Category: Uncategorized

April 3rd, 2015

Verizon’s Mobile ‘Supercookies’ Seen as Threat to Privacy[1]

By: Christian Díaz Ordóñez

The issue of advertisement campaigns targeted at specific sectors of the consumer base will remain a controversial issue. Despite growing regulation and stronger position from governmental and judicial entities around the world, technology seems to be winning the battle in the struggle to obtain more information in a cheaper, faster, and more complete manner.

In the article above quoted, the authors discuss the need of stronger regulation for internet services. Perhaps this regulatory approach needs to be complemented by having better enforcement mechanisms targeted at each of the participants in the internet (i.e. not exclusively to companies as Google, but also to service providers), especially aimed at protecting privacy rights of all its users.

The article highlights a most troubling reality, as users are witnessing how their privacy rights are diminishing, and their alternatives to protect themselves only keep reducing. Users may no longer be “safe” by eliminating cookies from their browsers, but now they have to face the fact that there are super-cookies that simply cannot be eliminated. Big Brother 2.0.

Internet providers are getting an economic benefit by selling its users’ searching history, tendencies and information about their activities. Even if the question of privacy was left aside, from a strictly legal perspective, these companies are getting income with no consideration from their counterparties. The situation is challenging, to say the least, from every single legal perspective.

Even more troubling is the fact that Internet providers are also subject to hackers and other attack sources, thus leaving users’ information at high risk of being accessed by unscrupulous third parties. In addition, history has proven that these services providers are very prone to providing information to governmental entities without major questioning.

As a matter of principle, one must assume that governmental requests are made in pursuit of the greater good of security, and that government officials will refrain from incurring in the excessive use of power. Even if this was not the case, then the judicial “system” must be so thoroughly aligned so as to prevent, punish and deter the occurrence of such breaches.

Certainly, individual citizens may be afraid of an ever-intruding service providing entities, which may just store information of individuals for no apparently legal (or even ethical?) reasons. That fear has motivated revolutions and different constitutional and judicial changes that strive to protect one’s privacy. Individuals may fear that they may be discriminated against for race, sex, religion, political convictions, or otherwise, once the government has enough information to do so.

Nevertheless, this fear should, ideally, be non-existent in a well-functioning democracy. This fear should be non-existent in a democracy where institutions prevail over temporary shocks or crisis situations. This fear should be non-existent in a democracy where powers are properly balanced. The inherent worry still remains open and ever present.

[1] By NATASHA SINGER and BRIAN X. CHENJAN. 25, 2015. Available online at: http://www.nytimes.com/2015/01/26/technology/verizons-mobile-supercookies-seen-as-threat-to-privacy.html?_r=0

April 3rd, 2015

‘Eavesdropping’ WiFi Barbie is Seriously Creepy

By: Andrea Carlon

This fall, Mattel is expected to launch ‘Hello Barbie’, a doll that incorporates a voice-recognition technology, which captures the child’s speech. The recorded data is transferred via WiFi to TalkToy´s (company that has developed the technology) cloud servers. As a result of the processing and analysis of the data, over time, the ‘talking Barbie’ will be capable of learning information about the child and will be able to reproduce such information.

Internet-connected toys hold out the tantalizing promise of personalized services and also, the risk of privacy perils. First and foremost, the data which is being collected, pertains to minors. Even though, according to TalkToy, parental consent shall be required to activate the voice recognition feature, it remains controversial to what extent are parents protecting the minor’s privacy when allowing a company to record them and hand in all the information

Second, concerns as to what sort of information is exactly being collected are unclear. For instance, will the companies be able to track the location of children? Furthermore, neither Mattel nor TalkToy have disclosed what the privacy policy provisions will include. Also, in terms of the purpose of the data, will Mattel be allowed to share this data with third party advertisers? Given the company’s deteriorated economic situation, is there a heightened risk of them selling the data?

Third, advocates for privacy have expressed their unrest to the launching of this product. For instance, the CCFC (Campaign for a Commercial-Free Childhood) has questioned the use and purposes of the data collected. Furthermore, Professor Campbell from Georgetown University, Center on Privacy and Technology, has raised the issue as to the value for marketers of the information of what a child can say to their toys, and the potential unfairness towards children.

Fourth, the privacy issues this article contemplates should be contextualized within the recent and rising phenomenon of the Internet Of Things (IOT), making every day objects into technological devices connected to internet and transmitting data continuously can be concerning in many ways.

While it seems that many questions remain unresolved today, the Hello Barbie is expected to be available to consumers by the end of this year. We will have to wait to see how courts deal with privacy concerns derived from IOT, which surely and probably in a short period of time will arise.

Links to articles:

• Privacy advocates try to keep ‘creepy,’ ‘eavesdropping’ Hello Barbie from hitting shelves: http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/11/privacy-advocates-try-to-keep-creepy-eavesdropping-hello-barbie-from-hitting-shelves/
• Campaign for a Commercial-Free Childhood: http://commercialfreechildhood.org/action/shut-down-hello-barbie

April 3rd, 2015

Facebook (again) struggles with Privacy

By: Fernanda Echavarría

http://www.wsj.com/articles/facebook-confronts-european-probes-1427975994

http://www.technewstoday.com/22579-facebook-probed-in-europe-over-privacy-issues/

http://www.cnet.com/news/facebook-privacy-probes-ramp-up-in-europe/

http://www.chicagotribune.com/news/local/breaking/ct-facebook-facial-recognition-lawsuit-met-story.html

Privacy regulators from Spain, France and Italy have recently joined Dutch, Germany and Belgium authorities in the investigations of Facebook privacy practices. In particular, the group of European regulators would be investigating the use of the worldwide famous “Like” feature to track user’s habits, as well as the collection techniques and aggregation of data for the purposes of targeted advertisement.

Facebook is not the only U.S. located company under examination by European authorities (see Google, Apple and Amazon). The differences between U.S. and E.U. Privacy Law have created an increasing tension that is screaming for legislative harmonization action. Previous attempts in this regard, such as the Safe Harbor Agreement, have proven not enough in the data protection current state of affairs. Notwithstanding how difficult it may seem to achieve, an organized set of rules promoting proper balance between privacy rights and development of new businesses in the U.S. and Europe, should be a primary concern of the authorities at both sides of the Atlantic. Countries outside Europe and the U.S. usually follow one or the other approach, so the lack of a uniformed legislation will have effects all around the world.

As for the current investigation, and notwithstanding Facebook’s allegation of lack of jurisdiction from the group of European privacy regulators, we will have to see if Facebook will wait for an official resolution of such group or, as we have seen in previous occasions, e.g. Belgium investigations and introduction by Facebook of the timeline feature, if it will attempt to avoid possible fines by adapting its practices to comply with the concerns of the European watchdogs.

But European privacy issues are not the only privacy related problems faced by the social network company. This week a man sued Facebook in the U.S. claiming that the facial recognition system used to tag persons in photos would be illegal under Illinois Privacy Law. Considering the allegations, the problem appears to be that there is no option to delete the information collected by Facebook when a person is tagged to a photo. Even if the person is no longer tagged, after the user takes the relevant steps in that sense on its privacy settings, Facebook still has that data and the user cannot erase it.

The multiple uses and features and the constant development of Facebook, and social media in general, will continue to raise privacy issues as the ones mentioned here. It is to be expected that the relevant authorities will face these new challenges on time and properly balancing all interest at play.

April 2nd, 2015

Robert Durst case; is there a privacy concern on his alleged confession?

By: Tomás Kubick

Panel 4

Robert Durst, a real state businessman and millionaire, is being charged with the murder of his friend Susan Berman. Those facts alone do not have special signification for privacy law. The twist on this case is that as the press has stated one key clue that led to Durst’s detention is an audio recording on which he allegedly confesses the murder. There may be a privacy concern of how that record.

HBO was filming the documentary “The Jinx: The life and Deaths of Robert Dusts” which investigated Durst’s life and his relation with three murders, included Susan Berman’s. On one interviewed conducted to prepare the documentary, Durst was faced with evidence that supposedly incriminated him, evidence that he denied. Shortly after, he went to the bathroom and on solitude he stated, “What the hell did I do? Killed them all, of course”.

Durst’s lawyers have announced that he will declare himself innocent and surely will try to exclude HBO’s recording from trial. One strategy to do so could involve raising privacy concerns issues. Defendant could argue a breach of his fourth amendments rights. To do so, they should characterize the recording as a search and somehow link it with a governmental investigation regarding with this case, which is unlikely to happen.

Notwithstanding, defense can argue that the recording breaches The Wiretap Act (18 U.S.C. §§ 2510-2522). In case that the recording was obtained with breach to the act, there is an exclusionary rule. The Wiretap Act does not apply if one of the parties of the communications consented. Under this premise defendant will try to argue that he consented to be recorded on the set but not outside of it, even though he agreed that any record of him could be used as HBO deemed reasonable. This issue will be the key issue because if it is found that his consent was just for “on stage”. If this is believed this way, it may be sustained that every person has a reasonable expectation of privacy if he is alone in a bathroom.

On the other side, it may be hard to argue that a person voluntarily wearing a microphone did not gave consent to be recorded. Even in such situation The Wiretap Act may not apply. For a communication to be deemed oral, the person involved on it must “[exhibit] an expectation that such communication is not subject to interception”. It can be sustained that a person wearing a microphone does not exhibit such expectancy.

As exposed, there are serious privacy law question on Mr. Durst’s case with arguments balancing on each side of the dispute. It will be the task of courts to answer them and to continue shaping the reaches of this topic on criminal procedures.

March 27th, 2015

Wyndham and the Unfairness Jurisdiction

By: Ajitha Pichaipillai

Panel 5

I would like to write to few paragraphs regarding the Article, “An Era of Rapid Change: The Abdication of Cash & the FTC’s Unfairness Authority”, 14 PGH. J. Tech. L. & Pol’y 351. This Article discusses about the ‘unfairness’ jurisdiction of FTC in the data-privacy enforcement context. It provides a good summary of the Wyndham case, in which the Wyndham hotel group challenged the FTC’s authority to regulate data-security breaches.

Interestingly, Wyndham’s challenge of the FTC’s unfairness authority is three pronged: (i) the FTC lacks authority to pursue unfair practices related to data security, (ii) the unfairness actions related to data security require rulemaking, and (iii) the injury resulting from these payment card breaches is insufficient to support a claim. The second pronged argument on the requirement of rule making seems highly persuasive. Wyndham argues that any authority of FTC to regulate data security would require establishment through administrative rulemaking. It also suggests that the data security standards mandated by FTC, ex post, through selective enforcement actions and imposition of such standards on Wyndham could raise “serious constitutional questions of fair notice and due process”.

Even though, the motion to dismiss filed by Wyndham against the FTC’s compliant was dismissed by the district court, the questions certified by it for appeal may turn out to be determinative of FTC’s ‘unfairness jurisdiction’ in the data -security and data-privacy enforcement context. The questions, on which the Third Circuit is currently hearing the appeal, are: (i) Whether the Federal Trade Commission can bring an unfairness claim involving data security under Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a); and (2) Whether the Federal Trade Commission must formally promulgate regulations before bringing its unfairness claim under Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a).

The oral arguments of the Wyndham’s appeal dated March, 3, 2015 (available at https://epic.org/amicus/ftc/wyndham/#interest), features interesting discussion on the origin and legislative reports of Section 45 (n) of the FTC Act and how far a negligent practice could be regarded as a ‘unfair practice’. Judges asks the FTC’s counsel to substantiate on the ‘adequacy of notice’ with respect to the standards purported to be imposed on Wyndham. The Judges also takes note of the FTC’s sparing use of its powers under Section 45(n) (according to the counsel, FTC’s has exercised its unfairness jurisdiction under Section 45 (n), in relation to data security breaches, only five times).

As EPIC notes, the decision of this appeal could have significant impact on FTC’s authority to regulate data security breaches and consumer’s privacy rights enforcement.

March 26, 2015

 TV Ads Delivered via Google Fiber:

Mad Men’s Dreams Come True at the Cost of Viewers’ Privacy?

By: Erin L. Bansal

http://www.wired.com/2015/03/google-fiber-ads/

http://www.adweek.com/news/television/google-fiber-may-have-created-game-changer-real-measurement-tv-ad-views-163604

 http://bits.blogs.nytimes.com/2015/03/23/google-plans-experiment-with-targeted-ads-for-television/

Google recently announced the trial of a new service in the Kansas City metro area through its Google Fiber Internet and television service that will allow it to personalize ads based on a viewer’s locality and viewing habits. This capability is “dynamic ad insertion” in marketing parlance. AdWeek described this capability more dramatically –as “advertising’s Holy Grail.” Likewise, The New York Times described Google’s service as a potential “sea change” in TV advertising. But while Madison Avenue and its Mad Men may embrace Google’s new service, what does it mean for the viewers watching television in the privacy of their own homes?

In simple terms, Google’s service will give it the ability to deliver more tailored ads and then to accurately monitor the viewing of those ads. Google will be able to insert an ad whenever it is timely, and they relay that viewing back to the marketer. As Google reported, the fiber TV ads will be “digitally delivered in real time and can be matched based on geography, the type of program being shown (sports, news, etc.), or viewing history.” Google can tailor the fiber TV ads to both live TV and DVRed programs. In addition, Google can give marketers a more accurate idea of how many people are watching an ad. Unlike Nielsen’s rating system that is based on old school sampling, each TV with Google’s service will report back to marketers.

For TV viewers, this new service raises some old concerns. While some have suggested that this service is no different than Google tracking a user’s browser history in the online world, the thought that Google can now monitor what shows a viewer is watching raises concerns. Wired remarked that this is “yet another way for Google to collect even more data about you.” It further noted that Americans are “not used to the idea that the shows we watch will be logged and turned into advertising fodder.”

At this point, Google is sensitive to privacy concerns. AdWeek reports that “a source familiar with the deal” explained that “Google is trying to be extra cautious with user privacy on this initiative.” Google asserts that viewers can opt out of being shown ads based on their viewing history. However, AdWeek points out that Google has not specified what it means by “viewing history” or how the opt-out process might work. And although users of Google’s web services can similarly opt out of ads based on their browsing history, few users choose to do so.

While Google’s trial of fiber ads is limited to a small number of viewers in a limited geographic area at this time, it is not difficult to image Google growing to become a ubiquitous force in the TV world given its dominance in online search and the functionality its Internet service offers (its Fiber Internet service is reportedly 100 times faster than the standard broadband connection). Perhaps Google will be able to design the privacy settings in Google Fiber and its TV service so that viewers feel that they can control their private information. But with opt-out as the standard default, a viewer is no more likely to take control while flipping channels on TV than she is while surfing the Internet.

March 26th, 2015

Consumer Privacy Bill and the role of FTC

By: Jyotsana Sinha

Panel 5

http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/23/the-ftc-beefs-up-technology-investigations-with-new-office/

http://www.hldataprotection.com/2015/03/articles/consumer-privacy/insights-on-the-consumer-privacy-bill-of-rights-act-of-2015/

While the government is ready to take the next step by enacting a consumer privacy bill, the bill has increasingly drawn criticism from various actors, ranging from privacy advocates, the Federal Trade Commission (FTC) and even some members of the Congress.

FTC currently acts as the watchdog of consumer privacy in US. It regards the use or dissemination of personal information in a manner contrary to a posted privacy policy is a deceptive practice under the FTC Act, 15 U.S.C. § 45. FTC, however, does not possess actual rule making power. It merely enforces the policies established by the companies, however lax they are. Inspite of being the default enforcement authority, FTC lacks the necessary teeth to ensure proper enforcement.

Although the draft of Consumer Privacy Bill aims at empowering the consumer to take charge of their own data, the bill does not establish any mandatory standard to be followed by the companies. Neither does it enhance the authority of the FTC. While it is argued that adopting a business friendly and lenient approach towards the industry will be beneficial in gaining industry support, and self-regulation with minimal supervision by FTC will yield the desired result, the reality is quite the opposite. Giving the industries a free go on one hand and crippling the FTC on the other merely increases the risk to consumer privacy. The FTC has also expressed its disappointment at absence of any expansion or upgrading in the FTC’s role as a regulator.

The draft bill, while criticised by the privacy advocates, has been appreciated by the technology industry related groups. Highlighting the importance of benefit and risk assessment, the draft bill proposes establishment of Privacy Review Boards to counter the overreaching effect of law on beneficial use of data. It is important to note that the courts have continued to look up to the FTC as the crucial regulator of privacy policies and protector of consumer data and have rejected challenges to the scope of FTC’s power. With this support from the judiciary encouraging the FTC to ‘exercise [their] powers more robustly’ and ‘take more of a leadership role,’ it might not be surprising if FTC wishes to emerge as the supreme authority on consumer data privacy concerns. Lack of technical expertise and resource constrains are often cited as the reasons against empowering the FTC. But, the recent initiative by the FTC to establish BCP’s Office of Technology Research and Investigation to evaluate and address the effects of technological advancement in consumer privacy issues appears to be a step forward towards this goal. Amidst the criticism attracted by the draft bill and efforts of FTC to expand their authority, it now remains to be seen if any substantial development takes place effectually providing consumers the option and power to control their data.

March 26th, 2015

FTC AND CONSUMER PRIVACY

RadioShack’s bankruptcy and Auctioning off Customer Data- A violation of Privacy Policy

By: Vasundhara Apte

http://www.computerworld.com/article/2901691/new-york-threatens-action-if-radioshack-sells-customer-data.html

http://www.bloomberg.com/news/articles/2015-03-24/radioshack-s-bankruptcy-could-give-your-customer-data-to-the-highest-bidder

http://www.pcworld.com/article/2902472/about-25-us-states-oppose-sale-of-radioshacks-customer-data.html

RadioShack is a leading national retailer of technology products and services as well as products related to personal and home technology and power supply needs. RadioShack filed for Chapter 11 Bankruptcy on February 5^th, 2015 after striking a deal to sell up to 2400 of its stores to the wireless service provider Sprint and a hedge fund that is its biggest shareholder.

On 23^rd March, 2015 RadioShack commenced the auction of its assets which include its name and intellectual property, trademarks, patents, leases and the names, email addresses and phone numbers of its customers. According to a Bloomberg Report it is estimated that RadioShack is offering more than 13 million email addresses and 65 million physical addresses to the highest bidder.

Standard General, a hedge fund which is one of RadioShack’s creditors emerged the winner of the auction.Salus Capital Partners claims it did not get a fair hearing at the auction on a bid it made which was materially superior. The Attorney General of Texas Ken Paxton filed a challenge arguing that RadioShack made an explicit promise to its customers that it would not sell their personal data. He brought attention to the fact that it was a breach of the company’s statement wherein RadioShack clearly stated that they prided themselves on not selling their private mailing list. Hilco Streambank a subsidiary of RadioShack also remarked that the deals may not be approved by the bankruptcy court and there have already been two legal filings in attempts to block the sale of consumer data.

There have been several oppositions to the sale of customer data by RadioShack. The State Law in Texas prohibits companies from selling personally identifiable information which violates their own privacy policies. At present the states of Oregon, Texas, Pennsylvania and Tennessee are challenging RadioShack’s attempt to sell its customer data which includes personal information like their names, email addresses and phone numbers. AT&T is also trying to stop the sale of customer information as AT&T believes that RadioShack does not have the ownership of the data which it contends rightfully belongs to AT&T. AT&T claims that AT&T helped RadioShack to market phones and in the process allowed RadioShack to amass information which included among other things a list of AT&T customers. AT&T is concerned as one of the bidders plans to co-brand some of the RadioShack stores as Sprint stores and thus AT&T is concerned that this could lead to giving information to its competitor.

One of the first legal challenges to the sale of customer information was in the FTC V TOYSMART.COM case. FTC sued to prevent Toysmart from engaging in the sale of its customer information as part of a bankruptcy auction. The company’s privacy policy said that personal information of its customers would in no circumstances be shared with a third party and thus the sale of its customer’s information as part of the bankruptcy auction was a clear violation of its privacy policy. The customer data was the company’s most valuable asset in bankruptcy. Toysmart did eventually destroy the information and the case resulted in a federal legislation that imposed a restriction on the sale of assets in bankruptcy.

While addressing the Bankruptcy of Borders, a bookstore chain the FTC realized that bankruptcy was a special case and consented to allowing the sale of personal data with certain conditions. The data could not be sold as a stand-alone asset it would have to be sold in connection with its goodwill, the buyer would have to be in the same line of business as the seller and the buyer must abide by the same privacy policy as the seller. The FTC went on to add that if any changes were made to the privacy policy the consent of the customers would have to be obtained.

The RadioShack bankruptcy filing and sale of its assets particularly consumer information has been a major concern. RadioShack promised its online customers that it would not sell their personally identifiable information to anyone at any time. The signs at RadioShack’s sentiment also sent out the same message that a customer’s information would be treated with respect and dignity and that RadioShack prided itself in not selling its private mailing list. However despite these promises to its customers RadioShack has done just the contrary. A customer’s data has vast market power and is of great economic value but adequate precaution must be taken to ensure that a company does not go back on its word and violate its own privacy policy.

There has been widespread opposition against RadioShack’s plans of selling its customer data. The State of Texas said it had received support from 21 governmental consumer protection entities to its objection of RadioShack’s planned sale of personally identifiable information (PII) of 117 million RadioShack customers. Although New York has not signed on the Texas challenge the the Attorney General Eric. T. Schneiderman said that New York would take appropriate action to protect New York customers if RadioShack violated its customer privacy policy and went ahead with the sale of its customer data.

Approval of the deal is expected to come on Thursday (26^TH March, 2015 when the bankruptcy court is scheduled to rule on the case.

March 26^th 2015

Marketing Drones now flying over Los Angeles Area for Cellphone Location Data

By: Sofia Grafanaki

Panel 5

http://venturebeat.com/2015/02/23/drones-over-head-in-las-valley-are-tracking-mobile-devices-locations/

http://www.popsci.com/marketing-drones-scanned-la-cellphone-location-data

http://www.forbes.com/sites/frankbi/2015/02/23/drones-are-already-intercepting-cell-phone-signals-in-l-a/

A Singapore based marketing company proudly announced last month that it started using drones in order to detect cell phone signal strength and WiFi transmission of cell phone users over part of Los Angeles. Using cell phone triangulation and other such methods, allows them not only to determine specific location data per device, but also their users movements and travel patterns. They can then target consumers with very specific ads, based on their route and what is around them, which coffee shop they are walking by etc.

This practice is not that new, the same company has been previously doing it using bikes, cars and trains in the past, but with the use of drones the scale changed drastically, raising even more privacy concerns relating to their use. While the company claims that it does not collect any personally identifiable data such as names or phone numbers, it does identify each user through the device ID in order to track them. And while the company is trying to use this distinction to respond to privacy concerns, it is widely accepted that the disctinction between PII and non-PII is not as efficient as it was once thought to be when the goal is to protect privacy, as the combination of non-PII from several sources can very often reveal a lot more information about an individual than one would expect.

In the case of this use of drones, there is also an issue with “consent”. Concepts of notice, choice and consent are criticized as weak protectors of privacy in the light of new technologies, but here it is not clear at all when they come into play, even in their weak form. At no point does a user have an option to not be tracked by these drones, like he would (at least theoretically) when using a website that places cookies on his computer. It seems that cellphone users don’t even need to have location services on their smartphones turned on for the tracking to happen, all that needs to be happening is the user to have an app open that is transmitting any kind of data through cell service or WiFi.

March 12th, 2015

The Privacy of Regulators

http://www.nytimes.com/2015/03/12/us/politics/storing-emails-from-these-senators-will-be-easy-if-they-ever-send-one.html

By Emily Naphtal

Recently, the New York Times interviewed the “flip phone caucus”, a group of Senators that barely uses email. For many of these Senators, such as Charles Schumer (D, New York), Lindsey Graham (R, North Carolina), John McCain (R, Arizona), and Orrin Hatch, (R, Utah), this may just be a habit formed over many years of operating in the political world without email. However, the article concludes by lauding the foresight of these Senators – stating that not using email is “a very smart way to avoid embarrassment and possibly jail.”

This suggestion that individuals should “just opt out” of various trappings of modern technology if they want to maintain their privacy has been frequently advanced in discussions on U.S. consumer protection. For example, if a certain service provider such as Facebook updates its privacy policy, users theoretically have a choice to continue using the service or to discontinue their use. However, opt out is not a straight-forward policy for most consumers to understand or implement in a world of interconnected marketing agencies, data collection, and usage. The flip phone caucus Senators have aides to handle their various necessary electronic communications. Most Americans do not enjoy this privilege and must use the internet to fulfill their occupations as well as carry out personal commercial transactions and research.

Companies record and store information about individuals’ movements from webpage to webpage as they browse the internet. Some industry self regulating agencies such as the Network Advertising Initiative (NAI) offer the option to opt out of their customizing advertisement infrastructure. Just by visiting the NAI website, I discovered that 93 different NAI members currently track my internet usage through cookies in order to provide me with targeted advertising. While I can opt out of  “internet advertising delivered to [my] device via HTTP cookies,” my opt out through their trade organization covers neither non NAI members, nor the use of other technologies besides http cookies by NAI members. NAI states that a mechanism for opting out of these other tracking devices is in development. Also, critical to note, opting out of NAI members’ tracking does not affect the storing and sharing of information by various social networking or email services with which I elect to share how I am feeling, where I am going, and the identities of my friends.

A Time journalist recently discovered that opting out of online data collection required behavior that made her appear anti-social and even criminal. The goal of her experiment was to hide her pregnancy from the data collection “bots” on the internet. To accomplish this, she only paid for purchases with cash and prepaid gift cards, only visited baby related websites through Tor, a private browser that routes an individual’s traffic through foreign servers, and she attempted to convince all her acquaintances not to mention the pregnancy on social networking sites. She says this quest forced her into increasingly awkward interactions with family members and the wider world. She deleted an uncle from facebook after he mentioned her pregnancy in a message (which he mistakenly thought was private). And the corner store put her on a watch list for her abnormal purchasing behavior.

Lest consumers become too alarmed they should know that the law does adequately protect information about personal movie rentals. In 1987, a member of the media obtained Robert Bork’s video rental records and they surfaced as part of his contentious and ultimately unsuccessful Supreme Court nomination hearing. In response, Congress made it a crime to disclose video, DVD, and video game rentals without specific consumer consent. 18 U.S.C. § 2710. Companies such as Netflix are still fighting to change this law in order to integrate their products with social media websites.

Perhaps this strangely specific law sheds light on what must happen in order to safeguard the internet privacy of ordinary Americans. Members of Congress must feel that the current dragnet data collection regime threatens their own privacy, their own reputations, and their own jobs, just as they did with respect to movie rental information following the Bork hearing. Until that fated day arrives, Americans who value their privacy can attempt to follow the lead of the Senate’s flip-phone caucus.