ILI Student Blog

Blog

  • Do Not Track Bill May Curb Some Unwanted Spying on Internet Activity

    A bill has been introduced to Congress that would give consumers a right to block certain companies from tracking consumer Internet activities, and the Federal Trade Commission (FTC) Chairman is predicting congressional action on Internet privacy if industry doesn’t make progress on self-regulation.  The bill, titled the “Do Not Track Me Online Act,” was introduced to the House on February 11 by Rep. Jackie Speier (D-CA).  It directs the FTC to establish regulations that would prohibit the collection or use of information relating to online activities if a consumer “opts out” of such tracking.  Industry observers believe the opt out mechanism would most likely take the form of signal, or “flag,” from customers’ Internet browsers to commercial entities.

    FTC enforcement is the heart of privacy regulation in online commercial dealings in the United States, but the agency’s activity has been confined primarily to action against companies for breach of their own privacy promises.  Regulations under “Do Not Track” would expand the FTC’s reach and effectively give consumers—backed by FTC enforcement—the ability to control companies’ privacy practices via an opt out.

    The control offered under the proposed bill would be subject to several limitations however.  The prohibition on tracking would not apply to federal and state governments or to certain smaller-scale commercial entities.  Due to the FTC’s limited statutory jurisdiction, the regulations would also not apply to many financial institutions, to telecommunications carriers, and to airlines.  In addition, the bill gives the FTC authority to exempt certain “commonly accepted commercial practices” from the regulations.  As such, the opt-out requirement may not apply to tracking that takes place on “primary” websites, such as Facebook, visited by a customer (“first-party” tracking), as opposed to tracking by third-party advertisers or data collectors.

    Also notable is the bill’s choice of an opt-out model, rather than a default rule that would bar consumer data retention unless a consumer opts in.  When put to the choice, industry generally favors an opt-out, instead of opt-in, rule.  Opt-out rates are historically very low, despite an apparently overwhelming consumer preference for greater online privacy.

  • Plaintiffs Suing ‘Girls Gone Wild’ Creator Get Second Shot to Proceed Anonymously

    Recently, the U.S. Court of Appeals for the Eleventh Circuit has ruled that plaintiffs suing the producers of the “Girls Gone Wild” videos for filming them engaging in sexually explicit acts while minors may proceed anonymously in court (Plaintiff B v. Francis, 11th Cir., No. 10-10664, 2/1/11).  The District Court for the Northern District of Florida had previously held that the plaintiffs would not be able to proceed anonymously because their conduct was “casual and voluntary.”  The Court of Appeals held that the district court abused its discretion in determining that the sexual acts depicted in the videos were “casual and voluntary” and in failing to properly consider the potential harms to the plaintiffs if they were not allowed to proceed anonymously.

    The decision shows a willingness to deem most sexual conduct as not “casual” and thus a matter of “utmost intimacy” which can defeat a presumption of openness in the courts.  The Court also recognized that modern technology could very well lead to a life-long branding of the plaintiffs as “sluts” and “stars” of the videos, given the ease of information flow over the internet.  That ease of information flow seems to have pushed the Court to protect the alleged victims of reputational damage from the release of depictions of sexual conduct, even as slight as one minute of “flashing.”

    The case is currently on remand to the district court to determine if allowing the plaintiffs to proceed anonymously comprises an unconstitutional prior restraint on speech.

    79 U.S.L.W. 2012

    Full Court text at http://pub.bna.com/lw/10664.pdf

    Additional links:

    http://news.bna.com/lwln/LWLNWB/split_display.adp?fedfid=19598219&vname=lw1notallissues&fn=19598219&jd=19598219

    http://www.firstamendmentcoalition.org/2011/02/girls-gone-wild-suit-allowed-to-proceed-anonymously/

    http://www.waltonsun.com/news/girls-90554-newsherald-gone-panel.html

  • PRG Privacy Comments

    Professor Ira Rubinstein’s comments to the FTC:

    Comments

    Professor Helen Nissenbaum’s comments:

    NissenbaumIPTFComments

  • Data Protection @ CSLS University of Oxford

    At a recent conference on information ethics, organized by the Uehiro Center at Oxford University, I met David Erdos, who presented work on challenges confronting the EU approach to data protection. Really interesting, particularly for those who believe that the EU has all the answers on privacy protection. Here is some background on the project and its institutional home:

    DP@CSLS is a research strand within Oxford University’s Centre for Socio-Legal Studies which brings together scholars and practitioners interested in data protection, privacy and the regulation of information. The Centre hosts the three-year Data Protection and the Open Society (DPOS) project funded by the Leverhulme Trust. This project explores and seeks to help resolve the tension between data protection and the fundamental values of freedom of expression and information. Four overlapping sub-projects within DPOS look at data protection foundations, media and internet, research governance and transparency initiatives. Student projects on social networking sites and surveillance are also ongoing. These projects examine the relationship technology, privacy and copyright as well the interaction between data protection and general human rights law. In addition, DP@CSLS organizes seminars, study groups and other initiatives designed to promote dialogue on these emerging issues. Currently our events are focused on making a contribution to the debate surrounding the rewriting of the European Data Protection Directive. For further information please visit http://www.csls.ox.ac.uk/dataprotection and http://www.twitter.com/oxondataprotect. To get in touch with DP@CSLS please contact Dr. David Erdos at david[.]erdosATcsls[.]ox[.]ac[.]uk.

  • Washington Post on Domestic Spying

    A in-depth report Monday in the Washington Post describes the expanding apparatus of US domestic intelligence since the September 11th Terrorist Attacks, including fusion centers, the new Suspicious Activity Reporting Initiative and the FBI’s Guardian Database. The article is well worth reading, but it is missing a bit of legal context that is important to an understanding the government policy that is driving the change.

    US domestic intelligence is being expanded under the authority of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004. This was the first and most comprehensive legal response to the recommendations of the 9/11 Commission. It outlined a wholesale rewiring of the domestic intelligence apparatus and the establishment of an Information Sharing Environment (ISE). The nationwide suspicious activity reporting initiative (NSI), which journalists Dana Priest and William M Arkin mention briefly, is the primary focus of the ISE today. It includes its own federal data standard. The “See something say something” campaign which has been getting so much press recently is simply one facet of the NSI, the focus of which up until recently has been training local and state police to be intelligence agents. For a wide range of public documents that provide coverage of the NSI and ISE, see post-doc Kenneth Farrall’s isesar.us web site, developed with the support of NYU’s Department of Media, Culture and Communication and a grant from the Department of Defense.

  • Commerce Department Report

    On December 16, 2010, the U.S. Commerce Department released its report, Policy Framework for Protecting Consumer Privacy Online While Supporting Innovation. It will be interesting to compare and contrast.

  • FTC Staff Issues Privacy Report

    From the FTC: “The Federal Trade Commission, the nation’s chief privacy policy and enforcement agency for 40 years, issued a preliminary staff report today that proposes a framework to balance the privacy interests of consumers with innovation that relies on consumer information to develop beneficial new products and services. The proposed report also suggests implementation of a “Do Not Track” mechanism – likely a persistent setting on consumers’ browsers – so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities.”

    Find the report here.

    Find the full release here.

  • Ultimate Privacy: How to Disappear, Erase Digital Footprints & Vanish Without a Trace

    Interesting Network World article posted in mid September: “As privacy seems harder to hold onto in this digital age, privacy expert Frank Ahearn can help you legally poof and fall off the grid….”

  • Flight attendants union upset over new pat-down procedures

    From a Phoenix local ABC station, widespread complaints over increasingly invasive manual inspections that follow the decision to opt out of body scanning.

  • The Nevercookiemonster

    Short but sweet post demonstrating why proof of concept hacks are very helpful! from SecurityWeek. Click here.

    November 10, 2010 9:18 am