More Law in the Bedroom

In a recent post, I described a Swiss case of "negligent HIV transmission" in which the victim's failure to insist upon protected sex was deemed irrelevant to the defendant's guilt. Justice Edwin Cameron of South Africa wrote me: "I know this is a very ‘African’ point that ... I have been harping on, but I would have added a short observation to the first part of your discussion of the Swiss case that, it is signal that unlike in Africa, no one has suggested that the woman in the sexual encounter was less empowered than the man to take a full part in equal sexual decision-making."

Point taken. In the Swiss case, there seems to be no question that the complainant was perfectly free to insist upon condom use, and was not (as we sometimes see in these cases) convinced to forego protection by a false assurance from the partner that he was negative. There is, indeed, evidence that she normally insisted upon protection and no evidence that it was even considered by either partner in this relationship. Both clearly knew the risks of HIV and both, being conservative, could not rule out that one of them was infected. But the court just decides that doesn't matter: the defendant was legally responsible since he knew more about his past exposures than she did. Quite a fine legal balance there, which would seem to require the law (and sex partners) to draw some complicated, fact-senstive legal lines in addressing their potential "sexual liability." Advice: always bring a lawyer to bed.

Posted by Scott Burris at 05:32 AM | Comments (3) | TrackBack

Who is Responsible? The Criminalization of HIV Transmission

You may have thought that HIV is a disease, but we are seeing a serious resurgence of the idea that HIV transmission is a crime. Sure it is important to promote basic knowledge, safe sex, testing and care, but when people actually infect other people – so goes the argument – it’s time to call in the police. Criminalization has been an off-and=on issue in the US for twenty years, but the rest of the world seems to be seeing a new surge. Close on a dozen countries in West Africa have added new statutes on HIV exposure in the past two years, and there have been high-profile prosecutions in countries as different as Britain and Singapore. (For an excellent analysis of the British cases, see the book by Professor Mathew Weait; for for good coverage and analysis of the cases, see Edwin J. Bernard's blog).

Over the next few weeks, I’ll be blogging on this issue as part of my participation in the international AIDS conference in Mexico City, August 2-7. I’ll be going over the arguments against criminalization and describing the activities around the issue at the conference. For now, though, I am going to show how criminalization plays out by telling you about a very interesting decision handed down last month by the Swiss Federal Court. It is, as far as I know, the first case in which a person who did not have actual knowledge of his HIV status has been found guilty of a transmission crime. Read on…

The Story

Mr. A_______ was an “educated, cosmopolitan and experienced” gentleman who divided his time between Switzerland and Spain. During the Spring and Summer of 2002, he had unprotected sex on a number of occasions with Ms. X_______ .

A_______ believed that he was HIV-negative, but had known since 2000 that Ms B_______, a woman with whom he had also had unprotected sex, had been diagnosed with HIV. After learning of B_______’s diagnosis, A_______ had continued to have sex with her but had always used a condom. He apparently never got an HIV test himself, but believed he was not infected because he had never had the acute flu-like symptoms that usually signal seroconversion after infection. He never mentioned the fact that a past partner had tested positive for HIV to X_______. For her part, X_______ testified that she had had other partners before A, but had always practiced safe sex. The case proceeded on the theory that B_______ had infected A_______, and A_______ had then infected X_______, the complainant in the case.

So far, it sounds like a sad tale of modern love, a case of sex with detriments. A lot of passion, a good bit of denial, some stupidity, and too little communication. Routine Sex in the City stuff (for a discussion of how safe sex and STDs were dealt with on the famous show, click here.) Sex in the world, I should say, because this is pretty much the way HIV gets spread: people who know they have had unprotected sex in the past with someone whose infection they cannot rule out have sex with new people whose HIV infection they cannot rule out. Most people most of the time are lucky, particularly if they live somewhere where the overall prevalence is low and those who have HIV can get treatment, which according to another branch of the Swiss government actually renders people non-infectious. What we’d like to see happen at moments like this is that both parties recognize the risk and take precautions until such time as they can be reasonably certain that neither of them is infected. Public health interventions spread that message and try to give people the condoms, skills and confidence to practice safe sex. What it comes down to, though, is that “safe sex” really should be called “smart sex.” That, alas, makes “safe sex” a euphemism for an oxymoron, because there is not much evidence that smart is a big part of human sexual behavior. People will usually do their best, but sometimes the A_____s and X_____s of the world will be too complacent about the possibility that a guy who looks and feels great might just have HIV.

The Decision

The Swiss Federal Court saw a crime, upholding A’s conviction on charges of negligent infliction of bodily harm and negligent transmission of a deadly disease – and his nine month prison sentence. Two aspects of the court’s judgment are of particular interest: how the court transforms public health advice on safe sex into binding rules of sexual conduct, and how the victim’s failure to follow the rules does not prevent the onus of criminal responsibility being placed on the defendant.

First, the court adopted as the standard of care for criminal law purposes the Swiss health agency’s safe sex guidelines:

The measure of care to be observed in connection with the transmission risk of HIV is established by the recommendations of the Federal Office of Public Health (so-called safer sex rules). They indicate that protected sex with condoms is sufficient protection against HIV infection. Outside loyal partnerships, safer sex is always recommended, and is recommended within loyal partnerships if one of the partners is possibly infected and cannot rule out HIV infection with reasonable certainty. Reasonable certainty is a negative HIV test after three months (serological window) since the last risky encounter, including any sexual act that is not considered safer sex.

A______ happened to know that a past partner was HIV positive, but he could have been guilty even without that. If a person has had unprotected sex with anyone whose sexual history he does not know, the court declared, he “is obliged to renounce unprotected sex as long as he cannot reasonable exclude the possibility of his own HIV infection.” You’d think that this might have some implications for A’s defense, since X had also had other casual partners and, though she insisted she had always used condoms, even the court was dubious and in any event the protection rubbers afford is not complete. The court dismissed the possibility that X was contributorily negligent. Yes, she could have insisted upon condom use with A_______(as required by those “safer sex rules”), but failure to do so was no default. The decisive point was that “only [A] knew that he had had unprotected sex with the HIV-infected B.________. He never informed the complainant. Likewise, she did not know that he had failed to take an HIV test and despite the information from B.________ continued to have unprotected sex apparently unconcerned about the consequences his behavior could have.”

The court’s finding of criminal negligence on the part of A was premised on the safer sex rules and related public health efforts:

Because of the government campaigns for AIDS prevention, it must be considered to be generally known that unprotected sexual intercourse with unknown or changing sexual partners brings with it a significantly increased risk of infection and the obligation to take appropriate protective measures (use of condoms). In risky behavior these protection measures are required of all, not least of an educated, cosmopolitan and experienced person such as the respondent.

Yet X, apparently also a well-traveled and sophisticated person, was not at fault for failing to practice safer sex:

It cannot be accepted, and we will not hold, that [X] had the knowledge – particularly the knowledge of the respondent’s earlier risky contact with B_______ -- that would have been necessary to make an informed choice to engage in unprotected sex.

The court was, in my view, quite right about X. She could have figured that A might well have a risky past, since he certainly had a risky present with her, but that would have been smart sex and that is just too far from normal human behavior to constitute a fair standard for criminal law purposes. The mistake was applying that standard to the even more clueless A_______.

The decision also affirmed a civil judgment against A_____. Although I doubt that tort can play a useful role in HIV prevention (for many of the same reasons criminal law cannot), nonetheless my reaction to the court’s reasoning in its civil guise is entirely different than my reaction to its criminal enforcement. Negligence is about ordinarily human carelessness; there is certainly an element of moral blame, but it is minimal, and as Holmes famously explained, we often enforce standards in tort that we realize many of us will fail to meet a lot of the time. Most of us are lucky enough that no harm follows our carelessness. The unlucky are required to compensate their even more unfortunate victim, whose own negligence may be taken into account in the final reckoning. The sanctimony and stigma of criminal sanctions is, sensibly, absent.

More on this over the next three weeks.

The case, X v A, 6B_235/2007 /hum, is available in German on the court’s website. I’ve posted separately my translation of the key sections of the decision on this blog.

Posted by Scott Burris at 03:07 PM | Comments (0) | TrackBack

The New Foreign Intelligence Surveillance Act

I have been following the new FISA Amendments Act of 2008, but I have refrained from chiming in, as many others have been doing terrific blogging on the issue. Of particular note:

* David Kris, A Guide to the New FISA Bill (I, II, III)
* Wes Alwan, Understanding Recent Changes to FISA — A Visual Guide (Flowchart)
* Orin Kerr, The New FISA Law and the Misleading Media Coverage of It
* Marty Lederman, The Privacy-Protective Components of the New FISA Law
* Jack Balkin, The New FISA Law and the Construction of the National Surveillance State

I've been particularly dismayed at the Democrats' strategy in dealing with the FISA Amendments. Why bother to try to negotiate a FISA compromise with a presidential administration that has shown nothing but contempt for the law to begin with? The Bush Administration, instead of going to Congress and requesting a change in the FISA, went ahead and blatantly violated that law. And the Administration said it would continue to violate the law, so what's the pressing need to fix the FISA, especially when negotiating with an Administration that only will meet you about 2% of the way? Why force Obama to make a difficult choice about voting on the law, risking either looking weak on security or like a sell-out? Why not wait a few months and then pass a law with a new administration, one that will hopefully be easier to negotiate with? And how is this law any more binding on a president who says he has the right to violate a law based on his Article II powers?

Future presidents can learn a lot from all this -- do exactly what the Bush Administration did! If the law holds you back, don't first go to Congress and try to work something out. Secretly violate that law, and then when you get caught, staunchly demand that Congress change the law to your liking and then immunize any company that might have illegally cooperated with you. That's the lesson. You spit in Congress's face, and they'll give you what you want.

The past eight years have witnessed a dramatic expansion of Executive Branch power, with a rather anemic push-back from the Legislative and Judicial Branches. We have extensive surveillance on a mass scale by agencies with hardly any public scrutiny, operating mostly in secret, with very limited judicial oversight, and also with very minimal legislative oversight. Most citizens know little about what is going on, and it will be difficult for them to find out, since everything is kept so secret. Secrecy and accountability rarely go well together. The telecomm lawsuits were at least one way that citizens could demand some information and accountability, but now that avenue appears to be shut down significantly with the retroactive immunity grant. There appear to be fewer ways for the individual citizen or citizen advocacy groups to ensure accountability of the government in the context of national security.

That's the direction we're heading in -- more surveillance, more systemic government monitoring and data mining, and minimal oversight and accountability -- with most of the oversight being very general, not particularly rigorous, and nearly always secret -- and with the public being almost completely shut out of the process. But don't worry, you shouldn't get too upset about all this. You probably won't know much about it. They'll keep the dirty details from you, because what you don't know can't hurt you.

Posted by Daniel J. Solove at 08:31 PM | Comments (13) | TrackBack

The Privacy Paradox

Over at the New York Times's Bits blog, Brad Stone writes:

Researchers call this the privacy paradox: normally sane people have inconsistent and contradictory impulses and opinions when it comes to their safeguarding their own private information.

Now some new research is beginning to document and quantify the privacy paradox. In a talk presented at the Security and Human Behavior Workshop here in Boston this week, Carnegie Mellon behavioral economist George Loewenstein previewed a soon-to-be-published research study he conducted with two colleagues.

Their findings: Our privacy principles are wobbly. We are more or less likely to open up depending on who is asking, how they ask and in what context.

In one interesting experiment, students who were provided strong promises of confidentiality were less forthcoming about personal details than students who weren't provided such promises. The researchers explained this behavior as based on the fact that when an issue is raised in people's minds, they think about it more and are likely to be more concerned about it. Ironically, promising people that their privacy will be protected actually makes them think more about the dangers of their privacy being breached.

There is indeed a growing body of research that examines why people frequently state in polls that they value privacy highly yet in practice trade their privacy away for trinkets or minor increases in convenience. The work of Professor Alessandro Acquisti explores some of the reasons why people might not make rational decisions regarding privacy despite their desire to protect it.

I have also written about this in my new book, UNDERSTANDING PRIVACY (Harvard University Press, May 2008). In particular, I argue that looking at expectations of privacy is the wrong approach toward understanding privacy:

If a more empirical approach to determining reasonable expectations of privacy were employed, how should the analysis be carried out? Reasonable expectations could be established by taking a poll. But there are several difficulties with such an approach. First, should the poll be local or national or worldwide? Different communities will likely differ in their expectations of privacy. Second, people’s stated preferences often differ from their actions. Economists Alessandro Acquisti and Jens Grossklags observe that “recent surveys, anecdotal evidence, and experiments have highlighted an apparent dichotomy between privacy attitudes and actual behavior. . . . [I]ndividuals are willing to trade privacy for convenience or to bargain the release of personal information in exchange for relatively small rewards.” This disjunction leads Strahilevitz to argue that what people say means less than what they do. “Behavioral data,” he contends, “is thus preferable to survey data in privacy.”

But care must be used in interpreting behavior because several factors can affect people’s decisions about privacy. Acquisti and Grossklags point to the problem of information asymmetries, when people lack adequate knowledge of how their personal information will be used, and bounded rationality, when people have difficulty applying what they know to complex situations. Some privacy problems shape behavior. People often surrender personal data to companies because they perceive that they do not have much choice. They might also do so because they lack knowledge about the potential future uses of the information. Part of the privacy problem in these cases involves people’s limited bargaining power respecting privacy and inability to assess the privacy risks. Thus looking at people’s behavior might present a skewed picture of societal expectations of privacy.

Posted by Daniel J. Solove at 01:04 PM | Comments (5) | TrackBack

The New TSA Identification Requirement

The TSA, in its never-ending quest to inconvenience us without keeping us safe, has once again changed its rules on identification. According to the old rule, if you didn't provide ID at the airport, you would be subjected to secondary screening. Now, you may be denied the right to fly entirely. According to the TSA:

Beginning Saturday, June 21, 2008 passengers that willfully refuse to provide identification at security checkpoint will be denied access to the secure area of airports. This change will apply exclusively to individuals that simply refuse to provide any identification or assist transportation security officers in ascertaining their identity.

This new procedure will not affect passengers that may have misplaced, lost or otherwise do not have ID but are cooperative with officers. Cooperative passengers without ID may be subjected to additional screening protocols, including enhanced physical screening, enhanced carry-on and/or checked baggage screening, interviews with behavior detection or law enforcement officers and other measures.

What this rule basically seems to be doing is trying to prevent people who have a conscientious objection to presenting ID from being able to fly. For example, John Gilmore refused to present his ID and challenged the TSA identification requirement in federal court. He lost in the 9th Circuit, which held that he could have undergone secondary screening or walked away -- he wasn't forced to present his ID.

I'm one who routinely presents my ID to the TSA officials at the airport. I think that the ID requirement is stupid, but I just want to get to my plane and not be hassled. But others, for reasons of conscience or protest, do not want to present their ID at the airport. This new TSA rule strikes me as problematic from a First Amendment standpoint, since it seems to be designed to target those who don't present ID for expressive reasons. As such, this new TSA requirement might be a form of viewpoint discrimination.

Although the First Amendment doesn't restrict the TSA from requiring IDs in order to board an airplane, it does restrict using the ID requirement to penalize people who engage in expressive conduct. Because the TSA requirement seems to be targeted to this kind of expressive conduct (hence the exception for lost or stolen IDs), it may run afoul of the First Amendment.

I haven't fully analyzed this argument, so I'm just throwing it out there. Do you think that there is a First Amendment problem with the new TSA rule?

Hat tip: Bruce Schneier, who writes: "I don't think any further proof is needed that the ID requirement has nothing to do with security, and everything to do with control." Indeed, this rule will allow TSA officials who don't like you to have even greater power. If you lose your ID, you better hope that the TSA officials believe you, take pity on you, and otherwise think you're being cooperative. It's entirely up to them!

Posted by Daniel J. Solove at 12:04 AM | Comments (32) | TrackBack

Is the Computer Fraud and Abuse Act Unconstitutionally Vague?

At the National Law Journal, attorney Nick Akerman (Dorsey & Whitney) contends that the Computer Fraud and Abuse Act (CFAA) indictment of Lori Drew (background about the case is here) is an appropriate interpretation of the statute:

While this may be the first prosecution under the CFAA for cyberbullying, the statute neatly fits the facts of this crime. Drew is charged with violating §§ 1030(a)(2)(C), (c)(2)(B)(2) of the CFAA, which make it a felony punishable up to five years imprisonment, if one "intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer if the conduct involved an interstate . . . communication" and "the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State."

There is no question that the MySpace network is a "protected" computer as that term is defined by the statute. Indeed, "[e]very cell phone and cell tower is a 'computer' under this statute's definition; so is every iPod, every wireless base station in the corner coffee shop, and many another gadget." U.S. v. Mitra, 405 F.3d 492, 495 (8th Cir. 2005). There is also no question that a violation of MySpace's TOS provides a valid predicate for proving that the defendant acted "without authorization." What the commentators ignored in their critique of this indictment is that the "CFAA . . . is primarily a statute imposing limits on access and enhancing control by information providers." EF Cultural Travel B.V. v. Zefer Corp., 318 F.3d 58, 63 (1st Cir. 2003). A company "can easily spell out explicitly what is forbidden." Id. at 63. Thus, companies have the right to post what are in effect "No Trespassing" signs that can form the basis for a criminal prosecution.

If this interpretation of the law is correct, then the law is probably unconstitutionally vague. A vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. The CFAA, as construed by the prosecution in the Drew case, will probably be found vague because it authorizes or encourages arbitrary and discriminatory enforcement.

Suppose I put a notice on this post that says: "No attorneys may post a comment to this blog." Suppose Nick Ackerman comes to this site, sees this post, and and writes a comment that is defamatory. Under his theory, he can be prosecuted for violating the CFAA. He has "trespassed" on this site. Moreover, if a blog has a policy that it will not tolerate "rude, uncivil, or off-topic comments," then commenters who make such comments that are tortious (intentional infliction of emotional distress, public disclosure of private facts, false light, defamation, etc.) can be liable for a CFAA violation. Moreover, any use of a website that goes against whatever terms the operator of that site has set forth that constitutes a negligence tort is also criminal.

The problem here is that the CFAA's applicability would be extremely broad -- so broad that the cases likely to be prosecuted would be arbitrary. Since tort law is common law, and is very flexible, broad, and evolving, people would not have adequate notice about what conduct would be legal and not legal. There's a reason why tort law is different from criminal law -- we are willing to accept a lot more ambiguity and uncertainty in tort law than in criminal law, where the stakes involve potential imprisonment.

Moreover, Nick Akerman only focuses on the CFAA § 1030(c)(2)(B)(2), which makes it a felony to exceed authorized access if the offense was committed in furtherance of any tortious act.

The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication." If I'm interpreting this correctly (and I don't purport to be an expert on the CFAA), under the Drew prosecutor's interpretation of the CFAA, any time a person violates a website's terms of service and access any information from the site, there's a criminal violation. That means that if I post on this blog a notice that says: "No attorneys may access any other parts of this blog other than the front page," and an attorney accesses any other page on my blog, then there's a CFAA violation. Could the law possibly be this broad? I think it would require a narrowing interpretation in order to avoid problems of unconstitutional vagueness.

The CFAA strikes me as a very poorly drafted statute. The Drew indictment demonstrates the problems with the law. Either courts should fix the CFAA interpretively by narrowing its scope, or else strike it down as unconstitutionally vague. But what clearly cannot stand is for the law to be interpreted as the Drew prosecutor seeks to interpret it.

Hat tip: Dan Slater at the WSJ Blog

Posted by Daniel J. Solove at 02:29 PM | Comments (14) | TrackBack

My New Book, Understanding Privacy

I am very happy to announce the publication of my new book, UNDERSTANDING PRIVACY (Harvard University Press, May 2008). There has been a longstanding struggle to understand what "privacy" means and why it is valuable. Professor Arthur Miller once wrote that privacy is "exasperatingly vague and evanescent." In this book, I aim to develop a clear and accessible theory of privacy, one that will provide useful guidance for law and policy. From the book jacket:

Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information more and more available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible.

In this concise and lucid book, Daniel J. Solove offers a comprehensive overview of the difficulties involved in discussions of privacy and ultimately provides a provocative resolution. He argues that no single definition can be workable, but rather that there are multiple forms of privacy, related to one another by family resemblances. His theory bridges cultural differences and addresses historical changes in views on privacy. Drawing on a broad array of interdisciplinary sources, Solove sets forth a framework for understanding privacy that provides clear, practical guidance for engaging with relevant issues.

Understanding Privacy will be an essential introduction to long-standing debates and an invaluable resource for crafting laws and policies about surveillance, data mining, identity theft, state involvement in reproductive and marital decisions, and other pressing contemporary matters concerning privacy.

Here's a brief summary of Understanding Privacy. Chapter 1 (available on SSRN) introduces the basic ideas of the book. Chapter 2 builds upon my article Conceptualizing Privacy, 90 Cal. L. Rev. 1087 (2002), surveying and critiquing existing theories of privacy. Chapter 3 contains an extensive discussion (mostly new material) explaining why I chose the approach toward theorizing privacy that I did, and why I rejected many other potential alternatives. It examines how a theory of privacy should account for cultural and historical variation yet avoid being too local in perspective. This chapter also explores why a theory of privacy should avoid being too general or too contextual. I draw significantly from historical examples to illustrate my points. I also discuss why a theory of privacy shouldn't focus on the nature of the information, the individual's preferences, or reasonable expectations of privacy. Chapter 4 consists of new material discussing the value of privacy. Chapter 5 builds on my article, A Taxonomy of Privacy, 154 U. Pa. L.. Rev. 477 (2006). I've updated the taxonomy in the book, and I've added a lot of new material about how my theory of privacy interfaces not only with US law, but with the privacy law of many other countries. Finally, Chapter 6 consists of new material exploring the consequences and applications of my theory and examining the nature of privacy harms.

Understanding Privacy is much broader than The Digital Person and The Future of Reputation. Whereas these other two books examined specific privacy problems, Understanding Privacy is a general theory of privacy, and I hope it will be relevant and useful in a wide range of issues and debates.

For more information about the book, please visit its website.

Posted by Daniel J. Solove at 12:03 AM | Comments (5) | TrackBack

Little Brother

Cory Doctorow’s latest novel, Little Brother, is technically a young adult novel, but there is something in there for anyone interested in cyberlaw, security, national security law, and oh yeah, a rather fun, although at times scary, tale. In classic Cory fashion, he has made the book available for free (yes well before law profs such as Benkler and Zittrain did so, Cory has been a leader in the world of I-make-money-by-giving-away-my-creations). He also allows people to remix and share the new work. The downloads and remixes are licensed under a Creative Commons Attribution-Noncommercial-ShareAlike license. Now that is a business model of the new economy. For those wondering whether this approach works, it does for Cory if making the New York Times Kids Bestseller list matters. (Scoff at your own risk. Remember kids are a tremendous market). So on to the book.

Some tech/sci-fi writers give up story for ideas. They offer great fun and build excellent worlds, but when it comes to ending the story, they fall short. (I am thinking of early Stephenson here) Little Brother, however, delivers both ideas and story. That is great because one can dive in and enjoy the characters as they navigate the modern day 1984 world of the United States.

Despite, or perhaps because, the characters and the story draw one in, the details of this world are not all fun and games. Hacking, government power, security, racism, freedom, and more swirl around as decent teens trying to have a life, trying to grow and express themselves, and trying to make mischief, crash into a new world. Anyone who remembers useful acts of rebellion and the learning that goes with them should be able to identify with these kids. The beauty of having kids as main characters is that kids often have parents. Doctorow uses the parents quite well. They express the natural desire for stability and the way that once freedom-loving individuals can easily change as they age and see the world through a lens of how-do-I-protect-my-family? Whether they will protect their kids and what the protection will look like was a subtle but important theme which Doctorow navigates well. Perhaps thoughts of becoming a father fueled this sensitivity; perhaps not. Either way it works.

Some of the text tantalizes with ways for individuals to keep their communications free, secret, and/or anonymous as context requires. Exploring those issues allows Doctorow to investigate how trust of other individuals, businesses, and the government work together to create the world we enjoy or what happens if that trust fails. Cory is not shy. He does not stop there. The relationship between federal and state government, the role of the press, and how individuals can or cannot impact the system are all in play as well.

I will stop here as I do not want to give away the details. There is more to discuss, but I also hate spoilers. So here is a possible solution. For those wishing to see Cory’s take on his book check out his post on John Scalzi’s Big Idea series. In addition, Cory is quite busy, but we hope to do a phone interview this summer. That way the law issues can be addressed and those who wish to avoid spoilers can. No promises but if he and I can connect, it should be fun.

Last, you may wonder whether I’d say buy the book given that it can be downloaded for free. Well yes I would say buy it as it keeps Cory funded. Yet, what if you decide to download it? Should you donate to Cory? No. In fact he would prefer you buy a copy for you or someone you love as it works better for his publisher and him. Or ever the innovative person, Cory has another idea you may wish to pursue: a donation program for the book. In short, Cory and his assistant have assembled a list of libraries and schools that want the book. He suggests that people who downloaded the book and want to give him money, find a library or school, buy the book online, and ship it to the school. Everybody wins: the public, the publisher, and Cory (who will receive royalties). Cory sent me the file before he put it online so I could review it. Still, I plan on following his suggestion and donating a book.

Image: Courtesy of Pablo Defendini
The image is an early sketch for a potential paperback cover. Mr. Defendini has a portfolio that you may enjoy too.

Posted by Deven Desai at 12:50 PM | Comments (1) | TrackBack

Data Mining and the Security-Liberty Debate

My short essay, Data Mining and the Security-Liberty Debate, 74 U. Chi. L. Rev. 343 (2008) has just been published. I've posted the final version on SSRN. Here's the abstract:

In this essay, written for a symposium on surveillance for the University of Chicago Law Review, I examine some common difficulties in the way that liberty is balanced against security in the context of data mining. Countless discussions about the trade-offs between security and liberty begin by taking a security proposal and then weighing it against what it would cost our civil liberties. Often, the liberty interests are cast as individual rights and balanced against the security interests, which are cast in terms of the safety of society as a whole. Courts and commentators defer to the government's assertions about the effectiveness of the security interest. In the context of data mining, the liberty interest is limited by narrow understandings of privacy that neglect to account for many privacy problems. As a result, the balancing concludes with a victory in favor of the security interest. But as I argue, important dimensions of data mining's security benefits require more scrutiny, and the privacy concerns are significantly greater than currently acknowledged. These problems have undermined the balancing process and skewed the results toward the security side of the scale.

The essay critiques arguments by Richard Posner and William Stuntz, as well as Eric Posner and Adrian Vermeule's Terror in the Balance: Security, Liberty, and the Courts.

Posted by Daniel J. Solove at 12:51 AM | Comments (1) | TrackBack

Do People Have a Reasonable Expectation of Privacy in Abandoned DNA?

A recent NY Times article discusses how the police are increasingly collecting DNA samples from suspects -- not with warrants or probable cause -- they are gathering it surreptitiously from the abandoned DNA that people leave behind:

The two Sacramento sheriff detectives tailed their suspect, Rolando Gallego, at a distance. They did not have a court order to compel him to give a DNA sample, but their assignment was to get one anyway — without his knowledge.

Recently, the sheriff’s cold case unit had extracted a DNA profile from blood on a towel found 15 years earlier at the scene of the murder of Mr. Gallego’s aunt. If his DNA matched, they believed they would finally be able to close the case.

On that spring day in 2006, the detectives watched as Mr. Gallego lit a cigarette, smoked it and threw away the butt. That was all they needed.

The practice, known among law enforcement officials as "surreptitious sampling," is growing in popularity even as defense lawyers and civil liberties advocates argue that it violates a constitutional right to privacy. Mr. Gallego’s trial on murder charges, scheduled for next month, is the latest of several in which the defense argues that the police circumvented the Fourth Amendment protection against unreasonable search and seizure.

Critics argue that by covertly collecting DNA contained in the minute amounts of saliva, sweat and skin that everyone sheds in the course of daily life, police officers are exploiting an unforeseen loophole in the requirement to show “probable cause” that a suspect has committed a crime before conducting a search. . . .

"Police can take a DNA sample from anyone, anytime, for any reason without raising oversight by any court," said Elizabeth E. Joh, a law professor at University of California, Davis, who studies the intersection of genetics and privacy law. "I don’t think a lot of people understand that."

Under existing Fourth Amendment law, if you abandon something or expose it to others, then you no longer have a reasonable expectation of privacy. So if you leave trash on the curb for collection, the police can rifle through it without a warrant or probable cause. See California v. Greenwood, 486 U.S. 35 (1988).

DNA is sensitive information in many people's books, but it is also very hard to keep contained. We leave traces of DNA everywhere we go -- in hair and skin we shed, in saliva, etc. It is quite easy for law enforcement officials to obtain our DNA.

DNA is one illustration of where the current Fourth Amendment regime doesn't work very well with information privacy. It works well with papers and things -- we can hide papers away in our homes or in bags, and we can have protection in our homes. But information in today's Information Age often is hard to contain. It is hard to tuck away. The result is that our personal information is increasingly in places where the police no longer need warrants and probable cause.

Posted by Daniel J. Solove at 10:46 AM | Comments (7) | TrackBack

The Digital Person Free Online!

Last month, Yale University Press allowed me to put my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet online for free. The experiment has gone quite well. The book's website received a big bump in traffic, with many people downloading one or more chapters. The book's sales picked up for several weeks after it was placed online for free. Sales have now returned to about the same level as before the book went online.

I'm delighted to announce that NYU Press has allowed me to put my book, The Digital Person: Technology and Privacy in the Information Age (NYU Press, 2004) online for free.

Here's a brief synopsis of The Digital Person from the book jacket:

Seven days a week, twenty-four hours a day, electronic databases are compiling information about you. As you surf the Internet, an unprecedented amount of your personal information is being recorded and preserved forever in the digital minds of computers. These databases create a profile of activities, interests, and preferences used to investigate backgrounds, check credit, market products, and make a wide variety of decisions affecting our lives. The creation and use of these databases--which Daniel J. Solove calls “digital dossiers”--has thus far gone largely unchecked. In this startling account of new technologies for gathering and using personal data, Solove explains why digital dossiers pose a grave threat to our privacy.

Digital dossiers impact many aspects of our lives. For example, they increase our vulnerability to identity theft, a serious crime that has been escalating at an alarming rate. Moreover, since September 11th, the government has been tapping into vast stores of information collected by businesses and using it to profile people for criminal or terrorist activity. In THE DIGITAL PERSON, Solove engages in a fascinating discussion of timely privacy issues such as spyware, web bugs, data mining, the USA-Patriot Act, and airline passenger profiling.

THE DIGITAL PERSON not only explores these problems, but provides a compelling account of how we can respond to them. Using a wide variety of sources, including history, philosophy, and literature, Solove sets forth a new understanding of what privacy is, one that is appropriate for the new challenges of the Information Age. Solove recommends how the law can be reformed to simultaneously protect our privacy and allow us to enjoy the benefits of our increasingly digital world.

Book reviews are collected here.

Posted by Daniel J. Solove at 12:08 AM | Comments (0) | TrackBack

The NSA: The Total Information Awareness Agency

Remember when, about five years ago, a program called Total Information Awareness (TIA) came to light. TIA was a plan to create a massive government database of personal information which would then be data mined. The program led to a public outcry, with William Safire writing a blistering op-ed in the New York Times attacking TIA. In 2003, Congress voted to deny it funding.

According to the Wall Street Journal, something very similar to TIA is now being done by the NSA:

The National Security Agency, once confined to foreign surveillance, has been building essentially the same system.

The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people's communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks. . . .

Largely missing from the public discussion is the role of the highly secretive NSA in analyzing that data, collected through little-known arrangements that can blur the lines between domestic and foreign intelligence gathering. Supporters say the NSA is serving as a key bulwark against foreign terrorists and that it would be reckless to constrain the agency's mission. The NSA says it is scrupulously following all applicable laws and that it keeps Congress fully informed of its activities.

According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called "transactional" data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA's own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge's approval when a link to al Qaeda is suspected.

The article continues, discussing how the debate over the Foreign Intelligence Surveillance Act (FISA) and immunity for telecommunications companies is only getting at the tip of the iceberg:

It isn't clear how many of the different kinds of data are combined and analyzed together in one database by the NSA. An intelligence official said the agency's work links to about a dozen antiterror programs in all.

A number of NSA employees have expressed concerns that the agency may be overstepping its authority by veering into domestic surveillance. And the constitutional question of whether the government can examine such a large array of information without violating an individual's reasonable expectation of privacy "has never really been resolved," said Suzanne Spaulding, a national-security lawyer who has worked for both parties on Capitol Hill.

NSA officials say the agency's own investigations remain focused only on foreign threats, but it's increasingly difficult to distinguish between domestic and international communications in a digital era, so they need to sweep up more information.

All this occurs with little to no oversight. Congress seems unwilling to perform much of an oversight role. The courts are not all that excited about it either. The Supreme Court has already limited the reach of the Fourth Amendment, making it possible for the government to collect records from businesses with no oversight and few limits. The courts today are finding many ways to dismiss lawsuits challenging the NSA surveillance -- through an expansive application of the state secrets doctrine or through uncharitable views of plaintiffs' standing to bring a challenge. The Executive Branch, it seems, can do whatever it wants. All of this strikes me as a tremendous failure of our political system.

Posted by Daniel J. Solove at 10:24 AM | Comments (0) | TrackBack

The National Data Exchange

From the Washington Post:

As federal authorities struggled to meet information-sharing mandates after the Sept. 11, 2001, terrorist attacks, police agencies from Alaska and California to the Washington region poured millions of criminal and investigative records into shared digital repositories called data warehouses, giving investigators and analysts new power to discern links among people, patterns of behavior and other hidden clues.

Those network efforts will begin expanding further this month, as some local and state agencies connect to a fledgling Justice Department system called the National Data Exchange, or N-DEx. Federal authorities hope N-DEx will become what one called a "one-stop shop" enabling federal law enforcement, counterterrorism and intelligence analysts to automatically examine the enormous caches of local and state records for the first time. . . .

Federal authorities have high hopes for the N-DEx system, which is to begin phasing in as early as this month. They envision a time when N-DEx, developed by Raytheon for $85 million, will enable 200,000 state and local investigators, as well as federal counterterrorism investigators, to search across millions of police reports, in some 15,000 state and local agencies, with a few clicks of a computer mouse. Those reports will include names of suspects, associates, victims, persons of interest, witnesses and any other person named in an incident, arrest, booking, parole or probation report.

The system will be accessible to federal law-enforcement agencies, such as the FBI, and state fusion centers. Intelligence analysts at the National Counterterrorism Center and FBI's Foreign Terrorist Tracking Center likely will have access to the system as well.

"The goal is to create a one-stop shop for criminal justice information," the FBI's Bush said.

There is nothing inherently wrong with law enforcement agencies sharing data under certain circumstances, but I definitely think it is problematic that we lack a good system of legal regulation over how and when they can share it, what they can do with the information, how they ought to maintain it, and so on.

Image credit: jaylopez

Posted by Daniel J. Solove at 01:26 PM | Comments (2) | TrackBack

The FBI Does It Again

From the Associated Press:

The FBI acknowledged it improperly accessed Americans' telephone records, credit reports and Internet traffic in 2006, the fourth straight year of privacy abuses resulting from investigations aimed at tracking terrorists and spies.

The breach occurred before the FBI enacted broad new reforms in March 2007 to prevent future lapses, FBI Director Robert Mueller said Wednesday. And it was caused, in part, by banks, telecommunication companies and other private businesses giving the FBI more personal client data than was requested.

Testifying at a Senate Judiciary Committee hearing, Mueller raised the issue of the FBI's controversial use of so-called national security letters in reference to an upcoming report on the topic by the Justice Department's inspector general.

An audit by the inspector general last year found the FBI demanded personal records without official authorization or otherwise collected more data than allowed in dozens of cases between 2003 and 2005. Additionally, last year's audit found that the FBI had underreported to Congress how many national security letters were requested by more than 4,600.

At the end of the article is a very apt quote by a former FBI official:

"The credibility factor shows there needs to be outside oversight," said former FBI agent Michael German, now a national security adviser for the American Civil Liberties Union. He also cast doubt on the FBI's reforms.

"There were guidelines before, and there were laws before, and the FBI violated those laws," German said. "And the idea that new guidelines would make a difference, I think cuts against rationality."

I've long recommended that the FBI be better regulated and placed under better oversight:

A charter defining the FBI’s scope and powers as well as requiring more regular congressional oversight would go a long way to ensuring against the terrible abuses of the FBI’s past. A detailed proposal for such a charter is beyond the scope of this Article. The bulk of such a charter, however, could be composed by codifying existing internal FBI Guidelines into law. The Church Committee recommended a legislative charter to govern intelligence gathering activities, but many of the Committee’s proposals were put into operation through executive orders and guidelines. Executive orders and Attorney General Guidelines are the “primary source of authority for national security surveillance.”

Unfortunately, executive orders and guidelines can all be changed by executive fiat, as demonstrated by Ashcroft’s substantial revision to the guidelines in 2002. Moreover, the Attorney General Guidelines are not judicially enforceable. The problem with the current system is that it relies extensively on self-regulation by the executive branch. Much of this regulation has been effective, but it can too readily be changed in times of crisis without debate or discussion. Codifying the internal executive regulations of the FBI would also allow for public input into the process. The FBI is a very powerful arm of the executive branch, and if we believe in separation of powers, then it is imperative that the legislative branch, not the executive alone, become involved in the regulation of the FBI. The guidelines should be judicially enforceable to ensure that they are strictly followed.

I recommend that the original FBI guidelines, under Attorney General Levi, should be used as the foundation for a legislative charter for the FBI. The Levi Guidelines were crafted to prevent the abuses chronicled by the Church Committee, and they provide strong limits on the use of surveillance directed at free speech and political activities. The threshold standards of the Levi Guidelines are more meaningful than the watered-down versions employed in subsequent revisions. The Levi threshold standards are not insurmountable—they are a practical compromise between privacy and effective law enforcement that safeguards against abuses.

Additionally, the charter should require Congress to undertake an extensive assessment of intelligence activities at five- to ten-year intervals. This assessment would be similar in scope to the Church Committee Report. The Church Committee performed a profoundly valuable service, exposing and memorializing surveillance abuses that occurred over a period of about forty years. This kind of thorough accounting of the often clandestine activities of governmental intelligence agencies should not be an isolated undertaking.

Posted by Daniel J. Solove at 12:17 PM | Comments (0) | TrackBack

Battlestar Galactica Interview

We are thrilled to offer readers of Concurring Opinions an interview with Ron Moore and David Eick, creators of the hit television show Battlestar Galactica. Daniel Solove, Deven Desai, and David Hoffman ask the questions. We would like to thank Professor John Ip for suggesting some of the torture questions. Our interview lasts a little over an hour, and we'll be providing it to you in several parts over the next few days.

Our goal was to explore some of the themes of the show in a deeper manner than many traditional interviews. Ron and David graciously agreed to give us an hour of their time, and we had a fascinating conversation with them.

Our interview is structured in three parts. Part I, available in two files (see the end of this post to download), focuses on the issues of legal systems and morality. It examines the lawyers and trials in the show. It also examines how torture is depicted, as well as how the humans must balance civil liberties and security.

Part II examines politics and commerce. It explores how the cylon attack affected the humans' political system, and it examines how commerce works in the fleet.

Part III examines issues related to cylons, such as the humans' treatment of cylons, how robots should be treated by the law, how the cylons govern themselves politically. Additionally, Part III will explore the religious issues involved in the show.

The new Battlestar Galactica, which premiered initially as a miniseries in 2003 on the SciFi Network, is only loosely based on the earlier show by the same name during 1978 and 1980. The new Battlestar Galactica is breathtaking science fiction, and it has widespread appeal beyond science fiction fans. Numerous critics have hailed it as one of the best shows on television. Time Magazine, for example, listed it as one of the top television shows and described it as "a ripping sci-fi allegory of the war on terror, complete with religious fundamentalists (here, genocidal robots called Cylons), sleeper cells, civil-liberties crackdowns and even a prisoner-torture scandal."

The show chronicles the struggle for survival of a small band of humans who escaped a devastating genocidal attack by intelligent robots called cylons. The humans created the cylons for use as slaves. The cylons rebelled and a war erupted between the humans and cylons. But a truce was reached, and the cylons disappeared. But forty years later, the cylons launched a massive surprise attack, destroying the human society (called the Twelve Colonies) with nuclear missiles. Only a small group of humans aboard spaceships survived.

The show depicts the humans’ difficult fight for survival and the tough choices they must make along the way. The cylons have developed technology to allow them to take human form, and some of the humans within the group of survivors are really cylons. More information about the show is here.

The show is heavily influenced by modern events, especially terrorism, war, and torture. In a time of emergency, how should we balance security and liberty? How do we deal with enemies who may be burrowed in among us? How does a society decimated in a war reconstitute its political, economic, and legal systems?

Battlestar Galactica was honored with a prestigious Peabody Award and twice as an official selection of the American Film Institute top television programs for 2005 and 2006.

Because the show explores so many interesting issues so deftly, it has attracted a large group of fans in the legal academy. We know of many law professors who count Battlestar Galactica as one of their favorite shows, and this is why we thought it would be fascinating to speak with the creators and writers of the show -- Ron Moore and David Eick.

Ron Moore is a co-creator, executive producer, and writer of Battlestar Galactica. Previously, Ron wrote or co-wrote 27 episodes of Star Trek: The Next Generation, including the two-hour series finale "All Good Things," for which he won a Hugo Award in 1994. That same year, Ron was honored with an Emmy Award nomination and was eventually promoted to producer. In 1994, Ron joined the writing staff of Star Trek: Deep Space Nine as supervising producer and was elevated to co-executive producer the following year. Ron spent five seasons on the series until the end of its successful run in 1999. In the fall of 2002, he was named show-runner and executive producer of HBO’s critically-acclaimed one-hour drama Carnivale. In 2006 Ron was nominated for an Emmy Award for Best Writing in a Dramatic Series for his work on Battlestar Galactica. Ron studied political science at Cornell University, and he lives in California with his wife and three children. He has a blog, which he started during the Writer's Guild Strike.

David Eick is also a co-creator, executive producer, and writer of Battlestar Galactica. Prior to his involvement in Battlestar Galactica, David was Executive Vice President of USA Cable Entertainment (USACE), where he was the company’s point person to the creative community and oversaw all aspects of the division, which developed, financed and acquired product for initial exhibition on USA Network and SCI FI Channel. While there, the studio produced USA Network’s critically lauded drama series Touching Evil, as well as the hit series Monk. Prior to his network experience, David spent six years at Renaissance Pictures, where he held a variety of positions and produced the hugely successful syndicated series Hercules: The Legendary Journeys. David also co-developed and launched its successful spinoff, Xena: Warrior Princess. Additionally, David also produced many others shows. He recently developed The Bionic Woman for NBC. David graduated from the University of Redlands in California with a BA in political science. He resides in Los Angeles with his wife and three children.

For readers unfamiliar the show, you should catch up by watching the DVDs of the first few seasons. Currently, the show is about to start its fourth and final season on Friday, April 4th at 10PM Eastern.

Season 1 on DVD
Season 2.0 on DVD (episodes 1-10)
Season 2.5 on DVD (episodes 11-20)
Season 3 on DVD (not yet available, but coming soon)

Additionally, you can watch the movie Battlestar Galactica: Razor, a made-for-TV movie that premiered in fall 2007.

In this interview, we explore the legal, political, economic, and social ideas raised by the show. Our interview is structured as follows:

PART I-A: LEGAL SYSTEMS
Topics: The legal system, lawyers, trials, and tribunals.
Length: 11 minutes, 51 seconds
File Size: Approximately 11 MB

PART I-B: TORTURE, NECESSITY, AND MORALITY
Topics: Torture, necessity vs. moral principles, deference to the military
Length: 18 minutes, 1 second
File Size: Approximately 16.5 MB

PART II: POLITICS AND ECONOMY
Topics: Politics and commerce
Length: 13 minutes, 57 seconds
File Size: Approximately 13 MB

PART III: CYLONS
Topics: Cylons and humans, cylon rights, cylon society and governance, religion
Length: 16 minutes, 15 seconds
File Size: Approximately 15 MB

Read the Transcripts -- The interview has now been transcribed. You can read Part I here, and Parts II and III here.

Posted by Daniel J. Solove at 09:19 AM | Comments (34) | TrackBack

The New Identification: The FBI's Biometric Database

From CNN:

The FBI is gearing up to create a massive computer database of people's physical characteristics, all part of an effort the bureau says to better identify criminals and terrorists.

But it's an issue that raises major privacy concerns -- what one civil liberties expert says should concern all Americans.

The bureau is expected to announce in coming days the awarding of a $1 billion, 10-year contract to help create the database that will compile an array of biometric information -- from palm prints to eye scans.

Kimberly Del Greco, the FBI's Biometric Services section chief, said adding to the database is "important to protect the borders to keep the terrorists out, protect our citizens, our neighbors, our children so they can have good jobs, and have a safe country to live in."

But it's unnerving to privacy experts.

"It's the beginning of the surveillance society where you can be tracked anywhere, any time and all your movements, and eventually all your activities will be tracked and noted and correlated," said Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Project.

The FBI already has 55 million sets of fingerprints on file. In coming years, the bureau wants to compare palm prints, scars and tattoos, iris eye patterns, and facial shapes. The idea is to combine various pieces of biometric information to positively identify a potential suspect.

I am not one who believes that biometric identification is inherently bad, but the problem is that we don't have the appropriate legal architecture in place to use it responsibly. For example, data security is woeful -- whether it be government entities or private sector companies -- and the law has not effectively grappled with this problem yet. As we move toward biometric identification, what if that data falls into the wrong hands? It's one thing for one's Social Security number to be leaked, a number which a person can change with a lot of bureaucratic hassle. But people can't change their eyes or other biometric characteristics. All this makes a recipe for disaster. What are the odds that biometric information will actually be kept secure? My guess, especially given the massive number of data security breaches over the past few years, is that there will be some big leaks of biometric information in the future. I can see the data security breach notification letters already:

Dear John Doe:

We regret to inform you that your biometric data, including eye scan, fingerprint, DNA, and other information, have been leaked. An employee took it home on a laptop and that computer was stolen by a band of identity thieves. Your information might now be used for all sorts of illicit purposes, and you may find yourself suddenly arrested, deported, or sent to Guantanamo based on something the thief may have done with your data. There's no credit monitoring or freeze or similar measure you can use to protect yourself. We suggest that you change your eyes, fingerprints, and DNA. Otherwise, all we can say is that we're really sorry, and we'll be sure to be more careful in the future. Of course, although we want you to have a lot of anxiety about all the dangers and risks we've exposed you to, we're not foolish enough to admit you've been harmed, and if you sue us, we'll be sure to insist adamantly that you weren't ever harmed at all.

An additional problem is that there currently is not a good regulatory system in place to guard against abuses in the system or to provide oversight. How long can the data be stored? How broadly should it be collected? According to the article, "[t]he FBI says it will protect all this personal data and only collect information on criminals and those seeking sensitive jobs." But there's nothing stopping the FBI in the future from expanding the database at its own discretion. Who will ensure the accuracy of the data? Right now, data maintained by government agencies is protected by the Privacy Act of 1974, 5 U.S.C. § 552a, but this law has proven to be very ineffective at maintaining control over how government agencies collect, maintain, and use personal information.

Posted by Daniel J. Solove at 01:36 PM | Comments (4) | TrackBack

Ah the Good Old Days When You Could Spy Without Help: Private Companies and Their Cooperation with Eavesdropping

Yet again technology is cited as a problem requiring change. This time it is in the familiar realm of government access to telecommunications. As the New York Times reports:

The federal government’s reliance on private industry has been driven by changes in technology. Two decades ago, telephone calls and other communications traveled mostly through the air, relayed along microwave towers or bounced off satellites. The N.S.A. could vacuum up phone, fax and data traffic merely by erecting its own satellite dishes. But the fiber optics revolution has sent more and more international communications by land and undersea cable, forcing the agency to seek company cooperation to get access.

This information is not exactly new, but the article also notes that it is not just recent terrorist concerns that have prompted the government to seek help in tracking communications. The N.S.A. and the D.E.A. have apparently been “collecting the phone records showing patterns of calls between the United States, Latin America and other drug-producing regions” since the 1990s and the program may be expanding. At bottom the concern is that the Bush Administration wants to offer retroactive protection for the companies that cooperated with the government because as Attorney General Mukasey and director of national intelligence have argued without that protection would be reluctant to help. Yet the article details that some companies such as Verizon may have cooperated and even run a line to a military facility whereas others refused to cooperate because they feared public reaction regarding their privacy. Immunity thus is not necessarily why the companies did not cooperate.

Put differently, how affording such protection makes sense is unclear unless the immunity would work in a way analogous to prosecutorial immunity: “You have to work with us.” “But it’s against the law.” “Maybe. But you aren’t liable anymore so just do it.” Again as long companies fear “customers’ demands for privacy and shareholders’ worries about bad publicity,” the immunity should be less of an issue. Still from an in-house attorney perspective, persuading the other executives that the best practice is not to cooperate would be harder to do if there is general immunity for cooperating in breaking the law. The immunity removes a powerful argument against what should be a practice to be avoided.

image: Thisbe - John William Waterhouse Wikicommons

Posted by Deven Desai at 02:36 AM | Comments (0) | TrackBack

Do Police Officers Have a Privacy Right Not to Be Recorded?

Over at the VC, Eugene Volokh has an excellent post criticizing convictions of individuals under state wiretapping laws for secretly recording their encounters with the police. He quotes Commonwealth v. Hyde, 750 N.E.2d 963 (Mass. 2001), which states:

This case raises the issue whether a motorist may be prosecuted for violating the Massachusetts electronic surveillance statute ... for secretly tape recording statements made by police officers during a routine traffic stop. A jury in the District Court convicted the defendant on four counts of a complaint charging him with unlawfully intercepting the oral communications of another .... We conclude that [the state interception law] strictly prohibits the secret electronic recording by a private individual of any oral communication, and makes no exception for a motorist who, having been stopped by police officers, surreptitiously tape records the encounter.

The Massachusetts electronic surveillance law at issue in Hyde requires that all parties to a communication consent if it is to be wiretapped or bugged. Many wiretapping laws permit wiretapping or bugging if one party to the communication consents. So if you're secretly recording your own conversations with others, it is ok since one party (you) is consenting. The federal Electronic Communications Privacy Act is a one-party consent statute. But several states require that all the parties to a communication consent. Such is the law in Massachusetts.

Eugene writes:

So there you have the dark side of "privacy" -- the law aimed at protecting privacy ends up wrongly restricting people's liberty, and people's ability to protect themselves against police misconduct.

Eugene and I often disagree on privacy issues, but on this one, I strongly agree with him. The court's interpretation of the electronic surveillance law strikes me as contrary to reasonable public policy. When government officials are performing their public functions, it strikes me as inapt to say that they have "privacy." Instead, they may operate in secrecy, but that's not the same thing as privacy. Privacy is misused when government officials claim it to perform their official functions -- it then becomes nothing more than an argument to keep important information from public scrutiny and public accountability.

Many electronic surveillance laws do not make exceptions for recording one's own encounters with the police or with other government officials. They should. Obviously, such laws should protect against someone who secretly wiretaps a government official's phone and listens in on all of that official's conversations. But the laws should not prohibit a citizen from recording her conversations and encounters with government officials when they are engaged in their official duties.

Unfortunately, the majority in Hyde chose to interpret the law rather strictly. It didn't have to do so. Consider the argument of the dissent:

The purpose of G.L. c. 272, § 99, is not to shield public officials from exposure of their wrongdoings. I have too great a respect for the Legislature to read any such meaning into a statute whose purpose is plain, and points in another direction entirely. Where the legislative intent is explicit, it violates a fundamental rule of statutory construction to reach a result that is plainly contrary to that objective. . . . To hold that the Legislature intended to allow police officers to conceal possible misconduct behind a cloak of privacy requires a more affirmative showing than this statute allows. . . .

The statute, on its face, makes no exception for me