Category: Privacy

0

Public Service Announcement for Google Glass Team

The Google Glass team has a post about the so-called myths about Google Glass, but the post fails to see what is happening around Glass. That is sad. Instead of addressing the issues head on, the post preaches to the faithful (just read the comments). As Nate Swanner put it “We’re not sure posting something to the tech-centric Google+ crowd is really fixing the issues though.” Google and other tech companies trying to do something new will always face challenges, fear, and distrust. The sad part for me is when all sides line up and fail to engage with the real issues. Some have asked what I did when at Google. Part of the job was to present the technology, address concerns, and then see where all of us saw new, deep issues to come. I loved it, because I knew the technology was driven by high-standards. The problems flowed from not explaining the tech. This post highlights talking past each other. Furthermore the truly wonderful advances that might be possible with Glass are not discussed. That distresses me, as no one really wins in that approach. But I will show what is not great about the post as a possible public service announcement for the Glass Team and others in the tech space.

First, the post sets an absurd tone. It starts with “Mr. Rogers was a Navy SEAL. A tooth placed in soda will dissolve in 24 hours. Gators roam the sewers of big cities and Walt Disney is cryogenically frozen. These are just some of the most common and — let’s admit it — awesome urban myths out there.” Message: Glass critics are crazy people that by into extreme outlying beliefs, not truth. And if you think I am incorrect, just look at this next statement: “Myths can be fun, but they can also be confusing or unsettling. And if spoken enough, they can morph into something that resembles fact. (Side note: did you know that people used to think that traveling too quickly on a train would damage the human body?).” Hah! We must be idiots that fear the future.

That said maybe there are some myths that should be addressed. Having worked at Google, I can say that while I was there, technology was not done on a whim. I love that about the company and yes, the Glass Team fits here too. Furthermore, as those who study technology history know, even electricity faced myths (sometimes propagated by oil barons) as it took hold. Most of the Glass myths seem to turn on cultural fears about further disconnection from the world, always on or plugged in life, and so on. But the post contradicts itself or thinks no one can tell when its myth-busting is self-serving or non-responsive.

On the glass is elitist issue: Google is for everyone, but high priced, and not ready for prime time. Huh? Look if you want to say don’t panic, few people have it, that is OK and may be true. But when you also argue that it is not elitist because a range of people (not just tech-worshiping geeks) use Glass; yet nonetheless the $1500 price tag is not about privilege because “In some cases, their work has paid for it. Others have raised money on Kickstarter and Indiegogo. And for some, it’s been a gift” the argument is absurd. That a few, select people have found creative ways to obtain funds for Glass does not belie the elite pricing; it shows it.

The surveillance and privacy responses reveal a deeper issue. Yes, Glass is designed to signal when it is on. And yes that may limit surveillance, but barely. So too for the privacy issue. Check this one in full:

Myth 10 – Glass marks the end of privacy
When cameras first hit the consumer market in the late 19th century, people declared an end to privacy. Cameras were banned in parks, at national monuments and on beaches. People feared the same when the first cell phone cameras came out. Today, there are more cameras than ever before. In ten years there will be even more cameras, with or without Glass. 150+ years of cameras and eight years of YouTube are a good indicator of the kinds of photos and videos people capture–from our favorite cat videos to dramatic, perspective-changing looks at environmental destruction, government crackdowns, and everyday human miracles. 

ACH!!! Cameras proliferated and we have all sorts of great, new pictures so privacy is not harmed?!?!?! Swanner hits this one dead on:

Google suggests the same privacy fears brought up with Glass have been posed when both regular cameras and cell phone cameras were introduced in their day. What they don’t address is that it’s pretty easy to tell when someone is pointing a device they’re holding up at you; it’s much harder to tell when you’re being video taped while someone looks in your general direction. In a more intimate setting — say a bar — it’s pretty clear when someone is taping you. In an open space? Not so much.

So tech evangelists, I beg you, remember your fans are myriad and smart. Engage us fairly and you will often receive the love and support you seek. Insult people’s intelligence, and you are no-better than those you would call Luddite.

Industrial Policy for Big Data

If you are childless, shop for clothing online, spend a lot on cable TV, and drive a minivan, data brokers are probably going to assume you’re heavier than average. We know that drug companies may use that data to recruit research subjects.  Marketers could utilize the data to target ads for diet aids, or for types of food that research reveals to be particularly favored by people who are childless, shop for clothing online, spend a lot on cable TV, and drive a minivan.

We may also reasonably assume that the data can be put to darker purposes: for example, to offer credit on worse terms to the obese (stereotype-driven assessment of looks and abilities reigns from Silicon Valley to experimental labs).  And perhaps some day it will be put to higher purposes: for example, identifying “obesity clusters” that might be linked to overexposure to some contaminant

To summarize: let’s roughly rank these biosurveillance goals as: 

1) Curing illness or precursors to illness (identifying the obesity cluster; clinical trial recruitment)

2) Helping match those offering products to those wanting them (food marketing)

3) Promoting the classification and de facto punishment of certain groups (identifying a certain class as worse credit risks)

Read More

0

Trust is What Makes an Expectation of Privacy Reasonable

A few weeks ago, I defined trust as a favorable expectations as to the behavior of others. It refers to a behavior that reduces uncertainty about others to levels that us to function alongside them. This is a sociological definition; it refers directly to interpersonal interaction. But how does trust develop between persons? And is that trust sufficiently reasonable to merit society’s and the state’s protection. What follows is part of an ongoing process of developing the theory of privacy-as-trust. It is by no means a final project just yet. I look forward to your comments.

Among intimates, trust may emerge over time as the product of an iterative exchange; this type of trust is relatively simple to understand and generally considered reasonable. Therefore, I will spend little time proving the reasonableness of trust among intimates.

But social scientists have found that trust among strangers can be just as strong and lasting as trust among intimates, even without the option of a repeated game. Trust among strangers emerges from two social bases—sharing a stigmatizing identity and sharing trustworthy friends. When these social elements are part of the context of a sharing incident among relative strangers, that context should be considered trustworthy and, thus, a reasonable place for sharing.

Traditionally, social scientists argued that trust developed rationally over time as part of an ongoing process of engagement with another: if a interacts with b over t=0 to t=99 and b acts in a trustworthy manner during those interactions, a is in a better position to predict that b will act trustworthy at t=100 than if a were basing its prediction for t=10 on interactions between t=0 and t=9. This prediction process is based on past behavior and assumes the trustor’s rationality as a predictor. Given those assumptions, it seems relatively easy to trust people with whom we interact often.

But trust also develops among strangers, none of whom have the benefit of repeated interaction to make fully informed and completely rational decisions about others. In fact, a decision to trust is never wholly rational, it is a probability determination; “trust begins where knowledge ends,” as Niklas Luhmann said. What’s more, trust not only develops earlier than the probability model would suggest; in certain circumstances, trust is also strong early on, something that would seem impossible under a probability approach to trust. Sometimes, that early trust among strangers is the result of a cue of expertise, a medical or law degree, for example. But trust among lay strangers cannot be based on expertise or repeated interaction, and yet, sociologists have observed that such trust is quite common.

I argue that reasonable trust among strangers emerges when one of two things happen: when (1) strangers share a stigmatizing social identity or (2) share a strong interpersonal network. In a sense, we transfer the trust we have in others that are very similar to a stranger to the stranger himself or use the stranger’s friends as a cue to his trustworthiness. Sociologists call this a transference process whereby we take information about a known entity and extend it to an unknown entity. That is why trust via accreditation works: we transfer the trust we have in a degree from Harvard Law School, which we know, to one of its graduates, whom we do not. But transference can also work among persons. The sociologist Mark Granovetter has shown that economic actors transfer trust to an unknown party based on how embedded the new person is in a familiar and trusted social network. That is why networking is so important to getting ahead in any industry and why recommendation letters from senior, well-regarded, or renowned colleagues are often most effective. This is the theory of social embeddedness: someone will do business with you, hire you as an employee, trade with you, or enter into a contract with you not only if you know a lot of the same people, but if you know a lot of the right people, the trustworthy people, the parties with whom others have a long, positive history. So it’s not just how many people you know, it’s who you know.

The same is true outside the economic context. The Pew Internet and American Life Project found that of those teenagers who use online social networks and have online “friends” that they have never met off-line, about 70 % of those “friends” had more than one mutual friend in common. Although Pew did not distinguish between types of mutual friends, the survey found that this was among the strongest factors associated with “friending” strangers online. More research is needed.

The other social factor that creates trust among strangers is sharing a salient in-group identity. But such trust transference is not simply a case of privileging familiarity, at best, or discrimination, at worst. Rather, sharing an identity with a group that may face discrimination or has a long history of fighting for equal rights is a proxy for one of the greatest sources of trust among persons: sharing values. At the outset, sharing an in-group identity is an easy shorthand for common values and, therefore, is a reasonable basis for trust among strangers.

Social scientists call transferring known in-group trust to an unknown member of that group category-driven processing or category-based trust. But I argue that it cannot just be any group and any identity; trust is transferred when a stranger is a member of an in-group, the identity of which is defining or important for the trustor. For example, we do not see greater trust between men and other men perhaps because the identity of manhood is not a salient in-group identity. More likely, the status of being a man is not an adequate cue that a male stranger shares your values. Trust forms and is maintained with persons with similar goals and values and a perceived interest in maintaining the trusting relationship. But it is sharing values you find most important that breed trust.For example, members of the LGBT community are, naturally, more likely to support the freedom to marry for gays and lesbians than any other group. Therefore, sharing an in-group identity that constitutes an important part of a trustor’s persona operates as a cue that the trustee shares values important to that group.

What makes these factors—salient in-group identity and social embeddedness—the right bases for establishing when trust among strangers is reasonable and, therefore, when it should be protected by society, is that the presence of these factors is what justifies our interpersonal actions. We look for these factors, we decide to share on these bases, and our expectations of privacy are based on them.

2

How Is Privacy Not a Class at all Law Schools?

Privacy law does not exist, but it should be taught at every law school. There is no one law of privacy. That is why I love teaching Information Privacy (Solove and Schwartz (Aspen) is the text I use). The class requires students to reengage with and apply torts, Constitutional law (First and Fourth Amendment at least), and statutory interpretation. It also lends itself to learning about sectoral approaches to regulation in health, finance, commerce, and education. Given that the idea and problems of privacy are everywhere, there are jobs in them thar hills. Yet, schools often see the course as a luxury or somehow part of IP. That is a mistake.

Schools should not pander to skills and job training demands, but sensitivity to areas of practice that have large needs is not pandering. Much of the skills, ready-to-practice rot comes from a small segment of the legal practice (i.e., big firms with huge profits who are not willing to pay for training their employees). That said, law schools tend to use the same playbook. For example, the rarified world of public corporation law is a standard part of business associations course materials. Yet according to the Economist, the number of public companies peaked at around 7,888 in 1997. Of course folks will say “Don’t teach to the bar.” Amen brothers and sisters, but why teach for a tiny portion of students in a core course? To be clear, I love teaching business associations and think it is useful, because agency and limited liability forms are so important. They are important, because being able to compare and contrast the forms for a client makes the attorney worth her pay. Grasping the beauty and nuances of the system unlocks the ability to be a true counselor. There are many, many businesses that are not, and may never become, public and that could benefit from having an attorney set up their project from the start. Privacy is similar. It reaches across many aspects of our lives and businesses.

Privacy issues come up in such a large range of practice that the course can allow one to address doctrinal mastery while also moving students beyond the silo approach of first year law. Seeing how property and trespass ideals reappear in criminal procedure, how assumption of risk permeates issues, and so on, shows students that the theories behind the law work in not so mysterious, but perhaps unstated ways. The arguments and counter-arguments come faster once you know the core idea at stake. That is the think-like-a-lawyer approach working well. It does not hurt that along the way students pick up knowledge of an area such as HIPPA or criminal procedure and technology that will make them a little more comfortable telling an employer or future client “Yes, I know that area and here’s how I’d approach it.”

Price Tag
1

Differential Pricing and Privacy: Good, Bad, or Otherwise?

The vast and ever increasing collection of information about consumers by search engines, advertisers, data brokers, web merchants, and myriad other online and offline companies raises many concerns. A website that stores (and reads) your emails, records every search you make, knows what addresses you look for on its maps, and holds your documents may know more about you than any other single institution, perhaps even including your family members.

Imagine if your email provider reads your email – or some other data accumulator reads your tweets or social network page – and tells the airlines that you are going to a family funeral across the country. Suddenly, you only find that airlines only offer you seats at a very high price. Think that you can hide your identity by searching before you sign in to buy? Doubtful. Web trackers likely know who you are using IP addresses, cookies, or other tricks invisible to most users.

One of the concerns about this data collection is differential or discriminatory pricing. Consumer advocates and others worry that merchants will use personal information to determine how much each individual consumer is willing to pay for something. That consumer then receives an individual price based on that consumer’s interest, need, income, buying patterns, and other factors. The next consumer pays a different price.

What’s the matter when a merchant charges one consumer a different price than another consumer? This is a surprisingly complicated question to answer.

Economists call the gap between what consumers are willing to pay and the market price the consumer surplus. If consumers lived in the economist’s hypothetical world of many buyers, many sellers, and a fair and transparent marketplace, consumers would expect to find prices based on marginal cost of production with lots of consumer surplus. Differential pricing is a merchant’s dream, with each customer paying a price based on willingness to pay rather than a standard price. Differential pricing could end the consumer surplus.

In the offline world, a merchant typically sets a single price for all consumers. The book is $12.99 to anyone who wants to buy it in the book store. Gasoline is $3.25 a gallon no matter how low a car’s gas tank is or how much the car cost.

In reality, things aren’t that simple in the offline world. The bookstore offers consumers a frequent shopper card (sometimes free. sometimes paid) with a discount on all purchases. The consumer with the card pays less than a consumer without one. The gas station offers a discount on Tuesdays because that’s a slow day. The movie theatre offers lower prices early in the day and higher prices in prime time. Many sellers offer a discount to seniors.

Read More

6

Protecting the Precursors to Speech and Action

The Constitution cares deeply about the pre-cursors to speech. Calo wondered where my paper, Constitutional Limits on Surveillance: Associational Freedom in the Age of Data Hoarding, parts ways with Solove; it does and it doesn’t. On the one hand, I agree with Dan’s work and build it out. I of course look to the First Amendment as part of understanding what associational freedom is. I also want that understanding to inform criminal procedure. On the other hand, I think that the Fourth Amendment on its own has strong protection for associational freedom. I thus argue that we have missed that aspect of the Fourth Amendment. Furthermore, since Solove and after him Kathy Strandburg, wrote about First Amendment connections to privacy, there has been some great work by Ashutosh Bhagwat, Tabatha Abu El-Haj, John Inazu, on the First Amendment and associational freedom. And Jason Mazzone started some of that work in 2002. I draw on that work to show what associational freedom is. Part of the problem is that when we look to how and why we protect associational freedom, we mistake what it is. That mistake means Fourth Amendment becomes too narrow. We are stuck with protection only for speech acts and associations that speak.

As I put it in the paper:

Our current understanding of associational freedom is thin. We over-focus on speech and miss the importance of the precursors to speech—the ability to share, explore, accept, and reject ideas and then choose whether to speak. Recent work has shown, however, that the Constitution protects many activities that are not speech, for example petition and assembly, because the activities enable self-governance and foster the potential for speech. That work has looked to the First Amendment. I show that these concerns also appear in Fourth Amendment jurisprudence and work to protect us from surveillance regardless of whether the acts are speech or whether they are private.

In that sense I give further support to work by Julie Cohen, Neil Richards, Spiros Simitis, and Solove by explaining that all the details that many have identified as needing protection (e.g., our ability to play; protection from surveillance of what we read and watch) align with core ideals of associational freedom. This approach thus offers a foundation for calls to protect us from law enforcement’s ability to probe our reading, meeting, and gathering habits—our associational freedom—even though those acts are not private or speech, and it explains what the constitutional limits on surveillance in the age of data hoarding must be.

1

It’s About Data Hoards – My New Paper Explains Why Data Escrow Won’t Protect Privacy

A core issue in U.S. v. Jones has noting to do with connecting “trivial” bits of data to see a mosaic; it is about the simple ability to have a perfect map of everywhere we go, with whom we meet, what we read, and more. It is about the ability to look backward and see all that information with little to no oversight and in a way forever. That is why calls to shift the vast information grabs to a third party are useless. The move changes little given the way the government already demands information from private data hoards. Yes, not having immediate access to the information is a start. That might mitigate mischief. But clear procedures are needed before that separation can be meaningful. That is why telecom and tech giants should be wary of “The central pillar of Obama’s plan to overhaul the surveillance programs [which] calls for shifting storage of Americans’ phone data from the government to telecom companies or an independent third party.” It does not solve the problem of data hoards.

As I argue in my new article Constitutional Limits on Surveillance: Associational Freedom in the Age of Data Hoarding:

Put differently, the tremendous power of the state to compel action combined with what the state can do with technology and data creates a moral hazard. It is too easy to harvest, analyze, and hoard data and then step far beyond law enforcement goals into acts that threaten civil liberties. The amount of data available to law enforcement creates a type of honey pot—a trap that lures and tempts government to use data without limits. Once the government has obtained data, it is easy and inexpensive to store and search when compared to storing the same data in an analog format. The data is not deleted or destroyed; it is hoarded. That vat of temptation never goes away. The lack of rules on law enforcement’s use of the data explains why it has an incentive to gather data, keep it, and increase its stores. After government has its data hoard, the barriers to dragnet and general searches—ordinarily unconstitutional—are gone. If someone wishes to dive into the data and see whether embarrassing, or even blackmail worthy, data is available, they can do so at its discretion; and in some cases law enforcement has said they should pursue such tactics. These temptations are precisely why we must rethink how we protect associational freedom in the age of data hoarding. By understanding what associational freedom is, what threatens it, and how we have protected it in the past, we will find that there is a way to protect it now and in the future.

2

Robotics and the New Cyberlaw

Cyberlaw is the study of the intersection between law and the Internet.  It should come as no surprise, then, that the defining questions of cyberlaw grew out of the Internet’s unique characteristics.  For instance: an insensitivity to distance led some courts to rethink the nature of jurisdiction.  A tendency, perhaps hardwired, among individuals and institutions to think of “cyberspace” as an actual place generated a box of puzzles around the nature of property, privacy, and speech.

We are now well in to the cyberlaw project.  Certain questions have seen a kind of resolution.  Mark Lemley collected a few examples—jurisdiction, free speech, the dormant commerce clause—back in 2003.  Several debates continue, but most deep participants are at least familiar with the basic positions and arguments.  In privacy, for example, a conversation that began around an individual’s control over their own information has evolved into a conversation about the control information affords over individuals to whoever holds it.  In short, the twenty or so years legal and other academics have spent studying the Internet have paid the dividends of structure and clarity that one would hope.

The problem is that technology has not stood still in the meantime.  The very same institutions that developed the Internet, from the military to household-name Internet companies like Google and Amazon, have initiated a significant shift toward a new transformative technology: robotics.  The word “significant” is actually pretty conservative: these institutions are investing, collectively, hundreds of billions of dollars in robotics and artificial intelligence.  People like the Editor-in-Chief of Wired Magazine—arguably the publication of record for the digital revolution—are quitting to found robotics companies.  Dozens of states now have robot-specific laws.

What do we as academics and jurists make of this shift?  It seems to me, at least, that robotics has a distinct set of essential qualities than the Internet and, therefore, will raise a novel questions of law and policy.  If anything, I see robotics as departing even more abruptly from the Internet than did the Internet from personal computers and telephony.  In a new draft article, I explore in detail how I think cyberlaw (and law in general) will change with the ascendance of robotics as a commercial, social, and cultural force.  I am particularly interested in whether cyberlaw—with its peculiar brand of interdisciplinary pragmatism—remains the proper intellectual house for the study of this new transformative technology.

I follow robotics pretty closely but I don’t purport to have all the answers.  Perhaps I have overstated the importance or robotics, misdiagnosed its likely impact, or otherwise selected an unwise path forward.   I hope you read the paper and let me know.

5

Third Annual Robotics and Law Conference “We Robot”

hdr-we-robot-2014-1Michael Froomkin, Ian Kerr, and I, along with a wonderful program committee of law scholars and roboticists, have for three years now put on a conference around law, policy, and robotics.  “We Robot” returns to the University of Miami School of Law from Stanford Law School this year and boasts an extraordinary roster of authors, commentators, and participants.  Folks like Jack Balkin, Ann Bartow, Kenneth Anderson, Woodrow Hartzog, Mary Anne Franks, Margot Kaminski, Kate Darling, and David Post, among many others.  Not to mention a demo from a roboticist at the University of Washington whose lab built the surgical robot for the movie Ender’s Game.

I’ve discovered that academics in other disciplines habitually list the acceptance rate of papers.  We Robot III accepted only twenty-five percent of the papers under submission, which compares favorably with the strongest and longest-running conferences in computer science, electrical engineering, and human-computer interaction.  Indeed, judging by the abstracts at least, the papers this year are very exciting, taking on difficult and timely issues from a range of perspectives.

On behalf of our community I invite you to register for and attend We Robot, April 4-5, 2014, in Coral Cables, Florida.  I also hope those who enjoyed We Robot I and II will chime in below, if inclined!  Thank you,

The We Robot III Planning Committee

0

Trust Among Strangers, Preliminary Data

Last time, I spoke about how having a stigmatizing secret may be a reason why trust develops among strangers and that the trust that develops is strong enough to permit people to disclose intimate details about themselves. If true, this sociological hypothesis has profound effects for law and policy. If trust can develop among strangers in contexts where sharers will feel secure that their disclosures will not be disseminated further — namely, not go outside the group — then there is reason for the law to protect the privacy of these sharers, even though they shared information with alleged “strangers.” This conclusion bears some similarity with Lior Strahilevitz’s theory on social network-based privacy. But his work appears to take for granted that disclosures to strangers could never retain privacy. I disagree.

I have spent some time devising a proxy for trust and for testing the social determinants of it. Facebook “friend” requests may be a good first step. I would like to ask Facebook users if they accept Friend Requests from strangers and, if so, why. The survey will take the form of two questions: Do you accept Fried Requests from strangers. If so, responders will answer a second question that will ask them if any of a series of factors make it more or less likely that the stranger’s Friend Request will be accepted. The factors will use a Likert Scale of “Much More Likely,” “Somewhat More Likely,” “Neither More Nor Less Likely,” “Somewhat Less Likely,” and “Much Less Likely.” The experiment is designed to test the hypothesis that social networkers will approximate feelings of trust based on any number of digital social cues, but that each profile will see an uptick in Friend Request acceptances after a critical mass of “mutual friends” is established or where minority identity is the same. I will call the first phenomenon the trustworthiness of embedded networks. I also hypothesize that when strangers share a minority or traditionally disadvantaged identity, users are more inclined to accept a Friend Request from a stranger.

It’s common for field researchers to put out beta versions of their surveys to see if the questions are well-written and to identify any unforeseen results. With just under a hundred responses (way too few for a full study), the only factors that appear to have a statistically significant relationship to a willingness to accept friend requests from strangers are sharing a racial or sexual minority identity and having large numbers of mutual friends.

I see pitfalls in this study. The sample may be biased. The friend request proxy is imperfect. Many people simply to not accept friend requests from strangers, so the data set could be limited. I am eager to hear your thoughts on the operation and implications of the study.