Archive for the ‘Privacy (National Security)’ Category
posted by Albert Wong
By Albert Wong and Valerie Belair-Gagnon, Information Society Project at Yale Law School
In a recent article in the Columbia Journalism Review, we reported that major US newspapers exhibited a net pro-surveillance bias in their “post-Edward Snowden” coverage of the NSA. Our results ran counter to the general perception that major media outlets lean “traditionally liberal” on social issues. Given our findings, we decided to extend our analysis to see if the same bias was present in “traditionally conservative” and international newspapers.
Using the same methods described in our previous study, we examined total press coverage in the Washington Times, one of the top “traditionally conservative” newspapers in the US. We found that the Washington Times used pro-surveillance terms such as security or counterterrorism 45.5% more frequently than anti-surveillance terms like liberty or rights. This is comparable to USA Today‘s 36% bias and quantitatively greater than The New York Times‘ 14.1% or the Washington Post‘s 11.1%. The Washington Times, a “traditionally conservative” newspaper, had the same, if not stronger, pro-surveillance bias in its coverage as neutral/”traditionally liberal”-leaning newspapers.
In contrast, The Guardian, the major UK newspaper where Glenn Greenwald has reported most of Snowden’s disclosures, did not exhibit such a bias. Unlike any of the US newspapers we examined, The Guardian actually used anti-surveillance terms slightly (3.2%) more frequently than pro-surveillance terms. Despite the UK government’s pro-surveillance position (similar to and perhaps even more uncompromising than that of the US government), the Guardian‘s coverage has remained neutral overall. (Neutral as far as keyword frequency analysis goes, anyway; the use of other methods, such as qualitative analysis of article tone, may also be helpful in building a comprehensive picture.)
Our extended results provide additional context for our earlier report and demonstrate that our analysis is “capturing a meaningful divide.”
On a further note, as several commenters suggested in response to our original report, the US media’s pro-surveillance bias may be a manifestation of a broader “pro-state” bias. This theory may be correct, but it would be difficult to confirm conclusively. On many, even most, issues, the US government does not speak with one voice. Whose position should be taken as the “state” position? The opinion of the President? The Speaker of the House? The Chief Justice? Administration allies in Congress? In the context of the Affordable Care Act, is there no “pro-state” position at all, since the President, the Speaker, and the Chief Justice each have different, largely irreconcilable views?
November 1, 2013 at 11:02 am Posted in: Anonymity, Civil Rights, Culture, Current Events, Cyber Civil Rights, Government Secrecy, Politics, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Technology, Uncategorized Print This Post 10 Comments
Heads Up 3D Printing and more: The Georgetown Law Journal Volume 102 Symposium: “Law in an Age of Disruptive Technology”
posted by Deven Desai
As you know Gerard and I have been working up our paper Patents, Meet Napster: 3D Printing and the Digitization of Things . It will be part of The Georgetown Law Journal Volume 102 Symposium: “Law in an Age of Disruptive Technology” which will take place on Friday November 8, 2013. There will be panels about driverless cars and mass surveillance as well. We hope to see many of you there. (RSVP at this link).
It is a great honor to be part of this lineup:
Keynote Address by Professor Neal Katyal
Chaired by Professors Deven Desai and Gerard Magliocca
Driverless Cars & Tort Liability
Chaired by Professor Bryant Walker Smith
Mass Surveillance Technology
Chaired by Professor Christopher Slobogin
posted by Frank Pasquale
Many have blamed American militarism on George W. Bush. Whether cast as cowboy, crusader, or dupe of the Angler, the ex-president was a convenient scapegoat. By 2008, voters felt comforted that neither the technocrat Obama nor the veteran McCain would recapitulate the tragedy of Iraq. And yet here we are, five years later, with both men uniting behind another “intervention.”
With the Bush bogeyman gone, the new war drive raises deep questions about the US political system. The Syria proposal is so at odds with what the American people want, what the world appears to want, and what even many of its intended beneficiaries want, that the question arises: what does the Administration know that we don’t? What gives them confidence that the US can accomplish its “three missions” in Syria? Andrew Bacevich puts the question plainly:
If you think back to 1980, and just sort of tick off the number of military enterprises that we have been engaged in that part of the world, large and small, you know, Beirut, Afghanistan, Iraq, Yemen, Somalia — and on and on, and ask yourself, ‘What have we got done? What have we achieved? Is the region becoming more stable? Is it becoming more democratic? Are we enhancing America’s standing in the eyes of the people of the Islamic world?’ ‘The answers are, ‘No, no, and no.’ So why, Mr. President, do you think that initiating yet another war in this protracted enterprise is going to produce a different outcome?
The other “big story” of the summer helps explain the hubris. If you had access to an intelligence apparatus as pervasive and expert as NSA/DIA/CIA/NGA et al., would you think you were missing anything? The lesson of history is that conflict is unpredictable, and can quickly spin out of control. But the dream of mass surveillance is mastery and control. Precrime, prewar, all manner of incipient evils: with enough anticipatory knowledge all can eventually be modulated away and conquered.
Read the rest of this post »
posted by Frank Pasquale
Interesting to see how the three topics converge. First, an excerpt from King’s December 1961 speech to the AFL-CIO Convention:
Less than a century ago, the laborer had no rights, little or no respect, and led a life that was socially submerged and barren. . . . American industry organized misery into sweatshops and proclaimed the right of capital to act without restraints and without conscience. . . . The children of workers had no childhood and no future. They, too, worked for pennies an hour and by the time they reached their teens they were worn-out old men, devoid of spirit, devoid of hope and devoid of self-respect.
Second, from Tom Geoghegan’s analysis of King as a labor leader: “It is said that just after this speech, J. Edgar Hoover was more determined to wiretap King.”
Treating someone working for the betterment of the many, as an enemy of the state, is a core harm of politicized surveillance.
posted by Frank Pasquale
Rep. Mike Fitzpatrick (R-Pa.) proposed legislation . . . that would cut National Security Agency (NSA) funding if it violates new surveillance rules aimed at preventing broad data collection on millions of people.
Fitzpatrick has also offered language to restrict the term “relevant” when it comes to data collection. On the one hand, it seems odd for Congress to micromanage a spy agency. On the other hand, no one has adequately explained how present safeguards keep the integrated Information Sharing Environment from engaging in the harms catalogued here and here. So we’re likely to see many blunt efforts to cut off its ability to collect and analyze data, even if data misuse is really the core problem.
August 22, 2013 at 9:44 am Posted in: Criminal Law, Current Events, Google & Search Engines, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Technology Print This Post No Comments
posted by Frank Pasquale
The “summer of NSA revelations” rolls along, with a blockbuster finale today. In June, Jennifer Granick and Christopher Sprigman flatly declared the NSA criminal. Now the agency’s own internal documents (leaked by Snowden) appear to confirm thousands of legal violations.
Legal scholars will not be surprised by the day’s revelations, just as few surveillance experts were all that shocked by the breadth and depth of PRISM, PINWALE, MARINA, and other programs. Ray Ku called warrantless surveillance unconstitutional in 2010. Civil liberties groups and legal scholars warned us repeatedly about where Bush-era executive power theories would lead. As anyone familiar with Bruce Ackerman’s work might guess, pliable attorneys have rubber-stamped the telephony metadata program with a “white paper” that “fails to confront counterarguments and address contrary caselaw” and “cites cases that [are] relatively weak authority for its position.” There are no meaningful penalties in sight (perhaps because the OLC has prepared documents that function as a “get out of jail free” card for those involved).
Read the rest of this post »
posted by Danielle Citron
Professor Margaret Hu’s important new article, “Biometric ID Cybersurveillance” (Indiana Law Journal), carefully and chillingly lays out federal and state government’s increasing use of biometrics for identification and other purposes. These efforts are poised to lead to a national biometric ID with centralized databases of our iris, face, and fingerprints. Such multimodal biometric IDs ostensibly provide greater security from fraud than our current de facto identifier, the social security number. As Professor Hu lays out, biometrics are, and soon will be, gatekeepers to the right to vote, work, fly, drive, and cross into our borders. Professor Hu explains that the FBI’s Next Generation Identification project will institute:
a comprehensive, centralized, and technologically interoperable biometric database that spans across military and national security agencies, as well as all other state and federal government agencies.Once complete, NGI will strive to centralize whatever biometric data is available on all citizens and noncitizens in the United States and abroad, including information on fingerprints, DNA, iris scans, voice recognition, and facial recognition data captured through digitalized photos, such as U.S. passport photos and REAL ID driver’s licenses.The NGI Interstate Photo System, for instance, aims to aggregate digital photos from not only federal, state, and local law enforcement, but also digital photos from private businesses, social networking sites, government agencies, and foreign and international entities, as well as acquaintances, friends, and family members.
Such a comprehensive biometric database would surely be accessed and used by our network of fusion centers and other hubs of our domestic surveillance apparatus that Frank Pasquale and I wrote about here.
Biometric ID cybersurveillance might be used to assign risk assessment scores and to take action based on those scores. In a chilling passage, Professor Hu describes one such proposed program:
FAST is currently under testing by DHS and has been described in press reports as a “precrime” program. If implemented, FAST will purportedly rely upon complex statistical algorithms that can aggregate data from multiple databases in an attempt to “predict” future criminal or terrorist acts, most likely through stealth cybersurveillance and covert data monitoring of ordinary citizens. The FAST program purports to assess whether an individual might pose a “precrime” threat through the capture of a range of data, including biometric data. In other words, FAST attempts to infer the security threat risk of future criminals and terrorists through data analysis.
Under FAST, biometric-based physiological and behavioral cues are captured through the following types of biometric data: body and eye movements, eye blink rate and pupil variation, body heat changes, and breathing patterns. Biometric- based linguistic cues include the capture of the following types of biometric data: voice pitch changes, alterations in rhythm, and changes in intonations of speech.Documents released by DHS indicate that individuals could be arrested and face other serious consequences based upon statistical algorithms and predictive analytical assessments. Specifically, projected consequences of FAST ‘can range from none to being temporarily detained to deportation, prison, or death.’
Data mining of our biometrics to predict criminal and terrorist activity, which is then used as a basis for government decision making about our liberty? If this comes to fruition, technological due process would certainly be required.
Professor Hu calls for the Fourth Amendment to evolve to meet the challenge of 24/7 biometric surveillance technologies. David Gray and I hopefully answer Professor Hu’s request in our article “The Right to Quantitative Privacy” (forthcoming Minnesota Law Review). Rather than asking how much information is gathered in a particular case, we argue that Fourth Amendment interests in quantitative privacy demand that we focus on how information is gathered. In our view, the threshold Fourth Amendment question should be whether a technology has the capacity to facilitate broad and indiscriminate surveillance that intrudes upon reasonable expectations of quantitative privacy by raising the specter of a surveillance state if deployment and use of that technology is left to the unfettered discretion of government. If it does not, then the Fourth Amendment imposes no limitations on law enforcement’s use of that technology, regardless of how much information officers gather against a particular target in a particular case. By contrast, if it does threaten reasonable expectations of quantitative privacy, then the government’s use of that technology amounts to a “search,” and must be subjected to the crucible of Fourth Amendment reasonableness, including judicially enforced constraints on law enforcement’s discretion.
posted by Danielle Citron
The NSA and the rest of our surveillance state apparatus is shrouded in secrecy. As captured in Frank Pasquale’s superb forthcoming book, governmental surveillance is a black box. Gag orders prevent Internet companies from talking about their participation in PRISM; nearly everything revealing is classified; the Executive Branch is telling us half truths or no truths. To counter massive governmental overreach, Bradley Manning, Edward Snowden, and others have exposed some sunlight on our surveillance state. That sunlight isn’t coming from those who are betraying the country, but those who are trying to save it, at least that’s what many registered voters think. According to a Quinnipiac poll released today, American voters say “55 – 34 percent” that NSA consultant Edward Snowden is a “whistleblower rather than a traitor.” According to the assistant director of the Quinnipiac University Polling Institute, “Most American voters think positively of Edward Snowden,” at least they did before he accepted asylum in Russia. From July 28 to July 31, 1,468 registered voters were surveyed on the phone. These sorts of leaks seem inevitable, at least culturally given our so-called commitment to openness and transparency. The leakers/whistleblowers are trying to nudge the Executive Branch to honor its commitments to the Fourth Amendment, the sentiments of the Church Report, and the Administration’s 2009 Openness and Transparency memo. Let’s see if letting the air out moves us closer to the kind of country we say we are.
H/T: Yale ISP’s Christina Spiesel for the Quinnipiac Poll
posted by Frank Pasquale
The Privacy and Civil Liberties Oversight Board (PCLOB) is holding a “Workshop Regarding Surveillance Programs Operated Pursuant to Section 215 of the USA PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act.” Many luminaries in the privacy community are participating. I’m sure they will have great ideas about rendering PRISM, PINWALE, MARINA, et al. more subject to oversight.
But I have heard very little on what the appropriate penalties should be for misuse of surveillance data. In the health care world, we have some pretty clear precedents. For instance, a researcher served four months in prison for snooping into medical records in 2003. Imagine a very similar incident happened in the NSA context—say, an analyst abused his or her access to the data to learn details about an acquaintance who exhibited no suspicious characteristics. What should be the penalty? Feel free to comment below, or to submit ideas directly to the PCLOB.
posted by Deven Desai
In January I wrote a piece, “Beyond Data Location: Data Security in the 21st Century,” for Communications of the ACM. I went into the current facts about data security (basic point: data moving often helps security) and how they clash with jurisdiction needs and interests. As part of that essay I wrote:
A key hurdle is identifying when any government may demand data. Transparent policies and possibly treaties could help better identify and govern under what circumstances a country may demand data from another. Countries might work with local industry to create data security and data breach laws with real teeth as a way to signal that poor data security has consequences. Countries should also provide more room for companies to challenge requests and reveal them so the global market has a better sense of what is being sought, which countries respect data protection laws, and which do not. Such changes would allow companies to compete based not only on their security systems but their willingness to defend customer interests. In return companies and computer scientists will likely have to design systems with an eye toward the ability to respond to government requests when those requests are proper. Such solutions may involve ways to tag data as coming from a citizen of a particular country. Here, issues of privacy and freedom arise, because the more one can tag and trace data, the more one can use it for surveillance. This possibility shows why increased transparency is needed, for at the very least it would allow citizens to object to pacts between governments and companies that tread on individual rights.
Prism shows just how much a new balance is needed. There are many areas to sort to reach that balance. They are too many to explore in blog post. But as I argued in the essay, I think that pulling in engineers (not just industry ones), law enforcement, civil society groups, and oh yes, lawyers to look at what can be done to address the current imbalance is the way to proceed.
June 24, 2013 at 1:44 pm Posted in: Intellectual Property, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Technology Print This Post No Comments
posted by Robert Gellman
Privacy advocates have disliked the third-party doctrine at least from the day in 1976 when the Supreme Court decided U.S. v. Miller. Anyone who remembers the Privacy Protection Study Commission knows that its report was heavily influenced by Miller. My first task in my long stint as a congressional staffer was to organize a hearing to receive the report of the Commission in 1977. In the introduction to the report, the Commission called the date of the decision “a fateful day for personal privacy.”
Last year, privacy advocates cheered when Justice Sonia Sotomayor’s concurrence in U.S. v. Jones asked if it was time to reconsider the third-party doctrine. Yet it is likely that it would take a long time before the Supreme Court revisits and overturns the third-party doctrine, if ever. Sotomayor’s opinion didn’t attract a single other Justice.
Can we draft a statute to overturn the third-party doctrine? That is not an easy task, and it may be an unattainable goal politically. Nevertheless, the discussion has to start somewhere. I acknowledge that not everyone wants to overturn Miller. See Orin Kerr’s The Case For the Third-party Doctrine. I’m certainly not the first person to ask the how-to-do-it question. Dan Solove wrestled with the problem in Digital Dossiers and the Dissipation of Fourth Amendment Privacy.
I’m going at the problem as if I were still a congressional staffer tasked with drafting a bill. I see right away that there is precedent. Somewhat remarkably, Congress partly overturned the Miller decision in 1978 when it enacted The Right to Financial Privacy Act, 12 U.S.C. § 3401 et seq. The RFPA says that if the federal government wants to obtain records of a bank customer, it must notify the customer and allow the customer to challenge the request.
The RFPA is remarkable too for its exemptions and weak standards. The law only applies to the federal government and not to state and local governments. (States may have their own laws applicable to state agencies.) Bank supervisory agencies are largely exempt. The IRS is exempt. Disclosures required by federal law are exempt. Disclosures for government loan programs are exempt. Disclosures for grand jury subpoenas are exempt. That effectively exempts a lot of criminal law enforcement activity. Disclosures to GAO and the CFPB are exempt. Disclosures for investigations of crimes against financial institutions by insiders are exempt. Disclosures to intelligence agencies are exempt. This long – and incomplete – list is the first hint that overturning the third-party doctrine won’t be easy.
We’re not done with the weaknesses in the RFPA. A customer who receives notice of a government request has ten days to challenge the request in federal court. The customer must argue that the records sought are not relevant to the legitimate law enforcement inquiry identified by the government in the notice. The customer loses if there is a demonstrable reason to believe that the law enforcement is legitimate and a reasonable belief that the records sought are relevant to that inquiry. Relevance and legitimacy are weak standards, to say the least. Good luck winning your case.
Who should get the protection of our bill? The RFPA gives rights to “customers” of a financial institution. A customer is an individual or partnership of five or fewer individuals (how would anyone know?). If legal persons also receive protection, a bill might actually attract corporate support, along with major opposition from every regulatory agency in town. It will be hard enough to pass a bill limited to individuals. The great advantage of playing staffer is that you can apply political criteria to solve knotty policy problems. I’d be inclined to stick to individuals.
posted by Frank Pasquale
First Monday recently published an issue on social media monopolies. These lines from the introduction by Korinna Patelis and Pavlos Hatzopolous are particularly provocative:
A large part of existing critical thinking on social media has been obsessed with the concept of privacy. . . . Reading through a number of volumes and texts dedicated to the problematic of privacy in social networking one gets the feeling that if the so called “privacy issues” were resolved social media would be radically democratized. Instead of adopting a static view of the concept . . . of “privacy”, critical thinking needs to investigate how the private/public dichotomy is potentially reconfigured in social media networking, and [the] new forms of collectivity that can emerge . . . .
I can even see a way in which privacy rights do not merely displace, but actively work against, egalitarian objectives. Stipulate a population with Group A, which is relatively prosperous and has the time and money to hire agents to use notice-and-consent privacy provisions to its advantage (i.e., figuring out exactly how to disclose information to put its members in the best light possible). Meanwhile, most of Group B is too busy working several jobs to use contracts, law, or agents to its advantage in that way. We should not be surprised if Group A leverages its mastery of privacy law to enhance its position relative to Group B.
Better regulation would restrict use of data, rather than “empower” users (with vastly different levels of power) to restrict collection of data. As data scientist Cathy O’Neil observes:
Read the rest of this post »
posted by Danielle Citron
Privacy leading lights Dan Solove and Paul Schwartz have recently released the 2013 edition of Privacy Law Fundamentals, a must-have for privacy practitioners, scholars, students, and really anyone who cares about privacy.
Privacy Law Fundamentals is an essential primer of the state of privacy law, capturing the up-to-date developments in legislation, FTC enforcement actions, and cases here and abroad. As Chief Privacy Officers like Intel’s David Hoffman and renown privacy practitioners like Hogan’s Chris Wolf and Covington’s Kurt Wimmer agree, Privacy Law Fundamentals is an “essential” and “authoritative guide” on privacy law, compact and incredibly useful. For those of you who know Dan and Paul, their work is not only incredibly wise and helpful but also dispensed in person with serious humor. Check out this You Tube video, “Privacy Law in 60 Seconds,” to see what I mean. I think that Psy may have a run for his money on making us smile.
March 8, 2013 at 8:42 am Posted in: Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Gossip & Shaming), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical), Privacy (National Security) Print This Post 4 Comments
posted by Ryan Calo
Concurring Opinions readers might get a kick out of the fact that, at one point in his twelve hour, old school filibuster of John Brennan’s nomination as CIA director this evening, Senator Rand Paul reads aloud from my 2011 online essay in Stanford Law Review on the domestic use of drones. Video of the clip here. I suppose it beats a phone book!
posted by Omer Tene
Last week I blogged here about a comprehensive survey on systematic government access to private sector data, which will be published in the next issue of International Data Privacy Law, an Oxford University Press law journal edited by Christopher Kuner. Several readers have asked whether the results of the survey are available online. Well, now they are – even before publication of the special issue. The project, which was organized by Fred Cate and Jim Dempsey and supported by The Privacy Projects, covered government access laws in Australia, Canada, China, Germany, Israel, Japan, United Kingdom and United States.
Peter Swire’s thought provoking piece on the increased importance of government access to the cloud in an age of encrypted communications appears here. Also see the special issue’s editorial, by Fred, Jim and Ira Rubinstein.
October 2, 2012 at 2:04 am Tags: cloud computing, data protection, Fourth Amendment, government access, Privacy Posted in: Constitutional Law, Consumer Protection Law, Cyberlaw, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Uncategorized Print This Post No Comments
posted by Omer Tene
The Sixth Circuit Court of Appeals has recently decided in United States v. Skinner that police does not need a warrant to obtain GPS location data for mobile phones. The decision, based on the holding of the Supreme Court in US v. Jones, highlights the need for a comprehensive reform of rules on government access to communications non-contents information (“communications data”). Once consisting of only a list of phone numbers dialed by a customer (a “pen register”), communications data have become rife with personal information, including location, clickstream, social contacts and more.
To a non-American, the US v. Jones ruling is truly astounding in its narrow scope. Clearly, the Justices aimed to sidestep the obvious question of expectation of privacy in public spaces. The Court did hold that the attachment of a GPS tracking device to a vehicle and its use to monitor the vehicle’s movements constitutes a Fourth Amendment “search”. But it based its holding not on the persistent surveillance of the suspect’s movements but rather on a “trespass to chattels” inflicted when a government agent ever-so-slightly touched the suspect’s vehicle to attach the tracking device. In the opinion of the Court, it was the clearly insignificant “occupation of property” (touching a car!) rather than the obviously weighty location tracking that triggered constitutional protection.
Suffice it to say, that to an outside observer, the property infringement appears to have been a side issue in both Jones and Skinner. The main issue of course is government power to remotely access information about an individual’s life, which is increasingly stored by third parties in the cloud. In most cases past – and certainly present and future – there is little need to trespass on an individual’s property in order to monitor her every move. Our lives are increasingly mediated by technology. Numerous third parties possess volumes of information about our finances, health, online endeavors, geographical movements, etc. For effective surveillance, the government typically just needs to ask.
This is why an upcoming issue of International Data Privacy Law (IDPL) (an Oxford University Press law journal), which is devoted to systematic government access to private sector data, is so timely and important. The special issue covers rules on government access in multiple jurisdictions, including the US, UK, Germany, Israel, Japan, China, India, Australia and Canada.
September 29, 2012 at 4:34 am Tags: cloud computing, data protection, law enforcement, national security, Privacy Posted in: Constitutional Law, Consumer Protection Law, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security), Uncategorized Print This Post 2 Comments
posted by Peter Swire
David Stebenne gave a fascinating talk today about how the personal experiences of Justice Goldberg made him very sensitive to privacy, and led to his strong pro-privacy concurrence in the Griswold case that established a right to privacy for use of contraceptives. David is a legal historian at Ohio State, now has a joint appointment with our law school, and spoke today at a John Marshall Law School conference on the history of privacy from Brandeis to today.
Stebenne has written a biography of Goldberg, and is a master of the historical record. Look at these personal experiences that shaped Justice Goldberg’s views on privacy:
(1) Brandeis and Warren-style press intrusions. Goldberg was the leading lawyer for the Steelworkers Union and the CIO during the 1950′s. The unions were subjected to many hostile press articles, often describing (or exaggerating) union corruption. The sorts of press excesses, at the center of the Brandeis and Warren privacy article, were lived by Goldberg.
(2) Intrusive police surveillance. The Steelworkers and other unions were pervasively wiretapped in the 1950′s. In one 1957 board meeting, the leadership reported that there were so many wiretaps on the line that they could barely hear each other talk.
(3) Mistaken FBI files. The FBI opened a file before World War II about a different person named Arthur Goldberg, who had suspected links to the Communist Party. Years later, Goldberg found out that a huge file had been accumulated on him based on this original, mistaken report. He met with the FBI, and had the unusual good fortune to clear the matter up. But he learned personally how invasive and unreliable FBI files could be.
(4) CIA spy and counter-spy. During World War II, Goldberg worked for the OSS, the predecessor of the CIA. For part of that time he was the target of enemy espionage himself. He knew the CIA kept a close eye on his clients in the labor movement, and thus knew more than most about the nature and scale of domestic surveillance by the government.
In short, Goldberg was not a privileged person who knew he had nothing to hide. Instead, he had direct personal experience with the intrusiveness and mistakes that could result from the media, intelligence agencies, and new technologies.
Insight can come from personal experience. Among other lessons from this history, it suggests some virtues of having judges and justices with a wide range of personal experience.
posted by Dave Hoffman
My co-author Sasha Romanosky asks me to post the following:
I am involved in a research project that examines state laws affecting the flow of personal information in some way. This information could relate to patients, employees, financial or retail customers, or even just individuals. And by “flow” we are interested in laws that affect the collection, use, storage, sale, sharing, disclosure, or even destruction of this information.
For example, some state laws require that companies notify you when your personal information has been hacked, while other state laws require notice if the firm plans to sell your information. In addition, laws in other
states restrict the sale of personal health information; enable law enforcement to track cell phone usage without a warrant; or prohibit the collection of a customer’s zip code during a credit card purchase.
Given the huge variation among states in their information laws, we would like to ask readers of Concurring Opinions to help us collect examples of such laws. You are welcome to either post a response to this blog entry or
reply to me directly at sromanos at cmu dot edu.
Sasha is a good guy, and a really careful researcher. Let’s help him!
September 10, 2012 at 9:58 am Posted in: Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical), Privacy (National Security) Print This Post 3 Comments
posted by Danielle Citron
The new $1 billion Next Generation Identification (NGI) system is now in its roll out phase. NGI–a joint project of federal, state, and local law enforcement and other agencies — is a nationwide network of databases containing images of the body’s characteristics, such as fingerprints, iris, retina, voice, and face. Here is a little primer on how biometric systems work (see my SoCal Reservoirs of Danger article). Databases store images of biometric information, either as pictures or mathematical formulas of images called templates. The biometric system matches an individual’s fingerprint, for instance, with an image or template stored in databases. Aside from governmental forays into biometric collection and use (which are many), private biometric providers hold templates of millions of individuals. Elementary schools, airports, gas providers, grocery stores, health clubs, workplaces, and even Disney’s theme parks collect iris scans and fingerprints to secure access to physical plants and/or accounts. Companies reportedly are creating central clearinghouses of biometric information for commercial use.
According to Assistant Director Tom Bush of the Criminal Justice Information Services Division, NGI is a “state-of-the-art identification system that will be bigger, faster, and better than IAFIS (Integrated Automated Fingerprint Identification System).” It is “bigger” because it will increase the capacity of fingerprint storage plus house multimodal biometrics records like palm prints and iris scan and have room to accommodate future biometric technologies (i.e., voice, gait, etc.) as they become available. It is “faster” because it will speed up response time for high priority criminal ten-print submissions from two hours to about 10 minutes on average. It is “better” because going beyond fingerprints as biometric identifiers will enhance the investigative and identification processes. Adding palm prints makes sense, according to Bush, because latent prints left behind by criminals at crime scenes are often palm prints. NGI is also being developed “to be compatible with other U.S. biometric systems and potentially with those of some foreign partners.”
The FBI’s NGI website proclaims that its many virtues include:
Interstate Photo System Enhancements
Closeup photo of an arm tattoo. Currently, the IAFIS can accept photographs (mugshots) with criminal ten-print submissions. The Interstate Photo System (IPS) will allow customers to add photographs to previously submitted arrest data, submit photos with civil submissions, and submit photos in bulk formats. The IPS will also allow for easier retrieval of photos, and include the ability to accept and search for photographs of scars, marks, and tattoos. In addition, this initiative will also explore the capability of facial recognition technology.
The future of identification systems is currently progressing beyond the dependency of a unimodal (e.g., fingerprint) biometric identifier towards multimodal biometrics (i.e., voice, iris, facial, etc.). The NGI Program will advance the integration strategies and indexing of additional biometric data that will provide the framework for a future multimodal system that will facilitate biometric fusion identification techniques. The framework will be expandable, scalable, and flexible to accommodate new technologies and biometric standards, and will be interoperable with existing systems. Once developed and implemented, the NGI initiatives and multimodal functionality will promote a high level of information sharing, support interoperability, and provide a foundation for using multiple biometrics for positive identification. Read the rest of this post »
posted by Danielle Citron
It’s not news to CoOp readers that Fourth Amendment law is in a state of confusion over how to deal with ever-expanding capacities of state agents to collect information about our movements and activities using a range of surveillance technologies. My colleague David Gray and I have spent lots of time thinking and writing about the fog surrounding this issue in light of United States v. Jones. So we write this post together — Professor David Gray is my brilliant colleague who has been a guest for us in the past. So here is what is on our minds:
The Supreme Court avoided a four-square engagement with these issues last term in Jones by rehabilitating a long-forgotten, but not lost, property-based test of Fourth Amendment search. For most of us, however, the real action in the opinion was in the concurrences, which make clear that five justices are ready to hold that we may have a reasonable expectation of privacy in massive aggregates of data, even if not that is not true for the constituent parts. The focus of the academic debate after Jones, including a really fascinating session at the Privacy Law Scholars Conference in June, has largely focused on the pros and cons of the “mosaic” theory, which would assess Fourth Amendment interests in quantitative privacy on a case-by-case basis by asking whether law enforcement had gathered too much information on their subject in the course of their investigation. Justice Alito, writing for himself and three others, appeared to endorse the mosaic theory in Jones, and therefore would have held that law enforcement engaged in a Fourth Amendment search by using a GPS-enabled tracking device to monitor Jones’s movements over public streets for 28 days, generating over 2,000 pages of data along the way.
Before the ink was dry in Jones, Orin Kerr was out with a powerful critique. Orin’s concerns, which Justice Scalia seems to share, are doctrinal and practical. Christopher Slobogin has since offered a very thoughtful defense of the mosaic theory, which comes complete with a model statute complete with commentary (take notice Chief Justice Roberts!). Professor Gray and I just posted an article on SSRN arguing that, by focusing on the mosaic theory, much of the conversation about technology and the Fourth Amendment has gone badly wrong after Jones. The Sixth Circuit’s opinion in United States v. Skinner confirms the worst of our concerns. Another nod to Orin Kerr for putting a spotlight on this decision over at the Volokh Conspiracy.
The question put to the court in Skinner was whether the “use of the GPS location information emitted from [Skinner’s] cell phone was a warrantless search that violated the Fourth Amendment . . . .” Writing for himself and Judge Clay, Judge Rogers held that “Skinner did not have a reasonable expectation of privacy in the data emanating from his cell phone that showed its location” in the same way that “the driver of a getaway car has no expectation of privacy in the particular combination of colors of his car’s paint.” Because the officers tracking Skinner only did so for three days, Judge Rogers also saw no quantitative privacy interest at stake.
Skinner is confusing in many ways. The court is not entirely clear on what tracking technology was used, how it was used, which line of Fourth Amendment doctrine it relied upon, or how its holding can be reconciled with Kyllo. For now, let’s bypass those issues to focus on what we take to be a dangerous implication of Skinner and perhaps the mosaic theory as well. According to Judge Rogers, none of us has “a reasonable expectation of privacy in the inherent external locatability of a tool that he or she bought.” That is, there is absolutely no Fourth Amendment prohibition on law enforcement’s using the GPS devices installed in our phone, cars, and computers, or trilateration between cellular towers to track any of us at anytime. Because there are no real practical limitations on the scope of surveillance that these technologies can achieve, Judge Rogers’s holding licenses law enforcement to track us all of the time. The mosaic theory might step in if the government tracks any one of us for too long, but it preserves the possibility that, at any given time, any of us or all of us may be subject to close government surveillance.
We think that something has gone terribly wrong if the Fourth Amendment is read as giving license to a surveillance state. As we argue in our article, programs of broad and indiscriminate surveillance have deleterious effects on our individual development and our collective democratic processes. These concerns are familiar in the information privacy law context, where we have spent nearly fifty years talking about dataveillance and digital dossiers, but they have clear footing in the Fourth Amendment as well. More precisely, we argue that a fundamental purpose of the Fourth Amendment is to serve as a bulwark against the rise of a surveillance state. It should be read as denying law enforcement officers unfettered access to investigative technologies that are capable of facilitating broad programs of indiscriminate surveillance. GPS-enabled tracking is pretty clearly one of these technologies, and therefore should be subject to the crucible of Fourth Amendment reasonableness—at least on our technology-centered approach to quantitative privacy.