Category: Privacy (Gossip & Shaming)

0

The Year in Privacy Books 2011

Here’s a list of notable privacy books published in 2011.

Previous lists:

Privacy Books 2010

Privacy Books 2009

Privacy Books 2008

 

Saul Levmore & Martha Nussbaum, eds., The Offensive Internet (Harvard 2011)

 

This is a great collection of essays about the clash of free speech and privacy online.  I have a book chapter in this volume along with Martha Nussbaum, Cass Sunstein, Brian Leiter, Danielle Citron, Frank Pasquale, Geoffrey Stone, and many others.

Daniel J. Solove, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011)

 

Nothing to Hide “succinctly and persuasively debunks the arguments that have contributed to privacy’s demise, including the canard that if you have nothing to hide, you have nothing to fear from surveillance. Privacy, he reminds us, is an essential aspect of human existence, and of a healthy liberal democracy—a right that protects the innocent, not just the guilty.” — David Cole, New York Review of Books

Jeff Jarvis, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live (Simon & Schuster 2011)

 

I strongly disagree with a lot of what Jarvis says, but the book is certainly provocative and engaging.

Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (IAPP 2011)

 

“A key resource for busy professional practitioners. Solove and Schwartz have succeeded in distilling the fundamentals of privacy law in a manner accessible to a broad audience.” – Jules Polonetsky, Future of Privacy Forum

Eli Pariser, The Filter Bubble (Penguin 2011)

 

An interesting critique of the personalization of the Internet.  We often don’t see the Internet directly, but through tinted goggles designed by others who determine what we want to see. 

Siva Vaidhyanathan, The Googlization of Everything (U. California 2011)

 

A vigorous critique of Google and other companies that shape the Internet.  With regard to privacy, Vaidhyanathan explains how social media and other companies encourage people’s sharing of information through their architecture — and often confound people in their ability to control their reputation.

Susan Landau, Surveillance or Security? The Risk Posed by New Wiretapping Technologies (MIT 2011)

 

A compelling argument for how designing technologies around surveillance capabilities will undermine rather than promote security.

 


Kevin Mitnick, Ghost in the Wires (Little Brown 2011)

 

A fascinating account of the exploits of Kevin Mitnick, the famous ex-hacker who inspired War Games.  His tales are quite engaging, and he demonstrates that hacking is often not just about technical wizardry but old-fashioned con-artistry.

Matt Ivester, lol . . . OMG! (CreateSpace 2011)

 

Ivester created Juicy Campus, the notorious college gossip website.  After the site’s demise, Ivester changed his views about online gossip, recognizing the problems with Juicy Campus and the harms it caused.  In this book, he offers thoughtful advice for students about what they post online.

Joseph Epstein, Gossip: The Untrivial Pursuit (Houghton Mifflin Harcourt 2011)

 

A short engaging book that is filled with interesting stories and quotes about gossip.  Highly literate, this book aims to expose gossip’s bad and good sides, and how new media are transforming gossip in troublesome ways.

Anita Allen, Unpopular Privacy (Oxford 2011)

 

My blurb: “We live in a world of increasing exposure, and privacy is increasingly imperiled by the torrent of information being released online. In this powerful book, Anita Allen examines when the law should mandate privacy and when it shouldn’t. With nuance and thoughtfulness, Allen bravely tackles some of the toughest questions about privacy law — those involving the appropriate level of legal paternalism. Unpopular Privacy is lively, engaging, and provocative. It is filled with vivid examples, complex and fascinating issues, and thought-provoking ideas.”

Frederick Lane, Cybertraps for the Young (NTI Upstream 2011)

 

A great overview of the various problems the Internet poses for children such as cyberbullying and sexting.  This book is a very accessible overview for parents.

Clare Sullivan, Digital Identity (University of Adelaide Press 2011)

 

Australian scholar Clare Sullivan explores the rise of “digital identity,” which is used for engaging in various transactions.  Instead of arguing against systematized identification, she sees the future as heading inevitably in that direction and proposes a robust set of rights individuals should have over such identities.  This is a thoughtful and pragmatic book, with a great discussion of Australian, UK, and EU law.

2

FTC v. Santa

Jeff Jarvis has this humorous piece about the FTC vs. Santa:

Federal Trade Commission Chairman Jon Leibowitz today announced a record fine against Santa Claus for violations of the Children’s Online Privacy Protection Act.

“Mr. Claus has flagrantly violated children’s privacy, collecting their consumer preferences for toys and also tracking their behavior so as to judge and maintain a data base of naughtiness and niceness,” Leibowitz said. “Worse, he has tied this data to personally identifiable information, including any child’s name, address, and age. He has solicited this information online, in some cases passing data to third parties so they may fulfill children’s wishes. According to unconfirmed reports, he has gone so far as to invade children’s homes in the dead of night. He has done this on a broad scale, unchallenged by government authorities for too long.”

I also heard that DHS has called for the arrest of Santa for flying over restricted airspace.  The FBI is seeking his records about those who are naughty.  The TSA is upset that he bypassed security screening.  Meanwhile, his reindeer are being charged with cyberbullying Rudolf.  And he’s in trouble with the NLRB for his restrictive social media policy forbidding his elves from blogging about their low pay and inability to unionize. . . .

 

3

Should Teachers Be Banned from Communicating with Students Online?

Increasingly, states and school districts are struggling over how to deal with teachers who communicate with students online via social network websites.  One foolish way to address the issue is via strict bans, such as a law passed in Missouri earlier this year that attempted to ban teachers from friending students on social network websites.  Such laws are likely violations of the First Amendment right to freedom of speech and association, and I blogged at the Huffington Post that the law was unconstitutional.  Soon thereafter, a court quickly struck down the law.

The NY Times now has an article out about the challenges in crafting social media policies for teacher-student interaction, noting that “stricter guidelines are meeting resistance from some teachers because of the increasing importance of technology as a teaching tool and of using social media to engage with students.”

There are a number of considerations that schools should think about when crafting a social media policy:

1. The policy should account for the fact that there are legitimate reasons for students and teachers to communicate online.  A teacher might be related to a student, and certainly a law or policy shouldn’t ban parents from friending their children.  Or a teacher might be a godparent to a child or a close family friend or related in some way.

2. One middle-ground approach is to require parental consent whenever a teacher wants to friend a minor student online.  This greater transparency will address the cases where teachers might have inappropriate communication with minors.

3. Clear guidelines about appropriate teacher expression should be set forth, so teachers know what things will be inappropriate to say.  Teachers need to learn about their legal obligations of confidentiality, as well as avoiding invasions of privacy, defamation, harassment, threats, and other problematic forms of speech.

4. When teachers use social network sites in the classroom — or otherwise use blogs and online posting as a teaching device — they should exercise great care, especially when requiring minors to express themselves publicly online.  I’ve seen some class blogs, where students are asked to post reactions to reading or write online journals.  Making students post their views and opinions to the public, especially at such a young age, strikes me as a problematic practice.  The Children’s Online Privacy Protection Act (COPPA) would protect minors under the age of 13, but teachers should be sensitive to minors 13 and older too.  No minor student should be required to post any personal information or class assignment on a publicly-accessible website without the student’s consent and the parent’s consent.  And all websites that involve student personal information have a privacy policy.

5. Education is key.  I’ve read about a lot of cases involving improper social media use by educators, and they often stem from a lack of awareness.  Teachers think they can say nearly anything and it will be protected by the First Amendment.  The First Amendment law actually gives schools a lot of leeway in disciplining educators for what they say, and educators can also be sued by those whom they write about.  Educators often think that if they post something anonymously, then it is okay or they can get away with it — but anonymity online is often a mirage, and comments can readily be traced back to the speaker.  And educators often set the privacy settings on social media sites incorrectly.  They don’t spend enough time learning the ins and outs of the privacy settings.  These are actually quite tricky — even rocket scientists have trouble figuring them out.

0

New Edition of Information Privacy Law Casebooks

The new edition of my casebook, Information Privacy Law (4th edition) (with Paul M. Schwartz) is hot off the presses.  And there’s a new edition of my casebook, Privacy, Information, and Technology (3rd edition) (with Paul M. Schwartz).   Copies should be sent out to adopters very soon.  If you’re interested in adopting the book and are having any difficulties getting a hold of a copy, please let me know.

You also might be interested in my concise guide to privacy law, also with Paul Schwartz, entitled Privacy Law Fundamentals.   This short book was published earlier this year.  You can order it on Amazon or via IAPP.  It might make for a useful reference tool for students.

 

0

Facebook Settles with the FTC

Facebook has settled with the FTC over its change to its privacy policies back in 2009. According to the FTC complaint, as summed up by the FTC press release, Facebook engaged in a number of unfair and deceptive trade practices:

  • In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
  • Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
  • Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
  • Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
  • Facebook promised users that it would not share their personal information with advertisers. It did.
  • Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
  • Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

 

The settlement, which requires auditing of Facebook for 20 years, makes a number of requirements.  Facebook will be:

Read More

3

J.K Rowling, Defamation and Privacy Law, and the Chilling of the Media

A common argument made to justify First Amendment restrictions on privacy torts and defamation law is that legal liability will chill the media.  I am generally sympathetic to these arguments, though only to a point.  I think these arguments are often overblown.  An interesting point of comparison is the UK, where there is a much weaker protection of free speech and much stronger defamation law.  Although the UK has not embraced all of the privacy torts recognized in the United States, it has come close, recognizing a robust tort of breach of confidence.  Despite the lack of a First Amendment equivalent, and the stronger legal liability for gossip and libel, the press in the UK seems anything but chilled or cowed.  Consider J.K. Rowling’s recent testimony:

Rowling said a “wholly untrue” Daily Express story, which claimed she had based an unpleasant character on her ex-husband, had meant she had to have a “horrible” conversation with their young daughter to explain that it was not the case.

“This episode caused real emotional hurt,” she said, because her daughter had to cope with other children believing that about her father.

Rowling added: “It portrayed me as a vindictive person who would use a book to vilify anyone against whom I had a grudge.”

Rowling also pointed to a story published in the Sunday Mirror, which claimed her husband had given up his job as a doctor “to be at the beck and call of his obscenely rich wife,” she said.

This was “damaging misinformation” about her husband, who is not a celebrity, she said, because it led colleagues to believe he had abandoned his medical career. The paper subsequently apologized.

Defamatory articles spread like fire and are difficult to contain, she told the inquiry, but she had no “magical answer” to the problem of abuses by the press.

Rowling’s testimony, and that of others, reveals a rabid and fervent media in the UK — in spite of the stronger laws.  This makes me ponder whether the claim that strong privacy and defamation law will chill the media is false — or at least is overblown as I believe.  But another conclusion may be drawn from this — perhaps the law doesn’t do much work at all.  It appears that the media’s behavior is not dramatically affected by the law, and thus the law really fails to shape norms or impact behavior.  I’m not sure I agree with this claim, but it is one that should be pondered.

The situation calls for further thought.  How can it be that the tabloid press is so robust in the UK which appears to have much weaker free speech protections than the US?   I only have guesses, not answers, and this question has always struck me as one worth investigating.

 

16

Bigoted Harassment, Alive and Well Online

With the help of law and changing norms, invidious discrimination has become less prevalent in arenas like schools, workplaces, hotels, and public transportation.  Due to our social environments, anti-discrimination law is fairly easy to enforce.  Because leaders usually can figure out those responsible for discriminatory conduct and ignore such behavior at their peril, bigotry raises a real risk of social sanction.  So too hate discourse in the public sphere is more muted.  A hundred years ago, Southern newspapers and leaders explicitly endorsed mob violence against blacks.  As late as 1940, a newspaper editor in Durham, North Carolina could state that: “A Negro is different from other people in that he’s an unfortunate branch of the human family who hasn’t been able to make out of himself all he is capable of” due to his “background of the jungle.”  In the post-Civil Rights era, the public expression of bigoted epithets and slurs occurs infrequently.  One rarely hears racist, sexist, or homophobic speech in mainstream media outlets.  Some interpret this state of affairs optimistically, as a sign that we are moving beyond race, gender, and arguably even sexual orientation.  The election of the first black President provoked proclamations of our entry into a “post-racial” era.  Many contend that we no longer need feminism anymore.  Prime time television is filled with images of female power, from Brenda Leigh Johnson’s chief on The Closer to Dr. Miranda Bailey’s “take no prisoners” surgeon on Grey’s Anatomy.  Who needs feminism anymore as its goals have been achieved?

But a new era is not upon us.  In some arenas, hate’s explicit form has repackaged itself in subtlety.  In public discourse, crude biological views of group inferiority are often replaced with a kinder, gentler “color-blind racism,” as sociologist Eduardo Bonilla-Silva calls it. The face of modern racism is, in journalist Touré’s estimation, “invisible or hard to discern, lurking in the shadows or hidden.”  The media has also better disguised sexism with its anxiety about female achievement, renewed and amplified objectification of young women’s bodies and faces, and the dual exploitation and punishment of female sexuality, as media scholar Susan Douglas explains.

Offline public discourse may now be on more neutral ground but its online counterpart is not.  While virulent bigotry continues behind closed doors, it increasingly appears in online spaces that blend public and private discourse.  Although televised sports commentary rarely features anti-gay rhetoric, online sports message boards are awash in in-your-face homophobic speech.  Racial epithets and slurs are common online, whether in Facebook profiles, Twitter posts, blog comments, or YouTube videos.  College students encounter more sexually inappropriate speech in online interactions than in face-to-face ones.

Matters have not improved since I started talking and writing about it since 2007, when we woke up, for a brief second, and paid attention to sexualized, misogynistic attacks on Kathy Sierra on her blog and two others and the targeting of female law students on AutoAdmit.  Then, technologist Tim O’Reilly and Wikipedia co-founder Jimmy Wales called for a Blogger’s Code of Conduct.  That effort failed to gain traction, and ever since the bigoted online abuse continues, silencing victims, ruining their online reputations, costing them jobs, and interfering with their ability to engage with others online and offline.  Newsweek’s always insightful Jessica Bennett has published important new piece on online misogyny and the Guardian’s Vanessa Thorpe and Richard Rogers similarly explore the rape threats and abuse of female bloggers.  I will be blogging about bigoted online harassment, as I am amidst writing a book about it and serving on the Inter-Parliamentary Task Force on Online Hate, which recently held a hearing at the House of Commons.  This all has to stop, and now.

0

Off-Campus Cyberbullying and the First Amendment

The U.S. Court of Appeals for the Fourth Circuit recently upheld a school’s discipline of a student for engaging in off-campus cyberbullying of another student.  In Kowalski v. Berkeley County Schools, — F.3d — (4th Cir. July 27, 2011), a student (Kara Kowalski) created a MySpace profile called “S.A.S.H.,” which she said was short for “Students Against Sluts Herpes.” Another student, however, claimed it really stood for “Students Against Shay’s Herpes,” referring to a student named Shay N.  Kowalski invited about 100 people to join the page, and about 24 people joined. Students posted comments and images making fun of Shay N.  One student posted a picture of Shay N. and put “red red dots on Shay N.’s face to simulate herpes and added a sign near her pelvic region, that read, ‘Warning: Enter at your own risk.’ In the second photograph, he captioned Shay N.’s face with a sign that read, ‘portrait of a whore.'”

After a complaint by Shay N. and an investigation, school officials determined that Kowalski created a “hate website” that violated school policy.  Kowalski was suspended for 5 days and received a “socail suspension” for 90 days, unable to participate in various social events at the school.

Kowalski sued, claiming that the discipline violated her free speech rights under the First Amendment to the U.S. Constitution.

Under the “substantial disruption” test, as defined by the U.S. Supreme Court in Tinker v. Des Moines School District, 393 U.S. 503 (1969), the school must demonstrate “facts which might reasonably lead school authorities to forecast substantial disruption of or material interference with school activities.”

Read More

No More Secret Dossiers: We Need Full FTC or CFPB Investigation of “Fourth Bureau” Reputation Intermediaries

There is a superb article by Ylan Q. Mui on the growth of new firms that create consumer reputations. They operate outside the traditional regulation of the three major credit bureaus. Mui calls this shadowy world of reputational intermediaries the “fourth bureau.” The Federal Trade Commission should conduct an immediate investigation of the “black box” practices described by an industry leader in the article. This should be part of a larger political and social movement to stop the collection of “secret dossiers” about individuals by corporate entities. The Murdoch scandal now unraveling in Britain is only the most extreme example of a wholesale assault on privacy led by unscrupulous data collectors.

Once a critical mass of data about a person has been collected for a commercial purpose, she deserves to know what the data is and who is gathering it. Once an educator, employer, landlord, banker, or insurer makes a decision based on that data, the affected individual should be able to challenge and correct it. I have made a preliminary case for such reforms in my chapter Reputation Regulation, in this book. I now think this agenda is more urgent than ever, given the creeping spread of unaccountable data mining in the internet sector to a wild west of reputational intermediaries.

From a Fair Credit Reporting Act to a Fair Reputation Reporting Act

To understand why, it’s helpful to take a step back and look at how poorly regulated even the established credit bureaus are. As Shawn Fremstad and Amy Traub have noted in the Demos report Discrediting America, ample empirical evidence has confirmed that a vast number of traditional credit bureau files are erroneous:
Read More

1

When Can Public Schools Discipline Students for Off-Campus Speech?

I’ve been spending a lot of time lately focusing on privacy issues at schools.  I find these issues fascinating, and I have been working on them in the trenches, as I created a company last year to provide tools and resources to schools to help them better address privacy problems and to develop a comprehensive privacy program (or enhance their existing privacy program).  The company is called TeachPrivacy.  If you’re a school official (K-12, higher ed), a teacher/professor, or a concerned parent, please contact me if you’re interested in my project.

My immersion in this project is one of the reasons I haven’t been blogging as frequently of late.  But today, there was a great convergence between blogging and my company, and I worked up a lengthy analysis of two new federal appellate cases involving the First Amendment and off-campus speech.  The issue has important ramifications for how public schools deal with cyberbullying and other harmful speech online.

The U.S. Court of Appeals for the Third Circuit just issued two important decisions regarding a public school’s power to discipline students for off-campus speech.  Both cases were previously decided by Third Circuit panels (three judges from the court).  The Third Circuit, acting en banc (the full court) vacated these decisions, reheard the cases, and has now issued new opinions in both.

Layshock v. Hermitage School District

On a computer outside school grounds, a high school student (Justin Layshock) made a fake MySpace profile in his principal’s name.  Using a photo of the principal, the student impersonated the principal and answered a series of questions.  He wrote:

Birthday: too drunk to remember
Are you a health freak: big steroid freak
In the past month have you smoked: big blunt3
In the past month have you been on pills: big pills
In the past month have you gone Skinny Dipping: big lake, not big dick
In the past month have you Stolen Anything: big keg . . . .

Later on, at school, the student used a computer to access the profile and he showed it to other students.  Some students were looking at the profile in a computer lab class and giggling.  School officials eventually limited computer use for a period of 5 days and cancelled computer programming classes.

The student later admitted to writing the profile and apologized to the principal.  Later on, the district punished the student with a 10-day suspension, banned him from extracurricular activities, and did not allow him to participate in graduation ceremonies.  The student challenged the discipline as a violation of his First Amendment right to free speech.  In Layshock v. Hermitage School District (3rd Cir. June 13, 2011) (en banc), the court sided with the student.

The prevailing standard for when schools can impose discipline for off-campus speech was developed from the U.S. Supreme Court’s decision Tinker v. Des Moines Independent Community School District, 393 U.S. 503 (1969).  When off-campus speech causes a material and substantial disruption of the school environment, the school can impose discipline.  Otherwise, off-campus speech would receive full First Amendment free speech protections (unless it were a threat). This is known as the “substantial disruption” standard.

In Layshock, the court noted that the school district was not claiming there was a “substantial disruption.”  Instead, the school wanted the court to recognize that there was a “sufficient nexus” between the profile and the school to allow the school to regulate it.  Layshock took a picture of the principal from the school’s website, the speech was “aimed at the School District community and the Principal and was accessed by Justin [Layshock].”  The court held:

Read More