You won’t find out from this New York Times front-page story from yesterday, which is disappointingly long on alarmism but scarce on details, a phenomenon all too frequent in privacy reporting. In the third sentence — immediately after anthropomorphizing smartphones — the story tells us that “advertisers, and tech companies like Google and Facebook, are finding new, sophisticated ways to track people on their phones and reach them with individualized, hypertargeted ads.” Boy, that sounds bad — exactly what horrible new thing have they come up with now?
The third paragraph tells us only what privacy advocates fear. The fourth mentions the National Security Agency. The fifth quotes privacy scholar Jennifer King saying that consumers don’t understand ad tracking.
The sixth paragraph finally gives us a specific example of the “new, sophisticated ways” advertisers and tech companies are “track[ing] people on their phones”: Drawbridge. What does Drawbridge do? It’s “figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected.” But this doesn’t tell us much. There are more and less innocuous ways to accomplish the goal of tracking users across devices. On the innocent end of the scale, a website could make you sign into an account, which would allow it to tell who you are, no matter what computer you use. On the malevolent end of the scale, it could hack into your devices and access personal information that is then linked to your activity. The key question is, how is Drawbridge getting the data it is using to track users, and what is in that data? Continue reading “What the Heck Is Drawbridge?”
I do intend to get back to my four-part series on whether Google’s collection of information from residential Wi-Fi networks violated the Wiretap Act. That issue is being litigated in the Northern District of California in a consolidated class action of home wireless network users, and the earlier posts in my series examined the plaintiffs’, Google’s, and the district court’s arguments on this issue. See Part I; Part II. Since I wrote the first two posts, the Ninth Circuit weighed in, affirming the district court’s denial of Google’s motion to dismiss, allowing the plaintiffs to proceed with their complaint.
Since that post, there’s been another development: Google has filed a petition for rehearing and rehearing en banc. And they’ve brought in a bigger gun to do so — noted Supreme Court advocate Seth Waxman — indicating perhaps how far they intend to take this. Google has two basic arguments for why a rehearing should be granted. First, Google attacks what I called the panel’s “radio means radio” interpretation of the term “radio communications” — “radio communications” means “stuff you listen to on a radio” — is unworkable. Second, Google argues that the panel should never have reached the issue of whether wi-fi communications are “readily accessible to the general public” under an ordinary-language approach to that term, because that question involves disputed issues of fact. In the rest of this post I’ll review these two arguments. Continue reading “Google Calls in the Cavalry in the Street View Case”
Some of you may recall a case from Virginia in August of last year concerning whether, in a public sector First Amendment case involving political activities, liking someone or something on Facebook counted as protected First Amendment speech. I said it most certainly did in the ABA Journal at the time, even though the district judge said it certainly did not.
Yesterday, the Fourth Circuit made the world right again by finding that liking a candidate’s campaign page on Facebook was in fact protected First Amendment speech.
Here is the link to the 4th Circuit’s decision (2-1) in Bland v. Roberts. And here is the pertinent language from the Court’s opinion:
On the most basic level, clicking on the “like” button literally causes to be published the statement that the User “likes” something, which is itself a substantive statement. In the context of a political campaign’s Facebook page, the meaning that the user approves of the candidacy whose page is being liked is unmistakable. That a user may use a single mouse click to produce that message that he likes the page instead of typing the same message with several individual key strokes is of no constitutional significance.
Bill Herbert has written on these First Amendment issues involving social networking by public employees in Can’t Escape from the Memory: Social Media and Public Sector Labor Law. The article has now been published in North Kentucky Law Review as part of the Law + Informatics Symposium on Labor and Employment Issues. A shout out to Jon Garon, Director of the Law + Informatics Institute at NKU, for organizing this very worthwhile event. Continue reading “4th Cir: Liking on Facebook Is Protected First Amendment Activity”
Time, and the Ninth Circuit, wait for no man. You may recall that I was halfway through my four-part series on the arguments in Joffe v. Google, the “Wi-Spy” case in which Google’s Street View cars intercepted and stored data captured from residential wireless networks. Google argued that that activity did not violate the Wiretap Act, because the Wiretap Act does not apply at all to Wi-Fi. There’s an exception in the Wiretap Act for “electronic communications readily accessible to the general public,” and the Act defines “readily accessible” for “radio communications” to mean that the communications must be encrypted or otherwise protected. Wi-Fi is broadcast over radio, and the plaintiffs did not set up encryption. Here’s Part I and Part II if you want to read more.
Earlier today, the Ninth Circuit issued its decision: the district court’s denial of Google’s motion to dismiss is affirmed; the exception does not apply. The Ninth Circuit essentially signed on to the district court’s “radio means radio” approach: Continue reading “Ninth Circuit Rejects Google Wi-Fi Argument”
A couple of weeks ago Salon reported that the NSA had allegedly sent a request to self-printing site Zazzle asking that it take down a parody t-shirt that used an altered version of the NSA logo. When contacted, the NSA first claimed that “[t]he NSA seal is protected by Public Law 86-36, which states that it is not permitted for ‘ . . . any person to use the initials “NSA,” the words “National Security Agency” and the NSA seal without first acquiring written permission from the Director of NSA.'” But shortly after that, the NSA updated its statement to add that it had not contacted Zazzle to request the removal of any item since 2011, when it asked that a coffee mug with the NSA seal be removed from the site.
Putting the two statements together, it looked as though someone at Zazzle, remembering the earlier incident, mistakenly thought that all uses of the logo were forbidden. It seemed to be an isolated incident.
Except that now it’s happened again. This time, a computer science professor at Johns Hopkins, Matthew Green, received a request from his dean that he pull down a blog post on university servers that linked to some of the leaked NSA documents and contained the NSA logo. The university later confirmed that the reason for the request was that it “received information” that Green’s post “contained a link or links to classified material and also used the NSA logo.”
Before this emerging folklore about the NSA logo gets any stronger, let’s be clear: the NSA misquoted the statute in its response to the Salon story. Use of the NSA logo merely to criticize or comment on the NSA is not illegal; and even if Congress tried to make it illegal, it would likely violate the First Amendment, as Eugene Volokh has noted. Continue reading “It’s OK to Use the NSA Logo While Commenting on the NSA”
(This is Part 2 of 4 posts on the issue of whether the Wiretap Act bars interception of unencrypted wi-fi signals. See Part I.)
When we last tuned in I was explaining the arguments in the Google “Wi-Spy” case, involving Google’s Street View vehicles’ interception of home wireless network transmissions. Google argues that unencrypted wireless network transmissions are not protected by the Wiretap Act. Forget to set your wi-fi password? Then all of your network communications are free for the taking by your neighbor, local hacker, or multi-national conglomerate driving down the street. Sure, that sounds counter-intuitive, Google might admit, but the Wiretap Act is a counter-intuitive statute (they’ve got that part right, at least).
The plaintiffs argue that Google is simply engaged in lawyer games, willfully contorting the statute in order to save its bacon. There’s a provision in the Wiretap Act that (roughly speaking) defines unencrypted communications to be publicly accessible, but it only applies to radio communications. And, the plaintiffs argue, “radio communications . . . readily accessible to the general public” is only used in one place in the statute, a provision that talks only about “governmental, law enforcement, civil defense, private land mobile, or public safety communications system[s].” Home wireless routers clearly aren’t any of those. The exception that Google needs refers to “electronic communication[s] . . . readily accessible to the general public.” There’s no definition for that use of “readily accessible,” however, so the ordinary English reading will have to suffice.
The district court didn’t take quite the same tack as the plaintiffs. Continue reading “Why Google’s Wi-Spy Argument Is Stronger Than It First Appears”
Google’s been catching a lot of privacy flak recently. Just this week, various news organizations picked up the story that Google had filed a brief back in June arguing that sending emails to someone else waives any reasonable expectation of privacy as to the content of those emails. I think the furor that has erupted is somewhat overblown, but that’s not what I want to focus on right now.
Rather, I want to focus on a different Google privacy argument from June. My post last week mentioned Google’s argument to the Ninth Circuit that the Wiretap Act does not protect unencrypted wi-fi signals. This argument has a lot of practical significance. Although the number is dwindling, many people still have unencrypted home wireless networks. Wi-fi hotspots, such as those found in coffee shops and airports, are often unencrypted. And many devices emit all sorts of unencrypted information on a regular basis, which an unscrupulous individual or company could use to track people. If Google is correct, all of that tracking and snooping would be be legally in the clear, at least as far as the Wiretap Act is concerned. The oral argument was two months ago, so a decision could come down at any time.
I began this post as a quick explanation of why I think Google’s argument is mistaken. I’d read the relevant statutory language probably a dozen times or more, and I thought Google’s interpretation was simply wrong. But the Wiretap Act is so convoluted that it is dangerous to draw conclusions without thoroughly mapping out a path through all the definitions and exceptions and exceptions to definitions. After having done that for this post, I don’t think Google’s argument is quite so wrong-headed anymore. But (insert dramatic twist musical cue here) I now believe it should ultimately fail anyway, for a reason I haven’t seen anyone mention–either because it’s eluded everyone else, or because it is so obviously wrong no one has bothered. Caveat emptor.
Much like the Wiretap Act itself, this post is going to be long and detailed, so I’ve broken it up into four (!) parts. In this part, I’ll explain the Ninth Circuit litigation and the basic arguments of the parties. In Part II, I’ll explain why I think Google’s arguments are stronger than an initial read might suggest. In Part III, I’ll make a foray into the legislative history to try to figure out how the Wiretap Act got the way it is. Finally in Part IV, I’ll explore whether Google should still lose based on a close look at how wi-fi actually works. Continue reading “Six Words in August”
Should journalists or security researchers be able to access your home network and change settings without your permission, or snoop on your email and web browsing traffic, in order to further their research? I would think the answer is obviously no, even if the research is legitimate. But two stories that ran last week seem to be expressing dismay at restrictions placed on journalists or security researchers by the Computer Fraud and Abuse Act that allegedly prohibit them from doing exactly that. The issue is significant because, in the wake of several controversial prosecutions (Lori Drew, Aaron Swartz, Andrew Auernheimer (a/k/a “weev”)), there is considerable pressure building to amend the CFAA. I think it would be a serious mistake to amend the CFAA, or any other electronic intrusion statute, to permit journalists or security researchers — or possibly anyone describing themselves as such, such as bloggers or hobbyists — from accessing poorly secured home networks or private communications just out of curiosity.
Here’s Forbes privacy blogger Kashmir Hill on a security flaw in a home automation system: Continue reading “Is Electronic Snooping OK If You Have Good Intentions?”
Earlier this month, I learned that as a Verizon Wireless customer, my cell phone records, and those of family, may very well be sitting in some National Security Agency (NSA) analyst’s cubicle.
According to The Guardian, which first reported the story June 5, Verizon is under a court order to turn over on an “ongoing, daily basis,” information such as “the numbers of both parties on a call . . . location data, call duration, unique identifiers, and the time and duration of all calls,” and more. However, no subscriber’s personal information or contents of a call are covered by the order.
Shortly after the story broke, Edward Snowden, a 29-year-old former NSA contractor, came forward as the informant. Time Magazine quotes Snowden as saying, “The public needs to decide whether these programs and policies are right or wrong.” He has since been charged with theft of government property, unauthorized communication of national defense information, and willful communication of classified communications intelligence information to an unauthorized person. Snowden may currently be in Moscow and is rumored to be heading to Ecuador to seek political asylum there.
Because the information that Verizon turns over is considered metadata and not communications, the NSA needs no warrant to access it. Even so, by putting together enough metadata, one can fairly easily put together a profile of who is calling whom, for how long, and from where. While no actual content is turned over to the NSA, the breadth of this program—code named PRISM—should frighten any American because the information is handed over wholesale; no probable cause or suspicion of wrongdoing needed. And, boom. The NSA is keeping tabs on you. Continue reading “Edward Snowden: Whistleblower or Traitor?”
Whoa, you like to think that you’re immune to the stuff, oh yeah
It’s closer to the truth to say you can’t get enough
You know you’re gonna have to face it, you’re addicted to [the Internet].
Robert Palmer, Addicted to Love (1986) (more recently covered by Florence & The Machine (2010))
This morning, I awoke and reached for my smartphone to turn off the alarm. Because I already had the phone in my hand, I checked the day’s weather (for both the Madison area, where I live, and Milwaukee, where I work). Then, of course, I had to check email, to see what had come in during the night. And, while I was at it, I took my turn in the eight concurrent games with three different people that I have going on Words with Friends. After that, I finally got out of bed.
According to an article by Tony Dokoupil in the July 16, 2012 issue of Newsweek, that kind of morning makes me just like more than one-third of smartphone users. We are the ones who check our phones before we even get out of bed. Really? Only one-third of us do that?
Technology has allowed us to be continuously connected to a wider world, and too many of us are tethered to those portals. Continue reading “Addicted to the Internet?”
A big part of why I am so intrigued by social media and employment law is because of the extent of information people are willing to share with others about themselves through these mediums. One way this can be accomplished is through the “like” feature on Facebook. Facebook describes the “like” feature as “a way to give positive feedback or to connect with things you care about on Facebook.” Once someone hits the “like” button, a caption to the content indicates his or her positive affirmation.
Consumer Reports (p. 28, June 2012) recently featured the extent to which people “like” things on Facebook. A national survey of active Facebook adults revealed that over the previous 12 months, 4.7 million “liked” a page pertaining to health conditions or treatments, 2.3 million “liked” a page regarding sexual orientation, 7.7 million “liked” a page relating to religious affiliation, and 1.6 million “liked” a page pertaining to a racial or ethnic affiliation. I raise these statistics with employers when I talk about social media because these all relate to protected class statuses under the Wisconsin Fair Employment Act, Wis. Stat. § 111.31 et seq. Taking an adverse employment action after learning an individual liked such things as these may open the door to a charge of unlawful discrimination.
A recent decision out of the Eastern District of Virginia is bringing front and center questions concerning the significance of a “like” in a First Amendment context. In Bland v. Roberts, 11CV0045 (E.D. Va. Apr. 24, 2012), several deputy sheriffs claimed they were unlawfully fired for supporting the sheriff’s election opponents in an election the incumbent sheriff ultimately won. Two of the plaintiffs claimed that the retaliation was due, in part, to the fact that they expressed support on the election opponent’s Facebook page. The court found the only evidence of a “statement of support” was through each individual “liking” the challenger’s Facebook page. The court found that a “like” was not sufficient speech to support the plaintiffs’ freedom of speech retaliation claim. The court explained: Continue reading “What’s in a “Like”?”
On August 1, 2012, Illinois Governor Pat Quinn signed into law a bill that prohibits employers from requesting or requiring employees or prospective employees from providing “any password or other related account information” to gain access to the individual’s social networking account. Ill. Public Act 097-0875. By enacting the legislation, Illinois joins Maryland as states that prohibit employers from obtaining social media account password information. The law amends the Illinois Right to Privacy in the Workplace Act, 820 ILCS 55, and is effective January 1, 2013.
Illinois’ new social media legislation confirms that employers maintain the right to create lawful workplace policies that regulate the use of computer equipment, e-mail, and internet use. Moreover, the law also allows employers to monitor employee use of the employer’s electronic equipment and e-mail. Employers also may still obtain publicly available information concerning employees or prospective employees under the new law.
As part of the Right to Privacy in the Workplace Act, the law is subject to investigation and enforcement by the Illinois Department of Labor. Potential damages under the law include reasonable attorney’s fees if the violation is found to be willful and knowing.
This legislation comes in response to public criticism of reported incidences of employers seeking social media account password information for purposes of evaluating position applicants. Illinois employers who currently engage in such practices should be aware that any hiring policy or practice that requires applicants or employees to reveal such information will be a violation of Illinois law after the end of the calendar year.
Cross-posted to General Counselor.