Recently in Privacy Category

[Headline Redacted]

The Foreign Intelligence Surveillance Court of Appeals released a redacted version of its ruling from August 2008 upholding the constitutionality of a statute authorizing an intelligence program to wiretap international phone calls and intercept e-mail messages without a specific court order.

In re: Directives [redacted text]* Pursuant to Section 105B of the Foreign Intelligence Surveillance Act (No. 08-01)

The court holds that "a foreign intelligence exception to the Fourth Amendment's warrant requirement exists when surveillance is conducted to obtain foreign intelligence for national security purposes and is directed against foreign powers or agents of foreign powers reasonably believed to be located outside the United States."

The New York Times, Intelligence Court Rules Wiretapping Power Legal, "The decision marks the first time since the disclosure of the National Security Agency’s warrantless eavesdropping program three years ago that an appellate court has addressed the constitutionality of the federal government’s wiretapping powers. In validating the government’s wide authority to collect foreign intelligence, it may offer legal credence to the Bush administration’s repeated assertions that the president has the power to act without specific court approval in ordering national security eavesdropping that may involve Americans."

Lyle Denniston, SCOTUSblog, Intelligence wiretap power upheld: "In a case that potentially could go to the Supreme Court, a special federal appeals court that operates almost entirely in secret has ruled that Congress did not act unconstitutionally in giving the government power to order telecommunications companies to aid in warrant-less national security wiretapping — eavesdropping mainly aimed overseas, but possibly reaching inside the U.S. and American citizens."

David G. Savage, Los Angeles Times, Court calls warrantless wiretapping legal: "The decision confirms what Bush administration officials and some legal experts have long argued. Although the Constitution protects the privacy rights of Americans against 'unreasonable searches and seizures,' this principle does not bar U.S. spy agencies from conducting surveillance aimed at foreign targets abroad."

The Washington Post, Intelligence Court Releases Ruling in Favor of Warrantless Wiretapping: "The opinion, written by the court's chief judge, Bruce M. Selya, was extraordinary in several respects: It was partly redacted, and it referred to court pleadings that remain sealed. The ruling also hinged partly on a detailed, secret account by the government to the court of its surveillance procedures in 2007."

UCLA Law professor Doug Lichtman hosts The Intellectual Property Colloquium- a series of hour-long podcasts of conversations with leading legal thinkers about current issues in IP law.

Professor Lichtman writes, "The conversation is about the legal rules that apply when sites like Facebook, LinkedIn, and MySpace gather private information from their users. Does Facebook have any liability, for instance, if a user uploads some scandilous tidbit that turns out to defame someone else? What if Facebook uses that information to help its advertisers or indeed imbeds it in some advertising tool like Beacon? My guests are GW Law Professor Dan Solove (an expert on high-tech privacy issues and author of several pop-press books on point) and Santa Clara Law Professor (and former GC of epinions.com) Eric Goldman."

And listeners can earn free CLE credit in NY and California now, with other jurisdictions coming in January.

Subscribe in iTunes.

Cultivating Online Personas

In New York Magazine, Rex Sorgatz lays out a few simple steps for finding internet fame, The Microfame Game and The New Rules of Internet Celebrity -- New York Magazine: "It's easy to be cynical about this new class of celebrity. The lines between empowerment and self-promotion, between sharing and oversharing, between community and cliques, can be blurry. You can judge for yourself whether the following microcelebs represent naked ambition, talent justly discovered, or genius marketing. The point is that renown is no longer the exclusive province of a select few. Nano-celebrity is there for the taking, if you really want it."

While some personalities seek out internet fame, others have it unwittingly thrust upon them.

At Concurring Opinions, Deven Desai asks, Do We Need an Internet Ed. Class?
"Internet Ed. at an early stage might address the possible generation gap in understanding what is privacy and how the Internet works. Like driving, using the Internet can open up tremendous possibilities for fun and for work. Like driving, irresponsible or uninformed Internet use can lead to undesired consequences. Like driving, horror stories of how a picture from a drunken party ruined someone’s job prospects may not deter irresponsible Internet behaviors across the board. Still, by setting out the way in which irresponsible or immature behaviors such as sharing too much information about one’s personal life, not checking about how a site uses personal financial information, and childish rants can affect one’s life, people would have some sense of the possible repercussions of their acts."

I agree that education about how to avoid undesired online notoriety (or maintaining personal privacy) is important, but only half of an "internet ed" class-- the other half is on information literacy-- the skills of finding reputable sources of information and assessing the quality of sources and channels. This includes not only sources of academic research, but also e-commerce sites and social networking sites.

Remember Facebook's Beacon program? That's the program that uses Facebook user's purchase information on partner websites to advertise those websites to the user's social network. Here are a couple of posts on the controversy from David at Inside the Marketer's Studio blog that explain the controversy: Facebook Social Ads Need an Opt-Out

Facebook's About Face on Social Ads (Finally)

A Texas plaintiff filed a class action suit against Blockbuster for violating the Video Privacy Protection Act, U.S.C. § 2710 by releasing customers' video rental records with Facebook.

Complaint in Harris v. Blockbuster

MediaPost reports: Blockbuster Sued For Participating In Facebook's Beacon Program: "A Texas resident has filed a federal lawsuit against Blockbuster for participating in Facebook's Beacon program, which tells members about their friends' e-commerce activity. In the lawsuit, quietly filed last week, Dallas County resident Cathryn Elaine Harris claims that Blockbuster violated the federal Videotape Privacy Protection Act by sharing information about her movie rentals and sales with Facebook without first obtaining her written consent."

And here's a thoughtful analysis from December on applying the VPPA to Beacon from James Grimmelmann, Facebook and the VPPA: Uh-Oh

Assorted Reading

Privacy and Anonymity
Kevin F. Berry, Law.com: How to Unmask an Anonymous Blogger: "When does it make sense to spend the time and expense necessary to determine the identity of an anonymous blogger who is damaging the company?"

New York Times: The Theater of the Street, the Subject of the Photograph: "The suit was dismissed last month by a New York State Supreme Court judge who said that the photographer's right to artistic expression trumped the subject's privacy rights. But to many artists, the fact that the case went so far is significant."

Digital Music and Movies
At Last, Movies to Keep Arrive on the Internet - New York Times: "Six major studios plan to begin selling movies over the Internet today that buyers can download and keep for watching at any time.…New movies will cost about $20 to $30 to download"

John Gruber, Daring Fireball: The iPod Juggernaut: "In short, and I mean this in the nicest way possible, Apple’s iPod competitors are totally fucked."

MP3 Insider: The truth about your battery life. It takes more processing power to play tracks with DRM. That processing power shortens the battery life of portable digital music players. "The Archos Gmini 402 Camcorder maxed out at 11 hours, but with DRM tracks, it played for less than 9 hours. The iRiver U10, with an astounding life of about 32 hours, came in at about 27 hours playing subscription tracks. Even the iPod, playing back only FairPlay AAC tracks, underperformed MP3s by about 8 percent."

British Court Hears Apple v. Apple and 'Le Freak': "In a clash of cultural icons, the Beatles' record company, Apple Corps, wants Apple Computer to stop using its familiar logo, in the shape of an apple with a bite out of it, on the iTunes Music Store. Apple Corps contends that the use of the logo infringes on a 1991 agreement, which it says barred Apple Computer from using the logo in connection with the sale of music."

Copyright
Creative Commons Canada: Dutch Court upholds Creative Commons licence: "Photographs made available on flickr.com under a Creative Commons Attribution-Noncommercial-Sharealike license may not be reproduced in a weekly magazine without the author’s permission."

Raymond Nimmer: Can I download it to try out the music?: "No, not unless the copyright owner permitted or invited that. The idea that downloading a file is permitted because it is so easy on Internet is simply wrong. Downloading is copying and infringement. Indeed, it can have massive adverse effects on copyright owners."

Slate: The Dan Brown Code: "Dan Brown, author of the mega-selling The Da Vinci Code, has brought forth his most thrilling piece of writing to date: a court document. Brown, who is being sued for copyright infringement in London by the authors of Holy Blood, Holy Grail, filed a 69-page witness statement with the British courts back in December.… In its textures—it is at turns snotty, contemplative, and disarmingly personal—it is clear Brown intended the brief less as a legal defense than as a literary memoir."

DRM
Silicon Valley Media Law Blog: Materials from talk on DRM: law and technology

Mark Cuban: Digital Rights Management - The coming collateral damage: "Unfortunately for content owners, digital rights/copy protection schemes have always proven crackable. No matter how smart the good guys think their programmers are, the bad guys have programmers that are just as smart. More importantly, the good guys have to build the perfect protection scheme, impenatrable by any of infinite number of possible attacks."

Here are some links discussing the Constitutionality of the Bush Administration's warrantless electronic surveillance program as well as related issues:

Congressional Research Service: Presidential Authority to Conduct Warrantless Electronic Surveillance to Gather Foreign Intelligence Information: "This memorandum lays out a general framework for analyzing the constitutional and statutory issues raised by the NSA electronic surveillance activity. It then outlines the legal framework regulating electronic surveillance by the government, explores ambiguities in those statutes that could provide exceptions for the NSA intelligence-gathering operation at issue, and addresses the arguments that the President possesses inherent authority to order the operations or that Congress has provided such authority."

US Department of Justice: Legal Authorities Supporting the Activities of The National Security Agency Described by the President: "As the President has explained, since shortly after the attacks of September 11, 2001, he has authorized the National Security Agency (“NSA”) to intercept international communications into and out of the United States of persons linked to al Qaeda or related terrorist organizations. The purpose of these intercepts is to establish an early warning system to detect and prevent another catastrophic terrorist attack on the United States. "

Morton H. Halperin (Open Society Institute/Center for American Progress) and Jerry Berman (Center for Democracy & Technology): A Legal Analysis of the NSA Warrantless Surveillance Program : "The government’s defense of the NSA program rests on both a claim of inherent powers and a claim of statutory authorization. This memorandum examines these arguments and concludes that they lack serious merit. It also explains why the administration’s end-run around FISA has not served the national security interests of the country and has undermined the civil liberties of the American people."

Peter Swire, Center for American Progress: Legal FAQs on NSA Wiretaps: "Based on the facts available to date, the wiretap program appears to be clearly illegal."

Orin Kerr: Legal Analysis of the NSA Domestic Surveillance Program: "Although it hinges somewhat on technical details we don't know, it seems that the program was probably constitutional but probably violated the federal law known as the Foreign Intelligence Surveillance Act. My answer is extra-cautious for two reasons. First, there is some wiggle room in FISA, depending on technical details we don't know of how the surveillance was done. Second, there is at least a colorable argument — if, I think in the end, an unpersuasive one — that the surveillance was authorized by the Authorization to Use Miltary Force as construed in the Hamdi opinion."

All Volokh Conspiracy posts on Warrantless Wiretapping

A group of prominent Constitutional Law professors wrote a letter to key members of Congress: "Although the program’s secrecy prevents us from being privy to all of its details, the Justice Department’s defense of what it concedes was secret and warrantless electronic surveillance of persons within the United States fails to identify any plausible legal authority for such surveillance. Accordingly the program appears on its face to violate existing law. "

John Markoff, The New York Times: Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data: "A small group of National Security Agency officials slipped into Silicon Valley on one of the agency's periodic technology shopping expeditions this month. On the wish list, according to several venture capitalists who met with the officials, were an array of technologies that underlie the fierce debate over the Bush administration's anti-terrorist eavesdropping program: computerized systems that reveal connections between seemingly innocuous and unrelated pieces of information."

Matthew Segal, FindLaw's Writ: Why the Bush Administration's Legal Stance on "Don't Ask, Don't Tell" Undermines Its Legal Stance on the NSA's Warrantless Wiretapping: " If Bush truly believed that he had both the legal power and the obligation to make security the country's first priority, he would have attempted to scrap 'Don't ask, don't tell.'"

Yesterday, the Senate Judiciary Committee held a hearing: Wartime Executive Power and the NSA's Surveillance Authority II

Marty Lederman discusses a bill introduced into the Senate by Judiciary Committee Chair Arlen Specter: Mother of Mercy, Is This the End of FISA?!* "This bill would appear to do absolutely nothing to address whether the current and ongoing program(s) is (are) permisisble under current law -- that is to say, it would not seek to facilitate judicial review of the AUMF and Article II arguments on which the Administration is relying."

AP: Lawsuit Alleges Illegal Wiretaps by NSA: "Civil rights attorneys have sued the National Security Agency, claiming it illegally wiretapped conversations between the leaders of an Islamic charity that had been accused of aiding Muslim militants and two of its lawyers."

More links are available through the Wikipedia entry: NSA Warrantless Surveillance Controversy

Washingtonienne Privacy Lawsuit

Julie Hilden: Are Accounts of Consensual Sex a Violation of Privacy Rights? The Lawsuit Against the Blogger "Washingtonienne":

Jessica Cutler - better known as 'Washingtonienne' -- achieved notoriety with a web log ('blog') about her sexual exploits, written while she was a staffer for U.S. Senator Michael DeWine of Ohio. When her identity became known, Cutler was fired - but also got what was reportedly a six-figure contract to write a novel, and an offer to pose for Playboy.

The novel, The Washingtonienne, is out now, and Cutler is doing readings. But her life isn't entirely carefree: Cutler still faces an invasion-of-privacy lawsuit, filed last month by Robert Steinbuch, a staff attorney for DeWine.

Data Aggregators Aggregate Errors

Privacy Activism: Data Aggregators: A Study on Data Quality and Responsiveness

This study examined the quality of data provided by ChoicePoint and Acxiom, two of the largest consumer data brokers in the United States, as well as their responsiveness to consumer requests – and found significant areas of concern in both areas.
                                  
100% of the reports given out by ChoicePoint had at least one error in them.

Identity Theft for Fun and Profit

bIPlog' Tara Wheatland explains how much of the news reporting has completely missed the point of the ChoicePoint scandal-- it is not hacking, but the company's practices and policy. Un-Spinning the ChoicePoint Scandal:

The persons, admittedly criminals, who gained access to "critical personal data" on hundreds of thousands of U.S. citizens did not steal the data--ChoicePoint sold it to them.… So what went wrong here, putting aside the use the criminals made of the information gained from ChoicePoint? The criminals did not hack into ChoicePoint databases, nor did they, by common definition, "steal" any information. The main problem was arguably on ChoicePoint's end--the criminals successfully circumvented ChoicePoint's "tests" for legitimacy of purpose.

EPIC has more info concerning ChoicePoint

Bruce Schneier looks at ChoicePoint's 8K filing and finds: ChoicePoint Says "Please Regulate Me": "ChoicePoint actually has no idea if only 145,000 customers were affected by its recent security debacle. But it's not doing any work to determine if more than 145,000 customers were affected -- or if any customers before July 1, 2003 were affected -- because there's no law compelling it to do so."

MSNBC reports that ChoicePoint data is often riddled with errors.

Today, the NY Times reports on a theft of personal data from LexisNexis, and it's not merely some students' rewards points balances: Consumer Data Is Stolen From LexisNexis Unit

The British-Dutch publisher Reed Elsevier said today that hackers had stolen identification and passwords from the government records unit of its LexisNexis division and may have fraudulently used that data to obtain further information about as many as 32,000 people in the United States. The LexisNexis unit, Seisint, which Reed Elsevier purchased in July 2004 for $775 million, consolidates records from government offices in the United States.

LexisNexis responds: LexisNexis investigates compromised customer IDs and passwords to Seisint U.S. consumer data: "Reed Elsevier today announced that LexisNexis, its global legal and business information business, has identified a number of incidents of potentially fraudulent access to information about U.S. individuals at its recently acquired Seisint unit. The incidents arose from the misappropriation by third parties of IDs and passwords from legitimate customers."

The value of disclosure requirements

Bruce Schneier notes that only a California information privacy statute forced Choicepoint to disclose the fact that it shared consumers' personal information with a group of criminals. Schneier on Security: ChoicePoint

This story would have never been made public if it were not for SB 1386, a California law requiring companies to notify California residents if any of a specific set of personal information is leaked.

ChoicePoint's behavior is a textbook example of how to be a bad corporate citizen. The information leakage occurred in October, and it didn't tell any victims until February. First, ChoicePoint notified 30,000 Californians and said that it would not notify anyone who lived outside California (since the law didn't require it). Finally, after public outcry, it announced that it would notify everyone affected.

Wired News reports on a lawsuit filed against ChoicePoint: California Woman Sues ChoicePoint : "According to the filing, Goldberg seeks to hold ChoicePoint responsible for negligence in protecting the private data of consumers from scam artists who purchased it from the company. The scam continued for a year before ChoicePoint discovered what the thieves were up to."

The Supreme Court denied cert for the RIAA's appeal in RIAA v. Verizon.

EFF: "No "Fishing License" for the RIAA

This is very good news for a number of reasons. First, it affirms that using a peer-to-peer file-sharing program does not automatically strip you of your right to privacy or anonymity on the Internet. Second, it's an important check on the DMCA, which allows anyone simply claiming copyright infringement the ability to get your name, address, phone number, etc. Critical constitutional and privacy safeguards should not be removed wholesale on the mere assertion of wrongdoing.

CBS Marketwatch: Supreme Court refuses to hear Internet privacy case

This decision means copyright holders and their representatives -- or identity thieves and stalkers posing as copyright holders - will not be allowed to obtain personal information about Internet users by simply filing a one-page form with a court clerk," said Sarah Deutsch, Verizon's associate general counsel, in a statement.

Washington Post: Supreme Court Internet Privacy Decision: Chat with Verizon attorney Sarah Deutsch.

Daniel Solove: Reconstructing Electronic Surveillance Law, George Washington Law Review, Vol. 72, 2004.

The USA-Patriot Act made a number of changes in electronic surveillance law, but the most fundamental problems with the law did not begin with the USA-Patriot Act. In this article, Professor Solove argues that electronic surveillance law suffers from significant problems that predate the USA-Patriot Act. The USA-Patriot Act indeed worsened some of these problems, but surveillance law had lost its way long before. Surveillance law is thus in need of a radical reconstruction.