Archive for the ‘Privacy (Law Enforcement)’ Category
UCLA Law Review 57:1 (October)
posted by UCLA Law Review
Volume 57, Issue 1 (October 2009)
Articles
| From Privacy To Liberty: The Fourth Amendment After Lawrence | Thomas P. Crocker | 1 |
| Who Can Sue Over Government Surveillance? | Scott Michelman | 71 |
| Leverage in the Board Room: The Unsung Influence of Private Lenders in Corporate Governance | Frederick Tung | 115 |
Essay
| After the Bailout: Regulating Systemic Moral Hazard | Karl S. Okamoto | 183 |
Comments
| Evaluating The Public Interest: Regulation Of Industrial Hemp Under The Controlled Substances Act | Christine A. Kolosov | 237 |
| Improving The Education Of California’s Juvenile Offenders: An Alternative To Consent Decrees | Stefanie Low | 275 |
| The Right to Control One’s Name | Julia Shear Kushner | 313 |
Discourse
| Getting the Framers Wrong: A Response to Professor Geoffrey Stone | Samuel Calhoun | |
| The Perils of Religious Passion: A Response to Professor Samuel Calhoun | Geoffrey Stone |
Th UCLA Law Review is also pleased to announce the launch of a our new website.
October 30, 2009 at 4:21 pm
Posted in: Civil Rights, Constitutional Law, Corporate Law, Law Rev (UCLA), Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Uncategorized
Print This Post
2 Comments
Appearing for the Defendant, $186,416.00: Medical Marijuana, State Law, and the Fourth Amendment
posted by Deven Desai
The Ninth Circuit just issued an opinion about the interplay between state law enforcement, federal law enforcement, the Fourth Amendment, and state law.
The LAPD obtained a warrant to search a licensed medical marijuana facility. The LAPD did not, however, tell the judge that the place to be searched was licensed. The search proceeded. Around 209 pounds of marijuana, 21 pounds of hashish, and 12 pounds of marijuana oil were seized along with $186,416.00. The facility wanted the money back, but it had been turned over federal law enforcement and forfeiture proceedings were started. If forfeited, the city stood to gain about 80 percent of the money. The Ninth Circuit The Ninth Circuit’s ruling (pdf) has the full details. This passage seems to sum up the problem and the way in which the LAPD erred.
While there may have been probable cause to search UMCC for a violation of federal law, that was not what the LAPD was doing. Nothing in the documents prepared at the time the warrant was obtained from the state court or in the procedure followed to obtain that warrant supports the proposition that the LAPD thought it was pursuing a violation of federal law. Instead, it sought a warrant from a state court judge, though, as the District Court found, it lacked probable cause for a state law violation and failed to inform the state court judge of relevant facts that supported the conclusion that UMCC was not in violation of state law. The LAPD, a city agency, never initiated the process of seeking a federal search warrant from a federal magistrate or indicated that it was pursuing a violation of federal law.
I defer to Fourth Amendment scholars as to whether this ruling makes sense. Nonetheless, it seems that the federal government’s new policy might mean that state or local government that wants the federal government involved in going after medical marijuana facilities will have to persuade the federal government that a facility is not complying with state law. That requirement seems to match what the Ninth Circuit is saying state and local law enforcement groups should do with state judges in the first place.
October 21, 2009 at 7:25 am
Tags: Fourth Amendment, medical marijuana
Posted in: Criminal Law, Criminal Procedure, Health Law, Privacy (Law Enforcement)
Print This Post
No Comments
Making the Internet Safer, the NSA Way
posted by Danielle Citron
Securing our networked environment is both crucial and difficult. Six months ago, President Obama declared his Administration’s commitment to protect cyberspace from sabotage of all stripes. For the President, the rise of online theft, electronic espionage, and military-related cyber assaults necessitated the appointment of a cyber czar to protect our cyber “national assets.” The President has tried to fill that spot: Shane Harris of National Journal explains that “more candidates had declined the job than were still in the running for it.” And despite our failed efforts at CoOp to recruit Orin Kerr for the job, the cyber czar position remains empty.
This state of affairs may be due to the difficult nature of the task at hand. Former NSA head General Michael Hayden recently said: “There is no regime for us to work within to respond to cyberattack. We are in a place where technology has long outstripped policy–let alone law–in term of what’s available. We are going to have to rely on heroism instead of a plan.” If Hayden has it right, it is no wonder that no one wants the job.
Nonetheless, the Administration may have already charted its path, one that entrusts the National Security Agency with protecting cyberspace. According to the National Journal, Lt. General Keith B. Alexander, the NSA’s director, has been “setting up the central nervous system in the government’s campaign to defend cyberspace.” The NSA will now, unlike the past, help oversee the networks of civilian government and privately-owned, criticial infrastructure (dams, railroads, hospitals, banks, food industry, hotels, telecommunications, postal, shipping, retail, transportation, and well everything else). This is true even though DHS is charged with defending civilian networks and coordinating private sector protection. Homeland Security Security Secretary Janet Napolitano said that NSA will provide DHS “technical assistance” on this issue. In short, DHS will rely on the NSA for the tools, expertise, and resources to protect cyberspace.
So the NSA apparently will be overseeing and securing private networks, the same NSA that engaged in wholesale warrantless surveillance of Americans after 9/11 (and the agency that monitored telegrams coming in and out of the United States to detect individuals with communist ties in the 1950s and 1960s)? Congress has, of course, limited the NSA’s warrantless wiretapping and the President has promised us greater transparency in government decision-making. Nonetheless, NSA’s oversight over privately-owned systems and wholesale access to their contents raises serious concerns. And because the NSA will direct these efforts in the name of national security and intelligence, little transparency will be forthcoming. On another note, the question remains whether it was agency turf-war antics that led to Melissa Hathaway’s decision to leave government–she was the DHS official and most senior cyber expert in the White House who had been a leading candidate for the cyber czar post. At the time of her resignation, Hathaway told the Washington Post that she “wasn’t willing to continue to wait any longer,” and she wasn’t “empowered” to make any changes.
October 6, 2009 at 9:12 am
Posted in: Architecture, Cyberlaw, Privacy, Privacy (Law Enforcement), Privacy (National Security), Technology, Uncategorized
Print This Post
One Comment
Tweeting for the Party
posted by Danielle Citron
During the 2008 election, Democrats effectively used Web 2.0 platforms to garner interest in the campaign and win supporters. President Obama has been widely hailed as the first “Tech President,” and he seems to have trounced the Facebook landscape. To date, President Barack Obama has over 6.6 million Facebook friends, while Sarah Palin only has 848, 614 Facebook pals and Mitt Romney has 70, 130.
Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front. The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer. Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor now that they are in the minority. AMERICAblogs’ John Aravosis worries that Democrats have ceded their online advantage.
No matter the current political victor in this social media landscape, Government 2.0 is here to stay. It surely has great potential to shine light on government policymaking and to marshal public participation, especially from people who otherwise wouldn’t bother getting involved with government policymaking. Adding the President as a friend on MySpace and joining live chats may seem to be a relatively costless endeavor as compared to writing letters or commenting on agency rulemakings. But Government 2.0 also poses privacy risks: social media sites not only give government access to people’s policy insights but also access to all of individuals’ social media data, such as their videos, photos, walls musings, “Top 25 things you don’t know about me” lists, and the like. Soon, I will be posting on SSRN a draft of my essay “The One-Way Mirror: Enhancing Participation and Securing Privacy for Government 2.0″ (forthcoming George Washington Law Review) and hope to get your feedback.
September 28, 2009 at 12:11 pm
Posted in: Cyberlaw, Google & Search Engines, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Social Network Websites, Technology, Uncategorized
Print This Post
No Comments
Burglars Like Facebook, Too
posted by Danielle Citron
Facebook offers much to law enforcement, perhaps more than many might think. Last week, a Pennsylvania man was arraigned for felony burglary, having allegedly broken into a woman’s home and stolen jewelry. The defendant seemingly played a big role in ensuring his capture: he checked his Facebook page during the burglary. The victim noticed that the defendant’s Facebook account appeared on her computer after the burglary. No joke. This takes harming oneself through social networking to a new level.
September 22, 2009 at 11:53 am
Posted in: Anonymity, Criminal Law, Privacy, Privacy (Consumer Privacy), Privacy (Law Enforcement), Technology, Uncategorized, Weird
Print This Post
No Comments
Understanding Privacy in Paperback
posted by Daniel Solove
I’m pleased to announce that my book, Understanding Privacy, has just come out in paperback from Harvard University Press, with a price that’s much more reasonable and affordable than the hardcover.
Understanding Privacy offers a comprehensive overview of the many difficulties involved in discussions of privacy. Drawing from a broad array of interdisciplinary sources, I set forth a framework for understanding privacy that provides clear practical guidance for engaging with privacy issues.
September 14, 2009 at 7:36 am
Posted in: Articles and Books, Book Reviews, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical), Privacy (National Security)
Print This Post
No Comments
I See Code: Plain View and Computer Searches
posted by Deven Desai
The Ninth Circuit has taken a swat computer searches and the plain view doctrine (pdf). I have not yet read the entire opinion but Orin Kerr has a series of posts about the decision here. And Shaun Martin, for whom I have a ton of respect as well, covers the case here. Shaun’s post captures how well-written the opinion is: “In my dreams I could write an opinion this good. It’s clear. It’s concise. It provides meaningful, systemic guidelines. It’s just. It’s got a keen sense of both the practical way the world works as well as the dangers inherent in certain conduct. In short, it’s exactly what I want in a wide-ranging opinion that makes meaningful precedent. … If you only read a dozen Ninth Circuit opinions this year, this should be amongst them.”
Dan and others will likely have more to say, so stay tuned, folks. As Orin notes, “This is really new territory, so it will be interesting to see how it plays out. I suspect we’ll find out soon, as there are a lot of these cases.” In the interim, here are three paragraphs worth reading:
The point of the Tamura procedures is to maintain the privacy of materials that are intermingled with seizable materials, and to avoid turning a limited search for particular information into a general search of office file systems and computer databases. If the government can’t be sure whether data may be concealed, compressed, erased or booby-trapped without carefully examining the contents of every file—and we have no cavil with this general proposition—then everything the government chooses to seize will, under this theory, automatically come into plain view. Since the government agents ultimately decide how much to actually take, this will create a powerful incentive for them to seize more rather than less: Why stop at the list of all baseball players when you can seize the entire Tracey Directory? Why just that directory and not the entire hard drive? Why just this computer and not the one in the next room and the next room after that? Can’t find the computer? Seize the Zip disks under the bed in the room where the computer once might have been. See United States v. Hill, 322 F. Supp. 2d 1081 (C.D. Cal. 2004). Let’s take everything back to the lab, have a good look around and see what we might stumble upon.
This would make a mockery of Tamura and render the carefully crafted safeguards in the Central District warrant a nullity. All three judges below rejected this construction, and with good reason. One phrase in the warrant cannot be read as eviscerating the other parts, which would be the result if the “otherwise legally seized” language were read to permit the government to keep anything one of its agents happened to see while performing a forensic analysis of a hard drive. The phrase is more plausibly construed as referring to any evidence that the government is entitled to retain entirely independent of this seizure.
To avoid this illogical result, the government should, in future warrant applications, forswear reliance on the plain view doctrine or any similar doctrine that would allow it to retain data to which it has gained access only because it was required to segregate seizable from non-seizable data. If the government doesn’t consent to such a waiver, the magistrate judge should order that the seizable and non-seizable data be separated by an independent third party under the supervision of the court, or deny the warrant altogether.
August 27, 2009 at 6:01 am
Tags: Balco, Fourth Amendment, Judge Kozinski, Ninth Circuit
Posted in: Cyberlaw, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security)
Print This Post
One Comment
Surveillance Facebook-Style: It’s Your Party and You Can Cry If You Want To
posted by Danielle Citron
The U.K.’s Register reports that British police stormed a man’s birthday barbeque party because his invite to 15 Facebook friends advertised an “all night party.” Before the party could really begin, police showed up in four cars, a riot van, and a helicopter, ordering the birthday boy to shut the party down or face arrest. With an appropriate amount of humor, Andrew Poole, the birthday trouble-maker, explained: “What the police did was come in and stop 15 people eating hamburgers.” What would possess the Facebook Precinct to bother here? Section 63 of the Criminal Justice and Public Order Act 1994 grants police powers to remove individuals attending or preparing for a “rave,” defined as playing amplified music “wholly or predominantly characterised by the emission of a succession of repetitive beats.”
This incident demonstrates the perils of a society that monitors and mines Facebook communications. The costs to liberty include blows to free expression and association. Brits will surely think twice about wall messages and “what I am doing now” missives that include talk of parties and other activities subject to misinterpretation. The costs to society: the misdirection of police from real threats to society and wasted resources spent breaking up a birthday bash (the helicopter time apparently cost 200 pounds and tack on the police efforts, including any investigation they conducted and time at the party, and gas for the four cars and van). So with Facebook surveillance the British may get less liberty and less security.
Commentators on the Register story noted their relief at living in the United States. They suggested that law enforcement and security officials would never be so foolish as to monitor Facebook traffic. Think again. The NSA’s Advanced Research Development Activity (ARDA) has funded research on the “Semantic Analytics on Social Networks: Experiences in Addressing the Problem of Conflict of Interest Detection,” which discusses how intelligence about people can be extracted from social networks. ARDA’s role is to spend NSA money on research that can “solve some of the most critical problems facing the U.S. intelligence community.” ARDA’s function is to make sense of the massive amount of data that the NSA collects.
Should Americans be worried about intelligence profiling a la Facebook? Many might think that the use of privacy settings on social networking sites would obviate the problem. First, studies suggest that most social networking site users use the default privacy settings, which are often the least privacy protecting and may reveal much of a user’s musings. Second, this assumption presumes that third party sites will not turn over social networking data, which they own, to the government, either for a pretty price or in the face of a subpoena or warrant. This assumption may be faulty. So what is all of the fuss? Automated intelligence profiling has obvious costs, such as the ones posed by the birthday party bust. It also has less apparent ones, such as mining misleading social networking data with other not-so reliable private and public database date and, poof, people end up on government watchlists.
Stock Xchange Photo
July 19, 2009 at 4:01 am
Posted in: Anonymity, Architecture, Cyberlaw, Google & Search Engines, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Technology, Uncategorized
Print This Post
2 Comments
New Developments in Cryptography and Privacy
posted by Deven Desai
According to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:
computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.
It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.
As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.
All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.
Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)
June 30, 2009 at 11:35 am
Tags: cloud computing, cryptography, Privacy
Posted in: Cyberlaw, Google & Search Engines, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Technology
Print This Post
7 Comments
On the Rumored Cyber Security Czar Candidate: Let’s Look Before We Leap
posted by Danielle Citron
According to Time magazine, former Congressman Tom Davis has emerged as a front runner for the newly created Cyber Security Czar position. The Time piece cited Davis’s authorship of the Federal Information Security Management Act of 2002, his work as chair of the Subcommittee on Technology and Procurement policy, his connections to the IT community through his former district, and his current work at Deloitte as some of the reasons supporting his candidacy.
President Obama has stressed that privacy is key to the government’s cyber security efforts. Davis’s record on privacy issues, however, is troubling. As Wired’s Ryan Singel reports, Davis has been on the “wrong side of privacy issues.” Davis supported the controversial REAL ID Act.” He attempted to undo a measure that ultimately put a chief privacy officer in every major government agency. He embraced the Bush Administration’s expansion of government wiretapping powers. Aside from his spotty record on privacy, Davis’s congressional record suggests that he does not share the President’s regard for government transparency. He helped pass the Critical Infrastructure Act, which created an exemption to FOIA for information provided DHS by private companies concerning its oversight of critical infrastructure. Hopefully, the President will consider these issues before making his final decision.
June 23, 2009 at 4:29 pm
Posted in: Privacy, Privacy (Gossip & Shaming), Privacy (Law Enforcement), Privacy (National Security), Technology, Uncategorized
Print This Post
One Comment
Why We Should Care About Privacy in a Government 2.0 World
posted by Danielle Citron
Yesterday, I wrote about the public’s expectations regarding privacy when interacting with government on social networking sites such as Facebook, MySpace, Flickr among others. Why should we care if agencies collect our musings, videos, and pictures that we have willingly shared with online “friends,” both real and imaginary ones?
Here are some practical concerns: the personal information on MySpace pages could be collected and joined with other data gathered from private data mining companies, public sector databases, etc. (Oftentimes, data about us collected by third parties is often faulty). All together, the information could suggest (albeit falsely) that we constitute a threat to society. Law enforcement could be informed and our names could be put on watch lists. This is not a hypothetical problem, see here. If federal agencies collected and maintained that data in their systems, it would be covered by the Privacy Act of 1974. Nonetheless, you would still appear on a watch list or assigned another ignominious fate by an automated government system.
As a normative matter, the absence of privacy vis-a-vis government on online social networking sites is unappealing. It would likely have an impact on our willingness to friend government agencies. We would be less likely to join online conversations that the Open Government directive hopes to generate. Or if we friend a government agency because we want to peer inside its operations, we may edit what we include on our profiles. As Julie Cohen has elegantly developed in her work, the lack of privacy would chill our creativity and desire to experiment with different aspects of our personalities. And Patricia Sanchez Abril has a superb piece entitled “A (My)Space of One’s Own: On Privacy and Online Social Networks” that discusses the social implications of a “no privacy” presumption in information we share with our friends on social networking sites. Justice Douglas’s remark that “monitoring, if prevalent, certainly kills free discourse and spontaneous utterances” should not be lost to us here.
Wikimedia Commons Image
June 19, 2009 at 9:34 am
Posted in: Cyberlaw, Privacy, Privacy (Consumer Privacy), Privacy (Law Enforcement), Technology, Uncategorized
Print This Post
2 Comments
The Many Deaths of Privacy
posted by Frank Pasquale
As they follow the fascinating and heartening “Twitter Revolution” in Tehran, commentators worry that “the regime is prepared to detain dissidents — reportedly using Facebook and Twitter to locate them.” Yesterday also saw new reports of controversy over domestic surveillance by the US National Security Agency. Apparently the “agency routinely examined large volumes of Americans’ e-mail messages without court warrants.” Commentators like Glenn Greenwald and our own Dan Solove have done a great job explaining the legal details of NSA surveillance. I just want to comment on some of broader social trends that explain the upward ratchet of surveillance around the world.
Worries about the “death of privacy” have been prevalent for some time. We increasingly lack control over (or even awareness of) the digital profiles kept about us by businesses and governments. Another form of privacy—that at the core of the public-private divide—has also been in decline over the past couple decades. As the essays in Freeman and Minow’s book Government by Contract show, “privatization” is often less an arm’s length transaction between government and business than a veritable marriage of institutions. The recent explosion of public-private partnerships in the finance and auto industries further erodes the distinction between government and business. As William J. Novak’s essay in Government by Contract observes, much of what we think of as purely private markets are creatures of state action:
Read the rest of this post »
June 18, 2009 at 8:00 am
Posted in: Google & Search Engines, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Social Network Websites
Print This Post
No Comments
Twitter Fraud
posted by Danielle Citron
Individuals increasingly use social networking tools to commit fraud. Philadelphia Eagles player Asante Samuel discovered his Twitter imposter after the Philadelphia Daily News attributed to him comments from his doppleganger’s Twitter feed. Keith Olbermann was a victim of Twitter impersonation as was Tony La Russa, manager of the St. Louis Cardinals. Temple professor Susan Jacobson predicts that much like the early days of the Internet when individuals bought the domain names of celebrities to sell it to those notables for a tidy profit, we will likely see variations of such mischief on social networking sites.
Aside from the celebrity context, we may see other misuses of Twitter feeds. Governments increasingly use Twitter to alert the public about car accidents, fires, crime reports, and public health emergencies. A tweet about a fabricated fire or car accident could cause dangerous traffic jams and needless panic. Someone could impersonate a police department, sending tweets about crimes never committed. This teaches us to be circumspect about all of those Twitter updates.
H/T to Jim Stanton for his blog posting, “Social Media Fraud On the Increase.”
Wikimedia Commons Image
June 10, 2009 at 11:11 am
Posted in: Anonymity, Criminal Law, Culture, Current Events, Cyberlaw, Privacy (Law Enforcement), Technology, Uncategorized
Print This Post
No Comments
Tracking Online Behavior to Combat Terror in the U.K.
posted by Danielle Citron
As of last week, all Internet traffic in the United Kingdom will be archived for a year’s time. The British government has adopted the European Union directive requiring Internet access providers to store their users’ email traffic (i.e., the authors, date, and time of messages, not the messages themselves), VoIP calls (traditional phone calls are already monitored pursuant to previously adopted EU directive), and web surfing. Hundreds of public agencies, including law enforcement, will have access to data reservoirs teeming with personal information to fight “crime and terrorism.” The U.K. is poised to amass more data from the private sector in the name of counter-terrorism, considering proposals to require social networking sites, such as Facebook, to retain its British users’ records. The British government has adopted a threat model of governance: emergencies demand extraordinary measures to protect security, no matter the cost to other liberties.
The Obama Administration may not be as opposed to the U.K. approach as might be assumed. In the same week that the British adopted data retention as part of its anti-terror strategy, the Department of Justice vigorously defended the National Security Agency’s surveillance of countless Americans. In Jewel v. NSA, Electronic Frontier Foundation’s lawsuit challenging the National Security Agency’s warrantless wiretapping of Americans, the DOJ invoked the state secrets doctrine, insisting that the case must be dismissed without further inquiry in order to prevent “exceptionally grave harm to national security.” The DOJ also argued that the U.S. Patriot Act immunizes the U.S. from liability under federal wiretapping laws and the Stored Communications Act, going even further than the Bush Administration’s invocation of sovereign immunity for FISA violations. The emergency model of executive power may be here to stay.
April 11, 2009 at 4:07 pm
Posted in: Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security)
Print This Post
No Comments
Lessons from the Identity Trail
posted by Daniel Solove
There’s a terrific new book of essays about privacy out from Oxford University Press — LESSONS FROM THE IDENTITY TRAIL: ANONYMITY, PRIVACY AND IDENTITY IN A NETWORKED SOCIETY (Oxford University Press 2009). It’s edited by Ian Kerr, Valerie Steeves, and Carole Lucock. The essays are fascinating and are written by a number of very prominent privacy scholars. Highly recommended!
The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.
The book is available on Amazon.com or on our special Concurring Opinions Oxford University Press promo page for 20% off.
Here’s the table of contents:
April 8, 2009 at 10:01 pm
Posted in: Anonymity, Articles and Books, Book Reviews, Privacy, Privacy (Consumer Privacy), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical)
Print This Post
No Comments
You Are Being Watched, Now at Your Local Police Department
posted by Danielle Citron
Over the past five years, the Department of Homeland Security has distributed $300 million in grants to state and local governments to fund surveillance cameras. According to the ACLU’s newly initiated You Are Being Watched website, nearly all 50 states maintain government-backed cameras. A recent University of California study sugggests what UK researchers have long found: public cameras have little effect on the incidence of violent crimes. The study determined that San Francisco’s $700,000 investment in dozens of public cameras yielded marginal benefits. According to the report, violent incidents did not decline in the areas near the cameras relative to areas further away. Property crimes did, however, drop by 24% in areas close to the surveillance cameras.
So what is the harm if the cameras help just a little to deter property crimes and not at all as to violent crimes? First, federal, state, and local governments could get more bang for their budget dollars. Rather than spending money on marginally beneficial surveillance cameras, they could hire more police officers, provide better training, and fund more translators. Second, public cameras may provide citizens with a false sense of security. This recalls a classic scene from HBO’s The Wire where members of a drug gang disable public surveillance cameras and then proceed to enter into a home killing a rival and his family members. Aside from the wasted resources and misleading signals, the cameras raise serious concerns for privacy and civil liberties. As the ACLU asks, “Do we want a society where an innocent individual can’t walk down the street without being considered a potential criminal?” And do we want to live in an age of total surveillance that increases the risk of racial profiling and voyeurism?
March 1, 2009 at 10:41 pm
Posted in: Privacy (Law Enforcement)
Print This Post
No Comments
No More What’s His/Her Face? iPhoto and Face Recognition
posted by Deven Desai
CNET has a fluff piece about the fun of iPhoto’s new face recognition software. The author shares how the software identified a friend as a lemur and mistakenly identified friends as aged relatives. So here “the goofs are what make it fun.” One tags some photos and the software examines the entire library to find possible matches. As the report notes, “The science behind face recognition is complex and still evolving. In general, face recognition software looks for predictable patterns–characteristics and proportions that stay constant from one photograph to another, things like the distance between the eyes or from the eyes to the mouth.” (A friend of mine works on this area as part of his PhD program. The statistical models and math behind his work is quite sophisticated).
There is, however, a possible dark side to iPhoto. The more people tag help catalog photos, the more the general ability to track people will increase. Right now this information is on one’s computer. But I am guessing that online analogs exist or are about to (search facebook by face! and so on). I think it was Minority Report where the main character has to get new eyes to avoid surveillance recognition (yes that was retinal but you get the parallel). I am not saying this technology must stop (stopping technology is not a viable strategy). But as we move forward and play with new technology, the seemingly innocuous can have some rather potent impacts on how we live. Keeping an eye those potential changes may allow us to manage privacy and other interests before the problems occur rather than after.
February 20, 2009 at 4:54 pm
Posted in: Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Technology
Print This Post
3 Comments
Criminalizing Google’s YouTube in Italy
posted by Daniel Solove
In Italy, a rather disturbing prosecution is taking place. Google officials, including Chief Privacy Counsel Peter Fleischer, are being criminally prosecuted for a video somebody else uploaded to YouTube. According to an article by Tracey Bentley in the International Association of Privacy Professionals’ The Privacy Advisor:
The video that sparked the investigation was captured in a Turin classroom. Four high school boys were recorded taunting a young man with Down syndrome, and hitting the 17-year-old with a tissue box. One of the boys uploaded the footage to Google Video’s Italian site on September 8, 2006.
According to Google, more than 200,000 videos are uploaded to Google Video each day. Under EU legislation incorporated into Italian law in 2003, Internet service providers are not responsible for monitoring third-party content on their sites, but are required to remove content considered offensive if they receive a complaint about it. Between November 6 and 7, 2006, Google received two separate requests for the removal of the video–one from a user, and one from the Italian Interior Ministry, the authority responsible for investigating Internet-related crimes. Google removed the video on November 7, 2006, within 24 hours of receiving the requests.
Nonetheless, Milan public prosecutor Francesco Cajani decided that by allowing the 191-second clip onto its site, Google executives were in breach of Italian penal code. . . .
Cajani is prosecuting Google as an Internet content provider. Unlike Internet service providers, Italian penal code states that Internet content providers are responsible for the third-party content posted to their sites. This is essentially the same law regulating newspaper and television publishers.
I’ve been quite critical of very broad immunity for websites or ISPs that host defamatory or privacy invasive content of others. See Chapter 6 of The Future of Reputation. However, I find this Italian prosecution extremely troubling. And if I find it troubling, one can only imagine how apoplectic Professor Eric Goldman will be!
First, this is a criminal prosecution, and I’m generally very troubled for criminal prosecutions for defamation or privacy invasions. There might be some limited circumstances where criminal liability is warranted, though I believe that the problem is best deal with through civil liability, not criminal. While the prospect of civil liability can certainly chill speech, criminal law is an even more serious threat, and therefore, it shouldn’t be treated in the same way. Free speech protections should therefore be greater when criminal liability is involved.
Second, Google is not the content provider here. It shouldn’t be prosecuted as one. Apparently, from the reports (I haven’t seen the specific Italian law), Italy has a law that resembles Communications Decency Act (CDA), 47 U.S.C. § 230, which immunizes a website or ISP for the content posted by others. I agree with this general immunity. However, I believe that if a website or ISP is on notice that content is defamatory or invasive of privacy, then it must take down that material or lose its immunity from civil liability. Under the CDA, as interpreted by the courts, websites and ISPs are immune even after having knowledge that content posted on their sites is defamatory or invasive of privacy. I’ve argued that immunity under these circumstances is going too far. From what I’ve read, Italian law adopts the position I advocate.
But Google complied with the law and took down the videos after being notified. Thus, I don’t understand what Google did wrong. I don’t understand how it can be deemed the content provider. If Google officials can be criminally prosecuted any time a person uploads a defamatory or privacy invasive video to YouTube, it’s hard to see how they can possibly avoid running afoul of the law. YouTube and much of Web 2.0 would pose massive risks of criminal liability.
So as one who has strongly advocated for less immunity for defamatory and privacy invasive material online, even I find Italy’s prosecution of Fleischer and other Google executives to be quite outrageous and unjustified.
If anyone has a link to the Italian ISP immunity legislation in English, as well as more information about the specific criminal charges against Google, please let me know.
February 4, 2009 at 7:53 pm
Posted in: Privacy, Privacy (Gossip & Shaming), Privacy (Law Enforcement), Social Network Websites, Web 2.0
Print This Post
One Comment
Herring v. United States, the Exclusionary Rule, and Errors in Databases
posted by Daniel Solove
Earlier this week, the U.S. Supreme Court decided Herring v. United States, a case examining whether the exclusionary rule should apply to a search that was based on an error in a database.
In particular, due to a negligent error in a computer database indicating that there was an outstanding felony arrest warrant for Bennie Herring, he was arrested and a search incident to arrest revealed drugs and a gun (which he was not permitted to possess since he had a previous felony conviction).
The Supreme Court, in an opinion by Chief Justice Roberts, concluded that the justification for the exclusionary rule is deterrence and that the deterrent benefits in this case were too minimal to support exclusion. The Court wrote that “the exclusionary rule serves to deter deliberate, reckless, or grossly negligent conduct, or in some circumstances recurring or systemic negligence. The error in this case does not rise to that level.”
Orin Kerr contends that the case is “a replay” of Arizona v. Evans, 514 U.S. 1 (1995), a previous case upholding a search based on an erroneous database. In contrast, Tom Goldstein argues that Herring constitutes a more dramatic curtailment of the exclusionary rule:
The opinion has nothing to do with the fact that the error here is one of recordkeeping. It applies fully to negligence by police officers in their day-to-day determination whether there is probable cause to conduct a search. If the officer makes an objectively reasonable mistake – i.e., he is merely negligent – the exclusionary rule does not apply to whatever evidence he finds. Put another way, the Supreme Court today extended the good faith exception to ordinary police conduct.
Orin disagrees, reading Herring as a narrow decision, not going much further than Evans: “In particular, I don’t see it as suggesting a general good faith exception for police conduct. Such a position would be an extraordinary shift in Fourth Amendment law that would effectively overrule a ton of cases.” Is Orin right? Is Goldstein’s fear just a Red Herring?
I hope Orin is right, but two things give me pause. First, the Court states at the beginning of Part II: “When a probable-cause determination was based on reasonable but mistaken assumptions, the person subjected to a search or seizure has not necessarily been the victim of a constitutional violation.” This is framed much more broadly than the issue in Evans, which was:
This case presents the question whether evidence seized in violation of the Fourth Amendment by an officer who acted in reliance on a police record indicating the existence of an outstanding arrest warrant — a record that is later determined to be erroneous — must be suppressed by virtue of the exclusionary rule regardless of the source of the error.
Note that in Evans the Court explicitly focuses on errors in police records.
Second, at the end of its opinion in Herring, the Court states:
January 17, 2009 at 2:52 pm
Posted in: Criminal Procedure, Privacy, Privacy (Law Enforcement)
Print This Post
2 Comments
The Year in Privacy Books: 2008
posted by Daniel Solove
Here’s a list of notable books about information privacy published in 2008. Pick up a few to help stimulate the economy, save the publishing business, and learn more about privacy:
Colin J. Bennett, The Privacy Advocates: Resisting the Spread of Surveillance (MIT Press 2008)
A very informative account of those who work in the privacy advocacy community.
A great collection of essays, from a symposium at Stanford Law School. A bit dated — the symposium was held in 2003 — but still worth reading. I have a piece in the book discussing data security vulnerabilities and the law — originally penned back in 2003, so I can say “told ya so!”
The best and most comprehensive intellectual history of the Fourth Amendment ever written.
Cory Doctorow, Little Brother (Tor Teen 2008)
A contemporary version of Orwell’s 1984 — thought-provoking and engaging fiction, as usual from Doctorow.
December 27, 2008 at 1:54 pm
Posted in: Articles and Books, Book Reviews, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (Law Enforcement), Privacy (National Security)
Print This Post
5 Comments
