Volume 57, Issue 1 (October 2009)

Articles

Essay

Comments

Discourse

Th UCLA Law Review is also pleased to announce the launch of a our new website.

The LAPD obtained a warrant to search a licensed medical marijuana facility. The LAPD did not, however, tell the judge that the place to be searched was licensed. The search proceeded. Around 209 pounds of marijuana, 21 pounds of hashish, and 12 pounds of marijuana oil were seized along with $186,416.00. The facility wanted the money back, but it had been turned over federal law enforcement and forfeiture proceedings were started. If forfeited, the city stood to gain about 80 percent of the money. The Ninth Circuit The Ninth Circuit’s ruling (pdf) has the full details. This passage seems to sum up [...]]]> The Ninth Circuit just issued an opinion about the interplay between state law enforcement, federal law enforcement, the Fourth Amendment, and state law.

The LAPD obtained a warrant to search a licensed medical marijuana facility. The LAPD did not, however, tell the judge that the place to be searched was licensed. The search proceeded. Around 209 pounds of marijuana, 21 pounds of hashish, and 12 pounds of marijuana oil were seized along with $186,416.00. The facility wanted the money back, but it had been turned over federal law enforcement and forfeiture proceedings were started. If forfeited, the city stood to gain about 80 percent of the money. The Ninth Circuit The Ninth Circuit’s ruling (pdf) has the full details. This passage seems to sum up the problem and the way in which the LAPD erred.

While there may have been probable cause to search UMCC for a violation of federal law, that was not what the LAPD was doing. Nothing in the documents prepared at the time the warrant was obtained from the state court or in the procedure followed to obtain that warrant supports the proposition that the LAPD thought it was pursuing a violation of federal law. Instead, it sought a warrant from a state court judge, though, as the District Court found, it lacked probable cause for a state law violation and failed to inform the state court judge of relevant facts that supported the conclusion that UMCC was not in violation of state law. The LAPD, a city agency, never initiated the process of seeking a federal search warrant from a federal magistrate or indicated that it was pursuing a violation of federal law.

I defer to Fourth Amendment scholars as to whether this ruling makes sense. Nonetheless, it seems that the federal government’s new policy might mean that state or local government that wants the federal government involved in going after medical marijuana facilities will have to persuade the federal government that a facility is not complying with state law. That requirement seems to match what the Ninth Circuit is saying state and local law enforcement groups should do with state judges in the first place.

This state of affairs may be due to the difficult nature of the task at hand.  Former NSA head General Michael Hayden recently said: [...]]]> Securing our networked environment is both crucial and difficult.  Six months ago, President Obama declared his Administration’s commitment to protect cyberspace from sabotage of all stripes.  For the President, the rise of online theft, electronic espionage, and military-related cyber assaults necessitated the appointment of a cyber czar to protect our cyber “national assets.”  The President has tried to fill that spot: Shane Harris of National Journal explains that “more candidates had declined the job than were still in the running for it.”  And despite our failed efforts at CoOp to recruit Orin Kerr for the job, the cyber czar position remains empty.

This state of affairs may be due to the difficult nature of the task at hand.  Former NSA head General Michael Hayden recently said: “There is no regime for us to work within to respond to cyberattack.  We are in a place where technology has long outstripped policy–let alone law–in term of what’s available.  We are going to have to rely on heroism instead of a plan.”  If Hayden has it right, it is no wonder that no one wants the job.

Nonetheless, the Administration may have already charted its path, one that entrusts the National Security Agency with protecting cyberspace.  According to the National Journal, Lt. General Keith B. Alexander, the NSA’s director, has been “setting up the central nervous system in the government’s campaign to defend cyberspace.”  The NSA will now, unlike the past, help oversee the networks of civilian government and privately-owned, criticial infrastructure (dams, railroads, hospitals, banks, food industry, hotels, telecommunications, postal, shipping, retail, transportation, and well everything else).  This is true even though DHS is charged with defending civilian networks and coordinating private sector protection.  Homeland Security Security Secretary Janet Napolitano said that NSA will provide DHS “technical assistance” on this issue.  In short, DHS will rely on the NSA for the tools, expertise, and resources to protect cyberspace.

So the NSA apparently will be overseeing and securing private networks, the same NSA that engaged in wholesale warrantless surveillance of Americans after 9/11 (and the agency that monitored telegrams coming in and out of the United States to detect individuals with communist ties in the 1950s and 1960s)?  Congress has, of course, limited the NSA’s warrantless wiretapping and the President has promised us greater transparency in government decision-making.  Nonetheless, NSA’s oversight over privately-owned systems and wholesale access to their contents raises serious concerns.  And because the NSA will direct these efforts in the name of national security and intelligence, little transparency will be forthcoming.  On another note, the question remains whether it was agency turf-war antics that led to Melissa Hathaway’s decision to leave government–she was the DHS official and most senior cyber expert in the White House who had been a leading candidate for the cyber czar post.  At the time of her resignation, Hathaway told the Washington Post that she “wasn’t willing to continue to wait any longer,” and she wasn’t “empowered” to make any changes.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor [...]]]> During the 2008 election, Democrats effectively used Web 2.0 platforms to garner interest in the campaign and win supporters.  President Obama has been widely hailed as the first “Tech President,” and he seems to have trounced the Facebook landscape.  To date, President Barack Obama has over 6.6 million Facebook friends, while Sarah Palin only has 848, 614 Facebook pals and Mitt Romney has 70, 130.

Although the President has proven his mettle on Facebook and MySpace (where he has over 1.8 million friends), Republicans rule the day on the micro-blogging front.  The Congressional Research Service reports that congressional Republicans out-tweeted their Democratic counterparts during two one-week periods this summer.  Nancy Scola attributes Congressional Republicans’ Twitter dominance to their desire to regain the public’s attention and favor now that they are in the minority.  AMERICAblogs’ John Aravosis worries that Democrats have ceded their online advantage.

No matter the current political victor in this social media landscape, Government 2.0 is here to stay.  It surely has great potential to shine light on government policymaking and to marshal public participation, especially from people who otherwise wouldn’t bother getting involved with government policymaking.  Adding the President as a friend on MySpace and joining live chats may seem to be a relatively costless endeavor as compared to writing letters or commenting on agency rulemakings.  But Government 2.0 also poses privacy risks: social media sites not only give government access to people’s policy insights but also access to all of individuals’ social media data, such as their videos, photos, walls musings, “Top 25 things you don’t know about me” lists, and the like.  Soon, I will be posting on SSRN a draft of my essay “The One-Way Mirror: Enhancing Participation and Securing Privacy for Government 2.0″ (forthcoming George Washington Law Review) and hope to get your feedback.

Understanding Privacy offers a comprehensive overview of the many difficulties involved in discussions of privacy. Drawing from a broad array of interdisciplinary sources, I set forth a framework for understanding privacy that provides clear practical guidance for engaging with privacy issues.

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results [...]]]> According to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.

As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.

All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.

Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)

President Obama has stressed that privacy is key to the government’s cyber security efforts.  Davis’s record on privacy issues, however, is troubling.  As Wired’s Ryan Singel reports, Davis has been on the “wrong side of privacy issues.”  Davis supported the controversial REAL ID Act.”  He attempted to undo a measure that ultimately put [...]]]> According to Time magazine, former Congressman Tom Davis has emerged as a front runner for the newly created Cyber Security Czar position.  The Time piece cited Davis’s authorship of the Federal Information Security Management Act of 2002, his work as chair of the Subcommittee on Technology and Procurement policy, his connections to the IT community through his former district, and his current work at Deloitte as some of the reasons supporting his candidacy.

President Obama has stressed that privacy is key to the government’s cyber security efforts.  Davis’s record on privacy issues, however, is troubling.  As Wired’s Ryan Singel reports, Davis has been on the “wrong side of privacy issues.”  Davis supported the controversial REAL ID Act.”  He attempted to undo a measure that ultimately put a chief privacy officer in every major government agency.  He embraced the Bush Administration’s expansion of government wiretapping powers.  Aside from his spotty record on privacy, Davis’s congressional record suggests that he does not share the President’s regard for government transparency.  He helped pass the Critical Infrastructure Act, which created an exemption to FOIA for information provided DHS by private companies concerning its oversight of critical infrastructure.  Hopefully, the President will consider these issues before making his final decision.

Here are some practical concerns: the personal information on MySpace pages could be collected and joined with other data gathered from private data mining companies, public sector databases, etc.  (Oftentimes, data about us collected by third parties is often faulty).  All together, the information could suggest (albeit falsely) that we constitute a threat to society.  Law enforcement could be informed and our names could be put on watch lists.  This is not a hypothetical problem, see here.  [...]]]> Yesterday, I wrote about the public’s expectations regarding privacy when interacting with government on social networking sites such as Facebook, MySpace, Flickr among others.  Why should we care if agencies collect our musings, videos, and pictures that we have willingly shared with online “friends,” both real and imaginary ones?

Here are some practical concerns: the personal information on MySpace pages could be collected and joined with other data gathered from private data mining companies, public sector databases, etc.  (Oftentimes, data about us collected by third parties is often faulty).  All together, the information could suggest (albeit falsely) that we constitute a threat to society.  Law enforcement could be informed and our names could be put on watch lists.  This is not a hypothetical problem, see here.  If federal agencies collected and maintained that data in their systems, it would be covered by the Privacy Act of 1974.  Nonetheless, you would still appear on a watch list or assigned another ignominious fate by an automated government system.

As a normative matter, the absence of privacy vis-a-vis government on online social networking sites is unappealing.  It would likely have an impact on our willingness to friend government agencies.  We would be less likely to join online conversations that the Open Government directive hopes to generate.  Or if we friend a government agency because we want to peer inside its operations, we may edit what we include on our profiles.  As Julie Cohen has elegantly developed in her work, the lack of privacy would chill our creativity and desire to experiment with different aspects of our personalities.  And Patricia Sanchez Abril has a superb piece entitled “A (My)Space of One’s Own: On Privacy and Online Social Networks” that discusses the social implications of a “no privacy” presumption in information we share with our friends on social networking sites.  Justice Douglas’s remark that “monitoring, if prevalent, certainly kills free discourse and spontaneous utterances” should not be lost to us here.

Wikimedia Commons Image

Worries about the “death of privacy” have been prevalent for some time. We increasingly lack control over [...]]]> As they follow the fascinating and heartening “Twitter Revolution” in Tehran, commentators worry that “the regime is prepared to detain dissidents — reportedly using Facebook and Twitter to locate them.” Yesterday also saw new reports of controversy over domestic surveillance by the US National Security Agency. Apparently the “agency routinely examined large volumes of Americans’ e-mail messages without court warrants.” Commentators like Glenn Greenwald and our own Dan Solove have done a great job explaining the legal details of NSA surveillance. I just want to comment on some of broader social trends that explain the upward ratchet of surveillance around the world.

Worries about the “death of privacy” have been prevalent for some time. We increasingly lack control over (or even awareness of) the digital profiles kept about us by businesses and governments. Another form of privacy—that at the core of the public-private divide—has also been in decline over the past couple decades. As the essays in Freeman and Minow’s book Government by Contract show, “privatization” is often less an arm’s length transaction between government and business than a veritable marriage of institutions. The recent explosion of public-private partnerships in the finance and auto industries further erodes the distinction between government and business. As William J. Novak’s essay in Government by Contract observes, much of what we think of as purely private markets are creatures of state action:

Robert Lee Hale contended that the sharp theoretical separation of public and private obscured the actual proactive role of public power in structuring the so-called private bargains that had such an immense effect on the distribution of wealth and power in American society. . . . [T]he private sphere is positively constructed by law and government and is consequently always suffused with (as opposed to immune from) sovereignty, force, violence, and coercion.

This is particularly true of communications technologies, which are often of great interest to government regulators. As Michael D. Birnhack and Niva Elkin-Koren explain in their brilliant article The Invisible Handshake, new and hidden exchanges of information for power are key to government-business relations:

Law enforcement agencies seek to enhance their monitoring capacity and online businesses seek to prevent fraud and combat piracy while strengthening their ties with authorities. . . . The invisible hand [of market-based communications] turned out to be very useful for the State, and it is now being replaced with a handshake, which, likewise, is invisible. . . . The use of private parties for executing government roles may create an unholy alliance between governments that wish to exercise their power and large online players that seek to maintain and strengthen their dominant role in the market.

Birnhack and Elkin-Koren were prophetic. The kind of government-business alliances they feared have become de rigeur in the national surveillance state. Both Chris Hoofnagle and Jon D. Michaels have described the development in some detail. Michaels’s story of FedEx is indicative of the larger trend:

[After FedEx's] CEO announced his company’s commitment to cooperating with the government “up to and including the line on which we would be doing a disservice to our shareholders” . . . FedEx has received a range of government perks. For instance, FedEx has been afforded special access to government security databases, presumably giving it a range of advantages over non-cooperating competitors. It has also been awarded a prized seat on the FBI’s regional terrorism task force (it is the only private company so represented) and thus has even more insider access to international security threats, again presumably well before its competitors receive such warnings. Moreover, FedEx has received an exceptional license from the State of Tennessee to develop an internal police force . . . .

Hoofnagle proposes that “the Privacy Act should apply to private sector companies that sell information to the government,” not just to the government itself. It seems to me that the first step to wisdom in this area is to realize that whatever we fear from direct government collection of data, we should fear from ostensibly “private” third parties that do the same. Otherwise, the ailing “public/private” divide could cause many more “deaths” of individual privacy.

Aside from the celebrity context, we may see other misuses of Twitter feeds.  Governments increasingly use Twitter to alert the public about car accidents, fires, crime reports, and public health emergencies.  [...]]]> Individuals increasingly use social networking tools to commit fraud.  Philadelphia Eagles player Asante Samuel discovered his Twitter imposter after the Philadelphia Daily News attributed to him comments from his doppleganger’s Twitter feed.  Keith Olbermann was a victim of Twitter impersonation as was Tony La Russa, manager of the St. Louis Cardinals.  Temple professor Susan Jacobson predicts that much like the early days of the Internet when individuals bought the domain names of celebrities to sell it to those notables for a tidy profit, we will likely see variations of such mischief on social networking sites.

Aside from the celebrity context, we may see other misuses of Twitter feeds.  Governments increasingly use Twitter to alert the public about car accidents, fires, crime reports, and public health emergencies.  A tweet about a fabricated fire or car accident could cause dangerous traffic jams and needless panic.  Someone could impersonate a police department, sending tweets about crimes never committed.  This teaches us to be circumspect about all of those Twitter updates.

H/T to Jim Stanton for his blog posting, “Social Media Fraud On the Increase.”

Wikimedia Commons Image

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on [...]]]> There’s a terrific new book of essays about privacy out from Oxford University Press — LESSONS FROM THE IDENTITY TRAIL: ANONYMITY, PRIVACY AND IDENTITY IN A NETWORKED SOCIETY (Oxford University Press 2009). It’s edited by Ian Kerr, Valerie Steeves, and Carole Lucock. The essays are fascinating and are written by a number of very prominent privacy scholars. Highly recommended!

The book is available free for download under a Creative Commons license. One third of the essays are now posted online. The rest will become available in two more stages — on April 22th and May 6th. This is the first book to be published by Oxford University Press under a Creative Commons license.

The book is available on Amazon.com or on our special Concurring Opinions Oxford University Press promo page for 20% off.

Here’s the table of contents:

I. PRIVACY

Introduction to Part I

Chapter 1. Soft Surveillance, Hard Consent: The Law and Psychology of Engineering Consent

by IAN KERR, JENNIFER BARRIGAR, JACQUELYN BURKELL, AND KATIE BLACK

Chapter 2. Approaches to Consent in Canadian Data Protection Law

by PHILIPPA LAWSON AND MARY O’DONOGHUE

Chapter 3. Learning from Data Protection Law at the Nexus of Copyright and Privacy

by ALEX CAMERON

Chapter 4. A Heuristics Approach to Understanding Privacy-Protecting Behaviors in Digital Social Environments

by ROBERT CAREY AND JACQUELYN BURKELL

Chapter 5. Ubiquitous Computing and Spatial Privacy

by ANNE UTECK

Chapter 6. Core Privacy: A Problem for Predictive Data Mining

by JASON MILLAR

Chapter 7. Privacy Versus National Security: Clarifying the Trade-Off

by JENNIFER CHANDLER

Chapter 8. Privacy’s Second Home: Building a New Home for Privacy Under Section 15 of the Charter

by DAPHNE GILBERT

Chapter 9. What Have You Done for Me Lately? Reflections on Redeeming Privacy for Battered Women

by JENA MCGILL

Chapter 10. Genetic Technologies and Medicine: Privacy, Identity, and Informed Consent

by MARSHA HANEN

Chapter 11. Reclaiming the Social Value of Privacy

by VALERIE STEEVES

II. IDENTITY

Introduction to Part II

Chapter 12. A Conceptual Analysis of Identity

by STEVEN DAVIS

Chapter 13. Identity: Difference and Categorization

by CHARLES D. RAAB

Chapter 14. Identity Cards and Identity Romanticism

by A. MICHAEL FROOMKIN

Chapter 15. What’s in a Name? Who Benefits from the Publication Ban in Sexual Assault Trials?

by JANE DOE

Chapter 16. Life in the Fish Bowl: Feminist Interrogations of Webcamming

by JANE BAILEY

Chapter 17. Ubiquitous Computing, Spatiality, and the Construction of Identity: Directions for Policy Response

by DAVID J. PHILLIPS

Chapter 18. Dignity and Selective Self-Presentation

by DAVID MATHESON

Chapter 19. The Internet of People? Reflections on the Future Regulation of Human-Implantable Radio Frequency Identification

by IAN KERR

Chapter 20. Using Biometrics to Revisualize the Canada–U.S. Border

by SHOSHANA MAGNET

Chapter 21. Soul Train: The New Surveillance in Popular Music

by GARY T. MARX

Chapter 22. Exit Node Repudiation for Anonymity Networks

by JEREMY CLARK, PHILIPPE GAUVIN, AND CARLISLE ADAMS

Chapter 23. TrackMeNot: Resisting Surveillance in Web Search

by DANIEL C. HOWE AND HELEN NISSENBAUM

III. ANONYMITY

Introduction to Part III 63.60 Kb

Chapter 24. Anonymity and the Law in the United States

by A. MICHAEL FROOMKIN

Chapter 25. Anonymity and the Law in Canada

by CAROLE LUCOCK AND KATIE BLACK

Chapter 26. Anonymity and the Law in the United Kingdom

by IAN LLOYD

Chapter 27. Anonymity and the Law in the Netherlands

by SIMONE VAN DER HOF, BERT JAAP KOOPS, AND RONALD LEENES

Chapter 28. Anonymity and the Law in Italy

by GIUSELLA FINOCCHIARO

So what is the [...]]]> Over the past five years, the Department of Homeland Security has distributed $300 million in grants to state and local governments to fund surveillance cameras. According to the ACLU’s newly initiated You Are Being Watched website, nearly all 50 states maintain government-backed cameras. A recent University of California study sugggests what UK researchers have long found: public cameras have little effect on the incidence of violent crimes. The study determined that San Francisco’s $700,000 investment in dozens of public cameras yielded marginal benefits. According to the report, violent incidents did not decline in the areas near the cameras relative to areas further away. Property crimes did, however, drop by 24% in areas close to the surveillance cameras.

So what is the harm if the cameras help just a little to deter property crimes and not at all as to violent crimes? First, federal, state, and local governments could get more bang for their budget dollars. Rather than spending money on marginally beneficial surveillance cameras, they could hire more police officers, provide better training, and fund more translators. Second, public cameras may provide citizens with a false sense of security. This recalls a classic scene from HBO’s The Wire where members of a drug gang disable public surveillance cameras and then proceed to enter into a home killing a rival and his family members. Aside from the wasted resources and misleading signals, the cameras raise serious concerns for privacy and civil liberties. As the ACLU asks, “Do we want a society where an innocent individual can’t walk down the street without being considered a potential criminal?” And do we want to live in an age of total surveillance that increases the risk of racial profiling and voyeurism?

The video that sparked the investigation was captured in a Turin classroom. Four high school boys were recorded taunting a young man with Down syndrome, and hitting the 17-year-old with a tissue box. One of the boys uploaded the footage to Google Video’s Italian site on September 8, 2006.

According to Google, more than 200,000 videos are uploaded to Google Video each day. Under EU legislation incorporated into Italian law in 2003, Internet service providers are not responsible for [...]]]> In Italy, a rather disturbing prosecution is taking place. Google officials, including Chief Privacy Counsel Peter Fleischer, are being criminally prosecuted for a video somebody else uploaded to YouTube. According to an article by Tracey Bentley in the International Association of Privacy Professionals’ The Privacy Advisor:

The video that sparked the investigation was captured in a Turin classroom. Four high school boys were recorded taunting a young man with Down syndrome, and hitting the 17-year-old with a tissue box. One of the boys uploaded the footage to Google Video’s Italian site on September 8, 2006.

According to Google, more than 200,000 videos are uploaded to Google Video each day. Under EU legislation incorporated into Italian law in 2003, Internet service providers are not responsible for monitoring third-party content on their sites, but are required to remove content considered offensive if they receive a complaint about it. Between November 6 and 7, 2006, Google received two separate requests for the removal of the video–one from a user, and one from the Italian Interior Ministry, the authority responsible for investigating Internet-related crimes. Google removed the video on November 7, 2006, within 24 hours of receiving the requests.

Nonetheless, Milan public prosecutor Francesco Cajani decided that by allowing the 191-second clip onto its site, Google executives were in breach of Italian penal code. . . .

Cajani is prosecuting Google as an Internet content provider. Unlike Internet service providers, Italian penal code states that Internet content providers are responsible for the third-party content posted to their sites. This is essentially the same law regulating newspaper and television publishers.

I’ve been quite critical of very broad immunity for websites or ISPs that host defamatory or privacy invasive content of others. See Chapter 6 of The Future of Reputation. However, I find this Italian prosecution extremely troubling. And if I find it troubling, one can only imagine how apoplectic Professor Eric Goldman will be!

First, this is a criminal prosecution, and I’m generally very troubled for criminal prosecutions for defamation or privacy invasions. There might be some limited circumstances where criminal liability is warranted, though I believe that the problem is best deal with through civil liability, not criminal. While the prospect of civil liability can certainly chill speech, criminal law is an even more serious threat, and therefore, it shouldn’t be treated in the same way. Free speech protections should therefore be greater when criminal liability is involved.

Second, Google is not the content provider here. It shouldn’t be prosecuted as one. Apparently, from the reports (I haven’t seen the specific Italian law), Italy has a law that resembles Communications Decency Act (CDA), 47 U.S.C. § 230, which immunizes a website or ISP for the content posted by others. I agree with this general immunity. However, I believe that if a website or ISP is on notice that content is defamatory or invasive of privacy, then it must take down that material or lose its immunity from civil liability. Under the CDA, as interpreted by the courts, websites and ISPs are immune even after having knowledge that content posted on their sites is defamatory or invasive of privacy. I’ve argued that immunity under these circumstances is going too far. From what I’ve read, Italian law adopts the position I advocate.

But Google complied with the law and took down the videos after being notified. Thus, I don’t understand what Google did wrong. I don’t understand how it can be deemed the content provider. If Google officials can be criminally prosecuted any time a person uploads a defamatory or privacy invasive video to YouTube, it’s hard to see how they can possibly avoid running afoul of the law. YouTube and much of Web 2.0 would pose massive risks of criminal liability.

So as one who has strongly advocated for less immunity for defamatory and privacy invasive material online, even I find Italy’s prosecution of Fleischer and other Google executives to be quite outrageous and unjustified.

If anyone has a link to the Italian ISP immunity legislation in English, as well as more information about the specific criminal charges against Google, please let me know.

In particular, due to a negligent error in a computer database indicating that there was an outstanding felony arrest warrant for Bennie Herring, he was arrested and a search incident to arrest revealed drugs and a gun (which he was not permitted to possess since he had a previous felony conviction).

The Supreme Court, in an opinion by Chief Justice Roberts, concluded that the justification for the exclusionary rule is deterrence and that the deterrent benefits in this case were too minimal to support exclusion. The Court wrote that “the exclusionary rule serves [...]]]> Earlier this week, the U.S. Supreme Court decided Herring v. United States, a case examining whether the exclusionary rule should apply to a search that was based on an error in a database.

In particular, due to a negligent error in a computer database indicating that there was an outstanding felony arrest warrant for Bennie Herring, he was arrested and a search incident to arrest revealed drugs and a gun (which he was not permitted to possess since he had a previous felony conviction).

The Supreme Court, in an opinion by Chief Justice Roberts, concluded that the justification for the exclusionary rule is deterrence and that the deterrent benefits in this case were too minimal to support exclusion. The Court wrote that “the exclusionary rule serves to deter deliberate, reckless, or grossly negligent conduct, or in some circumstances recurring or systemic negligence. The error in this case does not rise to that level.”

Orin Kerr contends that the case is “a replay” of Arizona v. Evans, 514 U.S. 1 (1995), a previous case upholding a search based on an erroneous database. In contrast, Tom Goldstein argues that Herring constitutes a more dramatic curtailment of the exclusionary rule:

The opinion has nothing to do with the fact that the error here is one of recordkeeping. It applies fully to negligence by police officers in their day-to-day determination whether there is probable cause to conduct a search. If the officer makes an objectively reasonable mistake – i.e., he is merely negligent – the exclusionary rule does not apply to whatever evidence he finds. Put another way, the Supreme Court today extended the good faith exception to ordinary police conduct.

Orin disagrees, reading Herring as a narrow decision, not going much further than Evans: “In particular, I don’t see it as suggesting a general good faith exception for police conduct. Such a position would be an extraordinary shift in Fourth Amendment law that would effectively overrule a ton of cases.” Is Orin right? Is Goldstein’s fear just a Red Herring?

I hope Orin is right, but two things give me pause. First, the Court states at the beginning of Part II: “When a probable-cause determination was based on reasonable but mistaken assumptions, the person subjected to a search or seizure has not necessarily been the victim of a constitutional violation.” This is framed much more broadly than the issue in Evans, which was:

This case presents the question whether evidence seized in violation of the Fourth Amendment by an officer who acted in reliance on a police record indicating the existence of an outstanding arrest warrant — a record that is later determined to be erroneous — must be suppressed by virtue of the exclusionary rule regardless of the source of the error.

Note that in Evans the Court explicitly focuses on errors in police records.

Second, at the end of its opinion in Herring, the Court states:

Petitioner’s claim that police negligence automatically triggers suppression cannot be squared with the principles underlying the exclusionary rule, as they have been explained in our cases. In light of our repeated holdings that the deterrent effect of suppression must be substantial and outweigh any harm to the justice system, e.g., Leon, 468 U.S., at 909-910, we conclude that when police mistakes are the result of negligence such as that described here, rather than systemic error or reckless disregard of constitutional requirements, any marginal deterrence does not “pay its way.” In such a case, the criminal should not “go free because the constable has blundered.” (some citations omitted)

One could read this in two ways: (1) as signaling a broader rule, that police searches that violate the Fourth Amendment, if based on negligent assumptions rather than a higher standard of fault, will not trigger the exclusionary rule; or (2) improper police searches based on the kind of database error in this case (”the result of negligence such as that described here”) will not trigger the exclusionary rule.

Ultimately, only future cases will tell us whether this is the start of a new broader rule or just a restatement of Evans. If the Court were just restating Evans, why bother taking the case only to affirm a routine application of Evans?

As for the merits of the case–narrowed to the issue of database errors–I think that there must be some kind of deterrent in place in order to justify not applying the exclusionary rule. I agree with the Court that the exclusionary rule shouldn’t be automatic for any erroneous search. However, I find the Court’s dismissal of the potential deterrent effects of the exclusionary rule in this case to be far too glib. The Court fails to address, in the absence of the exclusionary rule, how deterrence will be enforced. The Court doesn’t seem to care — if the errors aren’t systemic, then they’re of little importance. The Court seems fixated on forcing defendants to establish that there are systemic errors in police databases, something that can be very difficult to prove. Moreover, it might be too high a threshold — a database might have a number of avoidable errors in it yet not rise to the level of systemic errors. All errors should still be deterred. There must be some kind of penalty or consequence for an error. In Herring, because of the Court’s decision, the police benefited from the error.

I would therefore hold the following: If a particular database has reasonable protections and deterrents against errors, then the Fourth Amendment exclusionary rule should not apply. If not, then the exclusionary rule should apply. Such a rule would create an incentive for law enforcement officials to maintain accurate databases, to avoid all errors, and would ensure that there would be a penalty or consequence for errors. Under Herring, there is no such incentive so long as the databases aren’t systemically erroneous.

Colin J. Bennett, The Privacy Advocates: Resisting the Spread of Surveillance (MIT Press 2008)

A very informative account of those who work in the privacy advocacy community.

Anupam Chander, Lauren Gelman, and Margaret Jane Radin (editors), Securing Privacy in the Internet Age (Stanford University Press 2008)

A great collection of essays, from a symposium at Stanford Law School. A bit dated — the symposium was held in 2003 — but still worth reading. I have a piece in the book discussing data security vulnerabilities and the law — originally penned back in 2003, so I can [...]]]> Here’s a list of notable books about information privacy published in 2008. Pick up a few to help stimulate the economy, save the publishing business, and learn more about privacy:

Colin J. Bennett, The Privacy Advocates: Resisting the Spread of Surveillance (MIT Press 2008)

A very informative account of those who work in the privacy advocacy community.

Anupam Chander, Lauren Gelman, and Margaret Jane Radin (editors), Securing Privacy in the Internet Age (Stanford University Press 2008)

A great collection of essays, from a symposium at Stanford Law School. A bit dated — the symposium was held in 2003 — but still worth reading. I have a piece in the book discussing data security vulnerabilities and the law — originally penned back in 2003, so I can say “told ya so!”

William Cuddihy, The Fourth Amendment: Origins and Original Meaning 602-1791 (Oxford University Press 2008)

The best and most comprehensive intellectual history of the Fourth Amendment ever written.

Cory Doctorow, Little Brother (Tor Teen 2008)

A contemporary version of Orwell’s 1984 — thought-provoking and engaging fiction, as usual from Doctorow.

Laura Donohue, The Cost of Counterterrorism: Power, Politics, and Liberty (Cambridge University Press 2008)

A detailed and compelling history of how 9/11 altered privacy and surveillance in the US and UK.

Sam Gosling, Snoop: What Your Stuff Says About You (Basic Books 2008)

A fascinating discussion of current psychological research about what the products we buy reveal about us.

Mohammad Hashim Kamali, The Right to Life, Security, Privacy and Ownership in Islam (Islamic Texts Society 2008)

A very interesting exploration of privacy in Islamic law.

Jon Mills, Privacy: The Lost Right (Oxford University Press 2008)

From my blurb on the book jacket: “Privacy: The Lost Right provides a clear, concise, and accessible synthesis of the field of information privacy.”

Lena Cowen Orlin, Locating Privacy in Tudor London (Oxford University Press 2008)

An historical account of privacy in everyday life during the sixteenth century in England.

John Palfrey, Born Digital: Understanding the First Generation (Basic Books 2008)

A deft and accessible account of how the generation growing up today will face increasing challenges to their privacy.

Bruce Schneier, Schneier on Security (Wiley 2008)

This book is a collection of Bruce Schneier’s essays. Schneier is always interesting and wise — and he’s always worth reading.

Wolfgang Sofsky, Privacy: A Manifesto (Princeton University Press 2008)

A. C. Grayling of The Times writes: “Its message, implied throughout, is that as one of the great values of civilisation and one of the essentials of personal and psychological integrity, privacy is worth fighting to regain.”

Daniel J. Solove, Understanding Privacy (Harvard University Press 2008)

D. S. Dunn, in Choice writes: “Legal scholars will want to read this book, but so will psychologists, communication specialists, public policy makers, philosophers, and anyone interested in where to draw the line between public and private life.”

Rob Walker, Buying In: The Secret Dialogue Between What We Buy and Who We Are (Random House 2008)

A compelling account of modern data mining and marketing practices.

Jonathan Zittrain, The Future of the Internet–And How to Stop It (Yale University Press 2008)

A fascinating examination of Web 2.0 and how new technologies can impede freedom and progress.