Archive for the ‘Privacy’ Category

Recommended Reading: Margot Kaminski in Wake Forest Law Review Online

posted by Danielle Citron

Wake Forest Law Review has a terrific new online companion to its print issues, which features short pieces, all timely and interesting.  This week, the law review posted Margot Kaminski’s Reading Over Your Shoulder: Social Reading and Privacy Law.  Professor Kaminski is a Research Scholar at Yale as well as the Executive Director of the Yale Information Society Project–we have been lucky to feature her insights on United States v. Jones.  Her piece is insightful and contributes much to the conversation in privacy circles about Intellectual Privacy, as theorized by Neil Richards who is hard at work on a book (also see Anita Allen’s comments about Neil’s ideas on Julie Cohen’s symposium), and The Right to Read Anonymously, as conceived by Julie Cohen.  Read away, but, as Kaminski warns, beware…

  March 12, 2012 at 8:39 am   Posted in: Privacy   Print This Post   No Comments

Symposium on Configuring the Networked Self: Cohen’s Methodological Contributions

posted by Frank Pasquale

Julie Cohen’s extraordinarily illuminating book Configuring the Networked Self makes fundamental contributions to the field of law and technology. In this post, I’d like to focus on methodology and theory (a central concern of Chapters 1 to 4). In another post, I hope to turn to the question of realizing Cohen’s vision of human flourishing (a topic Chapters 9 and 10 address most directly).

Discussions of rights and utility dominate the intellectual property and privacy literatures.* Cohen argues that their appeal can be more rhetorical than substantive. As she has stated:

[T]he purported advantage of rights theories and economic theories is neither precisely that they are normative nor precisely that they are scientific, but that they do normative work in a scientific way. Their normative heft derives from a small number of formal principles and purports to concern questions that are a step or two removed from the particular question of policy to be decided. . . . These theories manifest a quasi-scientific neutrality as to copyright law that consists precisely in the high degree of abstraction with which they facilitate thinking about processes of cultural transmission.

Cohen notes “copyright scholars’ aversion to the complexities of cultural theory, which persistently violates those principles.” But she feels they should embrace it, given that it offers “account[s] of the nature and development of knowledge that [are] both far more robust and far more nuanced than anything that liberal political philosophy has to offer. . . . [particularly in understanding] how existing knowledge systems have evolved, and how they are encoded and enforced.”

A term like “knowledge system” may itself seem very abstract and formal. But Cohen’s work insists on a capacious view of network-enabled forms of knowing. Rather than naturalizing and accepting as given the limits of copyright and privacy law on the dissemination of knowledge, she can subsume them into a much broader framework of understanding where “knowing” is going. That framework includes cultural practices, norms, economics, and bureaucratic processes, as well as law.
Read the rest of this post »

  March 8, 2012 at 12:26 am   Posted in: Configuring the Networked Self Symposium, Google and Search Engines, Privacy, Privacy (Electronic Surveillance), Privacy (National Security)   Print This Post   No Comments

Why Now? Or One Way to Understand the Importance of Configuring the Networked Self

posted by Deven Desai

Julie Cohen’s Configuring the Networked Self is different and signals that the next era of tech policy is upon us. The explosion of books about the Internet tracks the explosion of, well, the Internet. Could there be a bubble here too? Are most books simply restating and rehashing arguments from years ago? Probably. Cohen’s book, however, points the way to the next questions about not just the Internet, but how we structure the next twenty to forty years of society. She asks that we look at the state of not just networked technology, but the economy, law, and society that has emerged, how we justify it, and what it should look like going forward. Recent work by Barton Beebe, Maggie Chon, Brett Frischmann, Frank Pasquale, Daniel Solove, and Madhavi Sunder, makes me confident that the new era is here and work in it is growing. Rather than staying with the silos of the past fifteen years, this new inquiry looks to how the system works and probes whether society is reaping the benefits at large. Works like Code, The Future of the Internet, and The Wealth of Networks make important contributions to understanding and justifying certain visions of the Internet/Tech society. I believe, however, that the moment for those explorations is waning. Of course the debates regarding IP protection, open Internet, etc. will continue and there are important near-term battles there. The most pressing area for scholarship and society at large is what comes next?

Talk of innovation and what that means is rather staid and redundant. Leave X the way it is or all will cease. No. Stop X or a once shining industry will die (and you won’t get the things you thought you loved). Back and forth the players go. A closer look shows that they are fighting about their piece of the rapid growth pie. No one seems to look at exactly what innovation is at stake (is it breakthrough or tinkering and applying with a major one?), where capital is heading (is it rushing after the heady returns of early stage industries or fueling production and strong, reasonable rates of return), and how the innovation spreads wealth across society (are the benefits starting to reshape so many industries that a second wave of returns and improvements revitalizes older industries such that the middle class grows?). No one, except, Carlotta Perez and her contemporaries. They investigate the Schumpeter model but go further. Perez makes the strong case that after a technology reaches a peak, there is a crash (or two), and then the real action begins. Society must look to regulation and other mechanisms so that the true golden age arrives, one where the tech wealth spreads and production capital is the order of the day. Note that while that happens the next big tech breakthrough is likely lurking in a lab somewhere and waiting to pop out and shift the world once more.

Cohen’s book comes at the peak of the tech revolution roughly started in 1971 with the birth of the microprocessor, and is a vital resource for the turning point at which we are. I suggest that Cohen and the new wave of tech scholars looking to Sen and Nussbaum for a capabilities approach to tech policy and/or questioning a purely market-based analysis of the issues, may be understood as demanding that we get our house in order. When Cohen calls out that privacy and copyright suffer from similar conceptual problems and argues for a new way to see how individuals’ capabilities can be enhanced, she offers a claim about how to turn the tech revolution from benefiting a small, centralized few to improving the lot of the many. Perez admits that each tech cycle has somewhat specific logics and solutions. Cohen’s situated user, her critique of the specific financial system and call for sustainable development, and acknowledgment of the messy nature of culture track Perez’s insights. In each previous revolution, the turning point arrived and society constructed the way forward that accounted for the specifics of the technology as a broad matter for individuals, addressed failures in capital and labor markets, and was subject to certain cultural and political realities of the time. Configuring the Networked Self is a serious volley against remaining stuck in the recent past. In it, Cohen demands that we look to hard questions and honest insights about the system at large. She is not complacent about the future either. Instead, she makes a case for how we can and should proceed. Like all good scholarship, the book offers ideas to be tested and new questions to pursue. So read the book and let’s get to work.

These are my views. Not Google’s. In other words, attribution to my employer is foolish.

  March 5, 2012 at 3:38 pm   Posted in: Configuring the Networked Self Symposium, Cyberlaw, DRM, Economic Analysis of Law, Intellectual Property, Politics, Privacy   Print This Post   4 Comments

Surveillance, Apologize (Sometimes), and Repeat

posted by Danielle Citron

On February 19, 2009, the North Central Texas Fusion Center issued a bulletin to over a hundred law enforcement agencies that urged officers to report activities of pro-Islam groups.  As the bulletin explained, “Middle Eastern Terrorist groups and their supporting organizations have been successful in gaining support for Islamic goals in the United States and providing an environment for terrorist organizations to flourish.”  Groups warranting surveillance and reporting included the Council on American Islamic Relations (CAIR), which “presents itself as a Muslim Civil liberties group yet it was named an unindicted co-conspirator in the Justice Department’s case in Dallas against the Holy Land Foundation, a Hamas-linked Islamic charity.”  So, too, “pushing an aggressive, pro-Islam agenda that’s been increasingly successful in recent years takes on a new light.”  According to the bulletin, while certain activities in isolation may seem innocuous, they may in fact promote Islamic radicalization.”  The bulletin provided the following examples: “Muslim cab drivers in Minneapolis refuse to carry passengers who have alcohol in their possession; The Indianapolis airport in 2007 installed foot baths to accommodate Muslim prayer; Public schools schedule prayer breaks to accommodate Muslim students; Pork is banned in the workplace ; etc..”  Islamic radicalization “marketing schemes have included hip hop fashion boutiques, hip hop bands, use of online social networks, use of video sharing networks, chat forums and blogs.”  (See here for links to the bulletin).

The bulletin was leaked online, and apologies ensued.  At a sub-committee hearing of the House of Representatives Homeland Security Committee entitled “The Future of Fusion Centers: Potential Promise and Dangers,” John Bateman of the Texas Department of Public Safety and Robert Riegle from the US Department of Homeland Security denounced the bulletin.  David Gersten of the U.S. Department of Homeland Security described it as a “demonstration of what not to do.”  Mr. Riegle testified:

We took immediate and aggressive response to the bulletin… we immediately sent a team of civil liberties and civil rights experts down to the state of Texas to work directly with the center.  This included advocates from the Muslim-American community in the United States of America. We also then immediately altered the directors’ meeting at the national conference to emphasize the importance of this and went over this particular oversight error as aggressively as we possibly could.”

Apologies for surveillance of First Amendment activities are so yesterday–at least in New York.  The New York Times recently covered the New York Police Department’s monitoring of websites of Muslim student groups at more than a dozen universities.  Mayor Michael R. Bloomberg defended the efforts as part of the department’s effort to guard against the threat of terrorism.  As the mayor said in an appearance at the Brooklyn Public Library, “The Police Department goes where there are allegations, and they look to see whether those allegations are true.  That’s what you would expect them to do. That’s what you would want them to do.”  Yale University’s president, Richard C. Levin, has this to say in an e-mail to students, faculty, and staff: “I am writing to state, in the strongest possible terms, that police surveillance based on religion, nationality, or peacefully expressed political opinion is antithetical to the values of Yale, the academic community, and the United States.”  These activities resemble the monitoring of protected groups during the COINTELPRO era, which the Church Committee denounced and which Congress sought to prevent in 28 C.F.R. part 23.  If the monitoring spearheaded by the NYPD isn’t included in records that make their way into federal databases, fair information practices required by federal law would not apply.  And New York’s laws may not preclude records of expressive activities, hence the lack of apology.

  February 26, 2012 at 6:00 pm   Posted in: Civil Rights, Privacy, Privacy (National Security), Religion   Print This Post   One Comment

Dockets and Data Breach Litigation

posted by Dave Hoffman

Alessandro Acquisti, Sasha Romanosky, and I have a new draft up on SSRN, Empirical Analysis of Data Breach Litigation.  Sasha, who’s really led the charge on this paper, has presented it at many venues, but this draft is much improved (and is the first public version).  From the abstract:

In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique database of manually-collected lawsuits from PACER, we analyze the court dockets of over 230 federal data breach lawsuits from 2000 to 2010. We use binary outcome regressions to investigate two research questions: Which data breaches are being litigated in federal court? Which data breach lawsuits are settling? Our results suggest that the odds of a firm being sued in federal court are 3.5 times greater when individuals suffer financial harm, but over 6 times lower when the firm provides free credit monitoring following the breach. We also find that defendants settle 30% more often when plaintiffs allege financial loss from a data breach, or when faced with a certified class action suit. While the compromise of financial information appears to lead to more federal litigation, it does not seem to increase a plaintiff’s chance of a settlement. Instead, compromise of medical information is more strongly correlated with settlement.

A few thoughts follow after the jump.

Read the rest of this post »

  February 19, 2012 at 1:33 pm   Posted in: Economic Analysis of Law, Empirical Analysis of Law, Privacy, Privacy (Consumer Privacy), Privacy (ID Theft), Privacy (Law Enforcement), Privacy (Medical)   Print This Post   No Comments

The Memory Hole

posted by Derek Bambauer

On RocketLawyer’s Legally Easy podcast, I talk with Charley Moore and Eva Arevuo about the EU’s proposed “right to be forgotten” and privacy as censorship. I was inspired by Jeff Rosen and Jane Yakowitz‘s critiques of the approach, which actually appears to be a “right to lie effectively.” If you can disappear unflattering – and truthful – information, it lets you deceive others – in other words, you benefit and they are harmed. The EU’s approach is a blunderbuss where a scalpel is needed.

Cross-posted at Info/Law.

  February 17, 2012 at 12:01 pm   Posted in: Anonymity, Architecture, Civil Rights, Consumer Protection Law, Culture, Current Events, Cyber Civil Rights, Cyberlaw, First Amendment, Google and Search Engines, Innovation, Media Law, Political Economy, Politics, Privacy, Technology, Web 2.0   Print This Post   No Comments

Operation Virtual Shield (aka Persistent Video Surveillance Coming Soon)

posted by Danielle Citron

According to Government Technology, a network of public and private surveillance cameras increasingly monitors our daily lives.  Chicago’s Police Department’s network, called “Operation Virtual Shield,” directs video feeds from roughly 10,000 privately-owned cameras and roughly 10,000 public-sector cameras to law enforcement personnel.  That includes more than 4,500 cameras in Chicago public schools, 3,000 cameras in public housing, and 1,000 camera at O’Hare Airport.  Atlanta’s Video Integration Center similarly uses feeds from the private sector, soon possibly including feeds from the CNN Center. Pre-existing agreements –memoranda of understanding — facilitate the arrangement.  And what luck for law enforcement, according to Chicago’s managing deputy director of public safety: “If the police wanted the video and the private facility owner didn’t want to hand it over, there’d have to be some kind of a court order of subpoena.  With the agreements in place, obviously we’ve got an inventory of cameras by location.  It save lots of time as a forensics too as well.”  Now, there’s no need to bother with court orders or subpoenas.  Just sign the agreement and it’s frictionless sharing, much as may soon be possible in the private sector with changes to the Video Privacy Protection Act. These “Virtual Shield” feeds likely make their way into fusion centers, raising concerns about oversight and civil liberties as my co-blogger Frank Pasquale and I addressed in Network Accountability for the Domestic Intelligence Apparatus.  The cameras are expensive and their efficacy isn’t entirely clear.  Season 4 of the Wire brought home the limitations of cameras: Snoop knocked out a Baltimore city camera and then proceeded into a house to kill someone.  Of course, if we put up cameras everywhere, it may be difficult for criminals to knock them all down.  That may just be the future for Operations Virtual Shield.

Image: Wikimedia Commons

  February 15, 2012 at 5:19 pm   Posted in: Architecture, Privacy, Privacy (Law Enforcement)   Print This Post   2 Comments

Stanford Law Review Online: The Privacy Paradox 2012 Symposium Issue

posted by Stanford Law Review

Our 2012 Symposium Issue, The Privacy Paradox: Privacy and Its Conflicting Values, is now available online:

Essays

• A Reasonableness Approach to Searches After the Jones GPS Tracking Case by Peter Swire (64 Stan. L. Rev. Online 57);
• Privacy in the Age of Big Data by Omer Tene & Jules Polonetsky (64 Stan. L. Rev. Online 63);
• Yes We Can (Profile You): A Brief Primer on Campaigns and Political Data by Daniel Kreiss (64 Stan. L. Rev. Online 70);
• Paving the Regulatory Road to the “Learning Health Care System” by Deven McGraw (64 Stan. L. Rev. Online 75);
• Famous for Fifteen People: Celebrity, Newsworthiness, and Fraley v. Facebook by Simon J. Frankel, Laura Brookover & Stephen Satterfield (64 Stan. L. Rev. Online 82); and
• The Right to Be Forgotten by Jeffrey Rosen (64 Stan. L. Rev. Online 88).

The text of Chief Judge Alex Kozinski’s keynote is forthcoming.

  February 13, 2012 at 1:04 pm   Posted in: Law Rev (Stanford), Law Rev Contents, Law School, Law School (Scholarship), Media Law, Military Law, Politics, Privacy, Privacy (Consumer Privacy), Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (Medical), Privacy (National Security), Social Network Websites, Supreme Court, Technology, Tort Law   Print This Post   No Comments

The Daily You: A Mandatory Read

posted by Danielle Citron

Over at the Business Insider, Doug Weaver has a terrific review of our guest blogger Joe Turow’s new book The Daily You, demonstrating its practical importance to people in the field like Weaver as well as to policymakers and scholars.Here’s the review:

Listening to the insider discussions and industry reporting about online marketing provides a numbing sense of false comfort.  But every so often, we go outside the bubble and hear civilians talking about what we do.  I’m sure most of us have had someone at a party or family gathering share their ‘creeped out’ moment;  that instance where they finally saw clearly that somehow they were being ‘followed’ online.   Other times, they offer us largely unformed general concerns about online privacy: they don’t really have a sense of what’s going on but they instinctively know they don’t like it.  And once in a great while you’ll hear from someone who’s really done their homework and brings crystal clarity to the issue from the consumer point of view.

That moment came for me when I stumbled on an NPR radio interview with Joseph Turow, author of “The Daily You: How the New Advertising Industry is Defining Your Identity and Your Worth.”  After using up my ten minute commute, I found myself sitting my car in the parking lot of my office for another 30 minutes just listening to this guy.  It was kind of like hearing someone talk about you in a bathroom when they don’t know you’re in one of the stalls.  Except they’re totally getting it right.  Turow, an associate dean at the Annenberg Communication school at Penn, has done a lot of homework.  The book is detailed and rigorous, but also extremely accessible to the curious consumer.  While it’s probably not going to sell millions of copies, I believe it’s going to be a hugely influential and important book for several reasons.

  February 1, 2012 at 5:47 pm   Posted in: Architecture, Articles and Books, Innovation, Political Economy, Privacy, Technology   Print This Post   No Comments

Kennedy and Szoka on U.S. v. Jones

posted by Danielle Citron

Charlie Kennedy and Berin Szoka of TechFreedom have an insightful op-ed in c/net yesterday.  It resonates with some of what my co-blogger Dan Solove said in his post and urges Congress to move on ECPA reform.  Here is the piece:

  January 30, 2012 at 10:37 am   Posted in: Privacy, Privacy (Law Enforcement), Privacy (National Security), Uncategorized   Print This Post   One Comment

The Potentially Profound Implications of United States v. Jones

posted by Daniel Solove

I must respectfully disagree with a recent post by Renee Hutchins on our blog about the recent U.S. Supreme Court case, United States v. Jones.    She concludes:

With full knowledge of this history, the Jones decision should give us pause. It is widely believed that the test the court enunciated nearly a half-century ago better protects the privacy interest of citizens in the face of advancing technology. By reverting to the language of trespass, the court this week took a step back when it could have taken a bold step forward. Moreover, by failing to engage the admittedly “thorny” question of whether the monitoring of the GPS device alone violated Mr. Jones’ constitutional rights, the court missed a momentous opportunity to speak clearly in a brave new world.

Although it is true that the majority opinion is narrow, the concurring opinions indicate five votes for a broader more progressive view of the Fourth Amendment, one which breaks from some of the Court’s antiquated notions of privacy. When I read Jones, I see cause for celebration rather than disappointment.

I have long argued that the Court has failed to understand that aggregated pieces of information can together upend expectations of privacy. See Privacy and Power 1434-35 (2001), The Digital Person 44-47 (2004), Understanding Privacy 117-21 (2008).  I have also critiqued what I call the “secrecy paradigm” where the Court has held that privacy is only invaded by revealing previously concealed information.  See The Digital Person 42-44 (2004), Understanding Privacy 106-12 (2008).  I have argued that privacy can be invaded even by public surveillance.  More recently, in Nothing to Hide 178 (2011), I argued:

The problem with the secrecy paradigm is that we do expect some degree of privacy in public.  We don’t expect total secrecy, but we also don’t expect somebody to be recording everything we do. Most of the time, when we’re out and about, nobody’s paying any special attention to us. We do many private things in public, such as buy medications and hygiene products in drug stores and browse books and magazines in bookstores. We expect a kind of practical obscurity—to be just another face in the crowd.

In Justice Alito’s concurring opinion, he seemingly recognizes both of the concept of aggregation and the fact that the extent of the surveillance matter more than merely whether it occurs in public or private:

Under this approach, relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable.  But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy.  For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.

Justice Sotomayor discusses this passage with approval in her concurrence, indicating five votes for this view.  Indeed, she would go even further than Justice Alito.

I see profound implications in Jones for the future direction of the Fourth Amendment and privacy law more generally.  I explain this in detail in a recent essay, United States v. Jones and the Future of Privacy Law: The Potential Far-Reaching Implications of the GPS Surveillance Case, Bloomberg BNA Privacy & Security Law Report (Jan. 30, 2012).  From the essay:

The more contextual and open-ended view of privacy articulated by Justice Alito has five votes on the Court.  This is a sophisticated view of privacy, one that departs from the antiquated notions the Court has often clung to.  If this view works its way through Fourth Amendment law, the implications could be quite profound.  So many of the Court’s rationales under the reasonable expectation of privacy test fail to comprehend how technology changes the dynamic of information gathering, making it ruthlessly efficient and making surveillance pervasive and more penetrating.  We might be seeing the stirrings of a more modern Fourth Amendment jurisprudence, one that no longer seems impervious to technological development.

I continue:

Read the rest of this post »

  January 29, 2012 at 1:18 pm   Posted in: Constitutional Law, Criminal Procedure, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Privacy (National Security)   Print This Post   2 Comments

Privacy Torts in Canada and the International Convergence of Privacy Law

posted by Daniel Solove

Over at the HL Chronicle of Data Protection, I have a post entitled Privacy Torts in Canada and the International Convergence of Privacy Law. The post discusses a recent privacy tort case from Ontario, Canada that recognizes the Warren and Brandeis’ privacy tort of intrusion upon seclusion.  From the post:

The recognition of the US privacy torts by a Canadian court is further demonstration of a general trend – the convergence of privacy law across countries around the world.  Although profound differences in the law remain between countries, there has also been significant convergence.

Read the rest of the post over at HL Chronicle.

  January 29, 2012 at 12:44 pm   Posted in: International & Comparative Law, Privacy, Tort Law   Print This Post   No Comments

United States v. Jones, A Step Back for Rights

posted by Renee Hutchins

I appreciate the chance to engage with CoOp readers on the United States v. Jones case.  I wrote an Op Ed for the Baltimore Sun, so here’s what I have to say.

I really wanted to love the Supreme Court’s decision Monday in United States v. Jones. As one deeply committed to personal liberty and restrained government, what’s not to love when the nation’s highest court finds the police must obtain a warrant before continuously tracking the citizenry with installed GPS devices?  Unfortunately, the answer is “plenty.”

The Supreme Court in Jones could have categorically denounced intrusive government monitoring in the mold of the Orwellian state. It didn’t. And so, while the result in Jones is being roundly celebrated in many quarters, there remain good reasons for privacy fans to hold our applause.

Acting on suspicions that Antoine Jones was selling drugs, the government attached a GPS device to his car. From that device, police computers received a steady stream of information about the car’s location for 28 days. In all, more than 2,000 pages of location data were transmitted. Some of the data linked Mr. Jones to a house where substantial quantities of drugs and money were found. Mr. Jones was consequently charged with drug trafficking offenses. The trial court held that most of the data gleaned from the GPS device was admissible.

Commendably, the Supreme Court reversed that decision and declared the GPS monitoring of Mr. Jones unconstitutional. In doing so, however, the court refused to answer the long-standing question of constitutional limits on the Orwellian state. The case was an opportunity for the court to announce that round-the-clock surveillance of citizens without a warrant offends Fourth Amendment guarantees. Instead, the court based its analysis upon the narrower observation that the police attached a device to Mr. Jones’ car. The Supreme Court’s reluctance is understandable; the broader questions are complex and not easily resolved. But, now more than ever, advances in technology make pressing the need to confront the questions head on.

  January 29, 2012 at 10:29 am   Posted in: Constitutional Law, Criminal Procedure, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement)   Print This Post   7 Comments

The Demi Moore 911 Call: A Breach of Medical Confidentiality?

posted by Daniel Solove

I’ve written before on the issue of whether 911 calls should be public.  The recent release of the Demi Moore 911 call raises the issues once again.  From CBS News:

The tape of the frantic 911 call from actress Demi Moore’s Beverly Hills home Monday night is out and, reports CBS News national correspondent Lee Cowan, the scene sounds a lot more dire than her publicist had let on.

After Moore was rushed to the hospital, a statement said she ‘d be seeking professional help for exhaustion and her overall health.

“The 911 tape really indicates that this is a much more serious situation than we were first led to believe,” says US Weekly’s Melanie Bromley. “We’ve been told it’s exhaustion that she’s suffering from, but you can tell from the tape that there’s a very desperate situation there. She’s having convulsions and she’s almost losing consciousness. It’s a very scary tape to listen to.”

Why is this public?   Many 911 calls, like the one with Demi Moore, involve requests for medical treatment.  Typically, whenever any doctor, nurse, or healthcare professional learns information about a person, it is stringently protected.  A healthcare provider who breaches medical confidentiality can face ethical charges as well as legal liability for the breach of confidentiality tort.  In addition, there may be HIPAA violations of the healthcare provider is HIPAA-regulated.  911 call centers are not HIPAA-regulated, but the operators are in a special position of trust and are often providing healthcare advice (and calling for healthcare services such as ambulances).  If the call from Demi Moore’s home had been to a hospital or a doctor or any other type of healhcare provider, public disclosure of the call would be forbidden.  Why isn’t a 911 call seen in the same light?

As I pointed out in my earlier post about the issue, I believe the release of 911 call transcripts to the public violates the constitutional right to information privacy.  The cases generally recognize strong privacy rights whenever health information is involved.  States with laws, policies, or practices that infringe upon the constitutional right to information privacy might be liable in a Section 1983 suit.  I have not seen one yet, but it is about time something sparks states to rethink their policies about making the calls public.

The rationale for making the calls public is to provide transparency about the responsiveness of 911 call centers.  But this can be done in other ways without violating the privacy of individuals.  The main use of the Demi Moore call being public is to serve as grist for the media to learn about her problems.  This doesn’t make the 911 system safer or better; it just makes the tabloids sell faster.

  January 28, 2012 at 11:19 pm   Posted in: Privacy, Privacy (Gossip & Shaming), Privacy (Medical)   Print This Post   2 Comments

Updated Privacy Intrusions

posted by Danielle Citron

A classic intrusion on seclusion case, Hamberger v. Eastman, 206 A.2d 239 (N.H. 1964), involved a couple whose landlord placed a recording device in their bedroom to listen to their conversations and sounds.  The couple’s privacy tort claim sought recovery for their mental distress and humiliation after discovering the device.  The husband explained that he could not perform his normal duties as husband and father.  According to the wife, the experience curtailed the couple’s sex life.

A more recent case reminded me of just these sorts of psychic wounds — embarrassment and shame accompanying feelings of exposure and intrusion on sacred activities — and the ways that networked technologies can exacerbate them.  A Louisiana city planner hid a camera inside his workplace’s urinal to photograph and film coworkers (over 50 men worked at the city planning office).  In July 2011, his co-worker discovered the tiny camera, which had been duct taped to the urinal.  The camera’s memory device contained images of several men with their private parts exposed.  (Check out this video reenactment of what happened). The city turned over the employee to the local police who charged him with video voyeurism.  It’s unclear how long the camera recorded the goings on in the urinal or what the city planner did with the photos and videos captured on the device.

Although the camera-in-the-urinal case involved criminal charges and no tort claims have been filed, it involves just the sort of intrusions and harms in classic intrusion case.  One imagines that some of the city planner’s co-workers felt embarrassed that a co-worker might have recorded their bathroom activities.  More to the point, they no doubt worried about what the city planner did and could do with those videos.  Now, there’s no evidence that the city planner posted the pictures and videos online or in other ways distributed them.  But networked technologies change the stakes of recorded intrusions.  With today’s technologies, memory decay has all but disappeared, at least in the United States.  (See Jane Yakowitz’s Forbes commentary on the proposed European Commissions’s right to delete proposals; I will have more to say on those proposals too, and Viktor Mayer-Schonberger’s Delete is an excellent read).  If the city planner posted the videos on a site like Private Voyeur (or anywhere), then the material could remain indexed and searchable far into the future, an “eternal return” of private embarrassing information.  Of course, posting the information online would implicate another privacy tort — the public disclosure of private fact — whose reach, though narrow, would likely include what happened here (pictures of bathroom activity hardly seems newsworthy).  But it’s important to recognize the changing stakes of privacy intrusions and disclosures in our networked environment and perhaps put into context proposals like that of the European Commission.

 

  January 28, 2012 at 9:45 am   Posted in: Privacy, Privacy (Consumer Privacy)   Print This Post   No Comments

The E.U. Data Protection Directive and Robot Chicken

posted by Derek Bambauer

The European Commission released a draft of its revised Data Protection Directive this morning, and Jane Yakowitz has a trenchant critique up at Forbes.com. In addition to the sharp legal analysis, her article has both a Star Wars and Robot Chicken reference, which makes it basically the perfect information law piece…

  January 25, 2012 at 4:32 pm   Posted in: Advertising, Architecture, Civil Rights, Consumer Protection Law, Current Events, Cyber Civil Rights, Cyberlaw, Google and Search Engines, Innovation, Politics, Privacy, Privacy (Consumer Privacy), Social Network Websites, Technology, Web 2.0   Print This Post   No Comments

Why Scalia is Right in Jones: Magic Places and One-Way Ratchets

posted by Derek Bambauer

The Supreme Court handed down its decision in U.S. v. Jones yesterday, and the blogosphere is abuzz about the case. (See Margot Kaminski, Paul Ohm, Howard Wasserman, Tom Goldstein, and the terrifyingly prolific Orin Kerr.) The verdict was a clean sweep – 9-0 for Jones – but the case produced three opinions, including a duel between Justices Antonin Scalia and Samuel Alito. Thus far, most privacy and constitutional law thinkers favor Alito’s position. That’s incorrect: Justice Scalia’s opinion is far more privacy protective. Here’s why: Read the rest of this post »

  January 24, 2012 at 12:05 pm   Posted in: Blogging, Civil Rights, Constitutional Law, Courts, Criminal Law, Criminal Procedure, Current Events, Jurisprudence, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Supreme Court, Technology   Print This Post   9 Comments

Reasonable Expectation of Privacy

posted by Gerard Magliocca

While I’m not a Fourth Amendment expert, that won’t stop me from saying something about Jones.  I think that Justice Sotomayor’s concurring opinion, which calls into question the rule that there is no reasonable expectation of privacy when information is disclosed to a third-party outside of a confidential relationship recognized by the common law (lawyer/client, doctor/patient, etc.), should start a conversation about abolishing this outdated tort concept.

It seems to me that trade secret law provides a better model.  The inquiry there is whether the owner of the information takes reasonable precautions to preserve its secrecy.  Disclosure to a third-party does not automatically end legal protection, and custom is relevant for defining whether the third-party disclosure constitutes a waiver.  Now adopting this standard would probably lead to more intrusion upon seclusion claims, but it is also more realistic in the social media age.  I doubt that I’m the first one to suggest this approach, but I don’t know.

UPDATE:  Some quick research shows that a Note in the Georgetown Law Journal did make this proposal with respect to the Fourth Amendment, though not for tort law.  See Andrew Riggs Dunlap, Fixing the Fourth Amendment With Trade Secret Law, 90 Geo. L. J. 2175 (2002).

  January 24, 2012 at 12:01 pm   Posted in: Privacy, Uncategorized   Print This Post   5 Comments

United States v. Jones: Privacy in Public Space? Piece it all Together and You Get 5.

posted by Priscilla Smith

By Priscilla Smith, Nabiha Syed & Albert Wong, Information Society Project at Yale Law School

There was exciting news from the Supreme Court yesterday.  By a rare 9-0 vote, in United States v. Jones, No. 10-1259, the Court held that the Government should have obtained a warrant before placing a GPS surveillance device on the defendant’s car and monitoring his movements.  This result was not completely unexpected, especially considering the Justices’ interest at oral argument in the Government’s position that GPS surveillance technology could be used without a warrant to track the movements of any car — even the Justices’ own cars — for an unlimited period of time.  The Government argued —  unsuccessfully — that this result was compelled because citizens have no privacy interests in their public movements.

Of particular note, the three opinions in the case and the unusual line-up make for a broader ruling than is apparent at the outset.  The most narrow rule comes from the Court’s opinion written by Justice Scalia and joined by Justices Roberts, Kennedy, Thomas, and — wait for it — Sotomayor, holding that that “the Government’s installation of a GPS device on a target’s vehicle,² and its use of that device to monitor the vehicle’s movements, constitutes a “search.”  Slip op. at 3.  Scalia notes that the Fourth Amendment protects the “right of the people to be secure in their . . . effects,” and it “is beyond dispute that a vehicle is an ‘effect’ as that term is used in the [Fourth] Amendment.”  Id. at 3.  Ergo, he holds the installation done with the intent to “use … th[e] device to monitor the vehicle’s movements” was a search.  Id. at 3.  He describes the action at issue, saying “[t]he Government physically occupied private property for the purpose of obtaining information.”  He holds that since this form of physical trespass and monitoring would have been a search within the meaning of the Fourth Amendment at the time it was adopted, it is a search now.  Hello, original application guy.

On first glance, it seems that Scalia might be returning to old interpretations of the Fourth Amendment that required a physical trespass to have occurred before an action could be considered a search.  But what Scalia is actually doing here is defining the Court’s task, which is “at a minimum, is to decide whether the action in question would have constituted a ‘search’ within the original meaning of the Fourth Amendment,” and because it would have, it is a search now.  Just because in 1967 Katz said that the Fourth Amendment protects more than physical trespass, doesn’t mean that the Fourth Amendment doesn’t protect physical trespass.  See slip op. at 6-7 (noting Katz did not erode the principle that a search occurs where the Government “does engage in physical intrusion of a constitutionally protected area in order to obtain information.”) (emphasis in original).  So Scalia establishes and emphasizes a threshold for determining when a search has occurred — a threshold that is not comprehensive, but sufficient to resolve the issue at hand.

And thus Scalia declines to go further and consider what would happen if, hypothetically, there was no physical trespass.  He does hold open the possibility that “achieving the same result through electronic means [as they achieved here with physical trespass], without an accompanying trespass, is an unconstitutional invasion of privacy.”  Id. at 11.  Simple enough.  Why decide the harder issue with all its accompanying “vexing problems” that would arise in a case involving electronic surveillance without an accompanying trespass?  Scalia argues that there is no reason to “rush forward” to resolve them now.  Slip op. at 12.  Put aside for a minute that he encouraged the Court in United States v. Kyllo, a case holding that the use of heat-seeking technology required a warrant, to adopt rules that “take account of more sophisticated systems that are already in use or in development,” Kyllo, 533 U.S. at 37.

But Scalia has a problem.  As he points out, in its opinion in United States v. Knotts, the Court upheld the use of beeper technology to track a target’s movements, holding there was no invasion of privacy.  He distinguishes Knotts from this case because Knotts did not involve physical trespass. The beeper there was placed inside a container with consent of the then-owner of the container, and only then was the container placed in the driver’s car.  Moreover, Knotts didn’t challenge the installation.  Right.  But the Court didn’t decide there was no search in Knotts based on an absence of a physical trespass; the Court decided the case holding there was no invasion of privacy.  So shouldn’t Scalia explain to us why he holds open the possibility that “achieving the same result through electronic means [as they achieved here with physical trespass], without an accompanying trespass, [like they did in Knotts] is an unconstitutional invasion of privacy?”  Id. at 11.  Saying that GPS is a different technology, as he does in a footnote, is not enough.  Doesn’t he owe us an explanation of why Knotts doesn’t preclude that possibility, as the Government so vehemently argued it did and the Ninth Circuit in a similar case agreed?  See Pineda-Moreno v. United States.

Of course he does — or so says Justice Alito, with Justices Ginsburg, Breyer and Kagan joining.  See Alito’s concurrence, slip op. at 13.  In fact, not only did Alito think the Court should reach the Katz expectation of privacy test, he didn’t buy the physical trespass holding at all, and lists its many flaws.  Justice Alito then evaluates the GPS surveillance here, noting that “devices like the one used in the present case … make long-term monitoring relatively easy and cheap.”  “[T]he best we can do in this case,” reasons Alito, “is to apply existing Fourth Amendment doctrine” and “ask whether the use of GPS tracking in a particular case involved a degree of intrusion that a reasonable person would not have anticipated.”  Alito at 13.  Under this inquiry, “the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy,” because “society’s expectation has been that law enforcement agents and others would not — and indeed, in the main, simply could not — secretly monitor and catalogue every single movement of an individual’s car for a very long period.”  Id.  Now, Justice Alito recognizes the “degree of circularity” inherent in Katz’s expectation of privacy test — i.e., the problem that, if read literally, the test would permit a situation in which the government takes away your privacy so that one no longer has an“expectation” of it — and in so doing, one no longer has a constitutionally protected interest in it.  Hello, 1984.  Unfortunately, though, his concurrence does nothing to address, and instead relies exactly on, that circular part of it — the intrusion you would or would not have anticipated.  The concurrence is also remarkably skimpy in its explication of why exactly the surveillance is “intrusive” — you know, the point that is the actual crux of the case.

The only Justice who doesn’t avoid the issues is Justice Sotomayor.  Although she joins the narrow majority opinion because she buys Scalia’s argument that the physical trespass here suffices to decide the case, she writes separately to make clear that “physical intrusion is now unnecessary to many forms of surveillance,” her slip op. at 2, a statement that Scalia certainly does not deny.

Moreover, and making this a much broader ruling than it appears on first glance, unlike Scalia, Sotomayor explains the distinction between Jones and Knotts.  She agrees with the Alito Four that “’longer term GPS monitoring in investigation of most offenses impinges on expectations of privacy.’”  Sotomayor concurrence at 3, quoting Alito concurrence at 13.  Rather than relying on whether citizens “anticipate” invasions of their privacy, her opinion reflects the concerns of the D.C. Circuit, New York Court of Appeals, and C.J. Kozinski writing in dissent from denial of rehearing en banc in a similar case in the Ninth Circuit, that the information collected by GPS monitoring generates a “comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”  Id. at 3.  (In fact, unless we missed something, she appears to be the only one who cites to Chief Judge Kozinski’s dissenting opinion in the Pineda-Moreno case; no one seems to cite the DC Circuit opinion, scared off perhaps by some folks’ misplaced railing against its “mosaic” language).  She further discusses the concerns raised in a brief filed by some of us at the ISP on behalf of a group of privacy scholars that GPS surveillance, as she says, “evades the ordinary checks that constrain abusive law enforcement practices” and is susceptible to abuse, and that awareness of government monitoring chills associational and expressive freedoms.  Id.  She summarizes:

I would also consider the appropriateness of entrusting to the Executive, in the absence of any over­sight from a coordinate branch, a tool so amenable to misuse, especially in light of the Fourth Amendment’s goal to curb arbitrary exercises of police power to and prevent “a too permeating police surveillance,” United States v. Di Re, 332 U. S. 581, 595 (1948).

Finally, Sotomayor suggests a more fundamental change in the jurisprudence to “reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties,” and notes that the rule is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,” Sotomayor at 5, questioning the notion at the heart of the rule that “secrecy [is] a prerequisite to privacy.”

The long and the short of it is that by agreeing with the Alito Four that the use of GPS surveillance technology for a prolonged period violates a reasonable expectation of privacy, Sotomayor’s concurrence means that five justices agree to veer away from the inside/outside distinction relied upon by the Government.  It seems that we may have some privacy interests in our public movements after all.

  January 24, 2012 at 11:39 am   Posted in: Anonymity, Constitutional Law, Privacy, Privacy (Electronic Surveillance), Privacy (Law Enforcement), Supreme Court, Uncategorized   Print This Post   2 Comments

Jones is a Near-Optimal Result

posted by Paul Ohm

Thanks to Danielle for inviting me to post my thoughts. I’ll try to come up with some new, original thoughts in a later post, but to start, let me offer an abridged version of what I posted yesterday on my home blog, Freedom to Tinker.

I think the Jones court reached the correct result, and I think that the three opinions represent a near-optimal result for those who want the Court to recognize how its present Fourth Amendment jurisprudence does far too little to protect privacy and limit unwarranted government power in light of recent advances in surveillance technology. This might seem counter-intuitive. I predict that many news stories about Jones will pitch it as an epic battle between Scalia’s property-centric and Alito’s privacy-centric approaches to the Fourth Amendment and quote people expressing regret that Justice Alito didn’t instead win the day. I think this would focus on the wrong thing, underplaying how the three opinions–all of them–represent a significant advance for Constitutional privacy, for several reasons:

1. Justice Alito?

Maybe I’m not a savvy court watcher, but I did not see this coming. The fact that Justice Alito wrote such a strong privacy-centric opinion suggests that future Fourth Amendment litigants will see a well-defined path to five votes, especially since it seems like Justice Sotomayor will likely provide the fifth vote in the right future case.

2. Justice Scalia and Thomas showed restraint.

The majority opinion goes out of its way to highlight that its focus on property is not meant to foreclose privacy-based analyses in the future. It uses the words “at bottom” and “at a minimum” to hammer home the idea that it is supplementing Katz not replacing it. Maybe Justice Scalia did this to win Justice Sotomayor’s vote, but even if so, I am heartened that neither Justice Scalia nor Justice Thomas thought it necessary to write a separate concurrence arguing that Katz’s privacy focus should be replaced with a focus only on property rights.

3. Justice Sotomayor does not like the third-party doctrine.

It’s probably best here just to quote from the opinion:

More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U.S., at 742; United States v. Miller, 425 U.S. 435, 443 (1976). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “dimunition of privacy” as “inevitable,” post, at 10, and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

Wow. And Amen. Set your stopwatches: the death watch for the third-party doctrine has finally begun.

4. The wrong case for a privacy overhaul of the Fourth Amendment.

Most importantly, I’ve had misgivings about using Jones as the vehicle for fixing what is broken with the Fourth Amendment. GPS vehicle tracking comes laden with lots of baggage–practical, jurisprudential and atmospheric–that other actively litigated areas of modern surveillance do not. GPS vehicle tracking happens on public streets, meaning it runs into dozens of Supreme Court pronouncements about assumption of risk and voluntarily disclosure. It faces two prior precedents, Karo and Knotts, that need to be distinguished or possibly overturned. It does not suffer (as far as we know) from a long history of use against innocent people, but instead seems mostly used to track fugitives and drug dealers.

For all of these reasons, even the most privacy-minded Justice is likely to recognize caveats and exceptions in crafting a new rule for GPS tracking. Imagine if Justice Sotomayor had signed Justice Alito’s opinion instead of Justice Scalia’s. We would’ve been left with a holding that allowed short-term monitoring but not long-term monitoring, without a precise delineation between the two. We would’ve been left with the possible new caveat that the rules change when the police investigate “extraordinary offenses,” also undefined. These unsatisfying, vague new rules would have had downstream negative effects on lower court opinions analyzing URL or search query monitoring, or cell phone tower monitoring, or packet sniffing.

Better that we have the big “reinventing Katz” debate in a case that isn’t so saddled with the confusions of following cars on public streets. I hope the Supreme Court next faces a surveillance technique born purely on the Internet, one in which “classic trespassory search is not involved.” If the votes hold from Jones, we might end up with what many legal scholars have urged: a retrenchment or reversal of the third-party doctrine; a Fourth Amendment jurisprudence better tailored to the rise of the Internet; and a better Constitutional balance in this country between privacy and security.

  January 24, 2012 at 11:11 am   Posted in: Civil Rights, Constitutional Law, Criminal Procedure, Privacy, Privacy (Law Enforcement)   Print This Post   2 Comments

• « Older Entries
• Newer Entries »