Category: Privacy (Law Enforcement)

0

Facebook Subpoenas, Open Court Records, Here We Go Again

The Boston Phoenix has an article about what Facebook coughs up when a subpoena is sent to the company. The paper came across the material as it worked on an article called Hunting the Craigslist Killer. The issues that come to mind for me are

1. Privacy after death? In may article Property, Persona, and Preservation which uses the question of who owns email after death, I argue that privacy after death isn’t tenable. The release of information after someone dies (the man committed suicide), (From ZDNET “he man committed suicide, which meant the police didn’t care if the Facebook document was published elsewhere, after robbing two women and murdering a third.”) brings up a question Dan Solove and I have debated. What about those connected to the dead person? The facts here matter.

2. What are reasons to redact or not release information? Key facts about redaction and public records complicate the question of death and privacy. I’m assuming the person has no privacy after death. But his or her papers may reveal information about those connected to the dead person. In this case the police did not redact, but the paper did. Sort of.

This document was publicly released by Boston Police as part of the case file. In other case documents, the police have clearly redacted sensitive information. And while the police were evidently comfortable releasing Markoff’s unredacted Facebook subpoena, we weren’t. Markoff may be dead, but the very-much-alive friends in his friend list were not subpoenaed, and yet their full names and Facebook ID’s were part of the document. So we took the additional step of redacting as much identifying information as we could — knowing that any redaction we performed would be imperfect, but believing that there’s a strong argument for distributing this, not only for its value in illustrating the Markoff case, but as a rare window into the shadowy process by which Facebook deals with law enforcement.

As the comments noted and the explanation admits, the IDs and other information of the living are arguably in greater need of protection. It may have been that the police needed all the information for its case, but why release it to the public?

Obvious Closing: As we put more into the world, it will come back in ways we had not imagined. I doubt that bright line rules will ever work in this space. But it seems to me that some sort of best practices informed by research (think Lior Strahilevitz’s A Social Networks Theory of Privacy) could allow for reasonable, useful privacy practices. The hardest part for law and society in general is that this area (information-related law) is not likely to be stable for some time. That being said, I think that the insane early domain name law (yes someone could think that megacorpsucks.com is sponsored by megacorp) corrected in about 10 years. Perhaps privacy and information practices will reach an equilibrium that allows the law to stabilize. Until then, practices, businesses, science, and the law will twirl around each other as society sorts what balance makes sense (until something messes with that moment).

HT: CyberNetwork News

0

Stanford Law Review, 64.2 (2012)

Stanford Law Review

Volume 64 • Issue 2 • February 2012

Articles
National Security Federalism in the Age of Terror
Matthew C. Waxman
64 Stan. L. Rev. 289

Incriminating Thoughts
Nita A. Farahany
64 Stan. L. Rev. 351

Elective Shareholder Liability
Peter Conti-Brown
64 Stan. L. Rev. 409

Note
Harrington’s Wake:
Unanswered Questions on AEDPA’s Application to Summary Dispositions

Matthew Seligman
64 Stan. L. Rev. 469

Comment
Boumediene Applied Badly:
The Extraterritorial Constitution After Al Maqaleh v. Gates

Saurav Ghosh
64 Stan. L. Rev. 507

0

Dockets and Data Breach Litigation

Alessandro Acquisti, Sasha Romanosky, and I have a new draft up on SSRN, Empirical Analysis of Data Breach Litigation.  Sasha, who’s really led the charge on this paper, has presented it at many venues, but this draft is much improved (and is the first public version).  From the abstract:

In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff’s chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement.

A few thoughts follow after the jump.

Read More

2

Operation Virtual Shield (aka Persistent Video Surveillance Coming Soon)

According to Government Technology, a network of public and private surveillance cameras increasingly monitors our daily lives.  Chicago’s Police Department’s network, called “Operation Virtual Shield,” directs video feeds from roughly 10,000 privately-owned cameras and roughly 10,000 public-sector cameras to law enforcement personnel.  That includes more than 4,500 cameras in Chicago public schools, 3,000 cameras in public housing, and 1,000 camera at O’Hare Airport.  Atlanta’s Video Integration Center similarly uses feeds from the private sector, soon possibly including feeds from the CNN Center. Pre-existing agreements –memoranda of understanding — facilitate the arrangement.  And what luck for law enforcement, according to Chicago’s managing deputy director of public safety: “If the police wanted the video and the private facility owner didn’t want to hand it over, there’d have to be some kind of a court order of subpoena.  With the agreements in place, obviously we’ve got an inventory of cameras by location.  It save lots of time as a forensics too as well.”  Now, there’s no need to bother with court orders or subpoenas.  Just sign the agreement and it’s frictionless sharing, much as may soon be possible in the private sector with changes to the Video Privacy Protection Act. These “Virtual Shield” feeds likely make their way into fusion centers, raising concerns about oversight and civil liberties as my co-blogger Frank Pasquale and I addressed in Network Accountability for the Domestic Intelligence Apparatus.  The cameras are expensive and their efficacy isn’t entirely clear.  Season 4 of the Wire brought home the limitations of cameras: Snoop knocked out a Baltimore city camera and then proceeded into a house to kill someone.  Of course, if we put up cameras everywhere, it may be difficult for criminals to knock them all down.  That may just be the future for Operations Virtual Shield.

Image: Wikimedia Commons

0

Stanford Law Review Online: The Privacy Paradox 2012 Symposium Issue

Stanford Law Review

Our 2012 Symposium Issue, The Privacy Paradox: Privacy and Its Conflicting Values, is now available online:

Essays

The text of Chief Judge Alex Kozinski’s keynote is forthcoming.

1

Kennedy and Szoka on U.S. v. Jones

Charlie Kennedy and Berin Szoka of TechFreedom have an insightful op-ed in c/net yesterday.  It resonates with some of what my co-blogger Dan Solove said in his post and urges Congress to move on ECPA reform.  Here is the piece:

Last week’s unanimous decision of the Supreme Court in U.S. v. Jones (PDF) marks a major victory for constitutional rights.  While the justices split in their rationale, they agreed that protecting Americans’ privacy in the digital age will require the Court to do a great deal more to untangle its confusing Fourth Amendment jurisprudence. That will likely take several more decisions — and many years. Meanwhile, Congress should heed Justice Samuel Alito’s call for legislation limiting government’s ability to track us and snoop through our private communications.

First, the good news: Law enforcement can no longer plant GPS tracking devices on our vehicles without satisfying the Fourth Amendment. Even better: the majority of justices — including conservative Justices Antonin Scalia, John Roberts, Anthony Kennedy, and Clarence Thomas, joined by Obama appointee Sonia Sotomayor — agreed that Jones is only the beginning of the long-overdue inquiry into constitutional protections against location-based surveillance. Read More

2

The Potentially Profound Implications of United States v. Jones

I must respectfully disagree with a recent post by Renee Hutchins on our blog about the recent U.S. Supreme Court case, United States v. Jones.    She concludes:

With full knowledge of this history, the Jones decision should give us pause. It is widely believed that the test the court enunciated nearly a half-century ago better protects the privacy interest of citizens in the face of advancing technology. By reverting to the language of trespass, the court this week took a step back when it could have taken a bold step forward. Moreover, by failing to engage the admittedly “thorny” question of whether the monitoring of the GPS device alone violated Mr. Jones’ constitutional rights, the court missed a momentous opportunity to speak clearly in a brave new world.

Although it is true that the majority opinion is narrow, the concurring opinions indicate five votes for a broader more progressive view of the Fourth Amendment, one which breaks from some of the Court’s antiquated notions of privacy. When I read Jones, I see cause for celebration rather than disappointment.

I have long argued that the Court has failed to understand that aggregated pieces of information can together upend expectations of privacy. See Privacy and Power 1434-35 (2001), The Digital Person 44-47 (2004), Understanding Privacy 117-21 (2008).  I have also critiqued what I call the “secrecy paradigm” where the Court has held that privacy is only invaded by revealing previously concealed information.  See The Digital Person 42-44 (2004), Understanding Privacy 106-12 (2008).  I have argued that privacy can be invaded even by public surveillance.  More recently, in Nothing to Hide 178 (2011), I argued:

The problem with the secrecy paradigm is that we do expect some degree of privacy in public.  We don’t expect total secrecy, but we also don’t expect somebody to be recording everything we do. Most of the time, when we’re out and about, nobody’s paying any special attention to us. We do many private things in public, such as buy medications and hygiene products in drug stores and browse books and magazines in bookstores. We expect a kind of practical obscurity—to be just another face in the crowd.

In Justice Alito’s concurring opinion, he seemingly recognizes both of the concept of aggregation and the fact that the extent of the surveillance matter more than merely whether it occurs in public or private:

Under this approach, relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable.  But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.  For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.

Justice Sotomayor discusses this passage with approval in her concurrence, indicating five votes for this view.  Indeed, she would go even further than Justice Alito.

I see profound implications in Jones for the future direction of the Fourth Amendment and privacy law more generally.  I explain this in detail in a recent essay, United States v. Jones and the Future of Privacy Law: The Potential Far-Reaching Implications of the GPS Surveillance Case, Bloomberg BNA Privacy & Security Law Report (Jan. 30, 2012).  From the essay:

The more contextual and open-ended view of privacy articulated by Justice Alito has five votes on the Court.  This is a sophisticated view of privacy, one that departs from the antiquated notions the Court has often clung to.  If this view works its way through Fourth Amendment law, the implications could be quite profound.  So many of the Court’s rationales under the reasonable expectation of privacy test fail to comprehend how technology changes the dynamic of information gathering, making it ruthlessly efficient and making surveillance pervasive and more penetrating.  We might be seeing the stirrings of a more modern Fourth Amendment jurisprudence, one that no longer seems impervious to technological development.

I continue:

Read More

7

United States v. Jones, A Step Back for Rights

I appreciate the chance to engage with CoOp readers on the United States v. Jones case.  I wrote an Op Ed for the Baltimore Sun, so here’s what I have to say.

I really wanted to love the Supreme Court’s decision Monday in United States v. Jones. As one deeply committed to personal liberty and restrained government, what’s not to love when the nation’s highest court finds the police must obtain a warrant before continuously tracking the citizenry with installed GPS devices?  Unfortunately, the answer is “plenty.”

The Supreme Court in Jones could have categorically denounced intrusive government monitoring in the mold of the Orwellian state. It didn’t. And so, while the result in Jones is being roundly celebrated in many quarters, there remain good reasons for privacy fans to hold our applause.

Acting on suspicions that Antoine Jones was selling drugs, the government attached a GPS device to his car. From that device, police computers received a steady stream of information about the car’s location for 28 days. In all, more than 2,000 pages of location data were transmitted. Some of the data linked Mr. Jones to a house where substantial quantities of drugs and money were found. Mr. Jones was consequently charged with drug trafficking offenses. The trial court held that most of the data gleaned from the GPS device was admissible.

Commendably, the Supreme Court reversed that decision and declared the GPS monitoring of Mr. Jones unconstitutional. In doing so, however, the court refused to answer the long-standing question of constitutional limits on the Orwellian state. The case was an opportunity for the court to announce that round-the-clock surveillance of citizens without a warrant offends Fourth Amendment guarantees. Instead, the court based its analysis upon the narrower observation that the police attached a device to Mr. Jones’ car. The Supreme Court’s reluctance is understandable; the broader questions are complex and not easily resolved. But, now more than ever, advances in technology make pressing the need to confront the questions head on.

The court’s refusal to tell us whether the Constitution protects us from suspicion-less government monitoring is alone cause for frustration. But perhaps as troubling is the language the court used to accomplish its elusion. Read More
2

Barry Friedman on United States v. Jones

Professor Barry Friedman’s opinion piece in the New York Times on Jones is characteristically insightful: we’ve featured his work in our Bright Ideas series and other posts.  His piece adds an important layer to, and echoes, the conversation our experts have been having this past week.  If you haven’t seen it, here it is:

EVERY day, those of us who live in the digital world give little bits of ourselves away. On Facebook and LinkedIn. To servers that store our e-mail, Google searches, online banking and shopping records. Does the fact that so many of us live our lives online mean we have given the government wide-open access to all that information?

The Supreme Court’s decision last week in United States v. Jones presents the disturbing possibility that the answer is yes. In Jones, the court held that long-term GPS surveillance of a suspect’s car violated the Fourth Amendment. The justices’ 9-to-0 decision to protect constitutional liberty from invasive police use of technology was celebrated across the ideological spectrum. Read More

9

Why Scalia is Right in Jones: Magic Places and One-Way Ratchets

The Supreme Court handed down its decision in U.S. v. Jones yesterday, and the blogosphere is abuzz about the case. (See Margot Kaminski, Paul Ohm, Howard Wasserman, Tom Goldstein, and the terrifyingly prolific Orin Kerr.) The verdict was a clean sweep – 9-0 for Jones – but the case produced three opinions, including a duel between Justices Antonin Scalia and Samuel Alito. Thus far, most privacy and constitutional law thinkers favor Alito’s position. That’s incorrect: Justice Scalia’s opinion is far more privacy protective. Here’s why: Read More