Archive for the ‘privacy’ tag
Stud or Dud: How much should your date know?
It is a fair guess that just about anyone uses the Internet regularly has run some kind of search on themselves, a future employer, their co-workers, etc. Reviewing a Facebook profile or Googling a name are two common techniques. Capitalizing on this sleuthing, several companies now offer or are developing cell phone applications that will deliver far more detailed reports on prospective romantic partners. Stud or Dud promises bankruptcies, stable address histories, marriages and divorces, property ownership, criminal/sex offender records, business licenses, evictions, and “other useful facts.” Are They Really Single, an application from the same developer, will provide marriage and divorce records. Similarly, DateCheck will provide criminal offenses, home details including square footage and taxes, educational background, the names and ages of all persons living at their address, horoscopes, and much more.
In an interview with CNN, Bryce Lane, president of PeopleFinders Network, said that all information was publicly available and had just been combined into one database in order to facilitate accessibility. But the increased accessibility raises many areas of concern. For instance, a man who learns a woman’s name – and nothing but her name – at a bar can use one of the above sites to identify current or previous roommates and pressure them for information regarding that woman. The comments on one blog suggest that such concerns are not likely to weigh heavily on the target audience: readers of Rosa Golijan’s post on the applications commented far more frequently on her musings about which boyfriend took her stockings than on her reference to “creepy” stalkers taking advantage of the applications. To take another example, an employer might not be able to resist the ability to easily access this information when making employment decisions, even if they may not be able to legally rely upon the information.
The potential for misuse of the information is only compounded by the potential for confusing one person with another, especially since the misidentified person has no way of knowing that someone has accessed inaccurate information regarding them. A search on Stud or Dud for the author’s full name disclosed her correct age, place of birth, and the full names of her parents. But searching for the author’s phone number turned up a 107-year-old Georgia women with a very large family. A potential date or employer might not confuse those two, but what about the potential for confusing one of the more than fifty John Smith’s in Ann Arbor, Michigan? Let us say that there are two John Smith’s in the same Ann Arbor zip code who are between 45 and 55; we’ll call them JS1 and JS2. JS1 has a mortgage on one residential property at which he has lived for the past twelve years, has always filed his taxes on time, and is married. JS2 filed bankruptcy at least once in the past, has moved frequently throughout the midwest region in the past six years, and rents an apartment with two roommates. A potential employer wishes to hire someone for a position that requires allocating and tracking financial resources, and the employer hopes that the new hire will remain in the position for at least three years. The employer would likely prefer someone with JS1’s profile, but the employer running a search on one of the above sites might confuse JS2’s profile with JS1’s and deny JS1 the position. JS1 would never know the employer’s search and so would not be able to correct the error.
Paul Stevens of the Privacy Rights Clearinghouse argues that that the above problems could be mitigated if information brokers were subject to the same or similar regulations as the Fair Credit Reporting Act. In particular, Mr. Stevens wants free annual disclosures to individuals, the right to dispute inaccurate information, and time limits on reporting adverse information. See also Online and Offline Collection of Consumer Information: Hearing Before the Subcomm. on Commerce, Trade, and Consumer Protection, 111th Cong. (2009) (testimony of Pam Dixon, Executive Director, World Privacy Forum). Lane does point out in his CNN interview that individuals can have their information removed from his sites, although he suggests that only “criminals” would do so.
Other concerns are rooted in a more visceral feeling that most people do not need the information that is now at their fingertips. A bank considering whether to finance a loan has good reason to know how many properties the applicant has. The promoters of DateCheck (“look up before you hook up”) would likely argue that a woman at the bar has a strong interest in the martial status of the man who just bought her a drink. But an idly curious co-worker or classmate? The undeniably correct assertion that this information is publicly available does not necessarily justify the ease with which it can be accessed. In the past, it took some effort to obtain the information: a call to the relevant records departments, maybe a delay before delivery. Though it was not the goal of the systems by which information could be obtained, the inconveniences may have limited access to those with a strong motivation to know. Perhaps, as Lane suggest, in an age where we meet new people at a rapid pace without any means of confirming their backgrounds, we do need some means of confirming the information they provide about themselves. Or maybe we should slow down a little and establish some relationships the old-fashioned way? If the latter, consumers will require at least some greater control over the information made available through information brokers, whether that information is packaged as a dating tool or in some other format.
Privacy and Google: Not what you might expect
Google has revolutionized the way we access information by providing world wide knowledge and information at our fingerprints- all for free. However, there is a hidden cost of accessing this information: your privacy. Unbeknownst to many Google users, Google maintains a log of every search with IP addresses and other information that can be used to uniquely identify the user. Furthermore, Google keeps this data from 9 to 18 months before ‘anonomyzing it‘, or getting rid of data that can be used to trace searches back to individuals.
The contents of Google searches are often intensely private – people often search for information they otherwise are too ashamed of talking about with others. A search done out of curiosity could easily be misconstrued by another person. Additionally, Google’s products have the potential of capturing much more than our search queries – including email, health records, phone calls, text messages, and even your physical location. The potential for other party’s to get this information is concerning. For example, U.S. Department of Justice has subpoenaed this data in the past.
But what’s really concerning is not the potential for abuse, but rather Google’s attitude about data privacy. In a recent interview with CNBC, Google CEO Eric Schmidt said, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place…the reality is that search engines including Google do retain this information for some time...” This attitude is sickening, and is a serious threat to data privacy. Afterall, it is Google who we entrust to protect our personal data against hackers, overzealous government prosecutors, or disgruntled company employees. Furthermore, what happens to this data if Google is acquired by another company or goes out of business?
Protecting Online Consumers from “Orwellian” Tracking?
Consumers’ money isn’t the only thing that needs protecting, at least if you ask the new head of the Bureau of Consumer Protection at the Federal Trade Commission. David Vladeck, former Georgetown law professor and attorney with the Public Citizen Litigation Group, thinks the FTC should protect consumers’ dignity, not just their money, and he may have a good point.
In an article for the ABA Journal, Debra Cassens Weiss discusses the FTC’s complaint against Sears Holding Management Company. In the complaint, the FTC alleges that Sears disseminated software to consumers that ran in the background on the consumers’ computers and transmitted tracked information to Sears. The software, which was purported to “confidentially track [the consumers'] online browsing,” went much further than what the consumers were led to believe (at least according to the FTC).
By downloading the software, the consumers allowed Sears to collect information on the configuration of their computer hardware and software, as well as on internet browsing activity. That’s where the problem arises. The FTC says that Sears did not do a good enough job of disclosing the types of information it would be gathering, and I agree.
Sears was not just tracking which store websites consumers were choosing, or which advertisements they were clicking–it was observing “both . . . normal web browsing and the activity . . . undertake[n] during secure sessions, such as filling a shopping basket, completing an application form or checking . . . online accounts, which may include personal financial or health information.”
To be fair, consumers sign long, complicated contracts all the time, often without reading them (or at least reading them very carefully). Sears could argue that it is not doing anything new here. Courts have long considered how far companies must go in disclosing contractual provisions, and what is expected of consumers in reading and understanding them. There are many cases in which the consumers were expected to honor the contracts they signed. But I think there is a pretty big difference between adequate disclosure regarding something that might happen in the future (e.g., having to arbitrate a disagreement in Florida), which a consumer can (perhaps unhappily) choose to avoid, vs. disclosure regarding gathering private information which the consumer believes is protected.
I can imagine the arguments against the FTC action. If you don’t ever let consumers get burned by the contracts they sign without reading, they’ll never learn to be more careful. But that’s assuming consumers will ever decide that it’s in their interests to read contracts carefully before accepting them. I don’t think that’s likely, and I think to a certain degree that’s ok. Customers expect low prices, and companies continue to look for ways to provide them, and if consumers are willing to give a little on the back end to save some money on the front end then who’s to say we should stop them?
But I think this is different. My first thought upon seeing Weiss’s article was, “Is that even legal?” I consider myself pretty Internet-savvy and, though I probably wouldn’t have accepted Sears’ agreement in the first place, if I did I certainly wouldn’t have thought that Sears could gather private information from my secure browsing. I think most consumers would feel the same way, and I’m glad Vladeck is keeping an eye out for us.
Be Thankful For Less Spam, But Probably Not For Long – Link roundup on activities of questionable legality online
by: Michael Schultz, Associate Editor, MTTLR
You (or your IT staff) may have been thankful to find that spam traffic has been a bit lighter in the last few weeks, after the recent shutdown of a major spam hub that, by some estimates, was responsible for as much as 75 percent of the world’s junk mail. You might have expected the company facilitating all of that spam – not to mention illegally gathered credit card information and child pornography – would have chosen to operate from the relative obscurity of an offshore hosting service. Instead, McColo Corporation set up shop in San Jose, California in a “top-level modern [...] IT center.” To be clear, McColo is merely the “virtual host” for those that are actually sending the spam; something akin to a landlord of an apartment building in which most, if not all, of the apartments are being used for illegal activity.
In an interesting twist, it wasn’t U.S. authorities that shut down the hub – instead the companies that provided internet connection for McColo decided to cut ties. This leaves open the possibility of McColo finding another internet provider – or the individual sites being hosted by McColo to disperse, making them harder to track and shut down. In fact, only two weeks after the shutdown, spam levels are reported to already be back to two-thirds of their previous levels.
Brian Krebs of the Washington Post, who is credited with the initial investigation and breaking the story, writes that “Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online. These include SecureWorks, FireEye and ThreatExpert.” According to Mr. Krebs, “[what is] unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law.”
So what is the law (and what should it be?) in this murky, seedy area of the internet? Below is a roundup of various links that may help to address that question:
FBI wants widespread monitoring of ‘illegal’ Internet activity
Illegal Internet Activity a Growing Concern for Enterprise Organizations
Using the Law to Address Illegal Activity on the Internet
Employer responsibility to report illegal activities established by Court
FBI Internet Crime Complaint Center
Employee text messaging privacy in the wake of the Detroit mayoral scandal
by: Marc Kaplan, MTTLR Associate Editor
Image Andy texting what Cheney should say by Steve Rhodes.Used under a Creative Commons BY-NC-SA 2.0 license.
Text messaging has exploded in popularity in the U.S. and around the world. Indeed, 75 billion text messages were sent in the U.S. in June 2008 and 40% of American teenagers believe they can text blindfolded. With so many communications exchanged through this medium, the privacy of text messages has come under legal challenge in a number of contexts. Employees frequently have access to text-messaging through work-provided devices, and not-uncommonly use the devices to send personal messages. Whether they can expect privacy in relation to those messages is an unsettled legal matter.
A case study: the Kilpatrick Scandal
In one example, former Detroit mayor Kwame Kilpatrick resigned from office in September, under criticism after his “private” text messages – from his government-issued pager – were revealed following a whistler-blower suit. The suit alleged that the mayor unlawfully discharged Detroit police officers because he was afraid the officers would reveal his extra-marital relationship with his Chief of Staff, Christine Beatty. At trial, the mayor contended that allegations of an affair were “preposterous”, and the vigorous defense was able to preserve the text messages from discovery before the trial. Even without the messages as evidence, the jury found the mayor guilty and gave the aggrieved officers a multi-million dollar verdict.
After the trial, the plaintiffs succeeded in obtaining the text messages through subpoena, and discovered that they bared a rather different story than that maintained by Kilpatrick.
Beatty: “And, did you miss me, sexually?”
Kilpatrick: “Hell yeah! You couldn’t tell. I want some more. “
Detroit Free Press
With this new leverage, the plaintiffs offered to settle as opposed to fighting through the appeal. The mayor agreed to the settlement, in what appears to have been an attempt to cover up the newly exposed text messages.Although the issue was litigated all the way to the Michigan Supreme Court it was eventually ruled that the settlement agreement was a public record and subject to the state’s freedom of information act.The text messages, now accessible to the public, have continued to be relevant in subsequent proceedings against Kilpatrick and Beatty for perjury, conspiracy, obstruction of justice, misconduct, and other charges.
Employee privacy protections
Courts have split over the protections given to text messaging, attempting to weigh the need to access communications in the ubiquitous and casually-used medium against privacy concerns.
In Quon v. Arch Wireless Operating Co, a highly publicized case factually similar to Kilpatrick’s, a police department searched an officer’s text messages to determine whether the officer exceeded his quota of text messages by using it for personal communications. The district court held that the officer’s text messages sent through the government-issued pager were subject to the privacy protections of the Stored Communications Act and were therefore not searchable by his employer. The 9th Circuit affirmed in part and held that the officer had a reasonable expectation of privacy in the text messages and that the search had violated his 4th Amendment rights.
Not all courts have broadly construed the Stored Communications Act or constitutional protections of text message privacy. Indeed, in a separate case involving Mayor Kilpatrick’s text messages as they related to a murder investigation, a district court in the 6th Circuit breezily distinguished Quon by holding that it was inapplicable to a case with the same fact pattern but where personal text messages were not the targetof the search.
These holdings appear contradictory, but the more important issue may be what questions the cases leave unanswered. Quondoes not specify whether the holding should apply to both public and private employers. Commentators also also disagree on whether Quon will change employers’ practices significantly. Drawing general rules from these cases or trying to predict the direction of this fertile area of the law appears fraught with danger, as does texting personal messages from your work-issued Blackberry®, unless you live in California.
Google Launches Highly Anticipated Chrome Browser; the Tech Community Reacts
by Sara Skinner, MTTLR Associate editor
Google launched a beta version of its new Chrome web browser on September 2nd. Prior to launch, Google released a comic book depicting the various engineering and design decisions that went into the browser. The result of all these innovations, Google claims, is a safer, smarter, faster way to surf the internet – but industry members and community watchdogs are raising security and privacy concerns.
One issue that plagues virtually all beta-version software is security problems that don’t emerge until the software is disseminated to a large number of users. The comic documents Google’s efforts to eliminate as many security flaws as possible before launch by employing a “Chrome bot” to automatically test the browser more thoroughly. Google has also responded swiftly to address the emerging issues after launch, and released their first security update within a few days after the initial launch (although they were not forthcoming about which issues the update had addressed.)
One major source of concern for privacy advocates is the browser’s Omnibox, a multi-purpose search box/URL input field. The Omnibox helps users fine-tune their search and browse experience, but it also constantly sends information about users’ surfing and searching habits back to Google’s headquarters. About two percent of data sent back will be stored with the IP address of the computer that sent it. Users can avoid this by surfing Incognito (a privacy mode that turns off cookie storage) or by disabling the auto-suggest feature, but privacy advocates are worried about the amount of personal information being handled by Google — which the average user may not even realize is being collected.
The Terms of Service for the new browser have not been without controversy, either. When initially launched, Chrome’s terms granted Google extensive rights to user content. Google acknowledged that such restrictive terms were part of a standard boilerplate and shouldn’t have been included. The Terms of Service have since been revised and no longer grant user content rights to Google.
Some of the loudest opposition to the Chrome browser’s privacy practices is coming from privacy advocates in Europe where a user’s IP address is considered personal data. While Google has responded that its privacy data retention is governed by US law, it agreed to shorten its search bar IP retention policy to nine months. It is also working on a way to anonymize IP addresses and cookies when users search in the Google Omnibox.
Screen shot from September 14, 2008 (http://www.google.com/googlebooks/chrome/small_02.html).
Sources:
Scott McCloud & The Google Chrome Team, Google Chrome, Google, (last visited Sept. 14, 2008).
Stephen Shankland, Google Fixes Chrome Vulnerabilities—But Won’t Say Which, Cnet News, Sept. 8, 2008.
Explore Google Chrome Features: Incognito Mode, Google Chrome Help Center, (last visited Sept. 14, 2008).
Ina Fried, EFF: We’re Concerned About Google’s Omnibox, Cnet News, Sept. 3, 2008.
Ina Fried, Be Sure to Read Chrome’s Fine Print, Cnet News, Sept. 2, 2008.
Google Tweaks Chrome License Text, BBC News, Sept. 4, 2008.
Google, Google Chrome Terms of Service, Google, (last visited Sept. 14, 2008).
Peter Fleischer, Response to the Article 29 Working Party Opinion on Data Protection Issues Related to Search Engines, Google, Sept. 8, 2008.
Kurt Opsahl, Google Cuts IP Retention to Nine Months, Electronic Frontier Foundation, Sept. 9, 2008, (last visited September 14, 2008).
Ellen Nakashima, Google Promises Privacy Fixes in Its Chrome Browser, The Washington Post, Sept. 9, 2008.
The Mind as the New Battleground for Individual Rights
by: Richard M. Marsh, Jr., Associate Editor, MTTLR
Specifically, neuro-scientific advancements now allow access to an individual’s mind. One example is fMRI technology which, now or very soon, will be capable of invading one’s mind and seeing thoughts as they happen. 1 Various news agencies report that scientists can currently “see” when a subject recognizes 2 or thinks about a photo, 3 is sexually aroused, 4 or lies. 5 Other reports indicate that refinements are not too far away which will enable users to perceive individual thoughts. 6 Another example is propranolol, a drug which can effectively dampen or erase prior memories. 7 A third example involves brain to computer interfaces which have the ability to monitor and change brain wave patterns. 8 While these developments can produce significant advantages for individuals and society, potential misuses could quickly unravel into serious violations of individual rights.
Mind invasive technology opens the door to practices which could violate many of the rights enshrined in the Bill of Rights. For example, it is easy to imagine a scenario where fMRI technology could be used to violate a civilian’s right to privacy, initiate an unreasonable search in violation of the Fourth Amendment, or even run afoul of the self-incriminating clause of the Fifth Amendment.
Furthermore, the need for protection from mental invasion is not only based on the constitution. For example, if used in interrogation techniques, fMRI technology could violate rights protected under international standards, including the International Human Rights Law. 9
Current legal protection may or may not ensure against these violations. For example, in Kyllo v. United States, 10 the Supreme Court ruled that using sense-enhancing technology (an infrared camera) without a search warrant to “see” inside a home violated the Fourth Amendment. 11 Justice Scalia applied the Katz test and stated “obtaining by sense-enhancing technology any information . . . that could not otherwise have been obtained without physical intrusion into a constitutionally protected area . . . constitutes a search – at least where (as here) the technology in question is not in general public use.” 12 The last phrase included by Justice Scalia could be interpreted to imply that the more popular a technology becomes, the less likely that courts will interpret the use of it by police as a search. Taken to the extreme, if the technology becomes common place, an fMRI search by police may become a “reasonable search” for purposes of the Fourth Amendment. However, the nature of fMRI technology is so invasive of an individual’s thoughts that the use of mind-reading technology should never be considered “reasonable.”
These illustrations only scratch the surface of the many dilemmas awaiting us as science continue to march forward. Nevertheless, the severity of the potential harms should advise us to be cautious and safeguard our fundamental rights as we implement each new innovation.
1 FMRI technology can also be used to change individual behavior. Jason Ponton, Mind Over Matter, With a Machine’s Help, N.Y. Times, Aug. 26, 2007.
2 CNN.com, See it, imagine it — it’s the same to your brain, Nov. 2, 2000.
3 Faye Flam, Your Brain may Soon Be Used Against You, Phila. Inquirer, Oct. 29, 2002.
4 ScienceDaily.com, Pedophiles Have Deficits In Brain Activation, Study Suggests, Sep. 24, 2007.
5 BBC News, Can brain scans detect criminals?, Sept. 21, 2005.
6 BBC News, Brain scan ‘can read your mind’, Feb. 9, 2007.
7 Adam J. Kolber, Therapeutic Forgetting: The Legal and Ethical Implicaions of Memory Dampening, 59 Vand. L. Rev. 1561, 1574-78 (2006).
8 Emmet Cole, Direct Brain-to-Game Interface Worries Scientists, Wired, Sept. 5, 2007.
9 See Sean Kevin Thompson, Note, The Legality of the Use of Psychiatric Neuroimaging in Intelligence Interrogation, 90 Cornell L. Rev. 1601 (2005).
10 Kyllo v. United States, 533 U.S. 27 (2001).
11 Id. at 40.
12 Id. at 34.
An Overview of Telecommunications Companies’ Involvement in Domestic Espionage: Part II
by: Joseph Eros, Associate Editor, MTTLR
If the lawsuits are allowed to proceed, the plaintiffs may present testimony from witnesses claiming direct knowledge of AT&T’s close involvement with the NSA. Mark Klein, a retired AT&T technician, filed a declaration describing the installation of a secure room, accessed only by NSA-cleared personnel, in an AT&T switching facility. According to Klein, “the content of all the electronic voice and data” transmitted through AT&T’s switches was transferred into the NSA secure room.19
Documents presented by former Qwest CEO Joseph Nacchio during his trial on insider-trading charges could also reveal important evidence for the telecom suits: Nacchio claimed that Qwest lost NSA contracts because the company refused to share its customers’ calling information. However, the details of Nacchio’s allegations have so far been revealed only in closed-door court sessions.20
By the time the Ninth Circuit is ready to rule, though, its opinion may be irrelevant. President Bush has called for the planned amendments to FISA to include immunity for the companies who may have shared customer information with the NSA: “[FISA] needs to be changed, enhanced, by providing the phone companies that allegedly helped us with liability protection.”21 The President has said he will not sign any FISA amendments unless they include immunity.22
Although few laws exempting specific industries from liability suits have been passed, there is a recent example. The Protection of Lawful Commerce in Arms Act,23 passed in October 2005, shields firearms manufacturers from suits for “the harm caused by those who criminally or unlawfully misuse firearm products . . . that function as designed and intended.”24 Its enactment ended lawsuits against gun manufacturers by cities seeking compensation for the costs of gun violence.25
The Senate Select Committee on Intelligence has included an immunity provision into its FISA amendment bill:
Notwithstanding any other provision of law, a covered civil action shall not lie . . . and shall be promptly dismissed, if the Attorney General certifies to the court that the assistance alleged to have been provided by the electronic communications service provider was . . . in connection with an intelligence activity involving communications that was authorized by the President during the period beginning on September 11, 2001 and ending on January 17, 2007.26
No committee-approved House version of the bill includes a telecommunications immunity provision. Speaker of the House Pelosi has conditioned such legislation on House investigation of the surveillance program, saying that “you can’t even consider such relief unless we know what people are asking for immunity from.”27
Given the continuing disputes with Congress over supervision of classified activities, it seems unlikely that the House would be satisfied with the White House’s explanations the Bush Administration would be prepared to offer. So President Bush and the rest of us will probably have to wait for the Ninth Circuit to see if the AT&T and the other telecommunications companies can be held liable for following the NSA’s orders.
19 Klein Declaration in at Hepting v. AT&T, June 8, 2006, at ¶34, available at http://www.eff.org/files/filenode/att/KleinDecl-Redact.pdf.
20 Andy Vuong, Judge Denied Use of Spying Data, Denver Post, Oct. 11, 2007, available at http://origin.denverpost.com/breakingnews/ci_7141986.
21 President George W. Bush, White House press conference (Oct. 17, 2007), available at http://www.whitehouse.gov/news/releases/2007/10/20071017.html.
22 Peter Grier, Fight Over Court Role in US Eavesdropping, Christian Science Monitor, Oct. 12, 2007, available at http://www.csmonitor.com/2007/1012/p03s02-uspo.html.
23 15 U.S.C.A. § 7901.
24 15 U.S.C.A. § 7901(a)(5).
25 See Leslie Wayne, Smith & Wesson Is Fighting Its Way Back, New York Times, April 11, 2006, available at http://www.nytimes.com/2006/04/11/business/11guns.html.
26 Section 202 of the FISA Amendment Acts of 2007, as passed by the Senate Select Committee on Intelligence on October 18, 2007, at 45-46, available at http://intelligence.senate.gov/071019/fisa.pdf.
27 153 Cong. Rec. H11653 (daily ed. October 17, 2007) (statement of Rep. Pelosi), available at http://www.gpoaccess.gov/crecord/07crpgs.html by selecting October 17.
An Overview of Telecommunications Companies’ Involvement in Domestic Espionage: Part I
by: Joseph Eros, Associate Editor, MTTLR
Because the calls were mostly between US citizens within the USA, the US government would need a warrant in order to monitor them. The Foreign Intelligence Surveillance Act (FISA), 50 USC 1801 et seq, allows warrantless surveillance of the electronic communications of agents of foreign powers either within the USA or outside of it, but a secret FISA court must approve a warrant in order for the communications of a US citizen within the USA to be surveilled.4
Within a few months, over 40 lawsuits had been filed against the major telecommunications companies, mostly by civil liberties groups. Most of these suits were later consolidated into one action in the Northern District of California.5 The plaintiffs alleged that the NSA surveillance was in violation of the Electronic Communications Privacy Act (ECPA), 18 U.S.C. § 2702(a)(1),6 Federal laws against eavesdropping on wire and radio communications (18 U.S.C. §§ 2511)7 and (47 U.S.C. § 605),8 and FISA,9 as well as the privacy laws of all 50 states and the District of Columbia.10
The activists sought statutory damages (for example, the ECPA specifies damages of “no less than $1,000 for each aggrieved Plaintiff or Class Member” (18 U.S.C. § 2707),11) as well as an injunction “restraining Defendants from continuing to make such unlawful disclosures.”12 This consolidated action awaits further developments in an earlier suit against AT&T’s disclosures to the NSA, Hepting v. AT & T Corp.13 The government sought dismissal of the Hepting claims based on the state secrets privilege. If information about which call records were disclosed and how the information was gathered could not be presented in court due to its potential to reveal US intelligence methods, the plaintiffs would be unable to prove their claims, and AT&T would be unable to defend itself.14 This argument succeeded for the government at AT&T in Illinois, where a lawsuit over the alleged disclosures to the NSA was dismissed in July 2006.15
But in California’s Northern District it failed: Judge Walker held that the
subject matter of this action is not a ’secret’ for purposes of the state secrets privilege and it would be premature to conclude that the privilege will bar evidence necessary for plaintiffs’ prima facie case or AT & T’s defense. Because of the public disclosures by the government and AT & T, the court cannot conclude that merely maintaining this action creates a ‘reasonable danger’ of harming national security.16
The suits could continue, with classified evidence handled by personnel with security clearances following special procedures.17
Unsurprisingly, the Federal government and AT&T appealed. The Ninth Circuit heard arguments on August 15, 2007, and “repeatedly pressed Gregory Garre, the Bush administration’s deputy solicitor general, to justify his requests to toss out the suits on grounds they could endanger national security.”18 No ruling is expected for months.
Editor: Part II will publish tomorrow. It will address evidence of telecommunications companies’ involvement in warrantless NSA espionage, and dissect the debate over whether to extend immunity to those companies.
1 Leslie Cauley, NSA has massive database of Americans’ phone calls, USA Today, May 11, 2006, available at http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm.
2 James Risen and Eric Lichtblau, Bush Lets U.S. Spy on Callers Without Courts, N.Y. Times, December 16, 2005, available at http://www.nytimes.com/2005/12/16/politics/16program.html.
3 A Note to Our Readers, USA Today, June 30, 2006, available at http://www.usatoday.com/money/industries/telecom/2006-06-30-nsa_x.htm.
4 U.S. citizens traveling abroad can have their calls monitored with no warrant required, only the Attorney General’s approval. See U.S. v. Bin Laden, 126 F.Supp.2d 264, 279 (S.D.N.Y. 2000).
5 See In re National Sec. Agency Telecommunications Records Litigation, 444 F.Supp.2d 1332 (Jud. Pan. Mult. Lit. 2006).
6 Master Consolidated Complaint Against Defendants AT&T Mobility et al. for Damages, Declaratory and Equitable Relief at ¶90, In re Nat. Sec. Telecommunications Records Litigation, MDL-1791, No. 06-1791 (VRW), 2007 WL 668730 (N.D. Cal. Jan. 16, 2007).
7 Id. at ¶118.
8 Id. at ¶125.
9 Id. at ¶133.
10 Id. at ¶260.
11 Id. at ¶102.
12 Id. at ¶128.
13 439 F.Supp.2d 974 (N.D. Cal. 2006).
14 Id. at 985.
15 Terkel v. AT & T Corp., 441 F.Supp.2d 899 (N.D. Ill. 2006).
16 Hepting v. AT&T, 439 F.Supp.2d at 994.
17 Id. at 1010-11.
18 Declan McCullagh, Appeals court may let NSA lawsuits proceed, CNET News.com, Aug. 15, 2007, http://www.news.com/Appeals-court-may-let-NSA-lawsuits-proceed/2100-1028_3-6202865.html.
Questions Raised by Municipal Control of Wi-Fi
by: Jason Miller, Associate Editor, MTTLR
Politics
Libraries often face disputes over content. From banned books to border-line pornography to filtering the Internet, libraries are often subject to political decision making. Should your mayor to be in a position to filter Internet content? Angry parent groups could take their gripes to city council meetings, and private providers contracting for an exclusive deal may tailor their offerings to win support from activist groups.
Michigan’s Republican Senate Majority Leader blocked access among all senate employees to a liberal blogger’s website earlier this year, though he later relented.5 Is it safe to trust politicians with power when it comes to the Internet?
Hate groups
Internet providers often prohibit certain uses in their terms of service. When Earthlink decides it doesn’t want the KKK to use Earthlink’s servers for a website, there are no First Amendment implications. But what about Earthlink doing so as the exclusive provider, or almost exclusive provider, in a town? Or if a local government provides and markets the service itself? Will racist and other unpopular groups be able to bring First Amendment claims to post their views?
Police
The federal government and the PATRIOT ACT are responsible for many electronic privacy concerns. However, local government’s providing or contracting Wi-Fi services should also raise privacy concerns. If your email is housed on servers within a county building, what steps will the sheriff’s department have to go through to get it? Will providers operating under lucrative government contracts be too willing to turn over personal information?
1 Wireless Oakland Frequently Asked Questions, http://www.oakgov.com/wireless/faq/ (last visited Oct. 31, 2007).
2 Posting of Miguel Helft to Bits, http://bits.blogs.nytimes.com/2007/08/31/san-franciscos-wi-fi-fog/ (Aug. 31, 2007, 15:47EST).
3 Anthony Sciarra, Note, Municipal Broad Band: The Rush to Legislate, 17 Alb. L.J. Sci. & Tech. 233, 235 (2007).
4 Sharon E. Gillett, Municipal Wireless Broadband: Hype or Hope?, 79 S. Cal. L. Rev. 561 (2006).
5 ZDNet Government, http://government.zdnet.com/?p=3351 (Aug. 7, 2007, 16:18EST).