Site Meter

Category: Privacy (Electronic Surveillance)


New Casebook (Privacy, Information, and Technology)

Spinoff Cover 2e.jpgApologies for the self-promotion, but in time for this fall semester, Paul Schwartz, Marc Rotenberg, and I will be publishing a short paperback casebook of about 300 pages entitled PRIVACY, INFORMATION, AND TECHNOLOGY (Aspen Publishers, forthcoming mid-July 2006), ISBN: 0735562548.

This book is intended to be an inexpensive volume that adapts the cyberspace and technology materials from our full-length casebook, INFORMATION PRIVACY LAW (Aspen Publishers, 2d ed. 2006). The full-length casebook is about 1000 pages; the shorter paperback book is a more streamlined volume of about 300 pages, focusing exclusively on cyberspace, databases, and technology. Aspen informs me that this shorter paperback adaptation will probably sell at a price between $30 and $35.

The book might be useful as a supplement for cyberlaw or information law courses for instructors who want in-depth coverage of information privacy issues for between 2 to 5 weeks.

More information about the book is here. If you’re interested in getting on the list to obtain a review copy of the book (available in mid-July), please send an email to Daniel Eckroad.

The table of contents is available here. A summary of the book’s contents is after the fold.

Read More


The Technicalities and Complexities of Electronic Surveillance Law

NSA3.jpgCurrently, there’s a debate raging about whether the phone companies violated the law when they supplied phone call records to the NSA. Orin Kerr opines:

The Stored Communications Act, 18 U.S.C. 2701-11, only regulates two kinds of providers: providers of electronic communication service and providers of remote computing service. Everyone agrees that the telephone companies are not acting as providers of remote computing service, so if they are liable they must be acting as providers of electronic communication service. . . .

A local telephone company is clearly a provider of electronic communication service: it literally provides users the ability to send or receive telephone calls. But is a company that only provides long distance service a provider of electronic communication service?

Maybe, but I’m not entirely sure. I don’t know much about how modern telephone networks work, but I am guessing that local carriers carry the first part of the call. In the case of a long-distance call, I assume that the long-distance carrier picks up the call at some point from the local carrier, and sends it to the local carrier at the receiving end of the call. If that’s right, I’m not entirely sure the long-distance carrier is a provider of electronic communications service.

I can see arguments on both sides. . . .

This debate gets to one of the major problems with electronic surveillance law. In my article, Reconstructing Electronic Surveillance Law, 72 Geo. Wash. L. Rev. 1264 (2004), I observed:

Electronic surveillance law has not kept pace with the staggering growth of technology. As discussed earlier, the law currently makes antiquated distinctions that often do not protect what is most important. Electronic surveillance law has lagged behind technological developments and has not been responsive to new surveillance technologies. . . .

Despite . . . dramatic changes since the passage of [The Electronic Communications Privacy Act ("ECPA") which includes the Stored Communications Act under its umbrella] in 1986, Congress has failed to engage in a major revision of the law [except for some smaller changes here and there, the most notable of which was the USA-Patriot Act]. Under this state of affairs, law enforcement cleverly employs new technologies to try to avoid triggering ECPA. Often, these technologies are quite invasive, but the debate seems to turn on technicalities—whether the surveillance fits into ECPA’s framework. This invites a technological rat race, in which law enforcement uses new technologies designed to fit within ECPA’s less stringent provisions or to fall entirely outside of ECPA’s scope. . . .

Lost amid the labyrinthian task of applying ECPA’s complex provisions is the question of whether new technologies contravene the appropriate balance between effective law enforcement and privacy. . . .

Read More


Kerr’s Legal Analysis of the NSA’s Phone Records Program

I was planning to do some analysis of the legality of the NSA’s phone records program, but Orin Kerr has already accomplished it. His posts are terrific and are essential reading:

* Thoughts on the Legality of the Latest NSA Surveillance Program

* More Thoughts on the Legality of the NSA Call Records Program

In the latter post, Kerr analyzes whether the telephone companies violated the Stored Communications Act, 18 U.S.C. 2702. Section 2702(a)(3) prohibits phone companies from knowingly divulging customer records to any governmental entity. Kerr notes that the most relevant possible exception to this restriction is 18 U.S.C. 2702(c)(4), as amended by the Patriot Act renewal of 2006, which allows disclosure to “a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency.” Kerr notes:

The language that passed as part of the Patriot Act in 2001 allowed disclosure only when “the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information.” This was the language in place from October 2001 until March 2006. Did the phone companies have such a belief under the 2001-06 language? I gather they had a reasonable belief of danger, but I don’t know of a reason to think that they had a reasonable belief of “immediate” danger. If this was a program ongoing for several years, then it’s hard to say that there was a continuing reasonable belief of immediate danger over that entire time.

Kerr also explains that the Patriot Act renewal earlier this year made a few tweaks to this exception:

The change expanded the exception to allow disclosure when there is a good faith belief instead of a reasonable belief, and when there was a danger instead of an “immediate” danger. I wouldn’t be surprised if the telephone companies were pushing the change in part out of concern for civil liability for their participation in the NSA call records program.”

Much more at Kerr’s posts.

UPDATE: Marty Lederman also has some excellent analysis that’s definitely worth reading.


The NSA’s Phone Call Database

phone1a.jpgUSA Today reports:

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

“It’s the largest database ever assembled in the world,” said one person, who, like the others who agreed to talk about the NSA’s activities, declined to be identified by name or affiliation. The agency’s goal is “to create a database of every call ever made” within the nation’s borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.

The three telecommunications companies are working under contract with the NSA, which launched the program in 2001 shortly after the Sept. 11 terrorist attacks, the sources said.

More information is contained in this companion article at USA Today.


UPDATE: Orin Kerr offers up a thoughtful analysis of the legality of this program here.


Electronic Surveillance Statistics for 2005

wiretap2.jpgThe Department of Justice (DOJ) has released its annual report on the number of Foreign Intelligence Surveillance Act (FISA) orders, Wiretap Act orders, and National Security Letters issued in 2005.

For FISA surveillance orders, 2072 applications were made to the FISA court; none were denied. Over the past few years, the number of orders has been steadily increasing:

2005 — 2072 applications approved

2004 — 1758 applications approved

2003 — 1724 applications approved

2002 — 1228 applications approved

2001 — 934 applications approved

2000 — 1012 applications approved

1999 — 880 applications approved

In all, only 4 applications have ever been denied. More statistics are on EPIC’s FISA statistics page.

One wonders what the statisics would have been had the Bush Administration properly gone to the FISA court instead of engaging in secret wiretapping by the NSA.

In 2005, according to the Administrative Office of the United States Courts, there were 1773 wiretap orders issued by courts under the Wiretap Act. In 2004, there were 1710 wiretap orders issued.

For the first time, statistics were released on the use of National Security Letters. According to the DOJ report:

Read More


Get High (and Identified) With a Little Help From Your Friends

colorado-student3a.jpgIt’s time to modernize the lyrics to some old Beatles songs. The University of Colorado police are using a website to post surveillance photos of students and other individuals it wants to identify for smoking pot on Farrand Field. Apparently, there’s a tradition at the University of Colorado for students to spoke pot on Farrand Field on April 20th of each year. According to the Rocky Mountain News:

University of Colorado police have posted pictures of 150 people on a website smoking pot on the “420″ day celebration last week and are offering a $50 reward for anyone who can identify them.

Police spokesman Lt. Tim McGraw said they received more than 50 calls within the first hours of posting the pictures online Thursday afternoon. He said police were in the process of confirming the tips today.

According to the website:

The University is offering a reward for the identification of any of the individuals pictured below. After reviewing the photos (click on a photo for a larger image), you may claim the reward by following the directions below:

1. Contact the UCPD Operations section at (303) 492-8168

2. Provide the photo number and as much information as you have about the individual.

3. Provide your name and contact information.

4. If the identity is verified to be correct, you will be paid a $50 reward for every person identified.

5. The reward will be paid to the first caller who identifies a person below, multiple rewards will not be paid for individuals listed below.

Is this just good police work? After all, if a person is caught on camera doing a wrongful act, the police can certainly go around and ask people to identify that person. What’s wrong with doing it via a website? One problem is that the website disseminates permanent images of people smoking pot on the Internet. It forever memorializes a person’s youthful infractions to the world. Is such a police investigation tactic problematic or just efficient?

Read More



cctv1a.jpgThere’s a new British import to America, and sadly, it isn’t a rock band. It’s CCTV. In many of Britain’s cities, there is an elaborate network of thousands of surveillance cameras monitored through closed circuit television (CCTV). According to estimates, there are about 4 million surveillance cameras in Britain and a citizen is caught on surveillance camera about 300 times per day.

The AP reports that NYC is starting to install hundreds of surveillance cameras in an effort to mimic Britain’s CCTV. According to the AP:

[The] program [will] place 500 cameras throughout the city at a cost of $9 million. Hundreds of additional cameras could follow if the city receives $81.5 million in federal grants it has requested to safeguard Lower Manhattan and parts of midtown with a surveillance “ring of steel” modeled after security measures in London’s financial district.

Officials of the New York Police Department — which considers itself at the forefront of counterterrorism since the Sept. 11, 2001, attacks — claim the money would be well-spent, especially since the revelations that al-Qaida members once cased the New York Stock Exchange and other financial institutions. . . .

The city already has about 1,000 cameras in the subways, with 2,100 scheduled to be in place by 2008. An additional 3,100 cameras monitor city housing projects.

New York’s approach isn’t unique. Chicago spent roughly $5 million on a 2,000-camera system. Homeland Security officials in Washington plan to spend $9.8 million for surveillance cameras and sensors on a rail line near the Capitol. And Philadelphia has increasingly relied on video surveillance.

The problem with such surveillance measures is that they are implemented without considering all of the issues. How will people be monitored? What procedures will be put in place to ensure that minorities will not be unfairly singled out? How long will the surveillance video be kept? How will it be analyzed? Who will get to see the video? How will the video be protected against leaks to the media? How will we prvent abuses by government officials? What procedures will be established to ensure that the surveillance is being done properly and not to deter lawful political protest? How do we prevent mission creep — the data being used for all sorts of different purposes down the road?

Read More


Every breath you take, every call you make, I’ll be watching you.

Has your cell phone been out of your sight for more than five minutes? Someone may be tracking you on it, right now. A chilling investigation from the Guardian (via Don’t Let’s Start) shows how easy cell-phone stalking has become:

For the past week I’ve been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I’m going to tell you how I did it. . . . First I had to get hold of her phone. . . . I only needed it for five minutes.

And as the article notes, existing methods of tracking are just the tip of the iceberg. Scary!


Annoy someone online (anonymously); go to jail

From Declan McCullagh (link via my annoying — but not anonymous — friend Steve Evans):

Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity. In other words, it’s OK to flame someone on a mailing list or in a blog as long as you do it under your real name. . . . Criminal penalties include stiff fines and two years in prison.

As McCullough notes, there are a number of problematic issues that arise from this. Many legitimate websites include anonymous or pseudonymous writers.

Will this law mean the end for Juan Non-Volokh, Bitch Ph.D., Plainsman, and legions of other psuedonymous and anonymous bloggers? I certainly hope not. Perhaps a big enough backlash from angry bloggers will have positive results.

UPDATE: Dan S. weighs in with a comment. The change in law affects only the intent analysis. Dan’s comment seems to indicate (correct me if I’m wrong) that the statute will still affect only those who send a “communication which is obscene, lewd, lascivious, filthy, or indecent.” (However, assuming you’re engaged in such activity, the “intent to annoy” will be enough to satisfy the intent requirement of the statute).

So it looks like you’re safe — unless you’re sexually harrassing someone via the Internet.

UPDATE 2: New thoughts from bloggers on the further-developing story: Dan Solove argues that the statute does indeed cover more than just sexual harrassment; I suggest that the provision in question may still be limited to cases of obscenity and harrassment; and Kip Esquire goes even further and questions whether the statute covers blogs at all, or whether it’s merely meant to cover internet telephony.

UPDATE 3: Further evidence that this is _not_ the end of the world as we know it: Orin Kerr notes that the First Amendment limits application of the statute; Ann Bartow argues that e-mail and blogs are not “telecommunications devices” under the statute.


Orin Kerr on the USA Patriot Act Compromise

My colleague Orin Kerr has gone through the nearly 100 pages of statutory text of the new USA Patriot Act renewal compromise bill. He offers his tentative conclusions here. The bill makes changes in Section 215 Orders, National Security Letters, and Sneak and Peek Warrants. Basically the changes are more recordkeeping and more judicial review — both laudable improvements. There are, however, many other problems in the USA Patriot Act as well as in the underlying electronic surveillance laws that still remain. Check out Kerr’s analysis, which is insightful and intelligent as usual. You could, of course, read the almost 100 pages of statutory code yourself, but I’m sure you’ve got a life. Thank goodness there are folks like Kerr to do it for us. That’s why we keep him around.

Related Posts:

1. Solove, National Security Letters

2. Solove, More on National Security Letters

3. Solove, The USA Patriot Act: A Fraction of the Problem