The Stanford Law Review Online has just published a piece by M. Ryan Calo discussing the privacy implications of drone use within the United States. In The Drone as Privacy Catalyst, Calo argues that domestic use of drones for surveillance will go forward largely unimpeded by current privacy law, but that the “visceral jolt” caused by witnessing these drones hovering above our cities might serve as a catalyst and finally “drag privacy law into the twenty-first century.”

Calo writes:

In short, drones like those in widespread military use today will tomorrow be used by police, scientists, newspapers, hobbyists, and others here at home. And privacy law will not have much to say about it. Privacy advocates will. As with previous emerging technologies, advocates will argue that drones [...]]]>

The Stanford Law Review Online has just published a piece by M. Ryan Calo discussing the privacy implications of drone use within the United States. In The Drone as Privacy Catalyst, Calo argues that domestic use of drones for surveillance will go forward largely unimpeded by current privacy law, but that the “visceral jolt” caused by witnessing these drones hovering above our cities might serve as a catalyst and finally “drag privacy law into the twenty-first century.”

Calo writes:

In short, drones like those in widespread military use today will tomorrow be used by police, scientists, newspapers, hobbyists, and others here at home. And privacy law will not have much to say about it. Privacy advocates will. As with previous emerging technologies, advocates will argue that drones threaten our dwindling individual and collective privacy. But unlike the debates of recent decades, I think these arguments will gain serious traction among courts, regulators, and the general public.

Read the full article, The Drone as Privacy Catalyst by M. Ryan Calo, at the Stanford Law Review Online.

This summer started off with a three part series from Professor Olufunmilayo B. Arewa looking at the credit crisis and possible changes that would focus on averting future market failures, rather than continuing to create regulations that only address past ones.  Part I of Prof. Arewa’s looks at the failure of risk management within the financial industry.  Part II analyzes the regulatory failures that contributed to the credit crisis as well as potential reforms.  Part III concludes by addressing recent legislation and whether it will actually help solve these very real problems.

Next, Professors Alan Devlin and Michael Jacobs take on an issue at the “heart of a highly divisive, international debate over the proper application of antitrust laws” – what should be done when [...]]]>

This summer started off with a three part series from Professor Olufunmilayo B. Arewa looking at the credit crisis and possible changes that would focus on averting future market failures, rather than continuing to create regulations that only address past ones.  Part I of Prof. Arewa’s looks at the failure of risk management within the financial industry.  Part II analyzes the regulatory failures that contributed to the credit crisis as well as potential reforms.  Part III concludes by addressing recent legislation and whether it will actually help solve these very real problems.

Next, Professors Alan Devlin and Michael Jacobs take on an issue at the “heart of a highly divisive, international debate over the proper application of antitrust laws” – what should be done when a dominant firm refuses to share its intellectual property, even at monopoly prices.

Professor Carter Dillard then discussed the circumstances in which it may be morally permissible, and possibly even legally permissible, for a state to intervene and prohibit procreation.

Rounding out the summer was Professor Clay Calvert’s article looking at journalists’ use of open record laws and death-related privacy rights.  Calvert questions whether journalists have a responsibility beyond simply reporting dying words and graphic images.  He concludes that, at the very least, journalists should listen to the impact their reporting has on surviving family members.

When people surf the Internet their personal information, websites and searches are collected by cookies. As I have written, people tend to disregard these privacy threats at least partly due to their lack of visibility. Even those who know that their information can be collected [...]]]> A lot has been written on Facebook and its users loss of privacy. In fact, for some, Facebook and loss of privacy have become synonyms. A major fear involves the use of Facebook users’ personal information by information aggregators who will use the data to target the sale of products.  I do not intend to contest here that Facebook users disclose a lot of personal information. But, I want to look at how accurate is the information that Facebook users reveal on Facebook. 

When people surf the Internet their personal information, websites and searches are collected by cookies. As I have written, people tend to disregard these privacy threats at least partly due to their lack of visibility. Even those who know that their information can be collected by cookies, tend to forget it as they use the Internet on a daily basis.  As a result the information collected by cookies reveals relatively true preferences. Cookies will reveal embarrassing or secret facts, such as visits to pornography sites or to  medical sites to investigate a worrying medical condition.

But Facebook is different. Facebook users are constantly aware they are being viewed. True, they may not be thinking about the companies that may eventually aggregate the information. But, for sure they are thinking of the hundreds of friends who will be reading their status updates, examining their favorite books, favorite movies and linked websites. Facebook users “package” themselves. They present themselves to the world the way they want to be perceived. Their real preferences and tastes may be somewhat or even completely different from those they present on Facebook. A criminal law professor may have in her Facebook library collection legal theory books, while in fact in her spare time she is an avid purchaser and reader of chick lit books. A twenty year old college student may want to appear cool placing links to trendy music, although his real passion remains the collection of Star Wars figures.

Some information on Facebook, such as date of birth or marriage status is less likely to be mispresented by users and provides rich ground for data mining.  But Facebook users “packaging”  raises two issues. Companies seeking to target consumers with products they actually want to purchase may find Facebook information less useful than believed. And from a privacy perspective, it is not merely the disclosure of true personal information that we should be concerned about but the creation of false or misleading  individual profiles by data mining companies that can eventually change the information and consumption options available to these Facebook users.

The New York Times reported yesterday that this conflict resulted in a settlement in which Arizona State University agreed to pay $700,000 to the [...]]]> Researchers can gain significant genetic information by studying indigenous and preferably isolated populations. Although both researchers and indigenous populations can gain from this collaboration, the two  groups often do not see eye to eye.  This was the case of the collaboration between the Havasupai Indians and researchers from Arizona State University, which resulted in a long legal fight. The Havasupai Indians were suffering from high prevalence of diabetes and agreed to give their blood samples for genetic research on Diabetes. The members of the tribe were infuriated when they found out later that their blood samples were used for other purposes, among them genetic research on schizophrenia.

The New York Times reported yesterday that this conflict resulted in a settlement in which Arizona State University agreed to pay $700,000 to the tribe members and also return the blood samples. The Havasupai Indians’ main legal claim was of violation of informed consent. Informed consent requires that patients and research subjects receive full information that will enable them to decide whether to adopt a certain medical treatment plan or participate in research. Here, the Havasupai Indians argued that the informed consent principle was violated because they were told that their blood samples will be used for one purpose while, in fact, they were used for another.

No doubt, the Havasupai Indians informed consent argument resulted in their victorious settlement. But, the harder question is whether informed consent principle can be feasibly applied  in the area of genetics.  Genetic information is not just individual information it also provides information about groups and families. For example, assume there is a tribe in which some members agree to participate in genetic research investigating Manic Depression.  Other members of the tribe refuse because they are concerned that a result showing that there is a prevalent genetic mutation for Manic Depression among them could stigmatize them and even lead to discrimination against the tribe. The researchers collect samples only from the members of the group who agree to the research. But,  the results  still provide genetic information on all members of the tribe even those who refused to participate because of their genetic connection to those who participated. 

The result in the Havasupai settlement cannot be seen then as a victory for the principle of informed consent in the area of genetics. Restricting genetic researchers to use of samples only for the purpose for which they were collected only partly resolves the informed consent problem. The group nature of genetic information makes the application of informed consent to genetic research much more complicated than that.

And true, genetic science is all about probabilities. A genetic test can rarely predict with a 100% certainty that a person will incur [...]]]>  23andMe is a genetic testing Internet site, which offers testing for over 100 genetic diseases and traits as well as ancestry testing. Many viewed 23andMe as the vehicle, which will bring genetic testing to the masses. It was promoted by “spit parties”  in which attendees spat into a test tube to have their saliva analyzed to produce their genetic profile. Yet, recently the New York Times reported that two and half years after it commenced service 23andMe has not attained its expected popularity. The report tied 23andMe’s lack of popularity to the limited usefulness of genetic information – genetic science’s inability to predict with certainty that a person is going to get sick.

And true, genetic science is all about probabilities. A genetic test can rarely predict with a 100% certainty that a person will incur a disease. I doubt, however, that this limitation is holding 23andMe back. Unfortunately, people are not very good at understanding the statistical results of genetic testing.  If anything, a woman who is told that she has a 60% of getting breast cancer is likely to dismiss the actual statistics and believe she is going to get sick. It is quite unlikely that people decided not to use 23andMe because of the low probabilities that accompany many genetic tests’ results.

Instead, fears of genetic discrimination likely played an important role in 23andMe’s failure to popularize genetic testing. People are afraid that if they undergo genetic testing and receive positive results they may lose their health insurance or their employment. As I have documented, these fears prevail although empirical data shows that genetic discrimination is in fact rare. Consequently, many individuals are inhibited by genetic discrimination concerns and choose not to undergo genetic testing.

Recently, the government enacted a relatively comprehensive federal law against genetic discrimination – the Genetic Information Nondiscrimination Act of 2008 (GINA). An important goal in legislating GINA was to alleviate fears of genetic discrimination. It was hoped that the enactment of a comprehensive federal law will provide a sense of protection and reduce genetic discrimination anxiety.  The failure of 23andMe to attain widespread popularity indicates that at least so far GINA has not been as successful as was hoped in quieting fears and encouraging the use of genetic testing technology.

CyberSLAPP’s site contains a spirited defense of a right of anonymous criticism which reads, in part:

Why is anonymous speech important?

There are a wide variety of reasons why people choose to speak anonymously. Many use anonymity to make criticisms that are difficult to state openly to their [...]]]> As Dan rightly notes, the recent court order unmasking the anonymous author of the “Skanks in NYC” blog raises serious privacy concerns. He elaborates on those concerns in his post, arguing that the court used too low of a standard, that the lawsuit may have been frivolous, and that anonymity needs greater protection. Dan links to CyberSLAPP, an EFF project which combats abusive lawsuits that seek to unmask anonymous critics of corporations or public figures.

CyberSLAPP’s site contains a spirited defense of a right of anonymous criticism which reads, in part:

Why is anonymous speech important?

There are a wide variety of reasons why people choose to speak anonymously. Many use anonymity to make criticisms that are difficult to state openly to their boss, for example, or the principal of their children’s school. The Internet has become a place where persons who might otherwise be stigmatized or embarrassed can gather and share information and support victims of violence, cancer patients, AIDS sufferers, child abuse and spousal abuse survivors, for example. They use newsgroups, Web sites, chat rooms, message boards, and other services to share sensitive and personal information anonymously without fear of embarassment or harm. Some police departments run phone services that allow anonymous reporting of crimes; it is only a matter of time before such services are available on the Internet. Anonymity also allows “whistleblowers” reporting on government or company abuses to bring important safety issues to light without fear of stigma or retaliation. And human rights workers and citizens of repressive regimes around the world who want to share information or just tell their stories frequently depend on staying anonymous sometimes for their very lives.

Is anonymous speech a right?

Yes. Anonymous speech is presumptively protected by the First Amendment to the Constitution. Anonymous pamphleteering played an important role for the Founding Fathers, including James Madison, Alexander Hamilton, and John Jay, whose Federalist Papers were first published anonymously. And the Supreme Court has consistently backed up that tradition, ruling, for example, that an Ohio law requiring authors to put their names on campaign literature was a violation of the First Amendment. Indeed, the Supreme Court has ruled that protecting anonymous speech has the same purpose as the First Amendment itself: to “protect unpopular individuals from retaliation and their ideas from suppression.”

Of course, any sensible person would be opposed to silencing today’s James Madisons or Alexander Hamiltons. Is this really the correct analogy here, though? Is Skanks in NYC like the Federalist Papers?

Because, of course, the flip side of anonymity is that it can open the door to uniquely problematic personal attacks. This problem is set out in Danielle’s article Cyber Civil Rights, where she examines cases where anonymity was used as a shield to allow malicious online mobs to harass innocent victims, who tend to be disproportionately female. (And of course, the privacy sword cuts both ways here as well — it is a rather egregious invasion of privacy for a normal person to have their private life attacked on a blog.)

The Skanks in NYC blog has been taken down, but the news reports make clear that the site was not dedicated to political discourse, human rights advocacy, or whistleblowing about problematic corporate actions. Rather, it was a series of personal attacks on the model Liskula Cohen, calling her a whore, a ho, an old hag, the “skankiest in NYC” and a “psychotic, lying, whoring … skank.” Cohen — who coincidentally was recently the victim of a freak, career-ending real-life attack by a stranger — was targeted in personal, particularly gendered ways by the Skanks in NYC site. (After all, there is no male analogue to words like slut, skank, or whore.)

These attacks affected her personally, and had negative effects on her career as well, as reported in various news accounts.

Cohen, who described herself as a “serial monogamist” and has a “zero tolerance drug policy,” said the words were defamatory and harmful to her career. Prospective clients would question her about the blog and what she was doing in the photos, she says.

“Finding new clients this year has not been a walk in the park,” she said. “I’ve worked very long in this industry.”

Frankly, Skanks in NYC doesn’t look like a set of Publius-esque words that deserves protection for anonymity. It does not match any of CyberSLAPP’s examples of helpful anonymity. Instead, it looks exactly like the many cases of anonymous and gendered personal attacks, like Autoadmit and Kathy Sierra attacks, which Danielle rightly labels destructive: Online attacks, often sexually framed, which targeted the personal well-being and careers of their disproportionately female victims.

I understand that the concern here is for the precedent. Google turned over the anonymous blogger’s identity in this case; who’s to say that they won’t do it in the case of Publius or a corporate whistleblower? But in this case, the court order is based to a large degree on the problematic nature of the blog itself — that it simply called Cohen a whore and a skank, and so was focused primarily on the alleged defamation, rather than any other substantive comment.

So it seems to me that the court got it right. I agree with Dan on the general principle that anonymity can be very beneficial and should be protected in many cases; I certainly don’t want to encourage the unmasking of any Publii. But there are exceptions to that standard, such as in the case of personal attacks like Autoadmit or Kathy Sierra, or Skanks in NYC. In those cases, I tend to fall back on a different maxim: Sunlight is the best disinfectant.

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results [...]]]> According to Help Net Security, Craig Gentry, a researcher at IBM, appears to have found a way to allow “the deep and unlimited analysis of encrypted information – data that has been intentionally scrambled – without sacrificing confidentiality.” The solution involves a an “ideal lattice.” I’ll leave the explanation of all the math to the math/computer science folks. As the Help Net article notes, the solution seems to enable some great advantages for anyone providing cloud computing for:

computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients’ behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry’s technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all.

It all sounds wonderful. One could have encrypted data and let others data mine while maintaining anonymity or privacy. Yet, something seemed odd to me. So I did what lawyers do, I called someone who knew more about computer science and asked for some help. That person explained that yes this could mean one could query an encrypted database without decrypting the data. The example to consider is a database of book purchases. One could ask how many people bought both book A and book B and see that result without ever seeing what a specific person purchased. Great, right? Not so fast.

As this person reminded me, with other sources of information one can figure out what a specific person did. That reminded me of the AOL debacle. With a little work, people were able to figure out who the anonymous subjects were.

All of which highlights that privacy is not binary. The cluster of information and the ability to analyze it seems often, if not always, to lead to problems about the use of information. So if this breakthrough allows a company or the government to claim that we should remain calm and all is well, we may want to remain clam but show how all may not be well. A few regulations about the use of the data even if supposedly anonymous, might allow the beneficial aspects of the solution to thrive while limiting the harms that can occur.

Image: WikiCommons
By: Gwenda; License: Public Domain
(My apologies to CS folks if the image does not match the breakthrough’s area of encryption)

In a world where people develop online reputations, being included in a database such as Who’s Who may [...]]]> I received an email from Who’s Who today. Apparently I have been included on their list of Who’s Who in Law Higher Education. I did not ask to be included and I am not sure that I want to be on this list. So I poked around. Mark Lemley is in their database, and my alleged relation Anuj Desai is in there too; but not Dan Burk. I did some searches on some of my co-authors here at Concurring Opinions. Many are listed, I wonder if they knew that. In addition, some of the listings have old titles (yes, that’s you Danielle, my friend). And there’s the problem.

In a world where people develop online reputations, being included in a database such as Who’s Who may not be desired. I always thought of the publication as one requiring payment for inclusion; that is apparently not so. Still that image persists in my mind so I don’t like being in the database. In addition, it is difficult to tell what criteria was used for to include or not include people. After digging around it appears I found this claim: “We maintain our own list of faculty and administration acquired from most Ph. D. granting universities across the United States and Canada. Currently more than 300,000 faculty are listed. These academicians are either nominated by other colleagues, self nominated, or have been selected and informed by our nomination committee based on the information published on them by their institutes.”

Some may argue that this is merely a database. Yet, the FAQ claims that it is:

the most comprehensive and authoritative online source of information available on leading and influential experts in the institutes of higher education. We are dedicated to creating an environment for information and collegial exchange among academicians via the Internet. We feel confident that Academic Keys can successfully supplement traditional professional magazines and journals in facilitating a powerful and dynamic communication venue. The Who’s Who in Higher Education is of critical reference value to a wide variety of groups:

- Colleagues at other universities use the Who’s Who as a valuable directory and reference.

- Government and corporations use the Who’s Who to identify expert consultants.

- Law firms use the Who’s Who to identify expert witnesses.

- Funding agencies use the Who’s Who to send RFP alerts.

- Media employees use the Who’s Who for accurate background facts on the individuals who are making news.

- It is the ideal starting point for research on individuals considered for appointments and nominations.

- The Who’s Who is an indispensable source for selection of speakers

No kidding? If any of these claims are true, then the thin and possibly erroneous information listed could harm someone’s reputation. Are people going to the site to look for experts, speakers, and so on?

In reality the site is focused on employment and seems to want to be an ad-driven service for academia-related jobs. The blanket inclusion of academics in the Who’s Who list seems to be a way to beef up the company’s image of reaching the wide range of academics. To be fair, the site has a way for one to remove one’s name. But that requires sending an email (could be an inadvertent conduit for more useless email). Worse, why should one have to work to remove one’s name from a database? It seems like a low-grade tax or blackmail. One has to find whether one is one some dubious list, whether the information is accurate, and then correct it. Which reminds me, has anyone figured out why one has to pay to have an unlisted number? But I digress.

The key idea here is that Who’s Who can scour the Web and list publicly available information. But I am not so sure why they can include people in an alleged database as if they chose to be in it without the consent of those in it. The system of “We included you, but you can remove your name” is backwards. In short opt-in, not opt-out is the better norm. They should know that and adhere to it. That approach could even enhance the company’s reputation. After all, a list of people who actually want to be on it and who provide accurate information may be useful to those seeking experts and scholarly exchange etc. As it is, a list of people who are added whether they like it or not is not something that offers useful information and mainly irritates people.

Who Are You – The Who

As Jacqueline Lipton noted Google Maps has enabled the persistence of race discrimination. Google [...]]]> Space the final frontier. These are the voyages of … ah, you know the rest. Exploration and the idea of frontiers seem to capture an important part of the human experience. The possibility of finding something new, of entering uncharted territories excites people. And, although one may want to keep the secret of the Northwest Passage or the Straits of Magellan a secret, sooner or later a map is created to increase the amount of benefit that can be extracted from the discovery. Yet with the world seeming to collapse into one connected place, the role of maps has changed. In short, maps are a new frontier for property and privacy.

As Jacqueline Lipton noted Google Maps has enabled the persistence of race discrimination. Google Maps has also spawned some other curious creations and connections. For example, I wrote about the flap over what is a true IMAX screen and that folks put together a map of IMAX screens with information about the screen size. The H1N1 (aka swine) flu epidemic revealed an interesting dual use for maps. One person created a frequently updated map with information about claimed incidents. I was curious about the source and found that one person at, what else, a bitotech company focused on recombination and disease, was behind the map. In addition, a group called Health Map seeks to offers a map that connects “disparate data sources to achieve a unified and comprehensive view of the current global state of infectious diseases and their effect on human and animal health.” On the light side, Total Film has a feature that uses Google Street view to show 25 favorite film locations.

As seems always to be the case, folks will probably soon argue about who owns what. The more interesting point might be the way maps show the malleability of information. In some hands, maps show fun things like where a film was shot. In other hands, maps provide useful epidemiological information. Yet, certain home owners may not be pleased about having tourists show up to gawk at what had been a quiet abode. Cities, counties, and even states may be upset if lay people assume that suspected or even confirmed outbreaks mean they should create a de facto or quasi-quarantine. Last, knowing where specific racial, religious, and other groups are can all too easily lead to mob behaviors.

The information mill churns. We have to sort it out. Old tools have new impacts. Today maps pose challenges. Tomorrow it will be something else. I am never certain that the law is the best way to manage these changes. Nonetheless, we have to consider what they are and how they function in case the law is asked to do so. On that note, please share any other creative and/or challenging uses of maps of which you are aware.

Last here is a little music for the trip:

Maps And Legends – R.E.M.