Category: Privacy

3

Kerr v. Goldstein on Georgia v. Randolph

home.gifThere’s a terrific debate going on over at the VC between Orin Kerr and Tom Goldstein of SCOTUSBlog about the recently argued U.S. Supreme Court case, Georgia v. Randolph. Tom Goldstein argued the case for Scott Randolph. The case involves an incident where Janet Randolph (Scott’s wife) consented to the police searching the couple’s home. Scott, who was present at the time, objected. The police searched nevertheless, and they found evidence against Scott of drug violations. The issue, as framed by the grant of cert is: “Can police search a home when a co-habitant consents and the other co-habitant is present and does not consent?”

A few quick thoughts:

Read More

6

ChoicePoint: More Than 145,000 Victims?

choicepoint2.jpgChoicePoint just won’t be outdone. They were, after all, the company that started all the extensive attention on data security breaches. Back in February 2005, ChoicePoint announced that it had improperly sold personal data on about 145,000 people to identity thieves. Pursuant to a California data security breach notice law, ChoicePoint notified the affected individuals in California. Soon afterwards, many states started thinking: Geez, we’d like our citizens to be informed too. They put up a fuss, and ChoicePoint voluntarily agreed to notify all of the 145,000 people it said were affected. Many states subsequently passed data security breach notification laws similar to California’s.

After ChoicePoint’s announcement came a barrage of announcements of security breaches by numerous companies and institutions. According to a very useful listing and tally by the Privacy Rights Clearinghouse, data security breaches have affected over 50 million Americans (there may surely be some double-counting here, as some unlucky folks may have been affected multiple times).

Now ChoicePoint has announced that it has notified another 17,000 people that their personal data was compromised in the breach announced in February. According to the AP:

ChoicePoint Inc., the company that disclosed earlier this year that thieves had accessed its massive database of consumer information, said Tuesday in a regulatory filing it has sent out another 17,000 notices to people telling them they may be victims of fraud.

Read More

5

Your Microsoft Word Documents Can Rat on You

metadata1a.jpgMany people don’t realize that Microsoft Word encodes information about the authors and editors of each document. It’s called “metadata.” For example, some of this data is contained under the “Properties” section of the “File” pull down menu.

An article in the New York Times describes what can be revealed when metadata is examined:

It hardly ranks in the annals of “gotcha!” but right-wing blogs were buzzing for at least a few days last week when an unsigned Microsoft Word document was circulated by the Democratic National Committee. The memo referred to the “anti-civil rights and anti-immigrant rulings” of Samuel A. Alito Jr., a federal appeals court judge who has been nominated to the Supreme Court by President Bush.

The stern criticisms of Judge Alito rubbed some commentators the wrong way (Chris Matthews of MSNBC called it “disgusting” last Monday). But whatever the memo’s rhetorical pitch, right-leaning bloggers revealed that it contained a much more universal, if unintended, message: It pays to mind your metadata. . . .

According to some technologists, including Dennis M. Kennedy, a lawyer and consultant based in St. Louis, (denniskennedy.com), metadata might include other bits of information like notes and questions rendered as “comments” within a document (“need to be more specific here,” for example, or in the case of my editors, “eh??”), or the deletions and insertions logged by such features as “track changes” in Microsoft Word.

A blogger searched the Alito memo for metadata and could figure out some of the authors of the document. According to the NYT story:

Read More

0

Hi-Tech Rat Race: Law Enforcement Surveillance and New Technology

surveillance2.jpgBrian Bergstein writes in an AP article about the issue of law enforcement surveillance and technology:

With each new advance in communications, the government wants the same level of snooping power that authorities have exercised over phone conversations for a century. Technologists recoil, accusing the government of micromanaging — and potentially limiting — innovation.

Today, this tug of war is playing out over the Federal Communications Commission’s demands that a phone-wiretapping law be extended to voice-over-Internet services and broadband networks.

Opponents are trying to block the ruling on various grounds: that it goes beyond the original scope of the law, that it will force network owners to make complicated changes at their own expense, or that it will have questionable value in improving security.

No matter who wins the battle over this law — the Communications Assistance for Law Enforcement Act, known as CALEA — this probably won’t be the last time authorities raise hackles by seeking a bird’s eye view over the freewheeling information flow created by new technology.

Read More

2

National Security Letters

confidential3.jpgDid you know that the FBI can issue a letter to an Internet Service Provider or a financial institution demanding that they turn over data on a customer? The letter doesn’t require probable cause. No judge must authorize the letter. The FBI simply issues the letter and gets the information. There’s a gag order, too, preventing the institution receiving the letter from mentioning this fact.

A recent lengthy Washington Post article examines National Security Letters (NSLs) in depth:

The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters — one of which can be used to sweep up the records of many people — are extending the bureau’s reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.

Issued by FBI field supervisors, national security letters do not need the imprimatur of a prosecutor, grand jury or judge. They receive no review after the fact by the Justice Department or Congress. The executive branch maintains only statistics, which are incomplete and confined to classified reports. The Bush administration defeated legislation and a lawsuit to require a public accounting, and has offered no example in which the use of a national security letter helped disrupt a terrorist plot.

Read More

2

Finding Dad with a DNA Database

dna10.jpgAn interesting story from the N.Y. Daily News by Corky Siemaszko, with a soundbite from me:

Using his own spit and the Internet, a tech-savvy teenager tracked down the anonymous sperm donor who is his biological dad. . . .

“It shows that anybody can be a high-tech sleuth in this age,” said Daniel Solove, a professor at the George Washington University Law School and author of “The Digital Person: Technology and Privacy in the Information Age.” . . .

Sometime last year, the boy sent a swab of saliva and $280 to www.FamilyTreeDna.com, a DNA database that traces family trees – and is popular with descendants of Holocaust survivors looking for lost kin. . . .

Nine months later, the teen was contacted by two men who had registered with the site and whose Y chromosomes appeared to be close matches to that of the teen. Y chromosomes are passed down from fathers to sons.

Their surnames were the same, but spelled differently. So the teen went to another Web site, www.Omnitrace.com, where he plugged in the few details he got from the fertility clinic about his dad — date and place of birth, his college degree. A few keystrokes later, he knew which one was his dad. . . .

Read More

8

Is Alito Strongly Pro-Privacy?

privacy2a.jpgAn interesting report written by U.S. Supreme Court nominee Samuel Alito has surfaced from 1972 entitled The Boundaries of Privacy in American Society. In the report, Alito takes a very strong stance toward privacy. Here are some of the highlights:

· “At the present time . . . we sense a great threat to privacy in modern America; we all believe that the thret to privacy is steadily and rapidly mounting; we all believe that action must be taken on many fronts now to preserve privacy.”

· “We believe the potential for invasions of privacy through the use of comptuers is so great that all private computer systems should be licensed by the federal government.”

Read More

0

Microsoft: A Pro-Privacy Company?

microsoft2.jpgMicrosoft has recently announced that it supports comprehensive national privacy legislation. According to a white paper by Microsoft Senior Vice President and General Counsel Brad Smith:

Over the past few years, however, several factors have altered the privacy landscape in such a way and to such a degree that we now believe the time has come to support national privacy legislation as a component of a multifaceted approach to privacy protection. As a strong supporter of free-market solutions, Microsoft did not come to this decision without careful consideration. But it is one we now believe is the right course in order to provide meaningful protections for individuals, while avoiding unnecessary obstacles to legitimate business activities.

I applaud Microsoft’s shift from calling for self-regulation to calling for comprehensive privacy regulation. I have long believed that self-regulation has not worked effectively.

My main concern with Microsoft’s proposal is its call for federal preemption of state regulation:

Read More

16

Using Lawsuits to Unmask Anonymous Bloggers

anonymity-1a.jpgAn interesting recently-filed lawsuit raises the issue of whether a company can file a lawsuit just to find out the identity of an anonymous blogger in order to fire him.

The case involves an employee of Allegheny Energy Service who posted an anonymous comment to a Yahoo! message board devoted to his company. He made the posting from his home computer. In the post, he attacked the company’s management as well as the company’s diversity program, using a racial slur in the process.

The company filed a “John Doe” lawsuit against the anonymous blogger for a tort claim of “breach of fiduciary duty and breach of duty of loyalty.” The employee was completely unaware that a lawsuit had been filed against him.

Three months after filing the lawsuit, the company filed an emergency motion to prevent “John Doe” from posting more messages. It claimed that Doe’s posting violated the company’s anti-harassment policy. The company obtained a subpoena and served it on Yahoo. Yahoo sent an email to the employee that Yahoo would respond within 15 days unless the employee filed a motion to quash. The employee claimed he never received the email. Yahoo subsequently turned over the employee’s identity to Allegheny Energy. Afterwards, Allegheny Energy filed papers to discountinue its civil action against the employee. The employee was then fired for making the racial slur.

Read More

1

Information Privacy Law (2nd Edition)

casebook2.jpgShameless Self-Promotion Alert: Within the next week or two, the second edition of my casebook, Information Privacy Law (with Marc Rotenberg & Paul Schwartz) will be out in print. This book is a significant revision from the first edition, and it covers most topics in greater depth. Click here for the book’s website (where updates and other information are posted) and here to peruse the table of contents.

For those professors interested in adopting the book for their spring 2006 information privacy law courses, the book’s ISBN is 0735555761. To obtain a free review copy as soon as possible, contact Daniel Eckroad at Aspen Publishers via email or by calling 617-349-2937. If you have any questions about the book or the course, I’d be delighted to answer them.

For those law professor readers who have never taught a course in information privacy law before, I’ve reposted here an earlier post at PrawfsBlawg where I explain why I believe information privacy law is a rewarding course to teach.

For those of you who are interested in the book, but are not law professors, you’ll unfortunately have to shell out a small fortune to buy the book, which you can do here.