Recall a couple of years ago when I lauded Google – and also picked on them – for making customer data “more anonymous”?
“‘Anonymous’ is correctly regarded as an absolute condition,” I wrote. “Like pregnancy, anonymity is either there or it’s not. Modifying the word with a relative adjective like ‘more’ is a curious use of language.”
The challenge of these concepts – “anonymized” or “de-identified” data – is still around, and it’s still a difficult one.
Here’s a sophisticated take on the question:
Information is increasingly difficult to classify as “identified” or “de-identified,” particularly as it is copied, exchanged, or recombined with other information. With rapidly evolving technologies and databases, it is more appropriate to describe a spectrum of “identifiability,” rather than a binary classification of information as identifiable or not. The question could then become not whether deidentified information might be made re-identifiable, but rather which entities would be able to re-identify the information, how much effort they would have to expend, and what limits are placed on their doing so.
And here’s an advocacy group apparently lacking that sophistication. They treat information as flatly “de-identified” in a legal filing about a New Hampshire law that bans the sale of prescription drug data for marketing purposes:
[T]he Prescription Information Law does not implicate patient privacy. While it purports to protect privacy interests, the statute regulates patient de-identified information.
Here’s the thing: Both quotes were issued by the Center for Democracy and Technology. Continue reading →
I’m reading a couple of interesting books right now [see my Shelfari list here] including Guarding Life’s Dark Secrets: Legal and Social Controls over Reputation, Propriety, and Privacy by Lawrence Friedman of the Stanford School of Law. The book examines the legal and social norms governing privacy, reputation, sex, and morals over the past two centuries. It’s worth putting on your reading list. [Here’s a detailed review by Neil Richards.] I might pen a full review later but for now I thought I would just snip this passage from the concluding chapter:
In an important sense, privacy is a modern invention. Medieval people had no concept of privacy. They also had no actual privacy. Nobody was ever alone. No ordinary person had private space. Houses were tiny and crowded. Everyone was embedded in a face-to-face community. Privacy, as idea and reality, is the creation of a modern bourgeois society. Above all, it is a creation of the nineteenth century. In the twentieth century it became even more of a reality. [p. 258]
In a time when amorphous “rights” to privacy seem to be multiplying like wildflowers, this is an important insight from Friedman. In my opinion, many of the creative privacy theories being concocted today are often based on false nostalgia about some forgotten time in the past when we supposedly all had our own little quiet spaces that were completely free from privacy intrusions. But as Friedman makes clear, this is largely a myth. It’s not to say that there aren’t legitimate issues out there today. But it’s important that we place modern privacy issues in a larger historical context and understand how many of today’s concerns pale in comparison to the problems of the past.
[Note: If you’re interested in this topic, you’ll also want to read Daniel Solove’s The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. Also, here’s Jim Harper’s review of it.]
Adam Thierer & I have just released a detailed examination (PDF) of brewing efforts to expand the Children’s Online Privacy Protection Act of 1998 to cover adolescents and potentially all social networking sites—an approach we call “COPPA 2.0.”
As Adam explained on Larry Magid’s CNET podcast, COPPA mandates certain online privacy protections for children under 13, most importantly that websites obtain the “verifiable consent” of a child’s parent before collecting personal information about that child or giving that child access to interactive functionality that might allow the child to share their personal information with others. The law was intended primarily to “enhance parental involvement in a child’s online activities” as a means of protecting the online privacy and safety of children.
Yet advocates of expanding COPPA—or “COPPA 2.0″—see COPPA’s verifiable parental consent framework as a means for imposing broad regulatory mandates in the name of online child safety and concerns about social networking, cyber-harassment,
etc. Two COPPA 2.0 bills are currently pending in New Jersey and Illinois. The accelerated review of COPPA to be conducted by the FTC next year (five years ahead of schedule) is likely to bring to Washington serious talk of expanding COPPA—even though Congress clearly rejected covering adolescents age 13-16 when COPPA was first proposed back in 1998.
We’ll discuss some of the key points of our paper in a series of blog posts, but here are the top nine reasons for rejecting COPPA 2.0, in that such an approach would:
- Burden the free speech rights of adults by imposing age verification mandates on many sites used by adults, thus restricting anonymous speech and essentially converging—in terms of practical consequences—with the unconstitutional Children’s Online Protection Act (COPA), another 1998 law sometimes confused with COPPA;
- Burden the free speech rights of adolescents to speak freely on—or gather information from—legal and socially beneficial websites;
- Hamper routine and socially beneficial communication between adolescents and adults;
- Reduce, rather than enhance, the privacy of adolescents, parents and other adults because of the massive volume of personal information that would have to be collected about users for authentication purposes (likely including credit card data);
Continue reading →
Lee Gomes writes on Fobes.com with a clear-eyed reminder that privacy regulation has been costly, yet failed to deliver. Lovers of government intervention will, of course, take this as an argument to double-down.
craigslist has filed a complaint against South Carolina Attorney General Henry McMaster, seeking to enjoin him from prosecuting the site for displaying the solicitations to prostitution that sometimes appear there. The complaint cites section 230 of the Communications Decency Act, the First Amendment, and a few other laws that craigslist believes protect it from liability.
The complaint makes a pretty good case that craigslist has taken reasonable steps, working with law enforcement, to keep prostitution off the site. With that it has done its part. If prosecutors want to go after prostitution, they can use craigslist to do so. They should not attack the messenger if consenting adults are trying to exchange money for sexual services in their local areas.
California has asked the Supreme Court to review a Ninth Circuit Court of Appeals decision holding that a California video game statute was unconstitutional. [Game Politics.com has complete coverage, and there’s more over at Ars and USA Today’s Game Hunters blog.]
Brief background: In late February, the Ninth Circuit upheld an August 2007 ruling by a California district court decision in the case of
Video Software Dealers Association v. Schwarzenegger [decision here], which struck down a California law, passed in October 2005 (A.B.1179), which would have blocked the sale of “violent” video games to those under 18 and required labels on all games. Offending retailers could have been fined for failure to comply with the law. After being challenged by the Video Software Dealers Association and the Entertainment Software Association and, the district court blocked the law arguing that it violated both the First and Fourteenth Amendments to the federal Constitution.
California’s decision to appeal the law up to the Supreme Court [petition is here] sets up a potential historic First Amendment decision (if they Court agrees to take the case, that is). California is asking the Court to consider two questions:
1. Does the First Amendment bar a state from restricting the sale of violent video games to minors?
2. If the First Amendment applies to violent video games that are sold to minors, and the standard of review is strict scrutiny, under Turner Broadcasting System, Inc. v. F.C.C., 512 U.S. 622, 666 (1994), is the state required to demonstrate a direct causal link between violent video games and physical and psychological harm to minors before the state can prohibit the sale of the games to minors?
California is essentially asking the Supreme Court to engage in a constitutional revolution and upset a century’s worth of First Amendment jurisprudence.
Continue reading →
. . . you’d think that you would follow the “Speeches” link from the home page on Whitehouse.gov. If you do, today you see just four speeches.
I went looking for the text of his national security speech at the National Archives today. The New York Times has it but Whitehouse.gov doesn’t? What’s going on here?
As I mentioned in a post last month, dozens of comments were filed with the Federal Communications Commission (FCC) as part of the agency’s “Child Safe Viewing Act” Notice of Inquiry. Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.” I filed 150+ pages worth of comments in this matter, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.
Anyway, this week saw many of the same groups that filed before (and some new ones) file reply comments about those earlier submissions. To make things simple, I have collected most of the notable reply comments down below in case anyone is interested.
Continue reading →
The Computers Freedom & Privacy conference is consistently one of the most interesting and forward-looking privacy conferences. This year, it’s at George Washington University in Washington, D.C. June 1-4.
I helped organize it this time, though by no means does the event skew libertarian. What it does is bring together people of all ideologies to discuss common concerns about the present and future state of privacy.
I’ll be speaking on a panel called “The Future of Security vs. Privacy” on Tuesday, June 2nd. Here’s the program page. And here’s the registration page if any of this whets your appetite.
NebuAd is dead. The company‘s plan to track users through their ISPs for the purpose of targeting advertising met with public and congressional concern that ultimately led to its demise.
I believe that ISPs should stick to serving bits and not get into the business of serving or helping to serve ads, so I’m glad to see NebuAd’s model fail. I’ve been made aware by a similar company – Phorm – of the privacy sensitivity they design into their system, but the answer for me is still “No, thanks.”
In terms of policy, this story is mixed. Fans of government involvement probably believe that concerns expressed by public authorities caused NebuAd’s partners to pull out. ISPs also responded to public concerns expressed directly and in the media, of course, and I believe that consumers’ passive reliance on government authorities for protection is in error.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.
Reply Comments in FCC’s “Child Safe Viewing Act” Notice of Inquiry
by Adam Thierer on May 20, 2009 · 17 comments
As I mentioned in a post last month, dozens of comments were filed with the Federal Communications Commission (FCC) as part of the agency’s “Child Safe Viewing Act” Notice of Inquiry. Again, this proceeding was required under the “Child Safe Viewing Act of 2007,” which Congress passed last year and President Bush signed last December. The goal of the bill and the FCC’s proceeding (MB 09-26) is to study “advanced blocking technologies” that “may be appropriate across a wide variety of distribution platforms, including wired, wireless, and Internet platforms.” I filed 150+ pages worth of comments in this matter, and here’s my analysis of why this bill and the FCC’s proceeding are worth monitoring closely.
Anyway, this week saw many of the same groups that filed before (and some new ones) file reply comments about those earlier submissions. To make things simple, I have collected most of the notable reply comments down below in case anyone is interested. Continue reading →