Blog

Note the location of MySpace. Amazing how rapidly the value of Internet-based intellectual property can plummet. Note the cyber-police at the bottom right, as well (image from Mashable.)

ArsTechnica reports that the California legislature is currently considering an anti-piracy bill that threatens to undermine privacy in a big way. Proposed by Senator Padilla, SB 550 would prohibit a person who manufactures optical discs for commercial purposes from making, possessing, or adapting any optical disc mold for the purpose of applying a forged, false, or deceptive identification mark or identifying code (under existing California law, every person who manufactures an optical disc for commercial purposes to permanently mark the manufactured optical disc with an identification mark or a unique identifying code). See Legislative Digest. In an attempt to bolster the ability of law enforcement to catch violators, SB 550 also provides for warrantless searches of commercial disc manufacturing facilities and warrantless seizures of violating discs. Wow.

According to §7 of the bill, officers “whose primary responsibilities include investigation of high-technology crime or intellectual property piracy” are authorized to perform inspections at commercial optical disc manufacturing facilities to verify compliance with the bill. This search can be executed without prior notice. Officers performing inspections have the authority under the bill to, among other things:

(1) Take an inventory of all manufacturing equipment, including the identification mark or unique identifying code that any piece of equipment has been modified to apply.

(2) Review any optical disc, manufacturing equipment, optical disc mold, or production part.

(3) Seize any optical disc or production part manufactured in violation of the law.

(4) Obtain and remove four samples each of the optical discs molded by each mold that has been used or could be used to manufacture optical discs.

Again, wow.

Available at:
http://news.yahoo.com/s/ap/20110424/ap_on_hi_te/us_wi_fi_warning

In Buffalo, a 25-year-old guy logged in to his neighbor house’s Wi-Fi connection and downloaded child pornography through the wireless signal.

Firstly, the FBI agents suspected the homeowners. They denied and agents tapped away at the homeowner’s desktop computer, eventually taking it with them, along with his and his wife’s iPads and iPhones.

Within three days, investigators determined the homeowner had been telling the truth: If someone was downloading child pornography through his wireless signal, it wasn’t him. About a week later, agents arrested the guy and charged him with distribution of child pornography. The case is pending in federal court.

Experts say the more savvy hackers can go beyond just connecting to the Internet on the host’s dime and monitor Internet activity and steal passwords or other sensitive information.

This case revealed two major issues. One is how to protect privacy of Wi-Fi users and the other is whether internet users are legally responsible to secure their wireless connections to prevent others from illegally downloading data.

Controversy over revelations regarding iPhone and iPad location tracking has been growing quickly. As the New York Times reports, the German, French, and Italian governments have either started or will soon start investigations into whether the tracking violates those countries’ respective privacy laws. In the United States, Senator Al Franken of Minnesota and Congressman Edward Markey of Massachusetts have sent letters asking for further explanation from Apple.

A letter from Apple’s general counsel to Congressman Markey last July suggests that the data is in fact being transmitted to Apple for use in its location-based services. However, the letter indicates that location data is anonymized and only collected when users agree to use location-based services. Last Friday, Google confirmed that it collected similar data from Android users for similar location-based service purposes, again anonymized and with user consent.

Some commentators have questioned the need for retaining the location data on users’ devices, arguing that it leaves them vulnerable to hackers who would be able to learn a user’s day-to-day movements. Others question whether users are fully informed about the extent of location tracking due to the sometimes-vague and difficult-to-understand privacy policies that describe its use.

The New York Times article also reports that the data has been used for law enforcement purposes, raising interesting questions about the applicability of the Stored Communications Act and the 4th Amendment to such data. Though the article doesn’t specify the legal basis upon which law enforcement gathered this data, it seems possible that the SCA would apply. Would a court hold that compelling Apple to produce such data under the SCA but without a warrant violates the 4th amendment, much like the compelled e-mail production in United States v. Warshak? On a related note, the ACLU recently reported that Michigan State Police officers have been using forensic cellphone analyzers to download the contents of smartphones during routine traffic stops. The ACLU has issued a FOIA request for more information on this practice, but the Michigan Police have requested over $500,000 from the ACLU to cover the costs of retrieving and assembling such documents. Given the recent revelations about location tracking on Apple products it seems plausible that such data collection from Apple users could include the location-tracking file, thus possibly giving the police information about the user’s every move for the past few months.

http://legaltimes.typepad.com/blt/2011/04/doj-pitches-gps-surveillance-case-to-supreme-court.html

http://legaltimes.typepad.com/files/doj_gps_cert.pdf

On Friday, the Solicitor General filed a certiorari petition with the Supreme Court to resolve a circuit split on whether a warrant is required for GPS surveillance. The case, United States v. Jones, involves the government’s use of GPS tracking technology to monitor a person’s movements on public roads for an extended period of time.

As part of an investigation into the defendant’s supposed narcotics distribution, the FBI placed a GPS tracking device on defendant Jones’s Jeep, tracking its movements 24 hours a day for 4 weeks. The FBI’s prolonged tracking of Jones without a warrant raised serious 4th Amendment and privacy concerns. On appeal of his conviction in the D.C. Circuit, Jones argued that the Government’s use of a GPS device constituted a violation of his reasonable expectation of privacy and was a breach of his 4th Amendment right. The Government relied on United States v. Knotts for the position that the tracking of a suspect on public roads does not constitute a search. In Knotts a beeper was placed in a container containing chemicals used in the production of methamphetamine to track the suspect’s vehicle from the purchase location to his cabin. The Court of Appeals held that Knotts did not control as it did not address the issue of a prolonged, dragnet type surveillance. The Court reasoned that while the movement of the defendant in Knotts, from one location to another, was readily exposed to the public, the totality of Jones’s movements over the course of a month was not. The aggregation of Jones’s movements for an entire month reveals intimate details that a single trip would not and therefore there was a reasonable expectation of privacy in those movements.

The D.C. Circuit’s adoption of this “mosaic theory” of privacy puts it at odds with the Seventh, Eighth, and Ninth Circuits, all of which permit warrantless GPS surveillance. The Government maintains that the D.C. Circuit’s contrary holding will hamper the ability of law enforcement to collect evidence to establish probable cause at the onset of an investigation. It also makes a slippery slope argument, fearing that wider acceptance of the “mosaic theory” will jeopardize other longstanding investigatory techniques used to collect public information on criminal suspects.

The Jones case presents the Court with the opportunity to revisit its thirty-year-old holding in Knotts and squarely address whether the aggregation of otherwise public information through sophisticated technological means changes the nature of a suspect’s privacy expectations. It remains to be seen whether the Court will, in Jones or a future case, follow the lead of a number of states that have imposed a warrant requirement in these circumstances.

Article Link: http://www.latimes.com/business/la-fi-do-not-track-20110406,0,3461978,full.story
Link to Bill: http://dist27.casen.govoffice.com/index.asp?Type=B_BASIC&SEC={2C530FAF-6F85-4236-BB30-293D33F815E5}

Continuing the groundswell of support for Do-Not-Track across the nation, California State Senator Alan Lowenthal (D-Long Beach) introduced legislation that would force Internet companies doing business in California to allow consumers to opt out of online monitoring. If passed, California would be the first state to have a do-not-track law. Lowenthal is hoping that passage in democratically controlled California could act as a “stimulus to the rest of the nation.”

The proposed bill broadly applies to all connected devices, likely requiring software updates to many existing smart phones, computers, tablets, and Internet TVs. It empowers the state attorney general to issue regulation requiring that websites give users a simple method to block tracking. The bill allows individuals and the state attorney general to target violations with civil suits.
The bill is backed by a number of advocacy groups, including Consumer Watchdog, Privacy Rights Clearing House, Common Sense Media, and the California Consumer Federation. However, the Interactive Advertising Bureau, a digital marketing industry group, criticized that a strict reading of the legislation, SB761, would prevent websites from collecting innocuous information that could hurt the user experience. IAB also believes that the bill could be an unconstitutional restriction on interstate commerce.

Not long ago, denizens of the web were thrown into a frenzy by Chatroulette, an innovative website that randomly paired visitors with webcams for impromptu video chats.

Hot off the HackerNews presses, meet RandTXT – Chatroulette for text messages. RandTXT allows anyone with a cell phone to anonymously send a text message to a randomly selected person and receive an anonymous reply from that person.

The instructions are simple: “(1) Send a (random, funny) text message to (650) 681-0830; (2) you’ll immediately receive a random text message from another person; (3) reply to the random text you just got; (4); get a reply to the original random text you sent.” All chat exchanges are posted to a public website that displays the originating phone’s area code but nothing else.

As with Chatroulette, the content runs the gamut from extremely obscene to serious, with almost anything in the middle. My favorite exchange so far:

Original Message: Is a hippopotamus a hippopotamus or just a really cool opotamus?
Reply Message: The latter

At first blush, this probably seems like a very minor addition to the technological landscape. After all, Twitter basically allows users to do the same thing – send short text messages. Yet there is something deep at the heart of RandTXT that is missing in Twitter – intimacy. Up until now, SMS has retained its status as a uniquely personal mode of communication. Unlike a tweet, which is broadcast to the world (or a limited number of followers), an SMS message is plain text’s version of the phone call. As a result, it brings with it a different set of contextually-rooted principles of information flow.

To give an example, one might well tweet one’s breakfast (particularly a delicious one), but one would probably not send an SMS to one’s friend solely to report this fact. While Twitter has become a forum for open contemplation and whimsical revelation, SMS is, or at least has been, a tool for more formal and personal communication. The social importance of SMS is evident in the sheer number of SMS-oriented applications that have proliferated on the iOS and Android mobile operating systems. Fast Society, Beluga, Disco, GroupMe – the list could go on. These applications offer very little that email does not. Yet they are extremely popular. For some reason, the SMS message holds a degree of appeal that other forms of communication can’t match.

If you buy my assertion that SMS is a more intimate protocol, then RandTXT becomes a lot more exciting. This is because RandTXT brazenly pulls SMS inside-out. The resulting cognitive dissonance – of using a private non-anonymous protocol (SMS) in a decidedly public and anonymous way – is thrilling.

OK – so it’s thrilling. Lots of online experiences are. But why should we care about this one? The thrill of services such as RandTXT and Chatroulette draws people into a mode of interaction they can’t find elsewhere. As a result, these services have enormous expressive potential. This is not to say that such open-ended services don’t have problems. As Jonathan Zittrain has famously pointed out, generativity can be a risky proposition. Plenty of objectionable content has surfaced on services such as RandTXT and will continue to do so. Yet insofar as Chatroulette and RandTXT users enjoy a social surplus from the new experience, and this surplus outweighs the loss caused by objectionable content, these services are worth supporting.

Which brings me to what I suppose is the point of this post – specifically (a) that opportunities for anonymity and pseudonymity on the web are shrinking, and (b) that this isn’t a good thing. While false identity allows those with impure motives to wreak havoc, it also empowers new (and old) methods of communication and human interaction. These methods of communication and interaction can advance not only our constantly-evolving discourse but also our understanding of ourselves. To the extent that privacy law exists to protect our right of expression, it should take care to make sure that the increasingly “identifying” Internet preserves a place for the delightfully obscured.