However, fewer than 15% of people believe their online information will matter in getting hired.

The study was “conducted with 2,500 consumers, HR managers and recruitment professionals in the US, UK, Germany and France.”

According to the study:

In the United States, 89% of recruiters and HR professionals surveyed find it appropriate to consider professional online data when assessing a candidate; 84% of them think it is proper to consider personal data posted online.

As I have indicated previously, most employers who use information they find online [...]]]> According to a study by Microsoft,70% of employers (in the United States) rejected potential employees because of information found out about them online.  Interestingly, the numbers are much less in other countries (41% in the UK, 16% in Germany, and 14% in France)

However, fewer than 15% of people believe their online information will matter in getting hired.

The study was “conducted with 2,500 consumers, HR managers and recruitment professionals in the US, UK, Germany and France.”

According to the study:

In the United States, 89% of recruiters and HR professionals surveyed find it appropriate to consider professional online data when assessing a candidate; 84% of them think it is proper to consider personal data posted online.

As I have indicated previously, most employers who use information they find online about job candidates lack a policy for doing so fairly and ethically (and sometimes legally).   Should prospective employees be told when their employers google them?  Should they have a right to respond?  What procedures are in place to ensure that the information found online in fact relates to the job candidate and not another person with the same name?  Is any distinction made between information that a person voluntarily posts and information others post about them?  Are any steps taken to make sure the information is true and not a spurious rumor?  What boundaries are there for online searching?  Improperly gaining access to a person’s profile on Facebook, for example, could be a violation of law depending upon how it is done.

The Microsoft study is available here.  This data is much more extensive than what I found when I was doing research for The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.   I didn’t have much by way of statistics back in 2007, but I discussed a few interesting anecdotes in Chapter 2.

Below is a chart  from the study listing the kinds of information employers found most discrediting.

Hat tip: Adjunct Law Prof Blog

In “Redrawing the Route to Online Privacy,” the New York Times discusses how law and technology might get help us out of this mess.  The article highlighted several intriguing technical innovations.  A group at Carnegie Mellon University has designed software that will nudge consumers about the privacy implications of sharing certain information.  As [...]]]> As Daniel J. Weitzner recently noted to the New York Times, our current notice-and-choice model of privacy may soon be dead and good riddance.  Since the 1990s, we have relied upon websites’ privacy policies to inform individuals about whether their information would be collected, used, and shared.  Consumers usually don’t read these policies and, if they did, they likely would not understand them.  This leaves us with with much room to do better.

In “Redrawing the Route to Online Privacy,” the New York Times discusses how law and technology might get help us out of this mess.  The article highlighted several intriguing technical innovations.  A group at Carnegie Mellon University has designed software that will nudge consumers about the privacy implications of sharing certain information.  As CMU’s  Lorrie Faith Cranor explains, social network site users often share their birth dates, hoping to receive online greetings from friends yet doing so runs the risk of marketing profiling, identification, and identity theft.  Software could inform consumers of these risks before they share their birth dates.  M. Ryan Calo, a fellow at Stanford Law School’s Center for Internet and Society who has done exciting work on the privacy implications of robots, is exploring voice and animation technology emulating humans that would provide “visceral notice.”  Before someone puts information in a personal health record like GoogleHealth, a virtual nurse could explain the privacy implications of sharing the information.  Calo explains that people naturally react more strongly, in a more visceral way, to anthropomorphic cues.  The think tank Future of Privacy led by Jules Polonetsky and Chris Wolff is testing the effectiveness of using new icons and key phrases to provide web surfers with more transparency and choice about behavioral advertising practices.  Princeton’s Ed Felten (whose important computer science research has rightly preoccupied government and industry) is working on re-engineering the Web browser for greater privacy.  Felten would alter the software’s design so that information about on-screen viewing sessions is kept separate and not routinely passed along so a person’s browsing behavior can be tracked.

As these efforts make clear, code is crucial to the protection of consumer privacy.  To what extent, if at all, should we invoke law to regulate websites’ information practices?  Congress and the Federal Trade Commission is mulling rules that would limit a site’s use of information collected online.  As the New York Times notes, government might ban the use of recorded trails of a person’s web-browsing in employment or health insurance decisions.  It would be worth considering limits on data collection and retention practices too.  Law could require the deletion of certain information after a certain time, in the manner suggested by Viktor Mayer-Schonberger’s work.  All worth pondering.

According to the New York Times, the officials were convicted:

Three Google executives were convicted Wednesday of violating Italian privacy laws in a ruling that the company denounced as an “astonishing” attack on freedom of expression on the Internet.

The case involves online videos showing an autistic boy being bullied by classmates in Turin, which were posted in 2006 on Google Video, an online video-sharing service that Google ran before its acquisition of YouTube.

Prosecutors charged that the videos violated Italian personal privacy protections. They said the clips were removed only after complaints from Vivi Down, an Italian organization representing people with Down syndrome, whose name [...]]]> A while ago, I blogged about a criminal case in Italy against several Google officials regarding a video somebody loaded onto YouTube.

According to the New York Times, the officials were convicted:

Three Google executives were convicted Wednesday of violating Italian privacy laws in a ruling that the company denounced as an “astonishing” attack on freedom of expression on the Internet.

The case involves online videos showing an autistic boy being bullied by classmates in Turin, which were posted in 2006 on Google Video, an online video-sharing service that Google ran before its acquisition of YouTube.

Prosecutors charged that the videos violated Italian personal privacy protections. They said the clips were removed only after complaints from Vivi Down, an Italian organization representing people with Down syndrome, whose name was mentioned in the videos.

“We are definitely satisfied that someone has to take responsibility for this violation of privacy,” said Guido Camera, a lawyer for Vivi Down.

Google said it planned to appeal, warning that the verdicts raised serious questions about the viability of user-generated content platforms like YouTube in Italy and potentially elsewhere in Europe.

“If company employees like me can be held criminally liable for any video on a hosting platform, when they had absolutely nothing to do with the video in question, then our liability is unlimited,” said one of the three executives, Peter Fleischer, Google’s chief privacy counsel.

“The decision today therefore raises broader questions like the continued operation of many Internet platforms that are the essential foundations of freedom of expression in the digital age,” he said in a statement.

The Google executives received six-month suspended sentences.

I have been one to advocate greater privacy protections against online gossip and rumor, but this Italian conviction goes way too far.  Although I have critiqued the expansiveness of CDA 230 immunity in the United States (I believe it has been expanded by courts far too broadly), I support the following  general principles: (1) without more (direct encouragement, etc.), a website shouldn’t be liable for content posted by others to that site; (2) websites should have a responsibility to take down material they know is violative of privacy or defamatory; (3) failure to live up to this responsibility should be dealt with civilly, not through criminal law.

In this case, the videos weren’t posted by Google but by another person.  They were taken down by Google after a complaint was raised about them.   Based on my understanding of the facts, Google acted quite responsibly here.

This case sets a terrible precedent and severely threatens Web 2.0 in Italy as well as anywhere that would consider similar misguided action.

Perhaps this case will make it to the European Court of Human Rights (ECHR),  which balances two articles of the European Convention on Human Rights — Article 8 which protects privacy and Article 10 which protects speech.

According to Article 8:

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

According to Article 10:

1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.

2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

The Italian decision pushes the balance way too far to the privacy side, to the severe detriment of speech.  I hope that Italian appeals courts or the ECHR will fix this very troublesome imbalance.

Thanks, Danielle, for inviting me to expand on my comment yesterday on your post on the Google Buzz story. Google Buzz has been obviously been all over the news lately, in part for various complaints about Google’s privacy practices. Those complaints have focused on the way in which Buzz, enrollment in which was automatic for Gmail users, initially defaulted to effectively sharing users’ email contacts with the public. EPIC has filed a complaint with the FTC arguing that this combination of automatic enrollment and “opt-out” [...]]]> Guest blogger Professor Bruce Boyden has terrific insights on all things technology and law and so I invited him to comment on the Children’s Online Privacy Protection Act and its impact on the Google Buzz phenomenon.  So here is Professor Boyden:

Thanks, Danielle, for inviting me to expand on my comment yesterday on your post on the Google Buzz story. Google Buzz has been obviously been all over the news lately, in part for various complaints about Google’s privacy practices. Those complaints have focused on the way in which Buzz, enrollment in which was automatic for Gmail users, initially defaulted to effectively sharing users’ email contacts with the public. EPIC has filed a complaint with the FTC arguing that this combination of automatic enrollment and “opt-out” of information-sharing was an unfair or deceptive trade practice in violation of Section 5 of the FTC Act.

But that’s not what caught my attention in Danielle’s post. What really set off alarm bells in my head was Danielle’s recounting how her children and their friends, all under the age of 13, suddenly had their Gmail accounts turned into Google Buzz accounts,  and then proceeded to upload all sorts of information about themselves using the service. That raises the prospect that Google Buzz, by collecting such information without getting the appropriate parental consent, violated the Children’s Online Privacy Protection Act, or COPPA. I haven’t seen any discussion of this issue anywhere else.

COPPA is one of the few privacy statutes with real bite: it has strict rules that require substantial effort to follow, and the FTC has shown itself to be a vigorous enforcer. Indeed, the FTC has gone after two social networking sites for COPPA violations recently, and in one case imposed a fine of $1 million. So is Google violating COPPA? The answer is unclear but there’s definitely risk for Google here.

COPPA regulates the online collection of information from children under the age of 13. It applies to two classes of websites: those that have “actual knowledge” that they are collecting information from children, and those that are “directed to children.” If a website in either category is going to collect personally identifiable information (PII) from children, it first has to get “verifiable consent” from a parent. The FTC uses a “sliding scale” to determine what sort of verifiable parental consent is required; for information that is going to be publicly disclosed, as here, the FTC’s COPPA regulations require something like a mail-in form or a credit card.

It’s clear that Google has been collecting PII from children and that it hasn’t been getting prior verifiable consent. But it doesn’t need to comply with COPPA if it doesn’t either have actual knowledge or if the site is not directed to children. “Actual knowledge” typically comes about because the site asks for an age or birth date in the registration process–whether or not a human actually looks at it, the site will have “actual knowledge” if a user provides a birth date that is less than 13 years ago. This is in fact the most common vector for COPPA violations: a site asks for the user’s age, but doesn’t bar the user or get verifiable consent if the user responds that they are less than 13. But Buzz didn’t ask for an age when its users joined, so Google doesn’t appear to have “actual knowledge” of Buzz’s users’ ages.

Even if Google lacks “actual knowledge,” it might still need to comply with COPPA if Buzz is “directed to children.” Buzz users are Gmail users, and Gmail’s terms appear to bar users under 18:

2.3 You may not use the Services and may not accept the Terms if (a) you are not of legal age to form a binding contract with Google . . . .

But the FTC has taken the sensible position that merely stating a rule barring users under 13 is not enough to avoid COPPA compliance if the rule is not enforced. So we need to look at the definition of “directed to children,” According to the FTC regulations, a website is “directed to children” if it is “a commercial website . . . that is targeted to children,” which is not terribly helpful. The FTC looks at the following factors to determine whether a website is “targeted” at children: “its subject matter, visual or audio content, age of models, language or other characteristics of the website or online service, as well as whether advertising promoting or appearing on the website or online service is directed to children.” The Commission will also consider empirical evidence concerning who’s using the service, and who the intended audience is.

Buzz doesn’t seem to satisfy many of those factors. There’s not much about the site design that screams out “young children.” The short video promoting Buzz I watched had only adult cartoon figures in it. But focusing on the list of factors ignores the fact that we are talking about a social networking site here, which may be inherently “targeted at children.” Children are drawn to such sites like catnip. It’s worth noting that Facebook has made a different choice than Google: it asks for your age on registering, and bars those under 13. Google would be wise to adopt a similar policy.

I’m not certain the FTC has yet brought a COPPA enforcement action against a company that didn’t have any actual knowledge of users’ ages. As a result, there’s not much to go on in terms of deciding when a site might be found to be “directed to children.” And perhaps an enforcement action is unlikely here. But I’m sure Google doesn’t want to be the test case.

As many parents know, Facebook and other social network sites welcome anyone 13 and older to make friends and become fans at their site.  That leaves kids under 13 (at least ones with watchful parents) with a less dynamic [...]]]> Google Buzz thrust itself on the social scene at a particularly auspicious time.  Snow had trapped East Coasters in their homes so kids talked to their friends digitally and watched television (usually at the same time).  Those over 13 likely spent their time on Facebook, which now seems like a privacy haven compared to its newest pesky social network comrade, Google Buzz.  Kids under 13 discovered that Google Buzz hit their Gmail account.  It was, for many, their first social network experience: intoxicating, terrifying, and all theirs.

As many parents know, Facebook and other social network sites welcome anyone 13 and older to make friends and become fans at their site.  That leaves kids under 13 (at least ones with watchful parents) with a less dynamic online life.  Before last week, my kids and their pals communicated via email and Gmail chats, happy to wait until their 13th birthday when they might get a chance to create profiles and network on Facebook (parent approval pending).  Then came the Buzz.  As parents busied themselves shoveling or trying to work, kids found their Gmail inboxes transformed into garden of online delights.  They could post pictures and videos for their contacts (their contacts’ contacts and their contacts’ contacts) to see, and they gained access to everyone’s email list.  Status updates from contacts appeared in an endless stream along with wall-like postings.

Aside from the obvious privacy problems that advocates such as Marc Rotenberg make stunningly clear, see here, another arose, one that has received less press.  Those under 13 had, and may continue to have, a powerful taste of social networking that they may be ill-equipped to handle.  Online communications have a powerful disinhibiting effect.  As a result, people do and say things online that they would never do or say offline.  This is particularly tricky for young children who have much emotional intelligence to learn.  Although I had only a small sample to watch, my friends tell a resoundingly similar story: kids under 13 got swept into a nasty free for all, a melange of bullying, shaming, and privacy-busting disclosures that would make a more emotionally mature crowd cringe.  As the recent story of 15-year old Phoebe Prince’s suicide illustrate and that of Megan Meier, online bullying can escalate into serious harassment, inflicting mental distress so serious as to drive the emotionally vulnerable to suicide.

Google Buzz did parents a favor with its shocking jump into social networking, foisted on Gmail users.  Since the snow storm has abated for the moment, parents are now probably paying attention to what is going on with their kids.  Hopefully, this turns into a crucial teaching moment for families who need to talk about acting responsibly online, to treat others as ends in themselves, worthy of respect, not as objects that we can shame and demean.  I know that our house took that opportunity.  So should yours.

Hat Tip: Citron gang, Tea Carnell, and Ray Cha

Privacy Clearinghouse helps us identify easy privacy breach cases, i.e.,  those involving easily identifiable, static sources such [...]]]> Privacy Clearinghouse reports that over 341 million records of sensitive personal information have been leaked, hacked, or otherwise compromised since 2005.  It lists data leaks by the responsible entity and total number of released records.  Most recently, on December 17, 2009, the North Carolina Library System’s central server in Raleigh suffered a security breach, resulting in the release of 51,000 drivers license numbers and Social Security numbers.  On December 18, 2009, the Dickinson School of Law discovered that a computer containing 261 Social Security numbers from an archived class list had been “infected with malware that enabled it to communicate with an unauthorized computer outside the network.”

Privacy Clearinghouse helps us identify easy privacy breach cases, i.e.,  those involving easily identifiable, static sources such as infected computers, hacked servers or centralized databases, stolen flash drives, and the like.  Yet as privacy scholar Paul Schwartz highlights in an important new study entitled Managing Global Data Privacy: Cross-Border Information Flows in a Networked Environment, privacy problems increasingly involve a much more complex set of circumstances.

As Schwartz’s study explains, in the recent past, companies largely maintained localized data sets and processes.  A data transfer usually occurred at a predictable moment and into databases controlled by a single entity.  In the present, however, international data flows occur continuously in a “multi-directional fashion” through the globe and involve a multitude of entities.  As Schwartz thoughtfully explores, networked technologies, such as cloud computing, change a firm’s Coasean “make or buy” decisions in innovative ways.  Functions and operations can now be “packaged as modular units that can be pulled apart and re-assembled.”  Data flows can be “de-aggregated and de-coupled to allow companies to develop novel business approaches to operations and activities.”

Exciting as these developments may be, they complicate privacy and security protections afforded dynamic data flows.  Schwartz’s case studies reflect that firms take data privacy and security seriously.  We have seen a professionalization of corporate data protection.  Companies now have Chief Privacy Officers and Chief Information Officers.  Although the study offers a number of important insights, it emphasizes the adoption of accountability principles to protect privacy and data security of global data flows.  This seems a wise move and one worth tracking.

I highly recommend the keynote lunch with Pam Samuelson and Paul Courant. That panel warmed [...]]]> D is for Digital is over now. I urge anyone interested in the Google Book Deal (aka the Google Book Search) to check out the schedule page and the webcast links (the stream links are at the top of the Friday and Saturday schedules respectively). James Grimmelmann put together a conference that aired out pro and con views rather well. In fact, I’d say although many were questioning the deal, I learned a good amount about the views of those in favor of the deal. I was not convinced that the deal is good and should go forward, but I appreciated hearing more about how the deal evolved and defenders’ views.

I highly recommend the keynote lunch with Pam Samuelson and Paul Courant. That panel warmed up the group. Some really good questions about transparency of the process, responsibility, and more came up. Pam’s key point that if one builds a pubic good this big, public trust responsibilities go with it was dead on for me. I highly recommend watching the video for all that was said.

The next panel C is for Culture was excellent. James asked a question that has been on my mind and we had kicked around at WIP IP last week. Is Google Book Search irrelevant?

Here is why that is good question. First, the day so far emphasized that the majority of the books in question are academic books. As Pam explained and Paul Duguid echoed, if scholars’ books are at stake, scholars should be involved. Paul made clear that scholarly standards should guide the project.

Now, consider that many books are becoming available on BitTorrent. In addition, one panelist, Dan Reetz has a fascinating project. His DIYscanner project is a wild moment in grassroots digital activism. The story of how he chose to build his low-cost, open source DIY scanner (we’re talking maybe $300-$400 total) so that one could scan personal (and other books) at the rate of a few seconds per page and without destroying the book merits another post. (for now here is a link to the plans to build your own scanner) In addition, Reetz noted that majority of new books are leaked prepublication. As a general matter, a key claim is that users will pay for a book but copy the book so that they can search and take many books with them. The importance of these changes is that crowd-sourced and other approaches to digitizing text is on the move. One can see this shift as indicating market failure or that ereader functionality will be more and more the case.

As scanners, ereaders, and companies like Stanza offer better ways to access, search, mark, and read, the walled or controlled version of the text experience that the Google Book Deal offers seems odd. I doubt, however, that it will be irrelevant. Google’s brand, the ease of searching (even with its errors so far), and the ability to trust Google over BitTorrent or other sources will likely make it relevant to many. Nonetheless, the growth in alternative sources would suggest that Google will need to choose between a web search that captures all useful book offerings or a Google Book Search that only gives Google Book results. As the last panel on antitrust explored, Google is already dominant in search. It arguably killed a little company called MapQuest. Once Google offered its maps and its maps became the default listing when one entered address information into the search, MapQuest was done. That seems awfully close to the MS bundling issues of the last decade. When it comes to books, Google’s lead and dominance will give it massive power and leverage over how we all access knowledge. Nonetheless, it may be that grassroots, crowd-sourced movements will permit an end around for the control the publishers want through this deal. To be clear an end-around is insufficient protection against the lock-in problems the Google Book Deal poses, but it may help push Google to reach a deal that is less run by publisher interests.

As CNET reports, “Independent bloggers who fail to disclose paid reviews or freebies can face up to $11,000 in fines from the Federal Trade Commission, according to revisions to [...]]]> As I argue in my essay Individual Branding the web presents important and amazing new possibilities for individuals to earn money and much of that potential will flow from one’s online reputation. In short, as one blogs or shares information in another form, one becomes a trusted source and can start extract money from those activities. I argue that those acts have the seeds of the possible destruction of Benkler’s world of sharing. Today the FTC has targeted a practice that arguably could increase the reliability of social network endorsements but will also upset many people.

As CNET reports, “Independent bloggers who fail to disclose paid reviews or freebies can face up to $11,000 in fines from the Federal Trade Commission, according to revisions to the agency’s “Guides Concerning the Use of Endorsements and Testimonials in Advertising” published Monday.” The FTC has not updated the Guidelines since 1980. The press release is here. The full text of the Guides are here (pdf). It is 81 pages, and I have not read it as yet but one thing people should know is that the effective date is December 1, 2009.

From the release it appears that the guides take am expansive view of what presents a moment to disclose “The revised Guides specify that while decisions will be reached on a case-by-case basis, the post of a blogger who receives cash or in-kind payment to review a product is considered an endorsement. Thus, bloggers who make an endorsement must disclose the material connections they share with the seller of the product or service.” CNET suggests that celebrities and “mommy bloggers” could be in trouble under the new rules. (Here is my prediction on the riposte to come but that I don’t think is accurate: “The FTC hates moms. In a down economy and with more and more people needing new ways to earn, the FTC actions are a direct attack on the importance of moms.” Now back to our regularly scheduled blogging.)

There are a ton of oddly connected things here. First, I just blogged about CITP and its FedThread project. That project would allow one to track this sort of moment rather quickly. Second, I was just at the Works In Progress Intellectual Property Conference at Seton Hall (which was yet again an excellent conference and for which everyone at Seton Hall deserves many thanks) where Zahr Stauffer presented a fascinating paper called Novels for Hire: Branded Entertainment, Copyright and the Law that I think will have something to say about these changes. As one blog notes, the practice of giving journalists freebies is common. Zahr’s paper shows how advertising and novels have had a rather curious interaction over the years. I think the paper will help understand the way writing and advertising have co-existed in either good or bad ways at different times with the shift to blogging fitting in as part of that history. The paper should be available soon so keep an eye out for it.

Electronics and other big ticket items seem to be where the concerns are. I look forward to finding out whether book, film, and music reviewers have to tell readers whether they received a review copy of the book. In general if one only says nice things about a review subject, one might receive more books etc. I think that non-professional blogs and other online information sources such as rating systems and FaceBook will allow people to find out whether they should buy a product (i.e., one might use a personal network to ask whether a product is good). That practice could undercut the quiet payment model.

Here is a possible way to understand this turn of events. 1) Secret endorsements die out and full disclosure of what has been given is the norm. 2) Small bloggers and big agencies are no longer able to seem credible as reviewers. 3) If people want independent reviews, they must pay magazines or other pay sources who can afford to buy the review items and avoid the taint of being given free stuff. 4) The public does not want to pay and instead reads the blog reviews with the disclosures and augments the research with social networks and user ratings which are more difficult to fake and possibly more reliable. 5) Yet again paid, professional independent news and reviews seems to be squeezed out.

What does this mean for the public? Through FedThread people can more easily track issues regarding “rules, proposed rules, and notices of Federal agencies and organizations, as well as executive orders and other presidential documents” as they are posted to the Federal Register website (weekdays [...]]]> The Federal Register has moved to an XML format. That has allowed Princeton’s Center For Information Technology Policy to be on the move once more. The new project is called FedThread. As the site puts it now that the Federal Register is in XML, “citizens [can] create new services that in turn provide value back to government. Kudos to the Government Printing Office, National Archives and Records Administration, and Office of Science and Technology Policy for making this all possible.”

What does this mean for the public? Through FedThread people can more easily track issues regarding “rules, proposed rules, and notices of Federal agencies and organizations, as well as executive orders and other presidential documents” as they are posted to the Federal Register website (weekdays except for government holidays). So today’s documents include material about the Delaware River Basin Commission, Department of Education, Federal Communication Commission, Department of Health and Human Services, and the National Science Foundation proceedings. Actions regarding postesecondary education, rulemaking at the FCC, and pandemic influenza vaccines are apparently on the table. Go to this link for today’s full list.

In other words, rejoice, wonk and non-wonk, for you may can now see what your government is doing. In fact FedThread offers some rather great features including:

* collaborative annotation: Attach a note to any paragraph of the Federal Register; start a conversation.
* advanced search: Search the Federal Register (back to 2000) on full text, by date, agency, and other fields.
* customized feeds: Turn any search into an RSS or email feed, which will send you any new items that match the search query.

As I understand it, one can set up a search and receive updates about the topic. Policy makers, academics, and engaged citizens should take advantage of these features. It should allow one to see how the law is evolving and take action much more quickly than before.

One point for those who may confuse making a note with a comment. FedThread is not affiliated with the U.S. government. Notes appear on the FedThread site but are not part of the Federal Register. Formal comments must follow the proper procedures related to commenting on whatever particular topic upon which one wishes to comment. In addition, the notes are just that, notes of those who wnat to share their views about a topic. It should open debate and discussion, but as with many areas of the Web, one will have to sort between useful and irrelevant notes.

I am sure I will learn more from my colleagues here at CITP as the project moves forward. For now, I hope people enjoy the offering.

For those interested in “some of the driving principles behind the project,” this paper Government Data and the Invisible Hand is a good place to start. Last, I want to call out the people involved in building this project. Joe Calandrino, Ari Feldman, Harlan Yu, and Bill Zeller developed it. Calvin Lee at Princeton’s Student Design Agency handled the graphic design. Prof. Ed Felten and Stephen Schultze led the project. You can contact FedThread at info@fedthread.org.

* The Facebook-Fandango Connection: Invasion of Privacy?

* Facebook’s Beacon: News Feeds All Over Again?

* Facebook and the Appropriation of Name or Likeness Tort

* The New Facebook Ads — Starring You: Another Privacy Debacle?

* Facebook — the New DoubleClick?

* Facebook Listens and Responds

* Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act

A class action suit was initiated against Facebook, and recently, a settlement agreement has been reached.  According to the WSJ:

Facebook Inc. said Friday it settled a class-action lawsuit related to its Beacon Web product, a controversial service that displayed actions that users took on other Web sites back on Facebook.

As part of the settlement, which is pending approval [...]]]> A while ago, I wrote a lot about Facebook’s Beacon on this blog:

* The Facebook-Fandango Connection: Invasion of Privacy?

* Facebook’s Beacon: News Feeds All Over Again?

* Facebook and the Appropriation of Name or Likeness Tort

* The New Facebook Ads — Starring You: Another Privacy Debacle?

* Facebook — the New DoubleClick?

* Facebook Listens and Responds

* Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act

A class action suit was initiated against Facebook, and recently, a settlement agreement has been reached.  According to the WSJ:

Facebook Inc. said Friday it settled a class-action lawsuit related to its Beacon Web product, a controversial service that displayed actions that users took on other Web sites back on Facebook.

As part of the settlement, which is pending approval in the U.S. District Court of the Northern District of California, the social-network concern will shut down the Beacon service, which it has been phasing out but which is still being used by a small number of Web sites, according to a Facebook spokesman.

The company will also pay $9.5 million to create a foundation to fund products that promote online privacy, safety and security, the spokesman said. The settlement was submitted to the court late Friday evening.

Tiny bubbles In the wine Make me feel happy Ah, they make me feel fine

Those tiny bubbles Make me warm all over With a feeling that I’m gonna Love you till the end of time

The little charming talk bubbles all over the Internet communications have a similar warm effect. They remind me of comic strips and comic books and of adults droning “wa wawa waaa” in Peanuts cartoons on T.V. Ah no more. According to TechCrunch, when a developer wondered why his App had not been approved he was told “the bubbles in its chat rooms are too shiny, and Apple has trademarked that bubbly design.” Wow. Do comic strip and book folks know that Apple is that clever? The wondrous shiny dialogue bubble [...]]]> As Don Ho (and others) have sung:

Tiny bubbles
In the wine
Make me feel happy
Ah, they make me feel fine

Those tiny bubbles
Make me warm all over
With a feeling that I’m gonna
Love you till the end of time

The little charming talk bubbles all over the Internet communications have a similar warm effect. They remind me of comic strips and comic books and of adults droning “wa wawa waaa” in Peanuts cartoons on T.V. Ah no more. According to TechCrunch, when a developer wondered why his App had not been approved he was told “the bubbles in its chat rooms are too shiny, and Apple has trademarked that bubbly design.” Wow. Do comic strip and book folks know that Apple is that clever? The wondrous shiny dialogue bubble means Apple! Do the green bubbles qualify too? Yet again I am left wondering what’s a cubit and contemplating a drink with tiny, shiny bubbles.

So I leave you with Don Ho and Tiny Bubbles.

Tiny Bubbles – Don HO

“This is the new JuicyCampus,” says a note at Campus Gossip, which boasts campus-specific message boards for hundreds of colleges and encourages anonymous and racy barbs such as “These Fellas got herpes,” with a list of names attached. Going even further than its predecessor, there’s also a photo section where students can post embarrassing pictures and videos of others.

The site is planning a back-to-school marketing push, including a happy hour near Arizona State University where a rap artist named Sabotage will perform a song about the pleasures of campus gossip.

Another site, CollegeACB (the letters stand for Anonymous Confession Board), [...]]]> A while ago, the notorious college gossip website, Juicy Campus, bit the dust.  But according to an article by Jeffrey Young in the Chronicle of Higher Education:

“This is the new JuicyCampus,” says a note at Campus Gossip, which boasts campus-specific message boards for hundreds of colleges and encourages anonymous and racy barbs such as “These Fellas got herpes,” with a list of names attached. Going even further than its predecessor, there’s also a photo section where students can post embarrassing pictures and videos of others.

The site is planning a back-to-school marketing push, including a happy hour near Arizona State University where a rap artist named Sabotage will perform a song about the pleasures of campus gossip.

Another site, CollegeACB (the letters stand for Anonymous Confession Board), paid the defunct JuicyCampus $10,000 to redirect visitors from its Web address to CollegeACB.

For those who want a first-hand look at these sites, the Campus Gossip site is here and the CollegeACB site is here.  I’m quoted in the article, as is co-blogger Danielle Citron:

Internet shaming creates an indelible blemish on a person’s identity,” wrote Daniel J. Solove, a professor of law at George Washington University, in his 2007 book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press). “It’s similar to being forced to wear a digital scarlet letter or being branded or tattooed. People acquire permanent digital baggage. They are unable to escape their past, which is forever etched into Google’s memory.” . . . .

“I don’t see why it has to be that way,” the law professor told me in a recent interview. “Just like when you drive, it’s not a free-for-all,” he added, equating the current laws governing online forums to a road without traffic lights or stop signs. “It’s like if we looked at the roads and said, There’s just nothing to be done—let’s just abolish all rules of the road.” . . . .

Danielle Citron, a law professor at the University of Maryland at Baltimore, said she hoped that stamping out harassment on campus-gossip Web sites would be considered a matter of civil rights.

She makes the case in an article published in the Michigan Law Review this year called “Law’s Expressive Value in Combating Cyber Gender Harassment.” In it, she argues that law-enforcement officials fail to take seriously complaints about online anonymous comments, and that using “civil-rights remedies” may be the most effective way to pursue such acts.

“Women should not have to wait until cyberharassment fulminates into physical violence for law enforcement to address it,” she wrote. “A civil-rights agenda … would demonstrate that the Internet is not the lawless Wild West, just as court settlements and state legislation made clear that the home does not insulate abusing husbands from societal intervention.”

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use [...]]]> The Lori Drew case has finally been decided.  Background about the case is here.  In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.

In an opinion released on August 28, Judge George Wu struck down, on unconstitutional vagueness grounds, the prosecution’s attempt to enforce violations of website terms of service as crimes under the Computer Fraud and Abuse Act (CFAA):

[I]f any conscious breach of a website’s terms of service is held to be sufficient by itself to constitute intentionally accessing a computer without authorization or in excess of authorization, the result will be that section 1030(a)(2)(C) becomes a law “that affords too much discretion to the police and too little notice to citizens who wish to use the [Internet].” City of Chicago [v. Morales], 527 U.S. [41] at 64 [(1999)].

Congratulations to Orin Kerr, who assisted in the defense, and who is cited numerous times throughout the court’s opinion.

Cohen started pursuing the defamation suit against the anonymous ‘Skanks’ blogger in January after discovering the site, on which the blogger called Cohen a skank, a ho, and an old hag, among other nasty things, and posted photos of her, taken from various websites. Since Cohen needed the identity of the blogger in order to file the lawsuit against her, a judge in Manhattan granted Cohen’s request to force Google to reveal the e-mail address and IP address of the alleged defamer.

Cohen has since dropped her $3 million lawsuit.  The unmasked blogger — Rosemary Port — plans to sue Google [...]]]> A model named Liskula Cohen was being attacked on a blog called Skanks in NYC.  The author of the Skanks blog was anonymous.  Kashmir Hill reports:

Cohen started pursuing the defamation suit against the anonymous ‘Skanks’ blogger in January after discovering the site, on which the blogger called Cohen a skank, a ho, and an old hag, among other nasty things, and posted photos of her, taken from various websites. Since Cohen needed the identity of the blogger in order to file the lawsuit against her, a judge in Manhattan granted Cohen’s request to force Google to reveal the e-mail address and IP address of the alleged defamer.

Cohen has since dropped her $3 million lawsuit.  The unmasked blogger — Rosemary Port — plans to sue Google for $15 million for breaching its fiduciary duty to defend her anonymity.

Over at CyberSLAPP, a website maintained by EFF (disclosure: I’m on EFF’s advisory board), ACLU, CDT, EPIC, and Public Citizen, they have posted documents from the case, including the court’s order to Google to unmask the author of Skanks.

CyberSLAPP seeks to combat frivolous lawsuits to reveal another’s identity:

CyberSLAPP cases typically involve a person who has posted anonymous criticisms of a corporation or public figure on the Internet. The target of the criticism then files a frivolous lawsuit just so they can issue a subpoena to the Web site or Internet Service Provider (ISP) involved, discover the identity of their anonymous critic, and intimidate or silence them.

The Skanks in NYC raises a lot of interesting issues.  I’ll tackle a few in this post.

1.Was Cohen’s lawsuit frivolous? Cohen might have a decent defamation lawsuit, but she subsequently dropped it when she found out Cohen’s identity.  This behavior indicates she was using the lawsuit only to unmask the blogger.  I agree with CyberSLAPP that such a practice should be restricted.

2. Did the court properly reveal Port’s identity? I believe that the court used too low a standard in revealing the blogger’s identity.  The court ordered Google to reveal the anonymous blogger because “a strong showing that a cause of action exists.”  This standard appears to be little more than requiring the plaintiff to survive a motion to dismiss.  While I’m very sympathetic to people who have been injured through online defamation and invasions of privacy, I’m also wary of courts being too quick to reveal the identities of bloggers.  I believe that in order to reveal a blogger’s identity, plaintiffs must meet the summary judgment standard, as set forth in Doe v. Cahill, 884 A.2d 451 (Del. 2005) (I blogged about it here).

3. Does Port have a cause of action against Google? I don’t think she’s got much of a case.  Google was complying with a court order.  However, over at PogoWasRight, Dissent raises the interesting point that Google had a rather anemic defense of Port’s anonymity.  Could Google be liable for not doing enough to defend Port?  Maybe, as EFF attorney Matt Zimmerman notes in Dissent’s post, if Google didn’t notify the anonymous blogger and give her a chance to respond.  Beyond that, though, I’m not sure that there’s much of a case against Google, but there may be facts I’m not aware of that would change my opinion.

4. Does Port have a cause of action against Cohen for using the legal process to reveal her identity? A better defendant than Google might be Cohen.  Port may be able to sue Cohen, perhaps for abuse of the legal process, if Port can prove that Cohen initiated a frivolous action solely to unmask her.  The revealing of an anonymous blogger’s identity is a privacy invasion in my opinion, because it links speakers to things they said that they don’t want to be connected with their true identity.  The use of legal process and obtaining of a court order might provide shelter to Cohen unless Port could prove it was just a ruse to reveal her identity.

5. How should courts protect anonymous bloggers? In addition to using the summary judgment standard, courts should require a plaintiff who finds out the identity of an anonymous blogger to keep it confidential until it absolutely must be revealed to the public.  Courts should enforce this via a protective order. A lawsuit can proceed quite far before it is necessary to reveal a litigant’s name to the general public.

Moreover, plaintiffs should be prohibited (to the extent possible) from using unmasking the identity of an anonymous blogger as a bargaining chip in settlement negotiations.

However, in the end, if a blogger has anonymously invaded a person’s privacy or defamed that person, then the blogger should be held responsible.  I fully support a person’s ability to sue for privacy violations or defamation.  Anonymity shouldn’t be a shield for hurting other people and committing torts (or crimes).  The difficulty is in robustly protecting people’s First Amendment right to speak anonymously and preventing harm to people from invasions of privacy and defamation.

For more on the Skanks case, see this other post by Kashmir Hill discussing the rights of the Skanks blogger.

For more on the issue of blogging and anonymity, see also this story on CNN about the coming-out stories of anonymous bloggers.  I have a quote in it, and the reporter kindly linked to The Future of Reputation.

Over at the New York Times Bits Blog, Jenna Wortham writes:

According to a new study conducted by Harris Interactive for CareerBuilder.com, 45 percent of employers questioned are using social networks to screen job candidates — more than double from a year earlier, when a similar survey found that just 22 percent of supervisors were researching potential hires on social networking sites like Facebook, MySpace, Twitter and LinkedIn.

The study, which questioned 2,667 managers and human resource workers, found that 35 percent of employers decided not to offer a job to a candidate based on the content uncovered on a social networking site. (The survey has no margin of sampling error because it was not drawn from a representative nationwide sample but rather from volunteer participants.)

According to [...]]]>

Over at the New York Times Bits Blog, Jenna Wortham writes:

According to a new study conducted by Harris Interactive for CareerBuilder.com, 45 percent of employers questioned are using social networks to screen job candidates — more than double from a year earlier, when a similar survey found that just 22 percent of supervisors were researching potential hires on social networking sites like Facebook, MySpace, Twitter and LinkedIn.

The study, which questioned 2,667 managers and human resource workers, found that 35 percent of employers decided not to offer a job to a candidate based on the content uncovered on a social networking site. (The survey has no margin of sampling error because it was not drawn from a representative nationwide sample but rather from volunteer participants.)

According to the report, most employers did their research on applicants by using Facebook.  I wonder whether they respected the applicants’ privacy settings.  If the applicants limited the access of their profile to a select group of friends, and the employer accessed that profile, then the employer might find themselves at odds with the Computer Fraud and Abuse Act — with possible criminal penalties!

What leads to job rejections?  Photos!  Photos involving nudity, drink, and drugs are the most frequent job killers.

As I discuss in The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, people must learn to be more careful about what they post about themselves and others or else they will face serious consequences and lost opportunities.

In an earlier post regarding college admissions officers researching applicants online, I argued that most lack guidelines for how they conduct such research and for how they use the information they find.  These questions also pertain to employers:

* Should such information be used? When?

* How heavily should it be relied upon?

* What kinds of things should negatively impact an applicant? Information about sex life? Drug use? Drinking? Bad behavior?

* What steps should be taken to make sure that the information was accurate?

* Should a distinction be made between information that people post about themselves and information that others have posted about them, perhaps invading their privacy without their consent?

* What steps should be taken to make sure that the information used in fact relates to the applicant and not to somebody else with the same name?

* Should people be notified that information online was used against them and be given an opportunity to be heard to explain it?

Attorneys live and die by documents. As I tell my students, you must write well, because lawyers are paid in large part to write. With around 1.1 million attorneys practicing in the U.S., a large amount of paper, a.k.a., courts documents, is generated [...]]]> As some of you know I am a Visiting Fellow this year at Princeton’s Center for Information Technology Policy. When I arrived a couple weeks ago, I heard about a project in the works and have been dying to tell people about it. It is now live and looks great. It is called RECAP and just may change the way people access a major part of the law. We’re talking about the law that lurks outside cases; the actual guts of litigation.

Attorneys live and die by documents. As I tell my students, you must write well, because lawyers are paid in large part to write. With around 1.1 million attorneys practicing in the U.S., a large amount of paper, a.k.a., courts documents, is generated each and every day. Court documents are essentially public documents (there are times when papers are sealed etc., but that is a separate matter). The government runs a system called PACER that allows one to search for and access U.S. Appellate, District, and Bankruptcy court records and documents. But as the Washington Post explains, “The fee to access PACER is $0.08 per page: ‘The per page charge applies to the number of pages that results from any search, including a search that yields no matches (one page for no matches.) The charge applies whether or not pages are printed, viewed, or downloaded.’ For people who do a lot of legal research, those fees add up quickly.”

In an era of transparent government, open source, and access-to-knowledge movements, it was only a matter of time before someone decided to find a way to make court documents available on a broader basis. The folks at Stanford have the IP Litigation Clearing House. That project aims to fill the “critical need for a comprehensive, online resource for scholars, policy makers, industry, lawyers, and litigation support firms in the field of intellectual property litigation.” That project has 23,000 documents and is growing. Pretty darn good, if you ask me. But wait; don’t order yet! Now comes RECAP from the folks at Princeton’s Center for Information Technology Policy. (Specifically, Harlan Yu, Steve Schultze, and Timothy B. Lee developed the project which is led by Prof. Ed Felten). Here is the link to the About Page, but let me tell you a little more.

CITP’s Harlan Yu explains:

RECAP is a plug-in for the Firefox web browser that makes it easier for users to share documents they have purchased from PACER, the court’s pay-to-play access system. With the plug-in installed, users still have to pay each time they use PACER, but whenever they do retrieve a PACER document, RECAP automatically and effortlessly donates a copy of that document to a public repository hosted at the Internet Archive.

In addition, if one is using PACER and RECAP “The documents in this repository are, in turn, shared with other RECAP users, who will be notified whenever documents they are looking for can be downloaded from the free public repository.” So when one searches for a document, one is notified about the availability of a free copy of the document.

There is probably much more to say here, but for now I want to congratulate the folks here at CITP on a great idea that uses information, technology, law, and policy to craft an elegant solution to increasing government transparency. This resource should feed almost anyone interested in practicing or studying the law. Empirical researchers alone should be drooling at this new wealth of information.

This development has much significance.  It tells [...]]]> As I noted in a blog post late last year, Mark Zuckerberg, chief executive of Facebook, has predicted that “next year, people will share twice as much information as they share this year, and that next year, they will be sharing twice as much as they did the year before.”  He explained that “people are ever more willing to tell others what they are doing, who their friends are and even what they look like as they crawl home from a college party.  Recent statistics support his optimism (and then some).  Yesterday, Zuckerberg announced that his social networking site now has 250 million active users, up from 200 million users just three months ago and 150 million in January.

This development has much significance.  It tells us that social networking is no passing fad — it is deeply embedded in our daily lives and will likely remain so despite many parents’ dismay.  It suggests that we are more connected personally (and perhaps more distracted professionally).  And it means that we entrust Facebook with an exponentially increasing amount of data.  Facebook’s information security practices and privacy policies are thus worth watching carefully.  No doubt, this development will have other far-reaching impacts so your comments are most welcome.

Wikimedia Commons Image

“It basically leaves it up to a website owner to determine what is a crime,” said Wu on Thursday, echoing what critics of the case have been saying for months. “And therefore it criminalizes what would be a breach of contract.” . . . .

Wu told Assistant U.S. Attorney Mark Krause that if Drew had been convicted of the felonies, he would have let the convictions stand, and would have already sentenced her. But the misdemeanor [...]]]> Judge George Wu has ruled that he is planning to dismiss the charges against Lori Drew, the woman involved in the MySpace suicide case involving Megan Meier.  Background about the case is here.  According to an article by Kim Zetter of Wired, who has provided terrific coverage of the case:

“It basically leaves it up to a website owner to determine what is a crime,” said Wu on Thursday, echoing what critics of the case have been saying for months. “And therefore it criminalizes what would be a breach of contract.” . . . .

Wu told Assistant U.S. Attorney Mark Krause that if Drew had been convicted of the felonies, he would have let the convictions stand, and would have already sentenced her. But the misdemeanor convictions troubled him, because of the vague wording of the statute. . . .

To convict Drew of the felonies, prosecutors would have needed to prove two things: that Drew accessed MySpace “without authorization,” and did it for the purpose of committing a tortious act — in this case, to intentionally cause harm to Megan Meier.

But for the misdemeanors, the jury just had to find that Drew obtained the unauthorized access. Wu said that language, standing on its own, was too vague to pass constitutional muster in this case.

“I don’t see how the misdemeanor aspect would be constitutional,” he said. “That is the issue I’m wrestling with at this time.”

Wu also doubted that MySpace provided sufficient notice to members to hold them responsible. If a user didn’t read the terms of service, the judge asked prosecutor Krause, could they still be charged with violating them?

In previous posts (here and here), I argued that the CFAA should be held to be unconstitutionally vague.  I’m encouraged that Judge Wu agrees, though I believe the CFAA is unconstitutionally vague not only in its misdemeanor provisions, but in its felony ones as well.

Congratulations to my colleague, Orin Kerr, who assisted in Lori Drew’s defense.

The AP story is here.