as follows: because the laws stop pharmacies from telling other people about their customers, they violate the pharmacy companies’ free speech rights and are therefore unconstitutional.

I think this is a silly argument, as I explain after the jump.

Read More

From First Amendment Absolutism to Financial Meltdown?

There is a very interesting post by William Birdthistle on potential rating agency responsibility for the subprime mortgage meltdown contagion. As the WSJ reported,

In 2000, Standard & Poor’s made a decision about an arcane corner of the mortgage market. It said a type of mortgage that involves a “piggyback,” where borrowers simultaneously take out a second loan for the down payment, was no more likely to default than a standard mortgage. While its pronouncement went unnoticed outside the mortgage world, piggybacks soon were part of a movement that transformed America’s home-loan industry: a boom in “subprime” mortgages taken out by buyers with weak credit.

Here come the regulators. Some economists are quick to criticize the ratings agencies:

[T]the real-estate bubble of recent years, like the stock bubble of the late 1990s, both caused and was fed by widespread malfeasance. Rating agencies like Moody’s Investors Service, which get paid a lot of money for rating mortgage-backed securities, seem to have played a similar role to that played by complaisant accountants in the corporate scandals of a few years ago. In the ’90s, accountants certified dubious earning statements; in this decade, rating agencies declared dubious mortgage-backed securities to be highest-quality, AAA assets.

But there’s a big difference between accountants and raters: the latter get first amendment protection for their assessments. Is this a wise extension of the first amendment? It’s a difficult question, but I think the new scandals will lead to increasing calls for regulation, if not liability, of the ratings agencies.

Read More

RIAA’s Turn to Be a Defendant

Matthew Sag has convincingly argued that RIAA’s litigation war against downloaders is rational for the industry: it’s basically self-financing, as just about every defendant is too terrified of massive statutory damages to put up a fight. But the record industry’s declining fortunes may make its court victories Pyrrhic.

Moreover, a scorched earth litigation strategy against infringers is getting less viable as a few defendants fight back. For example, one litigant has found a creative way of subjecting RIAA’s tactics to public scrutiny:

Former RIAA defendant Tanya Andersen is now suing the major record labels and the RIAA for negligent and illegal investigation and prosecution. In a thirteen count civil suit filed in Oregon District Court, she alleges that record labels didn’t use properly licensed investigators and violated her privacy.

I’m still waiting for someone to bring the antitrust lawsuit that was forestalled by Bertelsmann’s purchase of Napster a few years ago. As Napster-slaying Judge Patel said of the RIAA’s distribution strategy then, “These ventures look bad, smell bad and sound bad” from an antitrust perspective.

Of course, given the lassitude of federal authorities, the antitrust case will be hard to make. But I look forward to more privacy challenges. As Sonia Katyal has argued,

recent developments in copyright law. . . have invited intellectual property owners to create extrajudicial systems of monitoring and enforcement that detect, deter, and control acts of consumer infringement. As a result, . . . intellectual property rights have been fundamentally altered—from a defensive shield into an offensively oriented type of weapon that can be used by intellectual property creators to record the activities of their consumers, and also to enforce particular standards of use and expression. . . .

If agencies fail to police these tactics, perhaps only individuals can fight for themselves. But as Bruce Scheier asks, why doesn’t the US have a privacy commissioner?

Hat Tip: BoingBoing.

Black Boxes Bite Back

blackbox.jpgAs interest rates jump, piggybacking has become all the rage in “credit repair” circles. For a fee, groups like Instant Credit Builders will let you “borrow” (part of) another person’s credit score by becoming an “authorized borrower” on his cards. Here is ICB’s overheated defense of the practice:

ICB has developed a system to counter the harmful societal impacts of an emerging market called “subprime lending”. Mob-like blood suckers under the umbrella of legitimate lending institutions are targeting those who have poor credit scores but fall short of being beyond credit risk acceptance.

To explain why subprime lenders are in such an opportunistic industry, take this example: The commission payable to a financial adviser or mortgage broker from an actual prime lender on a $100,000 deal yields a broker about $250. Yet the same $100,000 deal using a subprime lender yields them $2,000 to $2,500. This niche market banking industry is getting paid well to enslave most minorities, low-income borrowers, even victims of identity theft with interest rates that can be up to 3.5% higher than average.

Needless to say, mortgage lenders are hoppin’ mad. The godfather of credit scores, FICO, has claimed that “piggy-backing will soon come to an end on its watch.” One irony here is that, as lenders crack down, “they may actually increase demand for some of the services that these Web sites offer.”

A lot of the commentary on these sites has been harsh, but let me offer something like an “unclean hands” defense. Credit scores have long come under attack for having a “a disparate impact on poor and minority populations.” Moreover, the scoring is opaque; scorers claim that transparency would undermine their “trade secrets.” So consumers are navigating a world where they can have only a vague idea of the rules. Lenders shouldn’t be surprised when entrepreneurs reverse-engineer the ratings system and the technology bites back.

Moreover, these rules themselves may be self-fulfilling prophecies: if you decree that one missed $10 payment for a family of 4 earning $30,000 per year lowers their credit score by 200 points, they probably are going to end up being more likely to default because they are going to be paying much more in interest for any financing they get. Again, because the scores are black boxes, we have no assurance that the companies that offer them try to eliminate such endogenicity or whether they actually try to profit from such self-fulfilling prophecies.

As long as credit ratings are so shrouded in secrecy, the lenders who rely on them should expect gaming of the system. Watch for a debate over “black hat” vs. “white hat” credit repair builders as controversial (and interminable) as that now occurring in the world of search engine optimization.

1

Requiring Banks to Disclose Identity Theft Statistics

creditcard-6a.jpgKudos to my friend Chris Hoofnagle (Samuelson Clinic at Berkeley Law School) who had his paper on SSRN written about by the New York Times:

The Senate Judiciary Committee’s subcommittee on terrorism, technology and homeland security will take up the issue in a scheduled hearing today titled “Identity Theft: Innovative Solutions for an Evolving Problem.” . . . .

The subcommittee will also hear a radical new idea on a way to obtain reliable numbers on the extent of identity theft.

The proposal, submitted by Chris Jay Hoofnagle, a lawyer and senior fellow at the Berkeley Center for Law and Technology at the University of California, recommends that lending institutions like banks and credit card companies, and payment firms like PayPal, be required to report their internal figures on fraud and identity theft publicly.

Unfortunately, as is typical with the mainstream media, no information is provided about how to locate Chris’s paper let alone a hyperlink. In his paper, Identity Theft: Making the Known Unknowns Known, Chris proposes that banks be compelled to disclose identity theft data. From the abstract:

Read More

9

Privacy’s Other Path

confidential5a.jpgProfessor Neil Richards (Washington University School of Law) and I have posted on SSRN our new article, Privacy’s Other Path: Recovering the Law of Confidentiality, 96 Georgetown Law Journal __ (forthcoming 2007). The article engages in an historical and comparative discussion of American and English privacy law, a topic that has been relatively unexplored in America.

Although the tort law of privacy in America and England arose from the very same common law cases, the law has developed on very different paths in each country. For example, in England, a friend, spouse, lover, or nearly anybody else who violates a confidence can be liable. In America, people are said to assume the risk of betrayal for many breaches of confidence; the law, however, protects against the invasion of privacy by strangers. How and why did the law develop so differently in America and England? Our new article explores the answers to these questions and debunks many myths in the conventional wisdom about privacy law.

You can download and read the article for free on SSRN. If you don’t like it, we provide a full money-back guarantee. With a deal like this, how can you lose?

Here’s the abstract:

The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis “invented” the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. In this article, Professors Richards and Solove contend that Warren, Brandeis, and Prosser did not invent privacy law, but took it down a new path. Well before 1890, a considerable body of Anglo-American law protected confidentiality, which safeguards the information people share with others. Warren, Brandeis, and later Prosser turned away from the law of confidentiality to create a new conception of privacy based on the individual’s “inviolate personality.” English law, however, rejected Warren and Brandeis’s conception of privacy and developed a conception of privacy as confidentiality from the same sources used by Warren and Brandeis. Today, in contrast to the individualistic conception of privacy in American law, the English law of confidence recognizes and enforces expectations of trust within relationships. Richards and Solove explore how and why privacy law developed so differently in America and England. Understanding the origins and developments of privacy law’s divergent paths reveals that each body of law’s conception of privacy has much to teach the other.

We welcome any comments and suggestions for the article.