Blog

By: Rose Dorvel

February 19, 2015

http://www.huffingtonpost.com/2015/02/13/david-carr-edward-snowden-death-interview_n_6677790.html

Has media coverage of Snowden’s NSA leaks conditioned Americans to have no subjective expectation of privacy in their virtual lives?

Earlier this week, New York Times columnist David Carr dropped dead mysteriously following a panel interview with Snowden discussing the film Citizenfour, which tracks the former-NSA-contractor-turned-whistleblower’s decision to leak National Security Agency’s documents on widespread, unchecked governmental spying on citizens to the media. Conspicuously absent from the article is mention of any privacy protection measures underway that were prompted by Snowden’s leaks.

With each article that exposes the sweeping surveillance of American citizens—without mention of mitigation measures underway by public or private actors, the notion that one’s virtual life is always being watched and retained for potential future use, misuse or abuse is drilled into the public’s brain. After an avalanche of articles exposing relentless NSA spying on U.S. citizens, Americans are aware and on notice that the government is relentlessly capturing their personal data (via phones, computers, social media, etc.). Repetition of this idea, without consequential public or political backlash, has not accomplished protection against pervasive privacy invasion, presumably the objective of Snowden’s decision to leak NSA documents.

Instead, Americans are told and again that the NSA tracks and records their every move, which is likely and, often necessarily, an electronic one in the modern day.

An insidious consequence of the media’s Snowden coverage is that the people have been conditioned to accept the pervasive spying as normal, perhaps per a regime to protect American freedoms from threats of terror. This result is antithetical to Snowden’s pledged objective to curb widespread unchecked spying, and one that could actually lead to an acceptance of total surveillance, and consequent erosion of Fourth and First Amendment protections. After hearing Snowden’s story, many Americans may no longer subjectively expect any privacy when they use their smartphones, computers, and other ubiquitous digital devices.

With the all the media coverage and a film in the public domain publicizing pervasive NSA surveillance, would an American citizen subjectively expect his electronic communications to be kept private? Would society consider such an expectation reasonable? What about in the name of national security?

Carnivore, an FBI program capable of recording, searching and storing all contents of electronic communication, was the hotly debated subject of governmental initiatives to establish more stringent privacy protection measures. Then 9/11 promptly snuffed out the debate.

Hitler, in Mein Kampf, said “The best way to take control over a people and control them utterly is to take a little of their freedom at a time, to erode rights by a thousand tiny and almost imperceptible reductions. In this way, the people will not see those rights and freedoms being removed until past the point at which these changes cannot be reversed.” Let’s examine whether Americans have exchanged some of their civil liberties for a promise of security from an external terror threat, how we can balance homeland security measures with the Fourth Amendment’s “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches,” and initiate means to protect information privacy until privacy as we know—or knew—it is gone for good.

 

Jewel v. National Security Agency: Mass Surveillance

By: Nireeti Gupta

Panel 9

Link 1: http://www.huffingtonpost.com/2015/02/10/nsa-warrantless-searches_n_6656314.html

Link 2: http://www.theregister.co.uk/2015/02/11/eff_loses_nsa_wiretap_appeal_again/

The case before the District Court of California, was filed in 2008 by Electronic Front Frontier on behalf of AT&T customer Carolyn Jewel. The case took on renewed importance in the wake of the Snowden leaks which exposed top-secret information about the National Security Agency’s (‘NSA’) surveillance of Internet communications.

Judge Jeffrey White on February 10, 2015 ruled in favor of NSA in a lawsuit challenging the interception of Internet communications without a warrant.

The Plaintiff had alleged that as part of a system of mass surveillance, the Government receives copies of their Internet communications, then filters the collected communications in an attempt to remove wholly domestic communications, and then search the remaining communications for potentially terrorist-related foreign intelligence information. Plaintiff contended that NSA taps into the fiber cables that make up the backbone of the Internet and gathers information about people’s online and phone communications (‘Upstream Program’).

The Plaintiffs argued that the copying and searching of their private internet communications is conducted without a warrant or any individualized suspicion and, therefore, violates the Fourth Amendment. The Fourth Amendment prohibits the Government from intercepting, copying, or searching through communications without first obtaining a warrant based on probable cause, particularly describing the place to be searched and the things to be seized.

The Government described the collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. Upon approval by the Foreign Intelligence Surveillance Court, NSA analysts identify non-U.S. persons located outside the United States who are reasonably believed to possess or receive, or are likely to communicate, foreign intelligence information.

Once designated by the NSA as a target, the NSA tries to identify a specific means by which the target communicates, such as an e-mail address or telephone number. That identifier is referred to a “selector.” Selectors are only specific communications accounts, addresses, or identifiers. According to the Government’s admissions, an electronic communications service provider may then be compelled to provide the Government with all information necessary to acquire communications associated with the selector. However, it claimed that the information necessary to litigate Plaintiff’s claims is subject to and excluded from use by the “state secret privilege” and other related privileges and that their cases should be dismissed.

Judge White found that Plaintiff had not established sufficient standing to sue under the Fourth Amendment, that is, they did not present enough evidence to prove that they had been directly harmed by NSA’s actions, and so had no grounds on which to sue. Judge White further added that a potential Fourth Amendment claim would have to be dismissed on the basis that any possible defenses would require impermissible disclosure of state secret information.

 

February 19

By: Colin Johnson, Panel 9

California Lawmaker Proposes Warrant Requirement for Digital Data Access

Article: http://arstechnica.com/tech-policy/2015/02/california-lawmaker-proposes-warrant-requirement-for-digital-data-access/

Last Monday, a California state senator introduced the California Electronic Communications Privacy Act, a bill that would establish new requirements for law enforcement officials to access suspects’ digital information. If passed, this bill would be the most comprehensive state provision for the protection of digital privacy in the country.

CalECPA, as the bill is known, would provide significantly greater digital privacy rights to individuals than the current federal requirements. While courts have issued rulings clarifying and strengthening the protections of the federal ECPA, the law itself has remained largely unchanged since its implementation in 1986. Until Congress successfully passes a bill to update existing ECPA, citizens must rely on state courts to protect their digital information.

CalECPA would establish a warrant requirement not only for email but for all electronic communications, including contacts, GPS information, and metadata. However, the most interesting provision under the proposed law would allow for the appointment of special masters to ensure that the warrants are narrow and that any legally gathered information that turns out to be beyond the scope of the investigation is destroyed immediately.

If passed, CalECPA would provide a significant victory for digital privacy advocates. The passage of this expansive bill would send a clear message to federal lawmakers that the outmoded ECPA needs to be updated immediately in order to reflect the rapidly changing digital landscape of the twenty-first century.

These ILI Student Blog x Dress Head Womens Jean Shorts – Adorable Camouflage include a slight fray rip in the thigh, showing a cute peek of what’s underneath. You won’t be able to hide in the jungle wearing these shorts! The shorts are cut super short showing off those sexy summer legs. Let the tomboy in you come out! Wear with a bikini top on the beach or in the water to stay trendy and sexy! The perfect fit hugging your figure and readying you for some great summer fun! You are sure to turn the heads of everyone who sees you in these sexy short shorts. For these ILI Student Blog x Dress Head Womens Jean Shorts – Adorable Camouflage, the measurements for the small (S) size are:the waist circumference is 34 centimeters; the hip circumference is 36 centimeters; and the hem circumference is 22 centimeters.

February 12th- Panel 10

By: Joseph Gracely

Sneaking Past Kyllo

Link to article: http://www.usatoday.com/story/news/2015/01/19/police-radar-see-through-walls/22007615/

In 2001 the Supreme Court held in Kyllo v. United States that police use of thermal imaging technology to detect heat signatures within a person’s home was unconstitutional.  In doing so, the Court noted that the device in that case was “not in general public use.”  The Court also indicated that radar-based systems then being developed would be covered by its ruling in Kyllo.

Now those radar-based systems are here.  And contrary to the apparently clear holding in Kyllo, they are out on the streets providing officers with data about the presence and movements of suspects behind closed doors.

As USA Today reports, the Range-R handheld radar sensor is currently being used by at least 50 U.S. law enforcement agencies, among them the FBI and U.S. Marshals Service.  While the detectors don’t display images of what’s behind a wall, they are highly sensitive and can pick up on movements as slight as breathing from more than 50 feet away.

Until December 2014, when the use of the devices came to broader attention, police used the radar sensors secretly, without search warrants, presenting potentially great Fourth Amendment concerns.  This is particularly so given the difference in technology between radar and thermal imaging.  While thermal imaging arguably involves only the detection from outside the home of heat penetrating out through the walls – as the government actually argued in Kyllo – radar is something different.  With radar, there is – at some level – a penetration of the home by radar waves from the device.  Given the holding in Kyllo, it’s unclear how such warrantless radar use could survive constitutional scrutiny.

 

February 12th

By: Bo Wang

Smart TVs May Redefine Privacy in Our Home

http://www.bbc.com/news/technology-31296188

 

TV is getting smarter. Nowadays many smart TVs have voice activation feature. One could basically control the TV by giving oral command, without going through the pain of reaching for the remote. But the TV listens to more than what people would have expected. As Samsung is warning its customers, when the feature is on, whatever you say including “personal or other sensitive information” may be transmitted by the TV to Samsung or a third party.

Putting aside the shock that this sounds similar to George Orwell’s book 1984, there are some interesting legal issues that concern privacy law. Take the reasonable expectation of privacy test as an example, do people who own smart TVs automatically fail the first prong because they have no actual expectation of privacy when they talk before the TV?

After all, customers choose to buy these TVs. One could argue that people are not expecting to surrender their privacy in the living room because they don’t know their smart TV would “snitch”. But the counter argument could point to the Samsung warning or its privacy policy in the manual that comes with the TV and say “well, now you know it and it is your decision to turn on the voice feature.”

Should the little button on the remote that controls the voice activation also control how much privacy I have in my home? I don’t think it should. But the reasonable expectation of privacy test seems to be of no help here. It is also hard to argue physical trespass since I bought the TV. So the traditional doctrine of physical trespass doesn’t help either. I would love to see how courts will reconcile the new technology with the privacy concerns here because surely I want my privacy protected and I don’t want to reach for my remote.

February 12th

By: Siyi Tian

Article by the Center for Democracy & Technology 4 February 2015: Congress Moves Forward on Protecting Americans’ Digital Privacy

 

The article, which appeared in the press & in the news section of the Center for Democracy & Technology, announced the introduction of bills in both the U.S. House and Senate to update the Electronic Communications Privacy Act (ECPA). The bills aim to update the ECPA of 1986 and to provide stronger privacy protections of information stored digitally in the cloud, including e-mails.

 

Representatives Kevin Yoder and Jared Polis introduced the House version of the bill, the Email Privacy Act, and currently have 228 co-sponsors. Senators Mike Lee and Patrick Leahy introduced the Senate version, the Electronic Communications Privacy Act Amendments Act.

 

Specifically, the new bills aim to update the Stored Communications Act, 18 U.S.C. §§2701-2711. Under the current 180-day rule, law enforcement can obtain content of e-mails 180-days or less with a subpoena, not a search warrant. Senators Patrick Leahy and Mike Lee write that the proposal they will soon introduce will add the new requirement for the government to obtain a search warrant, based on probable cause, before searching through the content of e-mails or other electronic communications stored with a service provider such as Google, Facebook, or Yahoo!. They reason that the same privacy protections should apply to online communications as phones and homes. Since the government is prohibited from tapping our phones or forcibly entering our homes to obtain private information without warrants, the government should also need a warrant for obtaining our online communications.

 

The ECPA has not been significantly updated since it was enacted in 1986. The purpose of the ECPA was to protect our privacy, but it was enacted in a time before people heavily relied on e-mails, mobile location, cloud computing, social networking, and the Internet in general. Technology innovations have since outpaced the ECPA, and digital communications often do not have the same privacy protections as paper communications. Advocates and companies have long called for an update to the 1986 law, and support for ECPA reform has increased rapidly following revelations about government surveillance.

 

It is true that an update to the ECPA is much needed and desired to correct the confusions arising from unclear and conflicting standards with regards to electronic content, such as when a document stored on a desktop computer is protected by the warrant requirement of the Fourth Amendment, but the same document stored on a service provider may not be subject to the warrant requirement by the ECPA. This article, along with the introduction of the amendment bills, is a good step into the direction of reform. However, many barriers remain before passing the reform. For example, the Securities and Exchange Commission demanded a special carve out for warrantless access to private communications that people entrust to Internet companies. It would require strong bipartisan support to successfully reform the ECPA to offer equal privacy protections for all private communications.

February 12

By: Paula Kift

Metadata, and How You Feel

 http://www.newyorker.com/magazine/2015/01/19/know-feel

In “We Know How You Feel,” an article published in the New Yorker on January 19th, 2015, Raffi Khatchadourian describes the work of a startup company called Affectiva, which develops emotion-sensing software. Affectiva was founded by Rana el Kaliouby, an Egyptian scientist, and Rosalind Picard, a professor at the MIT Media Lab, in 2009. The company’s signature software, Affdex, calculates the proportions between non-deformable facial features such as mouth, nose, eyes and eyebrows. Affdex then “scans for the shifting texture of skin – the distribution of wrinkles around an eye, or the furrow of a brow – and combines that information with the deformable points to build detailed models of the face as it reacts. The algorithm identifies an emotional expression by comparing it with countless others that it has previously analyzed.” The software was initially developed to help autistic children classify human emotions. However, the business world was quick to identify more lucrative applications of the software. For instance, “CBS uses the software at its Las Vegas laboratory, Television City, where it tests new shows. During the 2012 Presidential elections, Kaliouby’s team used Affdex to track more than two hundred people watching clips of the Obama-Romney debates, and concluded that the software was able to predict voting preference with seventy-three-per-cent accuracy.” Perhaps more problematically, Affectiva could also be used in videoconferencing “to determine what the person on the other end of the call is not telling you. ‘The technology will say, ‘O.K., Mr. Whatever is showing signs of engagement – or he just smirked, and that means he was not persuaded.’”

 

Picard admits that some of the requests Affectiva received from corporations seemed unethical: “We had people come and say, ‘Can you spy on our employees without them knowing?’ or ‘Can you tell me how my customers are feeling?’ and I was like, ‘Well, here is why that is a bad idea.’ I can remember one wanted to put our stuff in these terminals and measure people, and we just went back to Affectiva and shook our heads. We told them, ‘We will not be a part of that – we have respect for the participant.’ But it’s tough when you are a little startup, and someone is willing to pay you, and you have to tell them to go away.” Picard eventually left Affectiva as the interest of the company shifted away from the medical to the corporate space.

 

Kaliouby and her team demonstrated that, in the age of big data, “even emotions could be quantified, aggregated, leveraged.” As of today the company has “analyzed more than two million videos, of respondents in eighty countries.” Given the wealth of the data, Affdex is now sophisticated enough to “read nuances of smiles better than most people can.” Kaliouby could imagine that one day cookies might be installed on computers that turn on laptop cameras as soon as somebody watches a YouTube video to analyze the user’s emotional response in real time.

 

Regulation is lagging. “In 2013, Representative Mike Capuano of Massachusetts, drafted the We Are Watching You Act, to compel companies to indicate when sensing begins, and to give consumers the right to disable it.” However, Capuano was unable to garner enough support for the bill as industry started lobbying against it. Meanwhile more and more companies are recognizing the financial potential of the Emotion Economy.

 

The technology described in the article raises intriguing questions with regard to the nature of electronically transmitted information and the third party doctrine. What category of information does emotional communication fit into? In the beginning of the article, the author suggests that “by some estimates we transmit more data with our expressions than with what we say.” Could emotional communication be classified as metadata? If so this would have problematic consequences for the privacy in our emotions since metadata is the kind of information that is least protected by current law. Even though Kaliouby and her colleagues assert that they turned away government inquiries about the technology, it seems likely that national security agencies are already in the process of developing their own. What if emotion-sensing technology were added to CCTV cameras?

 

Besides, if customers voluntarily allow third parties to collect information about their emotional communication, the government could easily gain access to that information by means of a subpoena. One could even imagine a time in which national security agencies collect emotional information on a grand scale and use it for predictive policing. For instance, national intelligence could determine that, based on an analysis of millions of emotional responses, a certain group of people is more likely to respond to certain information in a certain way. Everyone who reacts in a similar way would then be considered a part of that group and potentially threatening. In the age of big data, correlation trumps causation. Perhaps this scenario seems farfetched. But as Representative Capuano points out, “The most difficult part is getting people to realize that this is real. People were saying, ‘Come on. What are you, crazy, Capuano? What, do you have tinfoil wrapped around your head?’ And I was like, ‘Well, no. But if I did, it’s still real.”

Monte Frenkel
Flipping the Script

http://www.hollywoodreporter.com/thr-esq/jason-patric-gus-spawns-first-696707

Traditionally, the link between celebrities, privacy, and the first amendment follows a well-worn path—The media invades a famous person’s privacy, the famous person seeks help in the courts, and the two sides battle over the limits of the first amendment.  However, a recently filed case in Los Angeles has deviated from this usual course and has, in turn, shed light on an infrequently discussed tension embedded in the first amendment.

The case stems from a custody battle between actor Jason Patric and Danielle Schreiber, his ex-girlfriend and the mother of his child.  California law automatically considers the child—born through in vitro fertilization—to be solely within the custody of the mother, barring a pre-conception written agreement.  Having penned no such agreement, Patric lacks any parental rights, and is challenging Schreiber’s denial of access to the child.

Amidst this messy custody battle, a novel first amendment issue has emerged.  In an effort to raise awareness of the issue (as well as money for his cause) Patric has appeared on television, given interviews, and formed an organization, “Stand Up for Gus.” He named the organization after his son, and he frequently mentions Gus, and uses his image, in his interviews and public appearances.

Faced with the increased publicity, Schreiber is fighting back.  She has requested a restraining order blocking Patric from using their son’s name or likeness for “commercial” purposes absent permission from the child’s guardian—meaning Schreiber.  Her argument draws both on past celebrity efforts to maintain control over their public personas as well as the privacy interest of a 4-year old child who has become a very public part of a high-profile custody dispute.

She notes that not only is the child’s name and likeness being spread through various media, but that it is often being manipulated for the benefit of Patric and a “false narrative” that benefits his custody claims.  Schreiber points specifically to a picture in People that implies that the child was in a room he was never in, and had lived with his father when in fact they had “lived separately.”

The counterargument from Patric and his attorneys rests squarely on the First Amendment.  They argue that restricting the use of the child’s likeness and name is simple censorship, restraining both Patric’s ability to affectively argue not just for custody of his child, and also his efforts to increase public support for changes to the state’s custody laws.  Patric’s camp notes that the injunction would bar Patric from talking about his own son in any context, not just in newsprint or on television. They also highlight the danger that prioritizing individual privacy over “commercial” and “charitable” speech presents to free expression on other issues, particular those topics at the intersection of the deeply personal and the inherently political.

An appeals court is set to hear the case later this month, with a decision forthcoming shortly thereafter.  The court will face a difficult question in balancing not just the interests of the feuding parents, but also that of the child, whose individual privacy interests seem all but forgotten in the dispute.

 

 

Adam Ghebrekristos
http://www.nytimes.com/2013/09/24/us/victims-push-laws-to-end-online-revenge-posts.html

http://nation.time.com/2013/10/03/californias-new-anti-revenge-porn-bill-wont-protect-most-victims/

http://www.forbes.com/sites/ericgoldman/2013/10/08/californias-new-law-shows-its-not-easy-to-regulate-revenge-porn/

In recent months there has been a significant upsurge amongst states in support of legislation against the use of revenge porn. As discussed in class, revenge porn is a form of pornography that features explicit images of women posted by ex-lovers, which are typically accompanied by denigrating language, and identifying details of the women such where they live, work, as well links to forms of social media that they might use. This has proved to be an especially devastating form of harassment as victims have lost jobs, been approached by strangers recognizing their photographs, and a result suffered tremendous personal anguish. States have, however, begun to enact legislation addressing this problem.

In October 2013, California became the second state following New Jersey to adopt anti-revenge porn legislation. However, revenge porn victims and anti-revenge porn advocates have noted that the legislation passed by the state of California is applicable only to a minority of revenge porn victims. According to a survey conducted by the Cyber Civil Rights Initiative, 80 percent of photos posted on revenge porn sites are self-taken. With regard to the California law addressing revenge porn, this point is relevant because under the new law an individual can only be charged with a crime if the individual published the photos that they themselves had taken of the victim. This law clearly leaves open enormous loopholes. It does not cover self-taken pictures, pictures posted by third parties, pictures posted by hackers, situations in which the confidentiality of the image is in dispute, and perhaps most disturbingly when there is “insufficient intent to cause emotional distress.” This requirement is especially problematic because it places the burden upon prosecutors to prove the defendant’s intent. On April 30, 2014, Governor Jan Brewer of Arizona passed a similar law addressing the issue. The Arizona law makes it a crime “to intentionally disclose, display, distribute, publish, advertise or offer a photograph, videotape, film, or digital recording of another person if the person knows or should have known that the depicted person has not consented to the disclosure.”

A recent article published by Forbes explains some first amendment considerations that come into play when crafting legislation addressing the issue of revenge porn. Without the intent requirement to cause serious emotional distress, these laws could face significant first amendment complications. Eric Goldman notes that “intimate depictions are often part of other people’s life history” and that these are “stories that a person may want to tell in full.” He further notes that privacy laws are be design crafted to suppress the flow of truthful information and cites as an example the Anthony Weiner sexting scandal. He argues that while a law such as the one passed in California would not apply because those photos were self-taken, a law restricting a recipient’s ability to disseminate those images may hinder valuable social discourse. In this instance, the recipient would potentially be barred from substantiating the claim that they received the photos and the public would presumably be denied proof of evidence of the questionable decision making of a public official. Goldman goes on to make the point that while involuntary porn laws would be more effective if they applied to website operators, 47 USC 230 states that websites are not liable for third party content.

 

 

Alex Mann
“The Changing Attitudes Toward Cyber Gender Harassment: Anonymous as a Guide?”
By Danielle Citron

This article begins with a case study demonstrating the growing seriousness of and changing attitudes towards gendered online harassment. It tells of the experience of Kathy Sierra, noted game developer and co-creator of the educational Head First series, who in 2007 was a victim of an extreme cyber harassment campaign. Trollers began targeting Sierra, filling her e-mail inbox and the message board of “Creating Passionate Users” (a popular blog she had created dedicated to inspiring creativity in computer software developers) with threatening comments, including such not-so-veiled threats as one juxtaposing an image of Sierra with a noose next to her next with the words “the only thing Kathy Sierra is good for is her neck size.” After Sierra publicly spoke out against the personal and violent nature of the messages she had been receiving (especially surprising given the non-controversial topic area of “Creating Passionate Users”) the trollers responded by widely circulating her security number. The harassment continued and became so bad Sierra ultimately shut down her blog.

Her comments about feeling frightened by the increasingly violent nature of the harassment and her decision to close down “Creating Passionate Users” were widely criticized as being overly reactionary by fellow bloggers. The thought was that every web user (and especially, every online personality) is at some point going to be victimized by trolls, and perhaps even a cyber mob, so Sierra had brought it upon herself by having any cyber presence.

The article then discusses revenge porn as a more recent and extreme example of online harassment, which demonstrates how, left unchecked as a result of the aforementioned victim-blaming attitude, such harassment has been able to escalate over time. The article ends with an optimistic discussion of a growing intolerance to online harassment, including recent legislative efforts to criminalize revenge porn, which in turn reflect greater appreciation for the very real and very serious damage dealt to the victims of certain forms of online harassment, particularly revenge porn. Another example of this is seen in the efforts of hacktivist groups like Anonymous, who have dealt to revenge-porn-posters a form of street justice by accessing and widely disseminating their own personal information in retaliation. Although the author condemns this mob-style and unregulated retribution, she hopes it is indicative of greater public intolerance of online harassment.

 

 

Padmini Joshi
Is The Use Of Drones For Newsgathering Covered Under The First Amendment?

Connecticut journalist Pedro Rivera filed a suit on February 18, 2014 against Hartford police officers. Rivera was of the opinion that the police officers violated his First Amendment rights to gather news as he was using a remote-controlled drone to take pictures of a car wreck, and the officers had demanded that he stop doing so. Although his device was hovering at an altitude of 150 feet, he said he was operating in public space and observing events that were in plain view. This case brings us to a hot topic of discussion in the recent times and encourages us to consider whether drone journalism could be recognized as a legitimate way of collecting news without hampering the privacy rights of the public.

There has been a considerate amount of deliberation on the use of drones in the journalism sector. Drone technology marches on despite the myriad issues of privacy, safety, and liability. Whether Rivera actually has a case against the police is still a doubtful question as the legality of drone use is unclear and uncodified till the present day. Only a handful of states have their own laws for domestic drone use, and there is no federal regulation, which deals with the use of drones with cameras attached for the purposes of covering news. Without clear rules allowing or banning journalists from using drones, reporters are caught between First Amendment and privacy rights.

In my opinion, drone journalism should be a legitimate way of collecting and propagating information. It is an extension of the journalists’ First Amendment right and is a valuable tool to capture dangerous events like natural disasters or chemical leaks. Disaster coverage is one major application of drone technology. A small drone operating over a large disaster area such as a tsunami aftermath, floods or bushfires can provide reasonably high quality pictures of a large area at low cost. It may also enhance the safety of the journalists operating in a disaster zone

However, the public’s expectation of privacy is one factor that is against recognizing drone journalism as a valid activity. Privacy law has not kept up with the rapid pace of drone technology. Several bills are currently going through Congress, which attempt to provide privacy protections to Americans who may be a victim of drone surveillance.

I believe that strong privacy protections are entirely consistent with policies that encourage growth of the drone industry. In fact, clear privacy protections, are good not only for the personal privacy rights of residents but also for the first amendment rights of journalists and the drone industry itself, which will not be restricted or hindered by privacy protections but rather would benefit from clear legal guidelines and the public assurance that this technology will be used appropriately.

 

 

Malviki Seth
Anonymity and the Internet

http://nakedsecurity.sophos.com/2014/04/27/new-russian-law-aims-to-curb-online-anonymity-and-free-speech/
https://www.eff.org/deeplinks/2013/10/online-anonymity-not-only-trolls-and-political-dissidents
https://www.eff.org/issues/anonymity

In April 2014, the lower house of Russian Federal Assembly passed amendments to anti-terrorism law, which now poses restrictions over anonymity on the Internet. The bloggers who enjoy more than 3000 visitors per day are required to provide their correct names and contact information. In the event that such details are not posted openly online, the government has the right to demand identifying information from ISPs or website operators. Human rights groups across the board are criticizing this move by the Russian government. The director for Europe and Central Asia at Human Rights Watch described this regulation as “another milestone in Russia’s relentless crackdown on free expression.”

The question of anonymity over the Internet is indeed an important one in today’s world where the Internet has become a global forum, the voice of the world.  Anonymity provides a safe environment for anyone to publish his or her views without the fear of social, economic or political retribution. This is the reason that anonymity has become an important ingredient to freedom of expression on the Internet.

The trouble with anonymous posting is that it provides people with the liberty of saying anything without any liability. Death threats, racists remarks, sexist remarks, hate speech are all very common on the comments section of websites like YouTube, which allow users to post under a pseudonym or anonymously. The governments around the word are trying to find ways of reducing anonymous activity on the Internet on the excuse of curbing this behavior. In October of 2013, Emily Bazelon, editor of Slate stated that the society would be better off if everyone was forced to put their name to their words. This approach, however, is not strong enough to deny billions of people the right to take part in an online discourse without fear of retribution.

The U.S. Supreme Court has also time and again defended the right to anonymity as being important protection for Ihe internet. Internet offers a new and powerful democratic forum in which anyone can participate. This participation will remain effective only if people enjoy their right to anonymity in this vast system.

 

 

Aastha Ishan
Indian government’s surveillance system and its implications for free speech & privacy

http://www.hrw.org/news/2013/06/07/india-new-monitoring-system-threatens-rights

http://www.livemint.com/Politics/ptlqwYVHJqfAf31PpuKNQP/Indian-government-eavesdropping-chilling-Human-Rights-Wat.html

http://www.business-standard.com/article/news-ani/safeguards-needed-to-protect-privacy-free-speech-in-india-hrw-113060700201_1.html
In 2013, the Indian government embarked on the Central Monitoring System (CMS), with the objective of enhancing the capability of security agencies such as the National Investigation Agency for fighting crime and terrorism, and allowing tax authorities to monitor communications. However, the CMS received more attention than it probably expected as it has been facing opposition from several human rights organizations and activists, such as the Human Rights Watch, due to serious privacy concerns. The system may be defined as ‘a mass electronic data surveillance program’, which enables the government to keep a tab on all phone and internet communications in India, bypassing service providers.

The Human Rights Watch believes that such a surveillance system has chilling implications for free speech and privacy concerns. It is concerned that such a surveillance system has the potential of being used for politically motivated reasons to target any opposition and curb free speech, in covert ways. The project seems to be shrouded in secrecy as very little information has been made available about its working procedure, the standards it follows, who can authorize such surveillance, what data can be collected and other factors. The fear of such data being used for political reasons may not be unfounded, as no information is available on safeguards against interception by political entities, and use of such data to target judges, opposition leaders, media persons etc. carrying out sensitive assignments. These issues raise questions regarding the extent to which government agencies should be allowed to monitor and invade the privacy of its own citizens and how can free speech concerns be balanced in such a situation.

The existing framework, comprised of the Indian Telegraph Act, 1885 and the Information Technology Act, 2000, is not adequate to address such concerns. Although the scope of interception has been narrowed down to five instances (under section 5(2) of the Telegraph Act, 1885) i.e., national sovereignty and integrity, national security, relations with foreign states, public order and incitement to the commission of an offence, questions have been raised if these grounds are too broad for security agencies to get approvals for all interception activities, however weak the basis for such requests may be. This raises concerns of allowing an agency to monitor any citizen without sufficient proof.

To add to it, India’s Privacy Bill is still underway and is yet to receive the Parliament’s assent. Other than that, India does not have an adequate legislations to prevent privacy transgressions. Indian privacy activists are also concerned that the CMS might inhibit free speech and without adequate considerations to citizens’ privacy.

 

 

Madeline Snider

“Yelp Reviews: The New Frontier of Free Speech,” WNYC’s New Tech City

“It would be nice if the rights that we value all played nice with each other – if free speech didn’t butt heads with the right to protect your reputation – but that’s not how it works.” In today’s web-based, reputation-driven marketplace, a few negative comments posted online can cause significant damage to businesses. In the April 30 episode of WNYC’s New Tech City, Manoush Zomorodi and Alex Goldmark discuss how companies are experimenting with new ways to stop bad comments from ruining their business, and the implications of these efforts for the free speech rights of consumers.

In 2008, Jen Palmer purchased less than twenty dollars of merchandise on KlearGear.com. When the items never arrived, and when the company was non-responsive, she penned a scathing review on a consumer website. She signed off as “Jen from Bountiful Utah,” and went on with her life. Several years later, her husband received an email from KlearGear’s counsel, demanding that they take the comments down, or pay up. The Palmers refused, and the couple’s credit tanked when 90 days later the company reported a $3500 fine as unpaid debt. According to the company, in buying the trinkets from KlearGear’s website, the Palmers had agreed to a “non-disparagement” clause in the terms of service that prohibited the posting negative comments about the company. Anywhere. The Palmers sued for damages resulting from the change in their credit score.

As Kurt Opsahl of the Electronic Frontier Foundation points out in the New Tech City report, another way the law has recently been used to combat the reputational effects of online reviews is through copyright law. According to Opsahl, Medical Justice, which provides “medico-legal protection services,” has recently advised doctors to include a copyright clause in the forms that patients sign before receiving treatment. In signing onto the provision, the patient (likely unwittingly) relinquishes any rights to future reviews. If the doctor doesn’t like what she reads, she can demand that they be taken down, or sue to enforce her copyright.

Clauses like these can be expected to have – in fact, are intended to have – chilling effects on speech. Understandably, businesses don’t want people to say bad things about them online. These provisions are intended to make consumers feel sufficiently threatened that they determine that a negative review of their experience with a business is not worth the hassle of damage to their credit or of a court battle. Businesses may be seeking creative mechanisms like these to keep customers from ever posting in the first place because of the difficulty of going after post once it is up – particularly given the degree to which online comments are often posted anonymously, or under a pseudonym.

New Tech City discusses a case, now pending in the Virginia Supreme Court, which raises the issue of the right to speak anonymously, and when that anonymity may be sacrificed in order to allow a business owner to protect himself from allegedly false and malicious comments. The case was brought by Joe Hadeed, who owns a carpet cleaning business in Northern Virginia. Hadeed claims that negative reviews of his business on Yelp have caused him serious harm, and that after cross-checking the posts with his business records, he determined that the comments were not even posted by real commenters.  Hadeed is asking that the courts order Yelp to turn over the names of the users that posted the allegedly defamatory comments.

While there is generally no protection for fraudulent, misrepresentative speech, it is difficult – if not impossible – to evaluate the truth or falsity of the speech unless the identity of the speaker is revealed. Yet the right to speak anonymously is a core part of First Amendment rights. Anonymity is crucial for the protection of free speech because it allows those who advocate unpopular views to speak without fear of retribution. In the context of Yelp – as New Tech City points out – the ability to post anonymously not only protects users from retribution for unfavorable reviews, but also facilitates reviews of businesses – such as plastic surgeons or divorce attorneys – which users might be reluctant to associate themselves with if they had to post their names. In this way, anonymity enables the production of a public resource that would not otherwise exist, and empowers consumers in the marketplace.

But reputation is everything for a small business like Hadeed’s. And the power of malicious commenters may be contextually dependent. Malicious comments may have little impact on sites where the comments section is ancillary to the main content, or where they are quickly lost in a sea of postings. But they may be amplified on a site like Yelp, where the comments are the focus of the website’s content, particularly where only a few reviews have been posted on the business’s profile. Because of limitations under the Communications Decency Act on the liability of intermediaries like Yelp for the content of users’ posts, business owners like Hadeed need to go after the individual posters themselves. But unless businesses are able to identify the posters, they are out of luck. The use of online anonymity to skirt liability for defamation is a very real concern.

There is a tension here – one that courts are just beginning to work through. As online fora are increasingly used to navigate the marketplace – giving consumers the power of review and incentivizing businesses to find ways to control those reviews – we are likely to see an increase in litigation that raise free speech issues.

 

 

Karan Latayan

1. https://www.privacyassociation.org/privacy_perspectives/post/french_court_takes_on_the_privacy_and_hate_speech_dilemma
2. http://indconlawphil.wordpress.com/2014/03/12/the-supreme-court-on-hate-speech-again/

The Right of Privacy as worded out in the Fourth Amendment, and interpreted by legal scholars, limits itself to the protection of secrets and intimacies, or to the walling off of a narrow set of places where it is reasonable to expect that surveillances will not occur. However, with the increasing use of computers and the phenomenal growth of Internet, the law enforcement agencies are faced with the uphill task of finding the right place for information relating to personal identification within the traditional privacy rubric of secrecy, intimacy, or spatial considerations. Moreover, Internet raises some new privacy concerns that were unheard before. This is because, the material that enters the open channels of the Internet spreads so quickly and so far, its persistence and irretrievability amplify the damage it can do. Therefore, the widespread dissemination of information, which does not fall within the traditional privacy domain, poses an exceptional problem.

This particular problem is highlighted in the first article, namely – French Court Takes On the Privacy and Hate Speech Dilemma, whereby the French Court, to curtail online hate speech, outweighed the privacy concerns arising in litigation. On June 12, a French Court of Appeals ordered Twitter to unmask the identities of persons who anonymously tweeted anti-Semitic content in violation of French law. In appeal, however, Twitter argued the once the names of the anonymous users were given, it will bring on a potential harm to their privacy rights. The court ignored Twitter’s arguments stating that if there seems to be any irregularity pertaining to the names being given out pursuant to the lower court’s order, the plaintiff in the action, the Union of French Jewish Students, would be liable for any damages caused to the Twitter users whose privacy was compromised.

However, this strict outlook towards Internet anonymity with respect to hate speech is quite common in other international jurisdictions as well. US Courts, through litigation over the period of time, recognize that there is a right to anonymity within the broad right to expression. Evidently, this is not true according to the French legal standards. India, where the law against hate speech is still in the embryonic stage, recognizes the same principle. The Indian Supreme Court, while dismissing a Public Interest Litigation (PIL), reiterated the constitutionality of Canadian hate speech laws and expressed a desire for the Indian law to follow the same.

 

David Yin

“Tracking the Brothers Katzin”

In May, the Third Circuit will rehear en banc the case of United States v. Katzin. In Katzin, a panel of Third Circuit judges held that the installation of a GPS device on a car by the police requires a warrant, and further held that the police who installed the device could not rely on the Davis good faith exception to the exclusionary rule, though they had installed the device before the Supreme Court held in 2012, in the widely-covered case of United States v. Jones, that installing and monitoring a GPS device on a car constituted a Fourth Amendment search.

The Department of Justice’s petition for rehearing en banc did not challenge the warrant requirement for GPS tracking, so it is likely that the Third Circuit will only review the part of the ruling that there was no good faith exception. However, I would like to use this post to discuss the prior question of whether installing and monitoring a GPS tracking device on a car traveling on public roads requires the police to first obtain a warrant, which the Jones Court left undecided, and which I imagine will one day return to the Supreme Court for an ultimate decision. This question is largely an open question among the circuits; several sister circuits considering similar cases where the GPS tracking took place before Jones split with the Third Circuit to hold that the good faith exception did apply, and did not reach the warrant requirement issue. See, e.g., United States v. Sparks (1st Cir. 2013); United States v. Aguiar (2d Cir. 2013).

The Government’s best argument for why a warrant should not be required is to nestle this search in the “automobile exception.” Under this longstanding automobile exception, recognized since Carroll v. United States in 1925, the Constitution permits the police to conduct warrantless searches of vehicles where there is probable cause to believe that the vehicle contains evidence of a crime. In Katzin, the Third Circuit assumed, but did not decide, that the police did have probable cause. The rationale for the automobile exception is strikingly similar to the argument for why there should be no Fourth Amendment search in Jones. The Supreme Court has explained that “[o]ne has a lesser expectation of privacy in a motor vehicle because its function is transportation…. A car has little capacity for escaping public scrutiny. It travels public thoroughfares where its occupants and its contents are in plain view.” Indeed, a GPS tracking device only obtains information about the vehicle that the owner has placed in public view—its location on public roads. The Third Circuit wrote that the automobile exception was inapposite because searches under the automobile exception are limited to a discrete moment in time, whereas GPS tracking is a continuous search.

One potential flaw in this argument is that the Supreme Court majority in Jones did not accept that the evil of GPS tracking was the fact that continuous monitoring took place, and rejected the D.C. Circuit’s rationale below that one has a reasonable expectation of privacy in one’s movements over the course of an entire month. (I also note that while Alito’s concurrence in Jones seemed concerned that long-term monitoring would be unconstitutional, it left open the possibility of short-term monitoring. In Katzin, the monitoring only lasted two days.) Instead, the Court revived an ancient theory of trespass—the installation by police of a GPS device on private property (a car) was a trespass under common law, and therefore it was a Fourth Amendment search.

This case illustrates a fundamental weakness of holding up Jones as a victory for privacy. Every search under the automobile exception would likely be a Fourth Amendment search under Jones because it involves a technical trespass with the intent to find information. If traditional automobile searches are trespasses that don’t require a warrant because of the inherent properties of the automobile, then perhaps neither should a warrant be required for GPS tracking devices on automobiles. And it’s difficult to see a law enforcement-friendly Court moving away from the automobile exception, which has survived nearly a century.

To escape this conflict, if the Supreme Court has another opportunity to protect the nation from warrantless GPS tracking from the government, it should supplement its milquetoast trespass reasoning by firmly grounding the Fourth Amendment protection against GPS searches in terms of our reasonable expectation of privacy of being free from continuous government monitoring. If no warrants are required before the police may install and monitor GPS devices on cars, then Jones will be even less protective of our privacy than we thought.

 

Junine So

Brazilian “Internet Constitution” Signed Into Law Yesterday

http://www.reuters.com/article/2014/04/23/us-internet-brazil-idUSBREA3M00Y20140423

http://www.businessweek.com/news/2014-04-23/spying-on-rousseff-has-brazil-leading-internet-road-map-reroute#p1

http://www.npr.org/blogs/thetwo-way/2014/04/23/306238622/brazil-becomes-one-of-the-first-to-adopt-internet-bill-of-rights

Yesterday, Brazilian President Dilma Rouseff signed into law an Internet-rights bill known as Marco Civil. This legislation, which has been dubbed an “Internet constitution” and an “Internet bill of rights,” is among the first national Internet laws of its kind.

For privacy and open internet advocates, Marco Civil checks off some boxes but not others. On the one hand, the law enshrines access to the Internet, guarantees net neutrality and limits the metadata that can be collected from Internet users in Brazil. On the other, it requires Internet service providers to comply with court orders to remove libelous and offensive material published by their users, although providers themselves will not be liable for such content. A draft version of the legislation in the original Portuguese can be found here.

Although experts including World Wide Web inventor Tim Berners-Lee have applauded the Brazilian law for balancing the rights and duties of users, governments and corporations while ensuring an open and decentralized Internet, the enactment of the Marco Civil was not entirely uncontroversial. For one, Rousseff’s government had to drop a contentious provision that was added to the bill following revelations last year that Brazilians, including President Rousseff herself, had been the target of surveillance by the United States’ National Security Agency. This provision would have required global Internet companies like Google and Yahoo to store their data on Brazilian users on servers within the country. On the other hand, the Brazilian government refused to drop a net neutrality provision that telecom companies fiercely opposed. This provision prohibits companies from charging users higher rates for accessing services that use more bandwidth, such as video streaming and Skype.

Marco Civil was signed into law just prior to the opening ceremony of the “Global Multistakeholder Meeting on the Future of Internet Governance,” a two-day conference co-hosted by Brazil, the U.S. and ten other countries. This conference marks the first step away from a U.S. controlled Internet and towards a globalized, decentralized model, following the U.S. government’s announcement back in March that it was relinquishing its remaining control over the Internet.

Both the structure of the Marco Civil itself and the collaborative process leading up to its enactment will likely prove to be a template for future Internet legislation in other countries.

 

 

Noori Torabi

The Evolving Regulatory Landscape for Health App Developers.

The widespread adoption and use of mobile applications (apps) is opening new and innovative ways to improve health and health care delivery. Apps can help people manage their own health and wellness, promote healthy living, and gain access to useful information when and where they need it. With the ever-increasing pace of app development and adoption, a comprehensive yet flexible regulatory regime that promotes innovation and at the same time protect customers’ health and safety is now needed more than ever.

Last September, the U.S. Food and Drug Administration (FDA) issued final guidance for mobile medical apps. (http://www.fda.gov/newsevents/newsroom/pressannouncements/ucm369431.htm). The FDA will apply the same risk-based approach the agency uses to assure safety and effectiveness for other medical devices. Therefore, the FDA’s regulatory oversight will be focused on apps that are intended to be used as an accessory to a regulated medical device, or transform a mobile platform into a regulated medical device. FDA has also published draft guidance on cyber security in medical devices. (http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm356186.htm). The guidance is similar to the HIPAA omnibus in some ways, namely it’s emphasis on risk analyses, which, under the draft guidance, companies will be required to complete to secure clearance for new medical devices.

However, FDA is only one among several agencies that have started to focus their regulatory attention to mobile medical apps. Other regulatory entities in this landscape include the FCC, the FTC, the Office for Civil Rights, which enforces HIPAA, and state attorneys general. However, Sharon Klein, the chair of Pepper Hamilton’s Privacy, Security and Data Protection practice, thinks that “[t]he regulatory overlap is confusing and in some instances it’s duplicative”. (http://mobihealthnews.com/29336/health-app-makers-face-privacy-and-security-regulation-from-many-quarters/). To bring some order in, Congress passed the FDA Safety Act of 2012, which has mandated that the department of Health and Human Services (HHS) produce a report with a strategy and a recommendation, dealing with mobile health apps, which would balance innovation, patient safety, and avoid regulatory duplication. In April 3, 2014, HHS released a draft report that includes a proposed strategy and recommendations for a health information technology framework. (http://www.hhs.gov/news/press/2014pres/04/20140403d.html). The report was developed by the FDA in consultation with HHS’ Office of the National Coordinator for Health IT (ONC) and the FCC.  The FDA seeks public comment on the draft document.

In the meantime, ONC has launched new site offering guidance for physicians and hospitals to deal with HIPAA compliance in the bring-your-own-device era. (http://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security). This site offers advice for health care providers, as well as educational materials such as a series of four posters to hang in the break room reminding employees of their mission to protect patient data. It also offers videos, fact sheets, frequently asked questions (FAQ) lists and other advice content for health care providers to shore up their mobile device security. Hopefully all these regulatory efforts will soon converge into a comprehensive and flexible framework to promote innovation while maintaining patient safety and information health privacy.

Wei Xu

China: Draft rules to introduce first personal health data protection framework Updated: 20/02/2014

Public consultation on a draft regulation on the administration of personal health information (PHI) (‘the regulation’) – published by the Chinese National Health and Family Planning Commission (NHFPC) on 19 November 2013 – closed on 20 December 2014. PRC laws and regulations have long protected the general concept of a “patient’s privacy,” without providing specific guidance for what all is encompassed by this term. The regulation, when promulgated, will be the very first dedicated framework for the protection of PHI in China.

Under the regulation, greater protection will be accorded to PHI, such as the requirement to inform the data subjects of the purpose of data collection and obtaining their consent, and prohibiting the collection or use of PHI for commercial reasons. Furthermore, health institutions will be required to establish rules on identity verification and access to databases containing PHI and the storage of PHI will be restricted to servers located in China. However, the purpose of the regulation provided under Article 1 it to regulate the collection, regulation ans share of PHI, to guarantee the security of PHI and to support the development of health and science industry—the protection of personal privacy has not been mentioned. Besides, under the regulation, there are no practical and specific remedial measures for contravention of its provisions. Like Mr. Louvel said in this news, ” (the regulation) looks more like a promise for the future!” PRC health data management law still has a long way to go.

Brittany Melone

http://www.cnn.com/2013/04/04/tech/mobile/facebook-home-five-questions/index.html?hpt=te_t1

http://online.wsj.com/news/articles/SB10001424052970204190704577024262567105738

http://www.cnn.com/2013/04/09/tech/privacy-outdated-digital-age/

During Wednesday’s Milbank Tweed Forum, Microsoft General Counsel Brad Smith spoke about the future of privacy law and asked if people, especially young people, still care about privacy. Smith turned to the tech behemoths of Facebook and Google to address this question. He posited that Facebook seemingly knows everything there is to know about you, so if people voluntarily share volumes of information about themselves, how can we say they still care about their privacy? However, Smith stated that people around the world still believe that privacy is important. To demonstrate this belief, Smith charted Facebook’s smooth rise in popularity and contrasted it to MySpace’s swift decline. In 2007, MySpace had more than four times as many users as Facebook had; whereas today I think it is a reasonable question to ask if MySpace even still exists. Smith attributed Facebook’s popularity to the fact that, as opposed to MySpace, the default Facebook settings were to share personal information only to people who you chose to connect with. Oppositely, the default settings for MySpace were to share everything you posted on the site to the entire world. Smith concluded that people want to share more information now about themselves, but they want to share it only with a certain number of people or identifiable “friends.”

The Wall Street Journal recently put together a panel to discuss the same issue that Brad Smith discussed on Wednesday: what does privacy mean to people in the digital age? One panelist, Jeff Jarvis, an associate professor at the CUNY Graduate School of Journalism, warns against “over-regulating” privacy so that our society retains the benefits of “publicness and sharing.” Jarvis believes that, “Our new sharing industry is premised on an innate human desire to connect. These aren’t privacy services. They are social services.” Another panelist, Dr. Danah Boyd, a senior researcher at Microsoft, added that people still want privacy, but they also want to share their experiences and make some of them public. The key for Dr. Boyd is empowering people to make their own decisions about what information is available on the Internet;  “People want to share. But that’s different than saying that people want to be exposed by others.”

A third panelist, Stewart Baker, a partner in Washington, D.C., at the law firm of Steptoe & Johnson, is of the opinion that privacy is a notion of the past. Baker believes that no one today thinks that photography is a privacy violation. (I’m sure however that many people think being photographed is indeed a privacy violation.) Baker wants people living in the 21^st Century to realize that “keeping data hidden is a hopeless task…in the end,” Baker says, “we will adjust. Privacy is the most adaptable of rights.”

The launch of the Facebook Home App has reignited the discussion of whether or not people still believe there can be a level of privacy attainable while subscribing to social networks, such as Facebook. CNN supposes that with the introduction of Facebook Home and other similar apps that “in today’s world, the documentation of our every move and every desire is becoming increasingly inescapable.” Wired editor David Rowan reflects that, “It also could be argued that privacy is a long-dead illusion that is fast becoming an outdated concept.” Smith’s introduction of the remark of Ray Kurzweil at Wednesday’s forum is a fitting close; Google will soon know you better than your spouse does.

 

 

Rachel Goodwin

http://articles.latimes.com/2014/jan/10/news/la-pn-obamacare-data-breach-house-vote-20140110

 

The Obamacare website security breaches raised enough concern for even an incredibly inactive House of Representatives to pass a bill to address it. The situation highlighted the particular concerns surrounding sensitive health information. It also highlighted differences between government and corporate action.

 

 

At the same time that people were raising concerns about the Obamacare website’s security, Target suffered a breach of thousands of consumers’ data. However, as the congressmen noted, Target consumers willingly interacted with Target and shared their information. While we may argue over the level of choice involved in interacting with different companies, it is certainly higher than in most of our interactions with the government. In this case, many were compelled by their employers to obtain coverage through the Obamacare website. The government also compelled the interaction in a sense, by leveling a penalty on those that did not register. To the extent that we care about consumer choice in such privacy matters, the Obamacare security breaches were particularly concerning.

 

The breaches were all the more concerning because they involved health information. Because information about people’s health feels particularly intimate, these breaches felt particularly threatening.

In order to sign up for health coverage people had to turn over information they would never want their employers to know for fear of discrimination. While the plethora of sensitive data on our consumption patterns has spurred committee meetings and vague resolutions, the potential breach of health information felt private, personal, and threatening enough to spur a dormant House to action.

 

Julie Simeone

Microsoft Defends Its Right to Read Your Email & Then Quickly Decides It’s Actually A Bad Idea To Snoop

http://money.cnn.com/2014/03/21/technology/security/microsoft-email/

http://www.forbes.com/sites/kashmirhill/2014/03/28/microsoft-decides-its-actually-a-bad-idea-to-snoop-through-users-emails/

In 2012, Microsoft uncovered that one of its former employees had leaked certain proprietary software to a blogger. Following this discovery, the legal team at Microsoft green-lit an emergency “content pull” whereby Microsoft investigators entered bloggers’ Hotmail accounts and read through emails and IMs. On March 19, 2014 this investigation ended with the arrest of Alex Kibkalo, a former Microsoft employee then residing in Lebanon

In certain federal court filings, the company defended its decision to pour over these emails and instant messages in the name of “track[ing] down and stop[ping] a potential catastrophic leak of sensitive information software.”[1] A blog post by one of Microsoft’s lawyers justified the response, saying that the company “took extraordinary actions based on the specific circumstances.” Pertinent here (for exam takers, and others) is that the company rationalized this investigation by reference to its terms of service: “When you use Microsoft communication products—Outlook, Hotmail, Windows Live—you agree to ‘this type of review . . . in the most exceptional circumstances.’”[2] Microsoft added that the terms of use give it the right to “access or disclose information about [the customer] . . . to protect the rights or property of Microsoft.”[3]

But only a week later, Microsoft double-backed, rethinking this position. General Counsel, Brad Smith commented that this type of investigation would not be Microsoft’s practice going forward: “[R]ather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.” Smith was certain to note that Microsoft was operating within its legal capacity in pouring over the emails and IMs, while recognizing that reliance on formal legal processes is appropriate in these types of situations.