Privacy Law News

Posted on | June 28, 2009 | No Comments

1. Facebook criticised over privacy - BBC News -

   DailyTech

   Facebook criticised over privacy BBC News The social networking site Facebook has come under fire for planned changes to its privacy settings. It wants to "simplify" the process so ... Facebook Simplifies Privacy Settings, Calls Them Too ComplexPC World Facebook plans to simplify privacy settingsThe Associated Press Facebook Simplifies Privacy SettingsInformationWeek ChannelWeb -PC Magazine -Bizjournals.com all 506 news articles »

2. Advertising Guidelines To Enhance Privacy on the Web - NewsFactor Network -

   Canada.com

   Advertising Guidelines To Enhance Privacy on the Web NewsFactor Network Media and marketing trade associations have set self-regulation principles to protect the privacy of consumers surfing the Web. ... Ad Industry Sets Seven Privacy Protection PrinciplesInformationWeek Ad groups act on privacy fearsFinancial Times Ad industry groups agree to privacy guidelinesCNET News PC Magazine -USA Today -PC World all 201 news articles »

3. US wants privacy in new cyber security system - The Associated Press -

   CBC.ca

   US wants privacy in new cyber security system The Associated Press Einstein 3 has triggered debate and privacy concerns because the program will use National Security Agency technology, which is already being employed on ... NSA Tries To Protect Citizen's PrivacyRedOrbit Obama reverses course on privacy … againHot Air Troubles Plague Cyberspy DefenseWall Street Journal AFP -Xinhua -Common Dreams (press release) all 185 news articles »

4. Right to privacy must be treated as a top priority - StarPhoenix -

   Right to privacy must be treated as a top priority StarPhoenix So to learn that Saskatchewan's privacy commissioner has had a dramatic increase in his workload -- dealing with 62 investigations this past year, ... 'Year of the privacy breach'StarPhoenix all 3 news articles »

5. Privacy watchdog troubled by 'explosion' of information breaches - CBC.ca -

   Privacy watchdog troubled by 'explosion' of information breaches CBC.ca Gary Dickson, the Saskatchewan information and privacy commissioner, reported that his office handled 62 complaints of a privacy breach in 2008, ... Privacy Commissioner Unveils Annual Report980 CJME News Talk Radio Saskatchewan privacy commissioner says complaints explodingPrince Albert Daily Herald all 8 news articles »

6. Google vows to protect privacy after camera exposes nude man - Globe and Mail -

   CTV.ca

   Google vows to protect privacy after camera exposes nude man Globe and Mail Google Canada President Jonathan Lister waits to appear in front of the Commons Access to Information, Privacy and Ethics Committee on Parliament Hill in ... Google says privacy protected in Street ViewCTV.ca Google Canada vows to purge faces from its Street View dataCBC.ca Privacy stepped up for Google Street ViewSwissinfo Canada.com -Regina Leader-Post -Spiegel Online all 180 news articles »

7. Prisoners on run cannot be named 'due to privacy rights' - Telegraph.co.uk -

   Daily Mail

   Prisoners on run cannot be named 'due to privacy rights' Telegraph.co.uk Prisoners on the run from Holleseley Bay prison cannot be identified because it would breach their rights to privacy, the Ministry of Justice has said. ... PRIVACY RULE FOR ESCAPED LAGSDaily Star No names: Prisoners on the run cannot be named in case it breaches ...Daily Mail PRISON ESCAPERS CAN'T BE NAMEDUK Express BBC News all 8 news articles »

8. Four online ad groups release privacy guidelines for ISPs - TopNews United States -

   Four online ad groups release privacy guidelines for ISPs TopNews United States According to Thursday-released privacy principles by four advertising trade groups - the American Association of Advertising Agencies, the Association of ... and more »

9. Defending the right of privacy - Indianapolis Star -

   Defending the right of privacy Indianapolis Star Privacy rights, which pervade the Bill of Rights, are among the Constitution's most frequently attacked concepts. Ken Falk, who as the legal ... and more »

10. Probe expands on news Toronto jurors screened - National Post -

    Probe expands on news Toronto jurors screened National Post The Ontario Privacy Commissioner is expanding an investigation into background checks of potential jurors after it was revealed this week that the practice ... and more »

New Canadian laws would kill all internet privacy

Posted on | June 28, 2009 | No Comments

Police access to information on all Canadian Internet subscribers and all their private communications – without a court warrant.

Ottawa (22 June 2009) – Canada’s Conservative government wants to give police sweeping new powers to eavesdrop on Canadians in cyberspace and to require Internet service providers (ISPs) to snoop on subscribers without a warrant whenever they are asked by police to do so.

Two bills – C-46 and C-47 – introduced in Parliament on June 18 would grant police access without oversight from the courts to all private Internet communications and all information on individual subscribers in the files of ISPs.

Specifically, the legislation would:

* free police to access information on an Internet subscriber, such as name, street address and e-mail address without a search warrant.
* force Internet service providers to freeze data on hard drives to prevent subscribers under investigation from deleting potentially important evidence.
* require telecommunications companies to invest in technology enabling them to intercept all of the Internet communications they handle.
* allow police to remotely activate tracking devices already embedded in cell phones and certain cars.
* allow police to obtain data about where Internet communications are coming from and going to.
* make it a crime to arrange with a second person over the Internet for the sexual exploitation of a child.

Justice Minister Rob Nicholson says police need “21st century tools” to deal with the changing times. Public Safety Minister Minister Peter Van Loan says the changes are needed to combat crime and terrorism in the face of “rapidly evolving communications technologies.”

However, privacy groups and those defending individual rights have been quick to criticize the two bills.

“I haven’t seen the evidence that substantiates a relaxation of civil liberties in this area,” says David Fewer, director of the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa. “It just looks like a grab, under the name of modernization, just a grab of our civil liberties.”

Tom Copeland of the Canadian Association of Internet Providers (CAIP) said providers are concerned by the costs the legislation will impose on them to install technology to handle the potentially unlimited communications they are forced to monitor. Smaller ISPs would have up to three years to meet the full snooping requirements required by the bills.

Internet surveillance in other countries

United Kingdom – The Regulation of Investigatory Power Act of 2000 includes provisions to require ISPs to install systems to aid investigators in tracking electronic communications.

United States – The Patriot Act of 2001 expanded wiretaps to internet connections. The Bush administration authorized the National Security Agency to conduct warrantless domestic wiretaps in 2001, possibly earlier. The Protect America Act of 2007 and FISA Amendments Act of 2008 extended that authority.

Australia – The Surveillance Devices Bill of 2004 allows Australian Federal Police to obtain warrants for the use of data, optical, listening and tracking surveillance devices. The Intelligence Services Act of 2001 covers the use of surveillance devices by the country’s security agencies.

New Zealand – The Search and Surveillance Powers Bill was introduced in September 2008 to update the surveillance powers and procedures of New Zealand’s law enforcement agencies.

Sweden – Sweden’s parliament approved new laws in June 2008 to allow the country’s intelligence bureau to track sensitive words in international phone calls, faxes and e-mails without a court order. The law took effect in January 2009.

Join the forum discussion on this post - (1) Posts

Bing Gaining in Name Recognition

Posted on | June 28, 2009 | No Comments

Microsoft’s marketing investment — which reports have suggested will top $100 million — in its new search engine, Bing, seems to be paying off in terms of name recognition.
According to YouGovPolimetrix’s BrandIndex measurement, one-quarter of U.S. adults (those 18 or older) had heard something about Bing between June 8 and June 22. Comparatively, on June 8, only about 8% of adults had heard anything about the search engine.

“Considering that a few months ago, no one even knew what the brand was going to be called, their success is pretty significant,” Ted Marzilli, CEO of YouGovPolimetrix, tells MediaPost. “If you’re going to go up against Google, you need to make a pretty big bang, and that’s what Microsoft has done.”

Microsoft launched Bing in early June, calling it a “decision engine” that helped people better find what they were looking for in Web searches. A television and radio advertising campaign features people spouting nonsensical factoids and tangents to topics that come up in everyday conversations. Microsoft has also worked out deals to incorporate Bing into television and online video programming.

According to YouGov, 83% of American consumers say they have a preferred search engine. However, 81% of them are willing to consider another option. “That’s encouraging to Microsoft,” Marzilli says. “It tells you there’s an opportunity there.”

And given the ease of being able to find and use a search engine once you have name recognition, the opportunities for product trials are wide open. The key now is to ensure that consumers have a positive experience using Bing.com to encourage repeat usage. So far, Bing’s BrandIndex numbers are in the teens, indicating more positive buzz than negative. “They’re creating a fair bit of noise and a fair bit of that is positive,” Marzilli says.

Still, Microsoft has a ways to go to catch Google. While 25% of people had heard something about Bing in the June 8-22 time period, nearly 53% had heard something about Google. (On June 8, when Bing’s awareness was at 8%, Google’s was at 57%.) However, catching Google — particularly at this early stage — may not be the only measure of Bing’s success. Even unseating Yahoo as the No. 2 recognized search engine could be a “solid double,” he says.

“They’re certainly showing progress within the first few weeks of launch,” Marzilli says. “Even if Microsoft is a strong number-two search engine, I’m not sure that’s a failure.”

Join the forum discussion on this post - (1) Posts

Internet privacy: Mind your own business

Posted on | June 27, 2009 | No Comments

We live in a world of constant data collection – online and off. Increasingly, everything we do, every step we take, every transaction we enter into is memorialized in digital data. These digital footprints are then collected, stored, manipulated and often shared by third parties, usually without meaningful notice or consent.

Frequently, we volunteer this information, especially online, through more than 30 billion e-mails and billions of text messages a day, 113 billion searches a year, the deluge of photos and videos we post to YouTube and Flickr, and MySpace and Facebook profiles that get a reported 100 billion page views per month.

Even information we don’t provide online is consistently converted to electronic format and launched onto computer networks. This is true of the 30 billion cheque and 48 billion credit and debit card transactions that we engage in annually. More surprising is how much personal data is collected and stored that we are never aware of.

Consider, for example, location information. There are upwards of 2.7 billion mobile phones worldwide, which 95 per cent of users say they keep within three feet of themselves at all times. Mobile phones thus constitute the world’s largest sensor network. Through GPS and triangulation, these phones generate increasingly precise information about the location, speed and direction of movement of the user. In the United States, under federal law, all cell phones now have to provide the cell phone service provider—not the user—with precise information about the location of each cell phone.

In the face of ubiquitous digital data, the edifices of data protection we have built are looking increasingly outdated. Even more problematic, no matter how solid the data protection surrounding the sea of digital data in which we are awash, we are reminded almost daily that personal information in even our best institutions is vulnerable to theft, loss, and mishandling. The more data an institution holds, the more it has to lose.

Of greatest concern, however, is that this data is increasingly available to our governments. In many instances, our laws require that the private sector report our activities to the government. Moreover, because we apply weaker privacy protections to anti-crime and anti-terrorism efforts—if we apply any at all—government authorities have ready access to the massive store of digital data about each of us, no matter what privacy protections were promised by private-sector intermediaries.

Protecting privacy in the face of ubiquitous data requires many tools: technology, education, market pressure but most of all it requires strong laws that impose serious obligations on industry to act as stewards, not merely processors, of our data, and firm limits on government access to those data.

Regrettably, the United States lags farther behind. But we all have a long way to go if we are going to accord individual privacy—the bedrock of human dignity—the respect it deserves.

Join the forum discussion on this post - (1) Posts

Cyberwar’s first casualty: Your privacy

Posted on | June 27, 2009 | No Comments

The first casualty of war, the Greek playwright Aeschylus said, is the truth. But when it comes to cyberwarfare, the first casualty will more likely be your privacy.

And unlike in past wars, the government itself may not do the snooping. Instead, it will most likely let private industry do the dirty work, essentially outsourcing cyber intelligence gathering.

In warfare, information is one of the most important weapons in a government’s arsenal. No matter the physical weaponry, the key to victory is an understanding of the enemy’s intentions and who and where he is. I’ve been reading Caesar, Life of a Colossus, by Adrian Goldsworthy, and was struck by how important gathering information about the movements of his enemies was to Caesar’s conquest of Gaul. Look at any war, and you’ll generally find that the victor had better intelligence.

As we’ve seen, though, intelligence gathering is frequently subject to abuse. During the Cold War, the CIA and FBI regularly violated the rights of citizens. More recently, the Patriot Act gave legal cover to government prying, and the National Security Agency carried out covert wiretapping without seeking the proper warrants.

The intelligence that will be gathered in the coming generation of cyberwarfare will dwarf anything that came before, in the breadth of information acquired, the ease with which it is gathered, and the number of people caught in the net. In past wars, a fair number of innocent people had their privacy invaded. In tomorrow’s cyberwar, it’ll be virtually everyone.

Cyberwarfare is fought online; its geography is virtual, and you’re part of it. In physical wars, armies scout the countryside. In cyberwars, they’ll scout the Internet.
The Internet is made up not just of wires, routers and servers; it’s made up of the data crossing it. Those who fight cyberwars will mine vast amounts of data in an attempt to find nuggets of information. They’ll look for patterns of use and relationships that otherwise would escape notice.

To find those patterns and information requires massive and constant data gathering, on a scale likely not being done by the government. Constantly gathering that kind of information would probably be illegal.

That’s why you’ll see government outsourcing its intelligence gathering to companies that already do the work legally — and primarily that means Google.

I’m not saying that Google will purposefully gather information for the federal government. Instead, the government will legally tap into Google’s already in-place information gathering, by issuing subpoenas on a regular basis.
Why Google? Google already gathers vast amounts of information about people’s browsing and search habits, and it regularly responds to subpoenas for that data.

And the information that Google gathers is about to grow exponentially, when Google Voice launches to widespread use. Google Voice can route all of your calls through a single number, lets you record and store calls online, and offers transcripts of voice mail. At some point, it will probably offer transcripts of all calls recorded. It can do that for your normal voice calls, not just calls made to or from a computer.

You can be sure that the government will want to get its hands on that vast treasure trove of information. Why go through the difficult process of getting a phone tap when it’s so much easier to simply issue a subpoena to Google?

Google isn’t alone, of course, and many other private companies — particularly ISPs and big telecom providers — gather information about people online. But no one gathers the amount of information about people that Google does. So it will become the government’s biggest source of information about private citizens in the age of cyberwars.

The upshot? If you care about your privacy, your best bet is to find ways to hide your information from Google. Private companies, more than the government, will be the biggest privacy invaders.

It’s Time to Drop the ‘Expectation of Privacy’ Test

Posted on | April 4, 2009 | No Comments

In the United States, the concept of “expectation of privacy” matters because it’s the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy.

Based on the 1967 Katz v. United States Supreme Court decision, this test actually has two parts. First, the government’s action can’t contravene an individual’s subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn’t based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government’s interest in public safety on the other.

The problem is, in today’s information society, that definition test will rapidly leave us with no privacy at all.

In Katz, the Court ruled that the police could not eavesdrop on a phone call without a warrant: Katz expected his phone conversations to be private and this expectation resulted from a reasonable balance between personal privacy and societal security. Given NSA’s large-scale warrantless eavesdropping, and the previous administration’s continual insistence that it was necessary to keep America safe from terrorism, is it still reasonable to expect that our phone conversations are private?

Between the NSA’s massive internet eavesdropping program and Gmail’s content-dependent advertising, does anyone actually expect their e-mail to be private? Between calls for ISPs to retain user data and companies serving content-dependent web ads, does anyone expect their web browsing to be private? Between the various computer-infecting malware, and world governments increasingly demanding to see laptop data at borders, hard drives are barely private. I certainly don’t believe that my SMSes, any of my telephone data, or anything I say on LiveJournal or Facebook — regardless of the privacy settings — is private.

Aerial surveillance, data mining, automatic face recognition, terahertz radar that can “see” through walls, wholesale surveillance, brain scans, RFID, “life recorders” that save everything: Even if society still has some small expectation of digital privacy, that will change as these and other technologies become ubiquitous. In short, the problem with a normative expectation of privacy is that it changes with perceived threats, technology and large-scale abuses.

Clearly, something has to change if we are to be left with any privacy at all. Three legal scholars have written law review articles that wrestle with the problems of applying the Fourth Amendment to cyberspace and to our computer-mediated world in general.

George Washington University’s Daniel Solove, who blogs at Concurring Opinions, has tried to capture the byzantine complexities of modern privacy. He points out, for example, that the following privacy violations — all real — are very different: A company markets a list of 5 million elderly incontinent women; reporters deceitfully gain entry to a person’s home and secretly photograph and record the person; the government uses a thermal sensor device to detect heat patterns in a person’s home; and a newspaper reports the name of a rape victim. Going beyond simple definitions such as the divulging of a secret, Solove has developed a taxonomy of privacy, and the harms that result from their violation.

His 16 categories are: surveillance, interrogation, aggregation, identification, insecurity, secondary use, exclusion, breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, distortion, intrusion and decisional interference. Solove’s goal is to provide a coherent and comprehensive understanding of what is traditionally an elusive and hard-to-explain concept: privacy violations. (This taxonomy is also discussed in Solove’s book, Understanding Privacy.)

Orin Kerr, also a law professor at George Washington University, and a blogger at Volokh Conspiracy, has attempted to lay out general principles for applying the Fourth Amendment to the internet. First, he points out that the traditional inside/outside distinction — the police can watch you in a public place without a warrant, but not in your home — doesn’t work very well with regard to cyberspace. Instead, he proposes a distinction between content and non-content information: the contents for example. The police should be required to get a warrant for the former, but not for the latter. Second, he proposes that search warrants should be written for particular individuals and not for particular internet accounts.

Meanwhile, Jed Rubenfeld of Yale Law School has tried to reinterpret (.pdf) the Fourth Amendment not in terms of privacy, but in terms of security. Pointing out that the whole “expectations” test is circular — what the government does affects what the government can do — he redefines everything in terms of security: the security that our private affairs are private.

This security is violated when, for example, the government makes widespread use of informants, or engages in widespread eavesdropping — even if no one’s privacy is actually violated. This neatly bypasses the whole individual privacy versus societal security question — a balancing that the individual usually loses — by framing both sides in terms of personal security.

I have issues with all of these articles. Solove’s taxonomy is excellent, but the sense of outrage that accompanies a privacy violation — “How could they know/do/say that!?” — is an important part of the harm resulting from a privacy violation. The non-content information that Kerr believes should be collectible without a warrant can be very private and personal: URLs can be very personal, and it’s possible to figure out browsed content just from the size of encrypted SSL traffic. Also, the ease with which the government can collect all of it — the calling and called party of every phone call in the country — makes the balance very different. I believe these need to be protected with a warrant requirement. Rubenfeld’s reframing is interesting, but the devil is in the details. Reframing privacy in terms of security still results in a balancing of competing rights. I’d rather take the approach of stating the — obvious to me — individual and societal value of privacy, and giving privacy its rightful place as a fundamental human right. (There’s additional commentary on Rubenfeld’s thesis at ArsTechnica.)

The trick here is to realize that a normative definition of the expectation of privacy doesn’t need to depend on threats or technology, but rather on what we — as society — decide it should be. Sure, today’s technology make it easier than ever to violate privacy. But it doesn’t necessarily follow that we have to violate privacy. Today’s guns make it easier than ever to shoot virtually anyone for any reason. That doesn’t mean our laws have to change.

No one knows how this will shake out legally. These three articles are from law professors; they’re not judicial opinions. But clearly something has to change, and ideas like these may someday form the basis of new Supreme Court decisions that brings legal notions of privacy into the 21st century.

Join the forum discussion on this post - (1) Posts

Recently Written

• Privacy Law News
• New Canadian laws would kill all internet privacy
• Bing Gaining in Name Recognition
• Internet privacy: Mind your own business
• Cyberwar’s first casualty: Your privacy
• It’s Time to Drop the ‘Expectation of Privacy’ Test

Categories

• Media
• Privacy

Archives

• June 2009
• April 2009

Blogroll

• ATIPMAIL
• Cairs Research System - Access requests database from 1993 on
• Case Management
• Learning Center - Various courses offers

About

This is an area on your website where you can add text. This will serve as an informative location on your website, where you can talk about your site.

Subscribe to our feed

Search

Admin

• Register
• Log in
• Wordpress
• XHTML