Privacy, Security & Government Surveillance

Europe Reimagines Orwell’s Memory Hole

by on November 16, 2010 · 7 comments

Inspired by thoughtful pieces by Mike Masnick on Techdirt and L. Gordon Crovitz’s column yesterday in The Wall Street Journal, I wrote a perspective piece this morning for CNET regarding the European Commission’s recently proposed “right to be forgotten.”

A Nov. 4th report promises new legislation next year “clarifying” this right under EU law, suggesting not only that the Commission thinks it’s a good idea but, even more surprising, that it already exists under the landmark 1995 Privacy Directive.

What is the “right to be forgotten”?  The report is cryptic and awkward on this important point, describing “the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they [that is, the data] are no longer needed for legitimate purposes.”

Continue reading →

SHARE: 7 comments

Yup, we agree: “It’s not a privacy ‘breach’ when information about you is out there already.”

by on November 15, 2010 · 3 comments

Rob Pegoraro’s article in yesterday’s Washington Post is a worthy read, if only because it puts into context what is and isn’t a privacy breach.

Recently, there’s been a lot of noise–started by a Wall St Journal article–about a supposed privacy breach by Facebook surrounding the misuse of user data by applications installed on the user’s page. But as Pegoraro relates, this information was all public anyway, much like a phone book displays your identity. Here’s what he says is the difference between what is and isn’t a breach:

Privacy breach: Exposes private information you tried to keep confidential, in ways that risk the loss of money or security or otherwise fairly earn the adjective ‘Orwellian.’” NOT a privacy breach: Information about you that is already made public to users of a website, including the “basic parameters of people’s accounts:  their name, picture, gender and networks….”

The point is that we shouldn’t conflate the use (or misuse) of public information with the breach of private information. Doing so elevates a lesser offense at the expense of something that is much more serious.

But as much as I like the article, I also have a few quibbles. Pegoraro says that if users are still offended by Facebook, they should blame the site for its default settings and switch to a competitor. And while losing customers is the ultimate penalty for any business, he misses the point in a couple of ways. First, we want to encourage innovation in social media and information sharing, which means companies need the freedom to set and change default settings (I’ve blogged on this before). Second, instead of switching sites users can just adjust their privacy settings! This simple, less drastic measure wasn’t even mentioned.

SHARE: 3 comments

Brilliant

by on November 14, 2010 · 0 comments

WillUsingthePrefixCyberMakeMeLookLikeanIdiot.com

SHARE: 0 comments

Privacy as an Information Control Regime: The Challenges Ahead

by on November 13, 2010 · 5 comments

This week, we’ve seen reports in both The New York Times (“Stage Set for Showdown on Online Privacy“) and The Wall Street Journal (“Watchdog Planned for Online Privacy“) that the Obama Administration is inching closer toward adopting a new Internet regulatory regime in the name of protecting privacy online.  In this essay, I want to talk about information control regimes, not from a normative perspective, but from a practical one.  In doing so, I will compare the relative complexities associated with controlling various types of information flows to protect against four theoretical information harms: objectionable content, defamation, copyright, and privacy.

From a normative perspective, there are many arguments for and against various forms of information control.  Here, for example, are the reasons typically given for why society might want to impose regulations on the Internet (or other communications channels) to address each of the four issues identified above:

  1. Content control / Censorship: We must control information flows to protect children from objectionable content or all citizens against some other form of supposedly harmful speech (hate speech, terrorist recruitment, etc).
  2. Defamation control: We must control information flows to protect people’s reputations.
  3. Copyright control: We must control information flows to protect the property rights of creators against unauthorized use / distribution.
  4. Privacy control: We must control information flows to protect against information flows that include information about individuals.

Again, there are plenty of good normative arguments in the opposite direction, many of which are based on free speech considerations since, by definition, information control regimes limit the flow of forms of speech.  For privacy, I discussed such speech-related considerations in my essay on “Two Paradoxes of Privacy Regulation.”  But what about the administrative or enforcement burdens associated with each form of information control?  I increasingly find that question as interesting as the normative considerations.

Continue reading →

SHARE: 5 comments

How to Control iTunes’ “Ping” Social Network

by on November 13, 2010 · 0 comments

I’ve had quite enough of service providers of one kind or another making me part of their new social network. (I’m looking at you, Google Buzz.)

So here’s an article about how to control iTunes’ new Ping social network, which comes with iTunes 10.

Apple did a couple things right: They made it very clear in the “Terms and Conditions” click-through for the new version of the software that you’re getting Ping. It also appears to default to “off.” That’s what I found when I followed the directions in the article linked above, anyway.

If you want to be in yet another social network, you can enable Ping using those directions. You also might want to get your head checked. Something might be wrong in your real life.

SHARE: 0 comments

Should Legislatures, Commissions, and Such Figure Out Privacy Problems?

by on November 7, 2010 · 2 comments

The recent European Commission proposal to create a radical and likely near impossible-to-implement “right to be forgotten” provides an opportunity to do some thinking about how privacy norms should be established.

In 1961, Italian liberal philosopher and lawyer Bruno Leoni published Freedom and the Law, an excellent, if dense, rumination on law and legislation, which, as he emphasized, are quite different things.

Legislation appears today to be a quick, rational, and far-reaching remedy against every kind of evil or inconvenience, as compared with, say, judicial decisions, the settlement of disputes by private arbiters, conventions, customs, and similar kinds of spontaneous adjustments on the part of individuals. A fact that almost always goes unnoticed is that a remedy by way of legislation may be too quick to be efficacious, too unpredictably far-reaching to be wholly beneficial, and too directly connected with the contingent views and interests of a handful of people (the legislators), whoever they may be, to be, in fact, a remedy for all concerned. Even when all this is noticed, the criticism is usually directed against particular statutes rather than against legislation as such, and a new remedy is always looked for in “better” statutes instead of in something altogether different from legislation. (page 7, 1991 Liberty Fund edition)

The new Commission proposal is an example. Apparently the EU’s 1995 Data Protection Directive didn’t do it.

Rather than some central authority, it is in vernacular practice that we should discover the appropriate “common” law, emphasizes Leoni.

“[A] legal system centered on legislation resembles . . . a centralized economy in which all the relevant decisions are made by a handful of directors, whose knowledge of the whole situation is fatally limited and whose respect, if any, for the people’s wishes is subject to that limitation. No solemn titles, no pompous ceremonies, no enthusiasm on the part of the applauding masses can conceal the crude fact that both the legislators and the directors of a centralized economy are only particular individuals like you and me, ignorant of 99 percent of what is going on around them as far as the real transactions, agreements, attitudes, feelings, and convictions of people are concerned. (page 22-23, emphasis removed)

The proposed “right to be forgotten” is a soaring flight of fancy, produced by detached intellects who lack the knowledge to devise appropriate privacy norms. If it were to move forward as is, it would cripple Europe’s information economy while hamstringing international data flows. More importantly, it would deny European consumers the benefits of a modernizing economy by giving them more privacy than they probably want.

I say “probably” because I don’t know what European consumers want. I only know how to learn what they want—and that is not by observing the dictates of the people who occupy Europe’s many government bureaucracies.

SHARE: 2 comments

The Conflict Between a “Right to Be Forgotten” & Speech / Press Freedoms

by on November 5, 2010 · 10 comments

A report in the U.K. Telegraph notes that the European Union is seeking to create a so-called “right to be forgotten” online, and has “drafted potential legislation that would include new, unprecedented privacy rights for citizens sharing personal data.” Details are sparse at this point, but according to this new 20-page European Commission document, “A Comprehensive Approach on Personal Data Protection in the European Union,” the EU will be:

clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired. (p.8)

Two brief comments on this.  First, it should be apparent that any “right to be forgotten” conflicts mightily with free speech rights and press freedom. As I discussed at greater length in this review of Solove’s Understanding Privacy as well as my essay on “Two Paradoxes of Privacy Regulation,” the problem with enshrining expansive privacy “rights” into law is that it means there will need to be stricter limits placed on speech and press freedoms.  As Eugene Volokh noted in his 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“: Continue reading →

SHARE: 10 comments

Thoughts on the Election

by on November 3, 2010 · 3 comments

Tech issues don’t move the needle in national elections like yesterday’s, but below I’ll make some general observations, followed by a few on winners and losers in issue areas I cover.

All in all, I think it’s a good election result.

We’re back to divided government. The acute tension between the Republican House and Democratic Senate and president is likely to produce fiscal rectitude, and only legislation on which there is something close to true national consensus will pass.

Neither the Republicans nor the Tea Party movement were awarded any kind of sweeping victory, so they are unlikely to overplay their hands or take public support for granted. They must work to advance their aims by persuading more Americans that their philosophies and leadership are meritorious.

Democrats should, of course, be chastened. They’re rightly paying the price for the careless, go-for-broke strategy they used in the 111th Congress, to pass their sprawling, intrusive health care regulation, for example.

Here’s to at least two years of welcome gridlock.

Now, there were some notable losses among tech-focused representatives. The most worrisome loss is Senator Russ Feingold (D-WI), who has been a consistent and persistent overseer and skeptic of the growing surveillance state. I don’t see anyone to step up and take his place. Privacy lost big in the Wisconsin election.

I’m bucking consensus on the loss of Rick Boucher (D-VA) in the House, at least as far as privacy goes. (On copyright and some telecom issues, I’ll take Mike Masnick’s word.) Boucher is a nice guy and a careful legislator, but his popularity among the Washington, D.C. tech lobby, I think, was a product of lobby-legislator symbiosis, not his actual backing for the interests of tech innovators.

For at least a decade, Boucher has been an advocate of “baseline privacy legislation” that never actually had a serious chance of passing. The result was that tech lobbyists could always report to the home office that they had something to do, and tech trade associations could garner corporate support for all those noon-time strategy meetings over sandwiches—without generating a true threat to the business models of the companies they (purport to) represent.

My point is not that Boucher should have advanced his privacy legislation—it’s not going to be federal law that delivers privacy. I’m just not unhappy that he’s gone. (Not that far gone. Watch for him to take a job somewhere in the D.C. tech lobby. Knowing nothing about his plans, I’d give it a greater than 50% chance.)

The tech lobby will actually have some work to do under Boucher’s likely successor in the role of Democratic tech/consumer protection leader. Ed Markey (D-MA) is a partisan and an ideologue who will actually require the tech lobby to defend itself. He’s canny enough to have decent influence even from his perch in the minority.

UPDATE w/additional thought: Democrat Richard Blumenthal, elected to the Senate from Connecticut, is a technophobe demagogue—or plays one on TV, which is what matters. He went to war against Craigslist to boost his campaign, and his win is a notable loss for tech and free speech.

But—really—the fate of our privacy, the fate of our tech sector, and the fate of our country and society shouldn’t turn on elections. We are not defined by these people, who go to Washington, D.C. to sit atop the coercive authority machine for a while. Elections come and go. I’ll continue to work on returning power to civil society where it belongs.

SHARE: 3 comments

Privacy Trumps Taxes—Victory for Consumers in North Carolina…But What About Colorado?

by on October 26, 2010 · 1 comment

A federal judge sided with privacy over taxes yesterday, signaling a victory for consumers in North Carolina. Now we’re waiting to see if this also means victory for consumers and online companies that sell into Colorado.

A U.S. District Court in Seattle blocked North Carolina’s Department of Revenue from compelling Amazon to reveal the names and addresses of its customers so that North Carolina could go after them for not paying use taxes on purchases where they did not pay sales tax.

The North Carolina DOR had been auditing Amazon’s 2003-2010 sales into the state and had asked for “all information for all sales to customers with a North Carolina shipping address.” Amazon provided detailed information about the purchases, but the DOR demanded information about the customers making the purchases. Amazon balked and filed suit, and the ACLU even intervened to support Amazon. And they won.

The court was clear that states cannot compel companies to disclose the purchasing behavior of its citizens:

The First Amendment protects a buyer form having the expressive content of her purchase of books, music and audiovisual materials disclosed to the government. The fear of government tracking and censoring one’s reading, listening and viewing choices chills the exercise of First Amendment rights.

What does this have to do with Colorado? Everything and more.

Continue reading →

SHARE: 1 comment

Celebrating the COPA Report Ten Years Later: A Charter for Sound Consumer Protection Online

by on October 22, 2010 · 1 comment

An important anniversary just passed with little more notice than an email newsletter about the report that played a pivotal role in causing the courts to strike down the 1998 Child Online Protection Act (COPA) as an unconstitutional restriction on the speech of adults and website operators. (COPA required all commercial distributors of “material harmful to minors” to restrict their sites from access by minors, such as by requiring a credit card for age verification.)

The Congressional Internet Caucus Advisory Committee is pleased to report that even after 10 years of its release the COPA Commission’s final report to Congress is still being downloaded at an astounding rate – between 700 and 1,000 copies a month. Users from all over the world are downloading the report from the COPA Commission, a congressionally appointed panel mandated by the Child Online Protection Act. The primary purpose of the Commission was to “identify technological or other methods that will help reduce access by minors to material that is harmful to minors on the Internet.” The Commission released its final report to Congress on Friday, October 20, 2000. As a public service the Congressional Internet Caucus Advisory Committee agreed to virtually host the deliberations of the COPA Commission on the Web site COPACommission.org. The final posting to the site was the actual COPA Commission final report making it available for download. In the subsequent 10 years it is estimated that close to 150,000 copies of the report have been downloaded.

The COPA Report played a critical role in fending off efforts to regulate the Internet in the name of “protecting our children,” and marked a shift towards focusing on what, in First Amendment caselaw is called “less restrictive” alternatives to regulation. This summary of the report’s recommendations bears repeating:

After consideration of the record, the Commission concludes that the most effective current means of protecting children from content on the Internet harmful to minors include: aggressive efforts toward public education, consumer empowerment, increased resources for enforcement of existing laws, and greater use of existing technologies. Witness after witness testified that protection of children online requires more education, more technologies, heightened public awareness of existing technologies and better enforcement of existing laws. Continue reading →

SHARE: 1 comment

← Previous Entries

Next Entries →