Author: DCherubin

Christian Oronsaye

Privacy Rights Groups Fight FAA on Use of Drones in U.S.

Reports have it that some privacy advocacy groups have petitioned the Federal Aviation Administration (FAA) in connection with the increase in the use of aerial drones in the United States. We understand that more than 30 organizations, including the American Civil Liberties Union (ACLU), the Bill of Rights Defense Committee, and the Electronic Privacy Information Center — which have also served as key opponents to the Transportation Security Administration and the Department of Homeland Security — have demanded that the FAA hold a rulemaking session to consider all the violations to American privacy and safety posed by the proposal.

The ACLU Petition in part states as follows:

Drones greatly increase the capacity for domestic surveillance. Gigapixel cameras used to outfit drones are among the highest definition cameras available, and can “provide real-time video streams at a rate of 10 frames a second.” On some drones, operators can track up to 65 different targets across a distance of 65 square miles. Drones may also carry infrared cameras, heat sensors, GPS, sensors that detect movement, and automated license plate readers. In the near future these cameras may include facial recognition technology that would make it possible to remotely identify individuals in parks, schools, and at political gatherings.

The link to the site is set out below:

http://www.thenewamerican.com/usnews/constitution/11033-privacy-rights-groups-fight-faa-on-use-of-drones-in-us

Christian Oronsaye

Supreme Court Justices say GPS tracker violated privacy rights

The United States Supreme Court on Monday (01/23/2012) unanimously ruled that the police violated the Constitution when they placed a Global Positioning System tracking device on a suspect’s car and tracked its movements for 28 days.

The case concerned Antoine Jones, who was the owner of a Washington nightclub when the police came to suspect him of being part of a cocaine-selling operation. They placed a tracking device on his Jeep Grand Cherokee without a valid warrant, tracked his movement for a month and used the evidence they gathered to convict him of conspiring to sell cocaine. He was sentenced to life in prison.

The United States Court of Appeals for the District of Columbia Circuit overturned his conviction, saying the sheer amount of information that had been collected violated the Fourth Amendment, which bars unreasonable searches.  The court noted that “the government physically occupied private property for the purpose of obtaining information. We have no doubt that such a physical intrusion would have been considered a ‘search’ within the meaning of the Fourth Amendment when it was adopted.”

The Supreme Court affirmed that decision, but on a different ground. “We hold that the government’s installation of a G.P.S. device on a target’s vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a ‘search,’ ” Justice Antonin Scalia wrote for the majority. Chief Justice John G. Roberts Jr. and Justices Anthony M. Kennedy, Clarence Thomas and Sonia Sotomayor joined the majority opinion.

Link: http://www.nytimes.com/2012/01/26/opinion/gps-and-the-right-to-privacy.html

Christopher Poole

 

Private Sector Brushes Up Against EU’s “Right to be Forgotten”

 

In January of this year the European Commission unveiled a series of proposed reforms to the 1995 Data Protection Directive. While the reforms are significant in many respects, one key aspect is the Article 17 ‘right to be forgotten.’ In short, the ‘right’ would require that organizations handling personal data online respond to and fulfill requests by persons to delete such data.[1] As Professor Jeffrey Rosen has stated, “If requested to do so companies such as Facebook and Google would have to remove photos that people post about themselves and later regret, even if the photos have been widely distributed already.”[2]

 

While many have welcomed such a right, some in both academia and the private sector have expressed concern over the far-reaching implications of such a law. Rosen himself has noted that perhaps the most crucial aspect of the proposed regulation may be in that it  “treats takedown requests for truthful information posted by others identically to takedown requests for photos” users have posted themselves, raising questions about freedom of speech and the role of online services as censors.

 

One major player in the privacy game is already finding itself under pressure. Google has publicly expressed concern over what it sees as the broadness of the regulation, arguing that it may not adequately address the “important distinctions that need to be made between services that host content created by people (such as Facebook and YouTube) and services that point people to content that exists elsewhere (for example, search engines such as Google, Bing and Yahoo!).”[3] Facing EU scrutiny over its revamped privacy policy[4], Google is already squaring off against claims of a broad right to be forgotten in the EU. This past week, Spain’s highest court requested the European Court of Justice to decide if Spanish citizens may lawfully require Google to remove data from its search engine and associated services.[5] The formal referral to the ECJ comes after authorities in Madrid have received “over 100” such requests for Google to delete data, including cases such as a “plastic surgeon [who] wants to get rid of archived references to a botched operation.”

 

Cited:

 

[1] Commission proposes a comprehensive reform of data protection rules to increase users’ control of their data and to cut costs for businesses, http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/46&format=HTML&aged=0&language=EN&guiLanguage=en (text of the proposed regulations directly available at Article 17: Right to be forgotten and to erasure, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf).

 

[2] The Right to be Forgotten, http://www.stanfordlawreview.org/online/privacy-paradox/right-to-be-forgotten .

 

[3] Our thoughts on the right to be forgotten, http://googlepolicyeurope.blogspot.com/2012/02/our-thoughts-on-right-to-be-forgotten.html .

 

[4] EU agencies say Google breaking law: commissioner, http://www.reuters.com/article/2012/03/01/us-google-privacy-eu-idUSTRE82011K20120301 .

 

[5] Spain refers Google privacy complaints to EU’s top court, http://www.reuters.com/article/2012/03/02/us-eu-google-idUSTRE8211DP20120302 .

 

For more information:

 

Data protection reform: Frequently asked questions,

http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/12/41&format=HTML&aged=0&language=EN&guiLanguage=fr .

 

Google picks holes in EU’s ‘right to be forgotten’, http://www.zdnet.co.uk/news/regulation/2012/02/17/google-picks-holes-in-eus-right-to-be-forgotten-40095071/

 

EU agencies say Google breaking law: commissioner,

http://www.reuters.com/article/2012/03/01/us-google-privacy-eu-idUSTRE82011K20120301 .

Khan Shing

 

Class Action Over Facebook Sponsored Stories Proceeds

 

Late last year, Facebook rolled out its “Sponsored Story” ad program.  Among the online marketing community, this was probably the most anticipated Facebook product release of the past year.  The gist of it is that anytime you post something about, or Like, a product, brand, event, etc. of a an advertiser, that post might get redisplayed on your outgoing feed as a Sponsored Story, with the advertiser’s brand prominently displayed.  COO Sheryl Sandberg has described this as an important innovation in display ads, since people are far more likely to buy products from brands their friends recommend.  Insiders at Facebook, as well as many outside analysts, also think this will be a critical part of the company’s efforts at increasing its share of the online display ad market.

However, Sponsored Stories also led to class action lawsuits being filed on behalf of Facebook users, alleging various privacy, misappropriation, and unfair business practices claims.  As discussed here, http://goo.gl/hWUJR, a district court in California allowed one of these cases to move forward.  In previous cases, Facebook has made arguments that they have commercial free speech rights in their targeted ad programs and they will likely make similar arguments here.  While Sponsored Stories is certainly a clever way for Facebook to profit from the massive, and to this point largely free, marketing campaigns being waged all over the social network, it is equally clear the ad program has great potential to cause mischief.  Since Facebook does not allow users to opt out of the program, anyone can accidentally become a virtual pitchman for a product based on a post that is taken out of context or, as is often the case, made ironically.  Case in point: http://goo.gl/1qjDL

Felicity Kohn

California has reached an agreement designed to protect the privacy of mobile app users with Amazon.com, Apple, Google, HP, Microsoft, and a company called Research in Motion.  The agreement was sparked by the fact that smartphone apps routinely transmit users’ contacts and other personal data, including location, identity, messages, and photos, without their knowledge.  Both Apple and Google already require app developers to ask users for permission to obtain personal data.  However, users are rarely told which data is being collected or how it will be stored or used.  Moreover, some developers – even makers of very popular apps – have collected and transmitted users’ contact lists without their consent.

 

California’s agreement requires developers of apps for mobile phones to post clearly marked privacy policies explaining what personal information they will collect and how they will use it.  According to the California attorney general’s office, only 5% of mobile apps currently have a privacy policy in place.  In addition to requiring app developers to post privacy policies, California’s agreement also requires app store providers like Apple and Google to provide ways for users to report apps that don’t comply.  In an interesting connection to our conversation about FTC enforcement powers, the California attorney general’s office said that developers who violated their own privacy policies could be prosecuted under California’s Unfair Competition Law and False Advertising Law.

 

California’s agreement also relates to our conversation about the White House’s suggestion for multistakeholder meetings to develop enforceable codes of conduct, in that the statement by California attorney general suggests that this agreement was born of just such a process: “[T]hese companies have to be commended for accepting the invitation to meet around our table, act on it and sign the agreement…”  Perhaps this agreement indicates the willingness of tech companies to engage in that kind of a process.

 

Finally, it’s interesting – and perhaps telling – that California brokered the deal with these major tech companies since it is the state that was on the forefront of requiring notices to consumers regarding breaches of their data, and the casebook notes that most states then followed suit (p. 881-82).  Thus, state regulation may provide yet a third means (other than Congressional action and White House policy) of advancing the cause of consumer privacy.

 

The link to the article is here: http://bits.blogs.nytimes.com/2012/02/22/california-attorney-general-reaches-deal-on-app-privacy/?scp=6&sq=privacy&st=cse

 

Bruna Izydorczyk
Obama’s effort to enforce clear rules on privacy

 

President Obama took the initiative to convoke major technology companies – of course Facebook and Google are involved – to craft voluntary codes of conduct for handling consumer data based on a bill of rights for Web users. Among other reasons, this initiative represents a Congress answer to the existence of modern foreign rules on the subject – the European Directive on privacy – and also, an attempt to avoid cross-border issues on privacy/data control.

 

The development of such policies/rules will take place through meetings among the Commerce Department, companies and consumer groups. The Federal Trade Commission, which has the authority to act when companies engage in unfair and deceptive trade practices, would have the challenging mission to implement and enforce the standards approved.

 

However, the effort to create clear policies on privacy seems to be interesting for the companies, whom are interested in obtaining competitive advantages in well serving their consumers. As we all know, consumer’s trust is essential for the success of any business. Let’s hope that the future of privacy in US relies also in the collective importance of the matter, and not only in the economic analysis of this issue.

 

For more information, please see:

 

http://news.businessweek.com/article.asp?documentKey=1377-a5jAQ79TwrjI-2MRQR870NSTPL8TGO31UVR346I

Brian Smith

Netflix Advocates for Amendment to VPPA

 

Netflix, the popular DVD rental and video streaming service, is currently supporting an amendment to the Video Privacy Protection Act (VPPA) (18 U.S.C. 2710).  The proposed amendment would allow video tape service providers (which includes Netflix) to disclose a consumer’s video rental history if that consumer has given written consent prior to the disclosure. Under current law, a company must seek consent “at the time the disclosure is sought.” Netflix claims that this reform is necessary before a proposed integration of Netflix and Facebook can be achieved, which will allow users to share the titles of the movies they watch with their Facebook friends.

 

Privacy advocacy organization EPIC claims that this reform would shift the control over a user’s rental history form the consumer to the company, allowing companies like Netflix to broadcast a user’s rental and viewing history automatically after a one-time consent.  The amendment has already passed the House, and the Senate’s Privacy Subcommittee held hearings on the subject in January.

 

By liberalizing when and how video rental services may share a user’s rental history, this proposed amendment is poised to substantially weaken the VPPA.  This legislation was originally passed in response to the disclosure of Robert Bork’s video rental history to the public, and integrating Facebook with Netflix could lead to similar inadvertent disclosures of video viewing history.  Hopefully, future Supreme Court nominees will have the foresight not to include any journalists among their Facebook “friends.”

 

For more information, please see:

 

Washington Post’s Post Tech Blog: http://www.washingtonpost.com/blogs/post-tech/post/netflix-discusses-video-privacy-act-along-with-earnings/2012/01/26/gIQAQFk3SQ_blog.html

 

EPIC’s Description of the VPPA: http://epic.org/privacy/vppa/#2011%20Netflix-Backed%20Amendment

 

Danny Blumberg

Consumer Advocacy Groups Voice Concerns Over White House Proposal

http://www.sacbee.com/2012/02/23/4285987/white-house-plan-for-privacy-bill.html

The White House’s newly released Consumer Data Privacy white paper proposes a co-regulatory process to implement the Consumer Privacy Bill of Rights.  Recent class readings describe how a multi-stakeholder process can provide benefits such as increased compliance and innovative solutions, but several consumer advocacy groups are concerned about the regulatory process which will be conducted by the Department of Commerce (and likely enforced by the FTC).  The Commerce Department’s role is to promote business interests, not consumers, and so advocacy groups are worried that large tech companies such as Google and Facebook will have too much influence during the process.  Consequently, the advocacy groups are asking that the process be public to maximize transparency and increase participation from a broad range of public interest groups.

The multi-stakeholder proposal can be found here: http://www.worldprivacyforum.org/pdf/MultiStakeholderPrinciples2012fs.pdf.  Signatories to the baseline principles include the World Privacy Forum, American Civil Liberties Union, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumers Union, Consumer Watchdog, Electronic Frontier Foundation, National Consumers League, Privacy Rights Clearinghouse and U.S. PIRG.
Read more here: http://www.sacbee.com/2012/02/23/4285987/white-house-plan-for-privacy-bill.html#storylink=cpy

Jenna Levy

 

Obama Administration Unveils Plan to Protect Privacy in the Information Age, including a “Consumer Privacy Bill of Rights”

 

On February 23, 2012, the White House revealed its plan to protect privacy in the information age, which includes a “Consumer Privacy Bill of Rights.”  The Obama Administration explains that as a world leader in the Internet marketplace, the US has a special responsibility to develop effective privacy practices that meet global standards and to protect individual privacy rights and give users more control over how their information is handled.

 

The White House plan consists of three steps:

 

1)     Putting in place a Consumer Privacy Bill of Rights (see below)

2)     Achieving Privacy Policies for a Global, Open Market

3)     Industry Action

 

The Consumer Privacy Bill of Rights contains seven rights:

1)     Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.

2)     Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.

3)     Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide data.

4)     Security: Consumers have a right to secure and responsible handling of personal data.

5)     Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a matter that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.

6)     Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.

7)     Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

 

For the official press release with the complete plan and more in depth explanation of the rights contained in the Consumer Privacy Bill of Rights, see http://www.whitehouse.gov/the-press-office/2012/02/23/fact-sheet-plan-protect-privacy-internet-age-adopting-consumer-privacy-b

 

For some of the first articles about the plan, please see the following:

 

http://www.nytimes.com/2012/02/23/business/white-house-outlines-online-privacy-guidelines.html?scp=1&sq=privacy%20bill%20of%20rights&st=cse

 

http://online.wsj.com/article/SB10001424052970203960804577239774264364692.html?mod=business_newsreel

 

http://www.usatoday.com/tech/news/story/2012-02-23/ftc-consumer-internet-privacy/53213162/1

 

http://thehill.com/blogs/hillicon-valley/technology/212143-white-house-unveils-privacy-bill-of-rights

Krystan Hitchcock

 

Advertisers Can’t Be Trusted To Self-regulate on Data Collection, Says EFF

 

The Electronic frontier Foundation’s opinion that the digital advertising industry can regulate itself properly.  The Digital Advertising Alliance is an association of online advertisers that was created to establish guidelines to regulate matters of consumer choice e.g. data collection, but their previous programs have been unsuccessful.  A study revealed that users found the DAA’s cookie-based opt-out tool difficult to use and to understand and the same goes for their advertising option icon.

 

The EFF says even if advertisers violate the newer principles, there’s no repercussions and it’s unclear how the guidelines are enforced.  The EFF thinks simpler opt-out tools like the Do No Track Feature found in Safari, Internet Explorer and Firefox achiever more user benefits, but proper legislation is still the best route.

 

http://www.pcworld.com/businesscenter/article/243884/advertisers_cant_be_trusted_to_selfregulate_on_data_collection_says_eff.html