Blog

Hernán Garcés

Information Privacy Law

Professor Ira Rubinstein

April 3, 2017

 The highest court of the European Union rules that Member States may not impose a general obligation to retain data on providers of electronic communications services

 Last December, four days before Christmas, the European Court of Justice (“ECJ”) made a present to the European citizens in a major privacy decision declaring that indiscriminate storing of private citizens’ communications data is illegal under EU law.

 In 2015, two cases from Sweden and United Kingdom were referred to the ECJ on the general obligation imposed on telecommunication service providers to retain data relating to electronic communications. The Court was requested to indicate whether a general obligation to retain data is compatible with EU law (specifically the Directive on privacy and electronic communications and certain provisions of the EU Charter of Fundamental Rights).

According to the Court, data retentions can result in very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained. Therefore, the national legislation of the Member States that provides for the retention of traffic and location data must be subject to strict requirements. In words of the Court: “the fact that the data is retained without the users of electronic communications services being informed of the fact is likely to cause the persons concerned to feel that their private lives are the subject of constant surveillance. Consequently, only the objective of fighting serious crime is capable of justifying such interference”.

The Court said that exceptions to the protection of personal data should be limited to the absolutely necessary. This applies also to the access of authorities to the stored data and the national legislation of the Member States providing a general and indiscriminate data retention which does not have a link between the data and a threat to public security goes beyond the limits of the absolutely necessary cannot be justified in a democratic society. Therefore, the legislation of the Member States that do not comply with these requirements must be abolished or amended accordingly. Also the Court states that any national legislation to that effect must be clear and precise and must provide for sufficient guarantees of the protection of data against risks of misuse.

According to Camilla Graham Wood from Privacy International the judgment is a “major blow against mass surveillance and an important day for privacy. It makes clear that blanket and indiscriminate retention of our digital histories can be a very intrusive form of surveillance that needs strict safeguards against abuse and mission creep.”

Last week as a consequence of the decision, the Council of Europe, the institution representing the member states’ governments, informed the Member States that intends with the European Commission to provide guidance on bringing national data retention laws into line with the judgment.

Related documents:

1. Judgment of the European Court of Justice of 21th December 2016
   http://curia.europa.eu/juris/document/document.jsf?docid=186492&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=747271

2. Press release of the European Court of Justice
   http://curia.europa.eu/jcms/upload/docs/application/pdf/2016-12/cp160145en.pdf

3. Opinion of the Advocate General of the European Union

http://curia.europa.eu/juris/document/document.jsf?docid=181841&mode=req&pageIndex=1&dir=&occ=first&part=1&text=&doclang=EN&cid=747271

4. Press release of the Advocate General’s Opinion

http://curia.europa.eu/jcms/upload/docs/application/pdf/2016-07/cp160079en.pdf

5. Outcome of the Council Meeting of 28^th March 2017

www.consilium.europa.eu/en/meetings/jha/2017/03/st07688_en17_pdf/

6. The Guardian

https://www.theguardian.com/law/2016/dec/21/eus-highest-court-delivers-blow-to-uk-snoopers-charter

 

Yu-Jean Liu

Information Privacy Law

Professor Ira Rubinstein

April 3, 20
Last year, Second Circuit in Microsoft Corp. v. United States 829 F.3d 197 (2d Cir. 2016) held that the government cannot compel Internet Service Providers (ISPs) to turn over data that is stored overseas. The court rules that government cannot do so even with a warrant.
In December 2013, Judge Francis of the Southern District of New York issued a warrant under the Stored Communications Act 18 U.S.C. §§ 2701–2712 for the email content associated with a Microsoft Network email address. Microsoft agreed and handed over responsive non-content data that were stored in the United States. However, as for the requested content information that was stored in a Microsoft server which was located in Ireland, Microsoft believed the data in Ireland was not in the jurisdiction of the warrant. Thus, Microsoft refused to hand over the data and moved to quash the warrant.
The court held that the applying SCA’s warrant provisions extraterritorially was not the Congress intention. Rather the intention of those provisions is to protect user’s privacy interests. Therefore, the SCA does not authorize a United States court to issue and enforce an SCA warrant against a United States-based service provider for the contents of a customer’s electronic communications stored on servers located outside the United States.
This case well indicated the phenomenon that law failed to keep pace with new technology and the dilemma the court face when applying old laws to modern technology. Whether the court should appreciate the unique and novel aspects of technology and manage to adapt legal rules and definitions to modern technology or just simply follow the old rulings.
However, it is my opinion that when it comes to new technology, merely applying existing legal rule or guessing the intention of the Congress is not enough. It could lead to delaying enactment and implementation of appropriate law regulations for new technology.
Reference:
http://law.justia.com/cases/federal/appellate-courts/ca2/14-2985/14-2985-2016-07-14.
html
http://www.minnesotalawreview.org/2017/02/microsoft-corp-v-united-states/
http://knowledge.freshfields.com/m/Global/r/1623 /microsoft_v__united_states__court
_s__privacy__ruling_is

Qianyao Li

Information Privacy Law

Professor Ira Rubinstein

April 3, 2017

Pennsylvania magistrate judge’s ruling requires Google to turn over data stored outside United States to FBI

On Feb 3, 2017, Pennsylvania Magistrate Judge Thomas J. Rueter granted the Government’s motions to compel Google to comply with search warrants to turn over data stored outside United States.

Google has partially complied with the warrants by producing data that it could confirm is stored on its servers located in the United States. However, has refused to produce other, relying upon a recent decision by Second Circuit, where the court determined that enforcing the warrant by directing Microsoft to size the contents of its customer’s communication stored in Ireland would be an unlawful extraterritorial application of the Stored Communication Act (“SCA”). Microsoft, 829 F.3d 194 (2d Cir. 2016).

Magistrate Rueter was not troubled by the fact that the information was stored abroad. Instead, he concluded that the warrants are applied within United States since “the search of electronic data disclosed by Google pursuant to the warrants will occur in the United States when the FBI reviews the copies of the requested data in Pennsylvania.” In re Search Warrant No. 16-960-M-01, No. 16-960-M-01, 2017 U.S. Dist. LEXIS 15232 (E.D. Pa. Feb. 3, 2017).

Magistrate Rueter distinguished this case from Microsoft by the fact that there is no evidence regarding the precise location of the servers which store the electronic data requested by the search warrants; While in Microsoft, all the relevant user data of a presumably Irish citizen was located exclusively in one data center in Ireland and remained stable there for a significant period of time. It seems Magistrate was saying that the extraterritorial application of SCA should be determined by the place where FBI will review the copies, because it is hard to locate the place where electronic data is stored.

The briefs from Microsoft, Amazon, Cisco Systems, Apple and Yahoo has been filed in the U.S. District Court for the Eastern District of Pennsylvania, allying with Google in its opposition to the Feb. 3 decision. But a final resolution is years away, given the lengthy appellate process.

Sources:

http://pennrecord.com/stories/511093025-tech-giants-file-briefs-supporting-google-in-case-of-fbi-subpoena

https://www.forbes.com/sites/realspin/2017/03/07/digital-privacy-rights-take-a-u-turn-and-congress-needs-to-act/#261f00925cbf

https://www.justice.gov/opa/blog-entry/file/937001/download

 

Jeffrey Bishop
Information Privacy Law
Professor Ira Rubinstein
March 30, 2017

Ninth Circuit to Address Police Surveillance of Cell Site Location Information
Do consumers possess a Fourth Amendment “reasonable expectation of privacy” in the location data collected by cell phone service providers, such that police must obtain a warrant supported by probable cause to access this information? This was the chief question before the US Court of Appeals for the Ninth Circuit on March 17 during oral argument in United States v. Gilton. Although the four circuits that have considered the question have concluded (albeit in fractured opinions) that Fourth Amendment protections do not apply, at least two of the three judges on the Ninth Circuit panel indicated a willingness to find otherwise, raising the specter of a circuit split.
At issue is the historical cell site location information (CSLI) collected as a matter of routine business practice by cell phone service providers like Sprint. In order for a cell phone to function, it must periodically send a radio signal to a nearby cell site to connect to the service provider. Every time a call is made or received on a phone, a record is logged with the service provider based on the cell site information, including the location of a phone relative to the cell site at the beginning and end of a call. With the proliferation of smartphones, these radio signals are sent to cell sites with increasing frequency, as much as “every few minutes,” as phones now send radio signals when automatically checking for emails, streaming videos, and engaging in other forms of data usage. Though the accuracy of the CSLI is dependent on factors such as the density of cell towers in any given area (e.g. dense urban areas make location tracking more precise than a large, rural area with a single tower), by aggregating the CSLI data points over time, one is able to track the movements of a cell phone user throughout her day.
Under the facts of Gilton, investigators suspected Gilton of criminal activity and ordered Sprint, pursuant to a defective warrant, to deliver 37 days of Gilton’s cell phone records containing 8,790 CSLI data points – an average of “one [location point] every six minutes.” During oral argument and in their briefs, the US Government and the ACLU (as amicus in support of Gilton) sparred over whether the Government’s gathering of CSLI without a valid warrant (and, consequently, without probable cause) constituted a “search” that could fall within the protections of the Fourth Amendment.
Of particular interest to the parties and the questioning judges was the applicability of the “third-party doctrine” to modern, invasive technology. This doctrine derives from the decades old Supreme Court holdings in United States v. Miller (1976) and Smith v. Maryland (1979) where the Court held that there was no reasonable expectation of privacy in one’s banking transaction data and phone numbers dialed from a home landline phone because the defendants in each case had voluntarily conveyed that information to a third party – a bank teller or the phone company – and consequently “assumed the risk” of disclosure to state authorities. In such scenarios, government
investigators are permitted to obtain information without the ordinary requirements of a warrant and probable cause since, without a reasonable expectation of privacy, there has been no “search” subject to Fourth Amendment protections.
The Government relied heavily on these “third-party doctrine” precedents in arguing that Gilton’s historical CSLI was voluntarily conveyed to Sprint pursuant to the ordinary business agreement between a phone user and her service provider. Consequently, they argued, there can be no reasonable expectation of privacy in the CSLI, no Fourth Amendment “search,” and no requirement to obtain a valid warrant subject to a probable cause standard.
Judges Bybee and McKeown expressed their skepticism over the notion that consumers “voluntarily” hand over CSLI to their service providers since a consumer cannot possibly know to which cell site her phone is connecting. Judge McKeown further questioned the strength of the voluntariness theory where CSLI is collected even where a person chooses not to answer an incoming call. Counsel for the Government, however, found voluntariness inherent in the business relationship between a consumer and service provider, stating that “in order to get cellular phone service, you know that you have to connect your phone to the cellular network’s towers and you know that you have to be in range of those towers to get service…to make or receive phone calls.” The Government additionally contended that Sprint’s terms of service and privacy policies notify the user that Sprint “generally know[s] the location of your device.” Nonetheless, Judges Bybee and McKeown appeared concerned that the Government’s position left no limiting principle for warrantless searches in an age where technology is ubiquitous and often requires the sharing of sensitive, detailed information with service providers.
Echoing these concerns, counsel from the ACLU argued that the third-party doctrine is not a “categorical” rule, but that it only allows for an exception to the warrant requirement where the information is both “voluntarily conveyed” and the information is not particularly “private or sensitive.” Admitting that CSLI does not provide information on the “contents of the phone calls,” the ACLU contended that “this kind of pervasive, long-term location information is closely analogous to content information in the very detailed picture of a person’s life that it paints.” Their brief explains that police can infer from CSLI where one sleeps at night, her demographic information, and even the associational groups she frequents, potentially raising First Amendment concerns. Judge Wallace pressed the ACLU to distinguish CSLI from the numbers dialed from a phone in Smith which could also provide an “awful lot of information” yet is still not subject to the warrant requirement. The ACLU distinguished the cases in that phone numbers dialed are “voluntarily conveyed” to the phone company because they are “necessary to connect that call.” This contrasts with CSLI in which a user has no way to know what location information is being conveyed to the service provider, and the user does not necessarily take affirmative action to send over that information.
Moreover, the ACLU stressed that the fundamental question is “whether the warrant requirement is going to maintain vitality in the modern digital age.” Concerns over “dragnet” surveillance by police has led the Supreme Court to caution lower courts not to emphasize “pre-digital precedents” when applying them to newer, pervasive technologies. Modern cell phones should carry a stronger expectation of privacy since they are often carried wherever one goes, even into traditionally “constitutionally protected spaces” such as one’s home. Channeling the concerns of privacy
advocates, the ACLU argued that it can’t be that the third-party doctrine swallows the warrant requirement of the Fourth Amendment. In an age where a cell phone can be considered a “feature of the human anatomy,” the ACLU maintained that owning one is hardly a choice and “users should [not] be required to disable the core functionality of their phone in order to avoid…warrantless surveillance.”
The Ninth Circuit panel is expected to release an opinion in United States v. Gilton shortly. Other issues in Gilton – such as the applicability of the “good faith exception” in relying on a defective warrant and the Ninth Circuit’s requirement that a “compelling reason” must exist to create a circuit split – leave open the possibility that the Court may not reach the question of whether one can possess a reasonable expectation of privacy in CSLI. However, the Ninth Circuit is in the unique position of potentially being the first circuit court to find that CSLI is protected by the Fourth Amendment. Information privacy advocates should be following this case intently.
Additional Sources:
1. www.brennancenter.org/sites/default/files/Gilton%20Amicus%20Brief.pdf
2. www.brennancenter.org/legal-work/usa-v-gilton-amicus-brief
3. www.therecorder.com/id=1202781561237/Ninth-Circuit-Weighs-Privacy-in-Police-Cellphone-Tracking-Case?mcode=0&curindex=0&curpage=ALL
4. www.washingtonpost.com/news/volokh-conspiracy/wp/2017/03/17/ninth-circuit-oral-argument-on-historical-cell-site-information/?utm_term=.92c7cc481b4c
5. www.youtube.com/watch?v=SipCIWNsFts

By Alexia Ramirez

Congress overturned the FCC regulations created by the Obama Administration which would have required broadband providers to receive permission before collecting data on a user’s online activities.  Former Chairman of the FCC, Tom Wheeler, wrote an op-ed addressing the troubling ramifications of the repeal.

The European Commission announced it will propose new measures in June to make it easier for police to access data on encrypted apps such as WhatsApp. Law enforcement’s access to encrypted messaging app data has been a renewed subject of discussion in the wake of the London terrorist attack.

Google Maps will release a new feature which allows individuals to share their location with others.

Today the Supreme Court held in Expressions Hair Design v. Schneiderman that restrictions on how a seller describes legal transactions are speech restrictions. The Court remanded the case back to the lower court to determine whether the speech restriction was actually unconstitutional under the court’s commercial speech doctrine. Depending on how the court decides, the decision could affect how providers must convey information to users.

 

Ying Cai

Information Privacy Law

Professor Ira Rubinstein

March 29, 2017

Following the passage by Senate last week of the resolution overturning an Obama-era FCC rule that required internet providers to get consumers’ permission before sharing their browsing history with other companies, the House of Representatives passed the same resolution in a 215-205 vote on March 28. Internet providers now only need a signature from President Trump before they’re free to take, share, and sell people’s web browsing history without prior permission.

It is reported that no Democrats in the House voted for the resolution, and 15 Republicans opposed it. A similar version squeaked through the Senate last Thursday on a party-line vote of 50-48. In view of the new political environment, it appears unlikely to be any new consumer privacy legislation in this vastly more pro-business Congress. And the FCC won’t be able to pass privacy restrictions protecting all web browsing history again under the Congressional Review Act. In this regard, people may start to question the future of consumer protection and privacy enforcement under the federal government.

Stacey Gray at Future of Privacy Forum believes that we are likely to see state legislatures and Attorneys General step in if no new consumer privacy legislation is to be generated or the ability of regulatory bodies to protect consumer privacy is limited. She says several states that have strong consumer privacy laws, such as California, may seek to fill the void and regulate digital marketing. She also expects there could be more private litigation seeking to protect and enforce consumer privacy.

In addition to resorting to public protection, consumers may need to seek self-protection. For instance, consumers may use computer software such as “Tor” to enable anonymous communication. “Tor” can direct Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage. However, the problems of using “Tor” include technical complexity and slower internet speed because service providers have been downgrading traffic they can’t sell adverts around.

Virtual Private Networks (VPNs) that set up a secure connection that runs traffic through their own servers may be another option. However, Jeremy Gillula, senior staff technologist at the Electronic Frontier Foundation, suggest avoiding free VPNs because it’s just passing the trust issue to another company. Additionally, VPNs have to work under the rules of their home country, and therefore it is not clear whether your data collected by the VPNs is subject for sale under the relevant law.

On the other side, the majority of the industry are applauding the congressional action to repeal the FCC rule. The Internet & Television Association and CTIA, formerly the Cellular Telecommunications and Internet Association, an advocacy group for the industry, issued statements after the vote, claiming that they would continue to follow ‘privacy-by-design’ principles and honor the FTC’s successful consumer protection framework. However, not all ISPs want to abolish the rule. Some small providers believe that such resolution is harmful to the industry in the long run given that one of the cornerstones of the business is respecting the privacy of the customers. And some small providers have said publicly that they won’t collect, store or sell their users’ data, in order to gain power in competition. Hopefully the market could eventually shake down the best solutions for people.

http://www.nbcnews.com/tech/security/house-set-vote-whether-isps-can-sell-your-data-without-n739166

https://martechtoday.com/changes-consumer-privacy-law-might-impact-marketers-martech-196664

http://www.vox.com/new-money/2017/3/28/15089396/house-republican-privacy-bill

https://www.theguardian.com/technology/2017/mar/28/internet-service-providers-sell-browsing-history-house-vote

https://www.theregister.co.uk/2017/03/28/so_my_isp_can_now_sell_my_browsing_history_what_can_i_do/

http://www.usatoday.com/story/tech/news/2017/03/28/wait-theres-no-rules-protecting-my-online-privacy/99754182/

http://www.cnbc.com/2017/03/28/congress-clears-way-for-isps-to-sell-browsing-history.html

Soo Hyun Chin

Information Privacy Law

Professor Ira Rubinstein

March 29, 2017

WhatsApp and Metadata Overlooked

On the website of the most popular mobile messenger, WhatsApp, the company states that “privacy and security is in our DNA, which is why we have end-to-end encryption in the latest versions of our app. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured from falling into the wrong hands.  . . . WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp.”

This encryption keeps the content of the user’s messages private as mentioned above, but not metadata like date, time, duration of communications, or location and contact information. Unlike the Signal messaging application that does not store metadata, WhatsApp retains metadata. Thus, WhatsApp needs to take more measures to protect the users’ privacy.

Most people do not think about metadata much and overlook the importance of metadata. Nevertheless, the role that metadata can play in privacy area is not smaller than the content of the communications itself.

For example, the court can order WhatsApp to install a pen register device to help the ongoing investigation. This kind of order is not rare. In May 2006, an Ohio court ordered WhatsApp 1) to track numbers calling and messaging, 2) to record the date, time and duration of communications, and 3) to provide details on any SMS text messaging WhatsApp had access to.

Those data do not include the content of the messages but as Neema Singh Guliani, legislative counsel with the American Civil Liberties Union mentioned in the article, “metadata is often enough to draw an informative map of a target’s life.” We already saw this in Smith v. Md., 442 U.S. 735, 99 S. Ct. 2577 (1979) where the police used the number dialed from the target’s telephone and other evidence to reveal that the target was the criminal. Metadata itself has a great importance. And with the combination of other evidence obtained, metadata can have even more power.

Unlike Facebook which is the parent company of WhatsApp, WhatsApp’s responses to the police requests were veiled in secrecy. Facebook has a transparency report which provide information about its response to law enforcement requests and has opened law enforcement guideline outlining how and when users’ information can be retrieved. However, we cannot find those information of WhatsApp from the transparency report, guideline or other materials.

Given the importance of metadata and growing attention to privacy, WhatsApp might want to consider the stance like Google’s active response to Guardian’s news on Prism program which tried to keep the users trust by publishing relevant information in the company’s transparent report.

https://www.forbes.com/sites/thomasbrewster/2017/01/22/whatsapp-facebook-backdoor-government-data-request/#462793711030

 

(About Google’s response to Prism news:

https://googleblog.blogspot.com/2013/06/asking-us-government-to-allow-google-to.html)

Thomas Chadenet

Information Privacy Law

Professor Ira Rubinstein

March 28, 2017

On Thursday, March 23rd, the U.S. Senate voted on a resolution to repeal a set of rules aimed to protect consumers’ online data from Internet service providers (ISP).

Under this set of rules, ISP would have had to disclose to consumers what information is being collected and how it is used or shared. For sensitive information, such as financial information, health information, web browsing history and geolocalisation, ISP would have needed to obtain consumer consent before using their online datas. Consumers would have been able to forbid ISP from sharing sensitive information by denying them their explicit consent.

This regulation was adopted by the Federal Communication Commission (FCC) in October, 2016 under President Obama term. It was supposed to enter into effect on March, 2^nd but the new FCC chairman, Ajit Pai, decided not to enforce these rules.  Finally, in a 50-48 vote, the Republican Senate decided to definitely repeal these rules that would have regulate ISP conduct. This joint resolution came from Senator Jeff Flake (Republican).

The new FCC chairman, nominated by Republican President Donald Trump said in October that these rules would give websites such as Google, Netflix or Facebook an unfair advantage. These Websites are ruled by a laxer set of privacy rules overseen by the Federal Trade Commission (FTC). Internet companies like Google don’t have to ask users’ permission to gather information about their online habits.

Consequently, there is an asymmetry in terms of regulation of companies that are in the same space. ISP like Comcast, AT&T and Verizon are currently racing to become online advertising giants as big as Facebook or Google. Having to get permission from customers to use their browsing histories would make it more difficult to create stronger ad businesses. With these information, ISP could sell targeted advertising or share this information with third party. Therefore, industry group welcomed the vote by the Senate. Without these FCC rules, ISP will be able to harvest more datas and then try to dominate the digital advertising sphere.

Consumer and privacy group condemned the resolution voted by the Senate. Neema Singh Giuliani, legislative counsel for the American Civil Liberties Union, said in a statement that “it is extremely disappointing that the Senate voted today to sacrifice the privacy rights of Americans in the interest of protecting the profits of major Internet companies, including Comcast, AT&T, and Verizon.” Democratic Senator Ed Markey argued that, “Republicans have just made it easier for American’s sensitive information about their health, finances and families to be used, shared, and sold to the highest bidder without their permission.”

After the vote at the Senate, the resolution will still need to go in front of the House of the Representative. It will then need to be signed by President Trump to become law. If it does, it would also prevent the FCC from setting similar rules again. The resolution was voted under the Congressional Review Act which allows Congress to overturn federal agencies regulations (such as the FCC). After a vote, federal agencies cannot adopt new rules to would be closely similar to the one overturned.

Jonathan Schwantes, senior policy counsel for advocacy group Consumers Union, concluded by saying that the vote “is a huge step in the wrong direction, and it completely ignores the needs and concerns of consumers.”

Sources:

https://www.nytimes.com/aponline/2017/03/23/us/politics/ap-us-congress-broadband-privacy-rules.html?_r=1

https://www.nytimes.com/reuters/2017/03/23/business/23reuters-usa-internet.html

http://www.npr.org/sections/thetwo-way/2017/02/24/517050966/fcc-chairman-goes-after-his-predecessors-internet-privacy-rules

https://www.washingtonpost.com/news/the-switch/wp/2017/03/23/congress-is-poised-to-undo-landmark-rules-covering-your-internet-privacy/?utm_term=.9dcad5f5d84b

http://fortune.com/2017/03/22/senate-vote-repeal-fcc-broadband-privacy/

http://money.cnn.com/2016/10/28/technology/fcc-broadband-privacy/index.html

Olaoluwa Oni

Information Privacy Law

Professor Ira Rubinstein

March 27, 2017

Between Etisalat Nigeria and Facebook Inc: The fate of Nigerians’ Right to Privacy.

Etisalat Nigeria, a telecommunications service provider, recently released a new data plan tagged “Facebook Flex” that permits its subscribers access to Facebook “free of charge”. According to press release which describes the company as the “most customer- friendly telecommunications company”, Etisalat is “treating its customers with another innovative service to stay connected with their friends and families on Facebook and access to other basic internet services at absolutely no cost.”; the press statements were sponsored by Etisalat.

The Director of Mobile Partnerships and Alliances at Facebook, Francisco Varela, also commented: “We are excited to partner with Etisalat to help improve connectivity among different communities of people across Nigeria by bringing access to Facebook and other basic internet services, like news, education and health information to people free of charge.”

However, contrary to the representations by the two companies, the Etisalat Facebook flex plan is not provided “at absolutely no cost” or “free of charge.” Subscribers are, without their knowledge, required to trade in their constitutionally guaranteed privacy rights for the bits and bytes it takes to access Facebook.

Section 37 of the Nigerian Constitution protects the rights of Nigerian citizens to the privacy of their communication.  The Constitution stipulates that: “The privacy of citizens, their homes, correspondence, telephone conversation, and telegraphic communications is hereby guaranteed and protected.”

Etisalat’s privacy policy is structured as a Contract of Adhesion, and its customers are not even required to indicate their acceptance of the website and online services Terms of Use (which contains the privacy policy) prior to subscription to the company’s services. The Terms of Use are not readily available to mobile users and have to be specifically searched for by website users. Accordingly, it is highly probable that Etisalat subscribers (who range from the educated to very illiterate) are unaware of the privacy policy of the company. The company ascribes to itself the right to collect and share intimately personal information of its subscribers “to conclude contracts and enable administration and management of services or products to which you intend to or have subscribed.” The privacy policy also provides that “the type of information collected will depend on the nature of the product or service demanded.” As such, Etisalat has now acquired the right to share intimate and personal information of its users to Facebook; Facebook is a company anchored largely on trading personally identifiable data.

Etisalat and Facebook’s collaboration acts to deprive Nigerian citizens of the most basic of human entitlements, and this violation is dressed up as beneficial to the victims. Even more, Etisalat Nigeria lays claim to vast entitlements from its Nigerian subscribers that are markedly different from the more protective privacy policy afforded its Saudi Arabia subscribers; Etisalat is headquartered in Saudi Arabia.

Etisalat customers are being encouraged to subscribe to a plan that exposes them online, in a way that the customers could not have contemplated, let alone acquiesced to. This sort of deceptive practice emphasizes the dangers of a reality where technology is in on the rise, especially in a developing country where the literacy levels leave much to be desired.

 

Sources:

1. https://www.bellanaija.com/2017/02/etisalat-launches-facebook-flex-which-gives-free-facebook-access-to-etisalat-subscribers/
2. http://etisalat.com.ng/website-online-services-terms-of-use/
3. http://www.etisalat.ae/en/generic/terms-and-conditions.jsp
4. The 1999 Constitution of the Federal Republic of Nigeria.

Aikaterini Skouteli

Information Privacy Law

Professor Ira Rubinstein

March 28, 2017

Post 9/11, the US government has been using deceptive methods through informants and undercover agents as a law enforcement technique. But what is remarkable is that these plans are sometimes the inspiration of the federal agents, which target suspects inspired by the Islamic State.

The most recent one involved the 25-year-old Robert Lorenzo Hester Jr. from Missouri, who was arrested and charged with attempting to provide material support to an Islamic State bombing attack on a train station in Kansas City on President’s Day.

The two men who appeared to be the masterminds of the bombing plan, were actually undercover FBI agents. According to the court documents, one of the agents befriended Hester on Facebook after identifying him as a suspect through his Facebook posts, which were evident of his: “conversion to Islam, his hatred for the United States and his belief that supposed US mistreatment of Muslims had to be put to an end”.

The FBI agents asserted that they were planning something “10 times more” than the Boston Marathon bombing and Hester approved and said “it felt good to strike back at the true terrorist”.

The federal agents disclosed the details of the plan and asked Hester to buy a list of items, including 9-volt batteries, duct tape, copper wire and roofing nails, which implicitly would be used to make a number of bombs. On February 17^th Hester was arrested.

This recent foil manufactured plot raises the issue of whether a privacy interest protected by the Fourth Amendment exists. The US Supreme Court established in Hoffa and Lewis that a person does not have a privacy interest in the loyalty of his/her friends. These cases deal with the situation where the undercover agent or informant uncovers an existing crime (for e.g. sale of narcotics). On the contrary, in the series of the cases discussed above, the FBI created “crime opportunities”. Nevertheless, the US courts have not dealt with similar complaints, mainly because the defendants raise the “entrapment” defense claim, which is usually rejected by the courts. A recent case that deals with privacy and Fourth Amendment violations is United States v. Mohamud, but the issue raised regards mainly the “third-party” doctrine and the disclosure of the defendant’s email communications with a third party.

Also, it is not clear whether Hoffa and Lewis could apply in theses cases, because, as a former federal prosecutor, David Raskin, explained: “There isn’t a business of terrorism in the United States. You’re not going to be able to go to a street corner and find somebody who’s already blown something up. Therefore, the usual goal is not “to find somebody who’s already engaged in terrorism but find somebody who would jump at the opportunity if a real terrorist showed up in town”.

Finally, these cases raise many concerns of justice, mainly because the FBI seems to be targeting the Muslim community. Critics say that in these fake plots, federal agents are somehow creating crimes and “making” terrorists by offering great sums of money to low-income and prone to criminal activities minorities. In many cases (in particular the highly debatable Newburgh Four case) the suspects have neither the know-how nor the materials to go through the plotted terrorist attacks, which are all provided by the undercover agents and informants. Is the FBI ignoring the real threat and allocating its sources in remote terrorist schemes?

Sources:

http://www.kansascity.com/news/local/crime/article135871988.html

http://www.cnn.com/2017/02/21/us/missouri-man-charged-isis/

http://www.chicagotribune.com/news/nationworld/sns-tns-bc-fbi-terrorplots-20170305-story.html

http://www.sunherald.com/news/nation-world/national/article135983268.html

Relevant Sources:

http://www.cnn.com/2017/02/21/us/missouri-man-charged-isis/

http://www.nytimes.com/2012/04/29/opinion/sunday/terrorist-plots-helped-along-by-the-fbi.html