Category: Uncategorized

Maud Zimmerman

Invasion of Privacy Charges in Rutgers Case

These articles discuss the charges that have been brought against Dharun Ravi for using a web cam to spy on his college roommate, Tyler Clementi. (1,2) Clementi committed suicide after learning that Ravi and others had witnessed him kissing a man in their dorm room over a webcam on his roommate’s computer, and that Ravi had then tried to set up and stream video of another encounter, which was publicized on his Twitter feed. Danielle Citron’s discussion of the way privacy harms are magnified in the Internet age seems particularly relevant to this case. Here Ravi’s actions may have led directly or indirectly to Tyler Clementi’s suicide. They clearly contributed to significant emotional distress for Clementi in the days before his death.

The Rutgers case started a public outcry over cyberbullying, particularly for LGBT youth, and prompted at least one state to adopt tough new laws about bullying online and in the schoolyard. (3) This was an especially shocking case because Ravi’s actions intruded upon a particularly private and sensitive area of Clementi’s personal life, which Ravi exposed to fellow classmates and his online audience of followers on Twitter. Ravi did not simply start online rumors about his roommate’s sexual orientation, but actually tried to stream live video footage of a sexual encounter, an intrusion that any reasonable person would consider to be a massive violation of privacy. Given the dramatic facts of this case, it seems clear that Ravi severely injured his roommate even in terms of Prosser’s somewhat narrow conceptualization of privacy interests. Despite this already strong case, however, it is striking that prosecutors brought a total of 15 charges against Ravi, including additional charges of witness tampering, destruction of evidence, and a hate crime. I’m not sure if they feared that a conviction on the privacy tort alone would lead to an inappropriately lenient sentence, or if they were motivated by the intense publicity the case received and the tragedy of Clementi’s suicide. It will be interesting to see how Ravi’s trial plays out, and the ramifications of this case for similar torts in future where the outcome is not as tragic, but the psychic harm to the victim of the intrusion is nevertheless severe.

1. Roommate Is Arraigned in Rutgers Spy-Suicide Case

http://www.nytimes.com/2011/05/24/nyregion/roommate-arraigned-in-rutgers-spy-suicide-case.html

2. Roommate Faces Hate-Crime Charges in Rutgers Case

http://www.nytimes.com/2011/04/21/nyregion/rutgers-roommate-faces-hate-crime-charges-in-spying-suicide.html

3. Bullying Law Puts New Jersey Schools on Spot

http://www.nytimes.com/2011/08/31/nyregion/bullying-law-puts-new-jersey-schools-on-spot.html

The Electronic Privacy Information Center (EPIC) filed a lawsuit on Wednesday to compel the Federal Trade Commission (FTC) to enjoin Google’s planned changes to its privacy settings. On March 1, 2012, Google intends to modify its privacy settings by sharing user information between its services. For example, keywords in user’s private emails could affect search results on YouTube.

Just last year, Google settled with the FTC over allegations that it violated its own privacy policy by opting users into Google Buzz without their consent. The settlement requires Google to obtain consent from its users prior to making any changes to its third party sharing policies, including its communication with advertisers. EPIC argues in this lawsuit that Google’s recent privacy changes violate the settlement by “failing to obtain affirmative consent from users prior to sharing their information with third parties and by misrepresenting the extent to which the company protects users’ private information.”

Although EPIC is filing for an injunction, the problems of collecting and disseminating data to other services is reminiscent of the Dwyer case. Future tort plaintiffs would have difficulty demonstrating intrusion upon seclusion given the four elements which must be alleged to state a cause of action. Similar to Dwyer, having a privacy policy to which users of Google must assent would tend to show that intrusion was not in fact unauthorized. Nor does the intrusion seem offensive, though the information may be considered private. Shibley would tend to support that conclusion.

From the point of view of Stan Karas the information Google uses to communicate with its other servers would reveal private facts regarding a person’s identity, however, the case law suggests that Google would not be liable in tort for intrusion upon seclusion or appropriation.

http://thehill.com/blogs/hillicon-valley/technology/209749-privacy-group-sues-to-stop-googles-privacy-changes

Andrew Chiusano

DHS monitoring of social media concerns civil liberties advocates

Advertisers and corporations are not the only ones mining data from social media sites. The Department of Homeland Security has monitored blogs and social media networks to help, “enhance DHS’s ‘situational awareness, fusion and analysis and decision support’ to senior leaders.” DHS has contracted with a private firm, General Dynamics, to monitor social media sites and produce reports.

The Department of Homeland Security says the program helps it to learn more about current events, like tracking suspicious packages or monitoring other threats in real time. However, privacy advocates think DHS is tracking people who write negative posts about the DHS’s activities, which could chill speech in the future.

Going forward, this type of data mining could prove very useful to the government. Private parties enter, compile, and could even process all of the data, so the government does not have to worry about creating and maintaining its own databases. In addition, receiving real-time updates from many witnesses of ongoing situations could be very useful to law enforcement. However, the free speech concerns are very real – if the DHS put people on its “No Fly List” for posting negative articles on DHS screening, many people would stop sharing those kinds of articles. Data reliability could also pose serious problems. Anyone can pretend to be someone else online, and users of social media may not provide particularly accurate data.

http://www.washingtonpost.com/world/national-security/dhs-monitoring-of-social-media-worries-civil-liberties-advocates/2012/01/13/gIQANPO7wP_story.html

Joe Hall here.

Google appears to be trying to better measure household and end-user internet traffic, similar to how Nielsen measures cable and television watching habits (“Google Screenwise: New Program Pays You To Give Up Privacy & Surf The Web With Chrome”).  In a new program, called Screenwise, Google will pay individuals a token amount ($5 up front plus $5 every three months) to install a browser extension that monitors what web sites you visit and how you use those sites.  For households, Google has a router device that will presumably capture all the household internet activity, and it pays a bit better ($100 up front plus $20 per month).

This leaves me with a ton of questions:

• While the browser extension will measure web traffic (port 80, in geek speak), will the router appliance measure all internet traffic?
• Does the router appliance have a way of “seeing” into encrypted sessions using HTTPS, such as when you visit your bank? (It could do this by asking individuals to install a certificate on their machines that would allow the appliance to pass through encrypted client sessions as if it were the client and then re-encrypt the content when passing back to the user… otherwise known as a man-in-the-middle (MITM) attack).
• Just what is the router capturing?  I doubt it, but is it also sniffing wifi, cellular signals, etc.?
• What are the specific terms of service and privacy policy for screenwise? How long will such information be kept? Is it associated with personally-identifiable information or is demographic information enough?
• Don’t these prices seem exceedingly low for the amount of information the user is giving up? I would most certainly price my detailed web surfing logs an order of magnitude or two ($50-500) higher than this.
• I wonder how they’ll avoid gaming… for example, I only rarely use Chrome as I prefer the control I get from FireFox. If I sign up and only use Chrome once in a while, do I still get the incentive?
• Will this information be combined with other Google information, now that Google can share data about your activities across all of their products?
• Will this also capture data when Chrome is in it’s private browsing mode (incognito)?  That seems very unwise.