Category: Privacy

0

Snooping Landlords and the War on Terrorism

home-snoop2.jpgIn this interesting AP article, a man won an invasion of privacy lawsuit when his property manager searched his home and reported to the FBI that there were terrorist materials in the apartment. FBI officials detained, fingerprinted, and handcuffed the man, but eventually determined that the man wasn’t a terrorist:

A federal jury awarded an Egyptian-born radiologist nearly $2.5 million for invasion of privacy after a property manager searched his apartment and called police on Sept. 11, 2001.

After four days of deliberations, the jury issued the award Thursday to Basem M.F. Hussein, saying the invasion of his privacy was made with “malice of reckless indifference” to his rights.

Sherri Lynn Wilson had entered Hussein’s apartment in Coraopolis the day of the attacks to replace furnace filters, according to testimony. She told the FBI she saw Arabic literature, an airplane flight manual, a compact disc jacket that showed an exploding airplane, and chemical residue she believed to be from bomb-making activities.

What she actually saw was a popular flight simulator computer game and its CD jacket, which did not depict an exploding airplane, Hussein’s attorney said. The purported Arabic literature was an English version of the Koran; the chemical residue was household dust.

Hussein was awarded $850,000 in compensatory damages and $1.6 million in punitive damages.

3

Why Volokh Is Wrong on Public Records and the First Amendment

freespeech4.jpg

In an interesting and thoughtful post, Eugene Volokh (law, UCLA) takes issue with California’s Megan’s Law, Cal. Penal Code § 290.46(j), which places personal data about sex offenders on the Internet yet restricts the uses of this data. The law allows people to use the information “only to protect a person at risk.” It prohibits the use of the information for, among other things, purposes related to insurance, loans, credit, employment, benefits, and housing.

Volokh writes:

So California law suppresses presumptively true statements of fact about criminals based on a public record, unless one’s purpose is “only to protect a person at risk.” If one learns that a neighbor or a coworker has committed a heinous crime, and wants to tell people — not specifically to protect a person at risk, but (for instance) to urge people not to give a fellowship to someone with such bad morals, or to urge businesses not to associate with such an evil person — one risks damages liability or an injunction.

Seems like a pretty clear First Amendment violation, especially given Florida Star v. B.J.F. If it’s unconstitutional to bar speakers from revealing the names of rape victims when those names were accidentally released by government officials into the public record, I’d think that it would be unconstitutional to bar speakers from revealing the names of rapists when those names were deliberately placed by government officials into the public record. But it seems that California weighs the privacy of public-record information about sex criminals more heavily than its law-abiding citizens’ constitutionally protected free speech.

I disagree with Volokh on both legal and policy grounds. Regarding the law, Florida Star restricts liability for disclosing information after the government has made it public. However, in Los Angeles Police Department v. United Reporting Publishing Co., 528 U.S. 32 (1999), the Supreme Court concluded that the government may selectively grant access to public record information. A California law required those seeking access to records of arrestee information to promise that the data should not be used for commercial solicitation purposes. The Supreme Court concluded that the law was not “prohibiting a speaker from conveying information that the speaker already possesses” but was merely “a governmental denial of access to information in its possession” under which it had no duty to disclose.

The Court has thus created a distinction between pre-access conditions on obtaining information and post-access restrictions on the use or disclosure of the information. A law cannot establish a post-access restriction on the use of information that is publicly available. Once the information is made available to the public, Florida Star prohibits a state from restricting use.

But pre-access, the government can establish conditions upon which access is granted. In a way, this sets up a contract-like situation. The government supplies people with information if they agree to use it only in certain ways. This is similar to when the government offers other benefits and specifies how they should be used. There are some limits — the unconstitutional conditions doctrine — but these limits have generally not been very restrictive.

Regarding policy, I believe that information use restrictions are a terrific way to balance the government’s making information publicly available and protecting privacy. Otherwise, the government is caught in a difficult zero-sum trade-off between public access to information and privacy. To protect privacy, governments would have to restrict the disclosure of the information entirely, but this would make less data available to the public. With use restrictions, such as those in the California Megan’s Law, the government can make the information available to protect people but can limit uses that do not further this purpose. This can prevent undue discrimination against those sex offenders who have been released from prison and who are trying to rehabilitate themselves.

I could go on for much longer, but I’ve sketched out the basic point. If you want to read a more detailed argument, check out this article, this article, and my book, The Digital Person.

6

Do Traffic Cameras Work?

trafficcam.jpgThe answer appears to be no – at least according to one study in DC. According to a Washington Post article:

The District’s red-light cameras have generated more than 500,000 violations and $32 million in fines over the past six years. City officials credit them with making busy roads safer.

But a Washington Post analysis of crash statistics shows that the number of accidents has gone up at intersections with the cameras. The increase is the same or worse than at traffic signals without the devices.

Three outside traffic specialists independently reviewed the data and said they were surprised by the results. Their conclusion: The cameras do not appear to be making any difference in preventing injuries or collisions.

“The data are very clear,” said Dick Raub, a traffic consultant and a former senior researcher at Northwestern University’s Center for Public Safety. “They are not performing any better than intersections without cameras.” . . . .

The Post obtained a D.C. database generated from accident reports filed by police. The data covered the entire city, including the 37 intersections where cameras were installed in 1999 and 2000.

The analysis shows that the number of crashes at locations with cameras more than doubled, from 365 collisions in 1998 to 755 last year. Injury and fatal crashes climbed 81 percent, from 144 such wrecks to 262. Broadside crashes, also known as right-angle or T-bone collisions, rose 30 percent, from 81 to 106 during that time frame. Traffic specialists say broadside collisions are especially dangerous because the sides are the most vulnerable areas of cars. . . .

The results were similar or worse than figures at intersections that have traffic signals but no cameras. The number of overall crashes at those 1,520 locations increased 64 percent; injury and fatal crashes rose 54 percent; and broadside collisions rose 17 percent.

Hat tip: EPIC West Blog

5

Notice of Privacy Practices

privacy-policy1.jpgA friend recently asked why we don’t have a privacy policy for this blog. We have a registration statement, after all, so why not a privacy policy? So without further ado, I present to you our shiny new privacy policy:

Notice of Privacy Practices

1. Our Commitment to Your Privacy. We at Concurring Opinions respect your private information deeply, which is why we want to gather and use every last bit of it. By visiting www.concurringopinions.com, you are accepting the practices described in this Privacy Notice. Moreover, even by hearing about this site, thinking about this site, or attempting to forget about this site, you hereby fully consent to everything described hereinafter in this Privacy Notice.

2. Our Promise to You. You hereby agree to be unilaterally bound by all terms stated in this Privacy Notice. However, this Privacy Notice is not binding on us in any way. We reserve the right to change, amend, or revoke this Privacy Notice at any time, without providing notice to you beforehand or in the future. Indeed, our privacy practices may currently be entirely different from those stated herein.

3. The Data We Collect and Share. Concurring Opinions gathers the maximum possible information about you to better understand you and to provide you with the content you so enjoy. We harvest your email addresses, track your IP addresses, and we provide them to numerous commercial data brokers in exchange for further information about you. We construct extensive dossiers about all of our visitors. We use this information to better customize Concurring Opinions so that we can deliver content suited to your interests, hobbies, and needs. We also share your information with our trusted as well as our non-trusted business partners. We do, however, take steps not to sell the data to identity thieves unless they pay us a higher rate. In the event of bankruptcy, we will sell your personal data to the highest bidder.

Read More

3

Symmetrical Privacy and Musings on Site Meter

friendster.jpg

Lior Strahilevitz (law, Chicago), has an interesting post at the Chicago Faculty Blog on what he calls “symmetrical privacy.” He begins by discussing Friendster, a social networking website where individuals post profiles and look up the profiles of others. Strahilevitz’s post was inspired by a post by Tara Wheatland at Boalt.org, who wrote:

Friendster suddenly and without notice changed a fundamental assumed feature of the community–that you could look at anybody’s profile you wanted to, while remaining anonymous yourself. Before this change, people who did not want random people to look at their profiles could change their settings accordingly. To apply this new feature retroactively and without notice really feels like a serious invasion of privacy. I don’t like it. . . .

As Strahilevitz notes: “Now Friendster users could quickly satisfy their curiosity by finding out who had viewed their profiles, but were mortified to learn that other users could do the same thing to them. Friendster was deluged with outraged user emails.”

Strahilevitz agrees that Friendster made a big gaffe by not informing people in advance, but he applauds Friendster’s “initial instincts” for devising a system of symmetrical privacy, which is a kind of privacy tit-for-tat. If you access my data, I get to access yours:

If an employer, identity thief, health insurer, or credit card company wants to access my credit report, at least let me know about it. If someone makes a FOIA request for government documents that reveal something about me, I should be notified of this request by the government. If someone goes to Fundrace.org or a similar site to see which political candidates I have donated to, I have no right to stop them from doing so, but I ought to have the right to be informed of their snooping. Symmetrical privacy might or might not be a solid foundation for a social networking site, but it seems to me that it is an excellent starting point for the law’s treatment of private information.

This is an interesting idea. We have something like that here, and so do many blogs. It’s called Site Meter. We can see how many of you are visiting and learn information about you. It’s quite interesting. Although we don’t learn your names, we can see what institutions you belong to, where you’re located, how many pages you’ve viewed, and more. Is this “symmetrical privacy” – we give you information on this blog and we get to see information about you? Actually, everybody can see this information at our Site Meter. You can too by clicking here. We’re all in a big fishbowl, and visits to this blog (and many blogs) are not totally private. Now, that’s symmetrical! I’ve always felt ambivalent about Site Meter. I am fascinated by the information about the visitors to this site, but it has always made me feel a bit like a voyeur.

I generally agree with Strahilevitz that people should be more aware of who is accessing their data. But the devil’s in the details. How far should this go? For example, I just posted about Harriet Miers’ donations to political candidates. Indeed, people can look up anybody’s contributions. Should Miers get a notice anytime somebody looks up this information?

9

Airport Screening Stories

Cartoon-SecFlt.jpg

Once upon a time, in an airport far far away, some people had problems with passenger screening. Nice people found themselves on lists of naughty people. Some called or emailed their complaint to the TSA Contact Center, in the hopes of fixing their problems or getting off the naughty lists (the Selectee or No Fly lists). The Electronic Privacy Information Center obtained the logs of their complaints, which contain many interesting tales.

From the call logs:

Consumer called and stated that

she was on a no fly list.  She would like to know what she would have to do or

who do [sic] she have to talk to to get off the list.  She stated that she was

informed at the airport that she was on a list.  I informed Mrs.

******* that since she’s allowed on the

plane after secondary screening, she isn’t on the No Fly List.  Mrs.

******* spoke to local detectives

stationed at FLL.  They informed her that she may be on the No Fly List.  But

the case is out of their jurisdiction.  She was referred to Homeland Security. 

Info has been forwarded to the appropriate source.  No accurate timeframe for

response.

* * * * * * *

Dr. ******* complains that every time he tries to fly commercial airlines, especiall United and Continental, he is “submitted to the most embarrassing and humiliating security checks at the counter even before they take my luggage.  It takes up to 25 minutes standing up.”

From the email logs:

I would like to know why my name is on the No Fly List and how I can get it removed. When I fly Continental for business, I have to have an airline representative check my identification and a TSA representative clear the reservation so my ticket can be issued for me to fly. This seems to only happen at Continental Airlines, but frequently I have had to go through the additional search at other airlines. The Continental agent did tell me that my name was on the No-Fly List and that it would be next to impossible to get if off, but I shall try anyway. I have not had any run-ins with the law or nor the airline, so I do not understand the reason for being on this list and subject to additional security when I fly for business or personal reasons. . . .

* * * * * * *

Read More

4

The USA-PATRIOT Act: A Fraction of the Problem

usa-patriot1.jpgOver at Legal Affairs Debate Club, Geoffrey Stone and Judge Richard Posner are debating the USA-PATRIOT Act. The focus of the debate thus far is on Section 215 of the USA PATRIOT Act, which states:

The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.

Further, this section requires that the person ordered to turn over the materials shall not “disclose to any other person . . . that the Federal Bureau of Investigation has sought or obtained tangible things under this section.”

Stone calls for curtailing Section 215 and Posner comes out in favor of a modified version of it.

The problem with this debate, as with many debates over the USA-PATRIOT Act, is that it is focused only on the USA-PATRIOT Act. Many of the issues that people are debating about already existed in federal electronic surveillance law before the USA-PATRIOT Act.

Read More

18

California’s Tougher Anti-Paparazzi Law and the First Amendment

paparazzi2.jpg

Recently, Governor Arnold Schwarzenegger signed a law that toughened California’s Anti-Paparazzi Act, Cal. Civ. Code §1708.8. The original act was passed in 1998 in response to Princess Diana’s death, which was caused when her car was fleeing aggressive paparazzi.

Paparazzi photos can fetch a lot of money. A photo of Princess Diana and Dodi al-Fayed sold for over $3 million.

Arnold Schwarzenegger is not stranger to paparazzi. In one instance, they chased him and his wife, Maria Shriver, off the road to take photos of him.

The Anti-Paparazzi Act creates heightened penalties when a person commits a trespass “in order to physically invade the privacy of the plaintiff with the intent to capture any type of visual image, sound recording, or other physical impression of the plaintiff engaging in a personal or familial activity and the physical invasion occurs in a manner that is offensive to a reasonable person.” A person can also be liable even if there is no trespass if he “attempts to capture, in a manner that is offensive to a reasonable person, any type of visual image, sound recording, or other physical impression of the plaintiff engaging in a personal or familial activity under circumstances in which the plaintiff had a reasonable expectation of privacy, through the use of a visual or auditory enhancing device.”

Read More

2

The DHS Privacy Office

dhs-nuala.jpg

Nuala O’Connor Kelly left the DHS privacy office last week. I have mixed reviews of her performance. On the good side, she did not rubber stamp DHS policies. She criticized the TSA, for example, for improperly gathering airline passenger records from Jet Blue Airlines. But on the negative side, she acted more as an internal facet of DHS than as an external overseer. Her role was more akin to an in-house privacy counsel who would advise behind the scenes than to an independent agent.

This wasn’t necessarily O’Connor Kelly’s fault. The DHS privacy office lacks essential powers, like the ability to subpoena documents. It lacks the independence to rebuff the DHS. It lacks any real teeth to enforce sanctions when the DHS violates the law. Although it produces public reports about its activities, the privacy office could do more to ensure greater public accountability for DHS, which often operates in manner that isn’t transparent.

We need a privacy agency, one that has teeth. For a good proposal for such an entity, see Robert Gellman, A Better Way to Approach Privacy Policy in the United States: Establish a Non-Regulatory Privacy Protection Board, 54 Hastings L.J. 1183 (2003). As Gellman notes: “The failure of the United States to have a national privacy agency is, perhaps, the single most important difference in approach to data protection between the United States and most other industrialized countries.”

3

When Clacks Squawk: The New Keystroke Surveillance

keyboard1.jpg

You thought keyboard clacking was just annoying noise. Little did you know your clacking is broadcasting what you’re typing!

Berkeley researchers have developed a way to monitor your keystrokes without installing a device into your computer. Thus, far, keystrokes can be monitored via special software or other devices installed into people’s computers (either directly or via a virus or spyware). This new technique relies on the clacking of your keyboard. According to the AP:

If spyware and key-logging software weren’t a big enough threat to privacy, researchers have figured out a way to eavesdrop on your computer simply by listening to the clicks and clacks of the keyboard.

Those seemingly random noises, when processed by a computer, were translated with up to 96 percent accuracy, according to researchers at the University of California, Berkeley.

“It’s a form of acoustical spying that should raise red flags among computer security and privacy experts,” said Doug Tygar, a Berkeley computer science professor and the study’s principal investigator.

Researchers used several 10-minute audio recordings of people typing away at their keyboards. They fed the recordings into a computer that used an algorithm to detect subtle differences in the sound as each letter is struck.

On the first run, the computer had an accuracy of about 60 percent for characters and 20 percent for words, said Li Zhuang, a Berkeley graduate student and lead author of the study. After spelling and grammar checks were deployed, the accuracy for individual letters jumped to 70 percent and words to 50 percent.

The software learned to improve as researchers repeatedly fed back the same recordings, using results of spelling and grammar checks as a gauge on correctness. In the end, it could accurately detect 96 percent of characters and 88 percent of words.