Yes, the furor over data from millions of Facebook users being used for political purposes is important. But just driving down the street raises important privacy issues also. And whether you can make sense of the Facebook issues, you could and probably should give attention to high-tech monitoring of your daily life.
That was the thrust of an “On the Issues with Mike Gousha” program Thursday in Eckstein Hall featuring Cyrus Farivar, author of a new book, Habeas Data: Privacy vs. the Rise of Surveillance Tech. Farivar is also a regular contributor to Ars Technica, which covers news related to technology.
Gousha introduced Farivar by saying that talking about technology and privacy is “a conversation that is perfect for our times.” In the week when great attention focused on Facebook CEO Mark Zuckerberg testifying at length before congressional committees, Farivar agreed. Continue reading “Give Attention to Concerns About Privacy Close to Home, Author Suggests”
This semester in Professor Lisa Mazzie’s Advanced Legal Writing: Writing for Law Practice seminar, students are required to write one blog post on a law- or law school-related topic of their choice. Writing blog posts as a lawyer is a great way to practice writing skills, and to do so in a way that allows the writer a little more freedom to showcase his or her own voice, and—eventually for these students—a great way to maintain visibility as a legal professional. Here is one of those blog posts, this one written by 2L Grace Gall.
“How do you spell their last name?”—That is often the question my mother used to ask me when I was a kid and asked to spend the night at a new friend’s house. Like many Wisconsin parents or employers, my mother often would use the public record cite called CCAP to search criminal and civil records of individuals. As a child, I simply got used to my mother’s question and as I grew older and started working in the legal field myself, I became more and more acquainted with CCAP. Recently this year, I heard about changes being made to the CCAP record system. The Director of State Courts voted in March of this year to change the time limits for dismissed or acquitted cases to have them removed from the public record site after two years from the final order. Continue reading “Changes to Wisconsin’s CCAP Shortens the Time that Some Records are Online”
We have all gone to a website and, in accessing the website’s services, have agreed to “terms and conditions” that include a litany of policies, including privacy policies governing how the company maintaining the website will use our personal information obtained while accessing the website. And let’s be honest, even as attorneys or soon-to-be-attorneys, many of us usually do not actually take the time to read the laundry list of items we are agreeing to just so we can obtain a 20% coupon. I know I’m guilty of regularly clicking “I agree” without reading every term and condition.
All of the interest in the Supreme Court tomorrow is likely to be focused on Hobby Lobby and, to a lesser extent, Harris v. Quinn. But I’ll be watching something that happens before either of those decisions is announced. I’ll be looking to see if the Supreme Court granted cert in the StreetView case. I hope the answer is no.
The StreetView case — Google v. Joffe — is one that I’ve blogged extensively about over the past year. See Part I, Part II; see also my coverage of the Ninth Circuit opinion, Google’s petition for rehearing, and the filing of Google’s cert. petition.) Briefly, Google’s StreetView cars intercepted the contents of transmissions from residential wi-fi routers whose owners had not turned on encryption. A number of class actions have been filed claiming that the interceptions were violations of the federal Wiretap Act. Google moved to dismiss them, arguing that radio communications (like wi-fi) basically have to be encrypted to be protected by the Wiretap Act. The district court and the Ninth Circuit disagreed, holding that the exception Google points to applies only to traditional AM/FM radio broadcasts.
Although I disagree with the Ninth Circuit’s reasoning and would find it professionally advantageous if the Supreme Court decided to take the case, I hope it denies cert. Here’s why. Continue reading “The Supreme Court Considers Google Street View”
I noted back in October that Google had hired “noted Supreme Court advocate Seth Waxman” as it was preparing its petition for rehearing in the Street View case, “indicating perhaps how far they intend to take this.” (For background, see my earlier posts Part I, Part II, after the panel decision, and on the petition for rehearing.) My suspicions were accurate — after losing again at the rehearing stage in late December, Google has now filed a petition for certiorari, asking the Supreme Court to reverse the Ninth Circuit.
Google’s petition primarily makes the same substantive arguments it made in its petition for rehearing. The Ninth Circuit in the decision below adopted what I’ve called the “radio means radio” approach — “radio communications” in the Wiretap Act means only communications that you can receive with, you know, an ordinary AM/FM radio. I’ve argued that that is mistaken, and Google unsurprisingly agrees with me. Google provides three reasons why the Ninth Circuit’s interpretation cannot be sustained. Continue reading “Google Files Cert. Petition in Street View Case”
Some of the very earliest photographs from the late 1830s are of alleged and/or convicted criminals, and law enforcement officials used photographs of criminals in Belgium as early as the 1840s to track down wrong-doers. In Paris, a clerk in the Prefecture of Police Office originated the “mug shot” as we usually imagine it — two shots side by side, with one shot being a frontal shot and the other being a profile.
This so-called “Bertillon System” was displayed at the Chicago World’s Fair in 1893, and it quickly caught on with American urban police departments. It was an age of science, and some thought of the mug shot as a useful component in “scientific law enforcement.” Indeed, there are surviving efforts by police departments to superimpose photographs of certain types of criminals on top of one another. We could then, theoretically, have distilled images of, to note only two of many possibilities, the typical pickpocket or typical forger.
In the present, mug shots are still with us, but we now live in an era in which the market rather than science is seen by many as our savior. It is possible to round up mug shots from public records and post them regardless of whether the pictured individuals have been prosecuted and/or convicted. Continue reading “A History of the Mug Shot”
You won’t find out from this New York Times front-page story from yesterday, which is disappointingly long on alarmism but scarce on details, a phenomenon all too frequent in privacy reporting. In the third sentence — immediately after anthropomorphizing smartphones — the story tells us that “advertisers, and tech companies like Google and Facebook, are finding new, sophisticated ways to track people on their phones and reach them with individualized, hypertargeted ads.” Boy, that sounds bad — exactly what horrible new thing have they come up with now?
The third paragraph tells us only what privacy advocates fear. The fourth mentions the National Security Agency. The fifth quotes privacy scholar Jennifer King saying that consumers don’t understand ad tracking.
The sixth paragraph finally gives us a specific example of the “new, sophisticated ways” advertisers and tech companies are “track[ing] people on their phones”: Drawbridge. What does Drawbridge do? It’s “figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected.” But this doesn’t tell us much. There are more and less innocuous ways to accomplish the goal of tracking users across devices. On the innocent end of the scale, a website could make you sign into an account, which would allow it to tell who you are, no matter what computer you use. On the malevolent end of the scale, it could hack into your devices and access personal information that is then linked to your activity. The key question is, how is Drawbridge getting the data it is using to track users, and what is in that data? Continue reading “What the Heck Is Drawbridge?”
I do intend to get back to my four-part series on whether Google’s collection of information from residential Wi-Fi networks violated the Wiretap Act. That issue is being litigated in the Northern District of California in a consolidated class action of home wireless network users, and the earlier posts in my series examined the plaintiffs’, Google’s, and the district court’s arguments on this issue. See Part I; Part II. Since I wrote the first two posts, the Ninth Circuit weighed in, affirming the district court’s denial of Google’s motion to dismiss, allowing the plaintiffs to proceed with their complaint.
Since that post, there’s been another development: Google has filed a petition for rehearing and rehearing en banc. And they’ve brought in a bigger gun to do so — noted Supreme Court advocate Seth Waxman — indicating perhaps how far they intend to take this. Google has two basic arguments for why a rehearing should be granted. First, Google attacks what I called the panel’s “radio means radio” interpretation of the term “radio communications” — “radio communications” means “stuff you listen to on a radio” — is unworkable. Second, Google argues that the panel should never have reached the issue of whether wi-fi communications are “readily accessible to the general public” under an ordinary-language approach to that term, because that question involves disputed issues of fact. In the rest of this post I’ll review these two arguments. Continue reading “Google Calls in the Cavalry in the Street View Case”
Time, and the Ninth Circuit, wait for no man. You may recall that I was halfway through my four-part series on the arguments in Joffe v. Google, the “Wi-Spy” case in which Google’s Street View cars intercepted and stored data captured from residential wireless networks. Google argued that that activity did not violate the Wiretap Act, because the Wiretap Act does not apply at all to Wi-Fi. There’s an exception in the Wiretap Act for “electronic communications readily accessible to the general public,” and the Act defines “readily accessible” for “radio communications” to mean that the communications must be encrypted or otherwise protected. Wi-Fi is broadcast over radio, and the plaintiffs did not set up encryption. Here’s Part I and Part II if you want to read more.
Earlier today, the Ninth Circuit issued its decision: the district court’s denial of Google’s motion to dismiss is affirmed; the exception does not apply. The Ninth Circuit essentially signed on to the district court’s “radio means radio” approach: Continue reading “Ninth Circuit Rejects Google Wi-Fi Argument”
(This is Part 2 of 4 posts on the issue of whether the Wiretap Act bars interception of unencrypted wi-fi signals. See Part I.)
When we last tuned in I was explaining the arguments in the Google “Wi-Spy” case, involving Google’s Street View vehicles’ interception of home wireless network transmissions. Google argues that unencrypted wireless network transmissions are not protected by the Wiretap Act. Forget to set your wi-fi password? Then all of your network communications are free for the taking by your neighbor, local hacker, or multi-national conglomerate driving down the street. Sure, that sounds counter-intuitive, Google might admit, but the Wiretap Act is a counter-intuitive statute (they’ve got that part right, at least).
The plaintiffs argue that Google is simply engaged in lawyer games, willfully contorting the statute in order to save its bacon. There’s a provision in the Wiretap Act that (roughly speaking) defines unencrypted communications to be publicly accessible, but it only applies to radio communications. And, the plaintiffs argue, “radio communications . . . readily accessible to the general public” is only used in one place in the statute, a provision that talks only about “governmental, law enforcement, civil defense, private land mobile, or public safety communications system[s].” Home wireless routers clearly aren’t any of those. The exception that Google needs refers to “electronic communication[s] . . . readily accessible to the general public.” There’s no definition for that use of “readily accessible,” however, so the ordinary English reading will have to suffice.
The district court didn’t take quite the same tack as the plaintiffs. Continue reading “Why Google’s Wi-Spy Argument Is Stronger Than It First Appears”
Google’s been catching a lot of privacy flak recently. Just this week, various news organizations picked up the story that Google had filed a brief back in June arguing that sending emails to someone else waives any reasonable expectation of privacy as to the content of those emails. I think the furor that has erupted is somewhat overblown, but that’s not what I want to focus on right now.
Rather, I want to focus on a different Google privacy argument from June. My post last week mentioned Google’s argument to the Ninth Circuit that the Wiretap Act does not protect unencrypted wi-fi signals. This argument has a lot of practical significance. Although the number is dwindling, many people still have unencrypted home wireless networks. Wi-fi hotspots, such as those found in coffee shops and airports, are often unencrypted. And many devices emit all sorts of unencrypted information on a regular basis, which an unscrupulous individual or company could use to track people. If Google is correct, all of that tracking and snooping would be be legally in the clear, at least as far as the Wiretap Act is concerned. The oral argument was two months ago, so a decision could come down at any time.
I began this post as a quick explanation of why I think Google’s argument is mistaken. I’d read the relevant statutory language probably a dozen times or more, and I thought Google’s interpretation was simply wrong. But the Wiretap Act is so convoluted that it is dangerous to draw conclusions without thoroughly mapping out a path through all the definitions and exceptions and exceptions to definitions. After having done that for this post, I don’t think Google’s argument is quite so wrong-headed anymore. But (insert dramatic twist musical cue here) I now believe it should ultimately fail anyway, for a reason I haven’t seen anyone mention–either because it’s eluded everyone else, or because it is so obviously wrong no one has bothered. Caveat emptor.
Much like the Wiretap Act itself, this post is going to be long and detailed, so I’ve broken it up into four (!) parts. In this part, I’ll explain the Ninth Circuit litigation and the basic arguments of the parties. In Part II, I’ll explain why I think Google’s arguments are stronger than an initial read might suggest. In Part III, I’ll make a foray into the legislative history to try to figure out how the Wiretap Act got the way it is. Finally in Part IV, I’ll explore whether Google should still lose based on a close look at how wi-fi actually works. Continue reading “Six Words in August”
On August 1, 2012, Illinois Governor Pat Quinn signed into law a bill that prohibits employers from requesting or requiring employees or prospective employees from providing “any password or other related account information” to gain access to the individual’s social networking account. Ill. Public Act 097-0875. By enacting the legislation, Illinois joins Maryland as states that prohibit employers from obtaining social media account password information. The law amends the Illinois Right to Privacy in the Workplace Act, 820 ILCS 55, and is effective January 1, 2013.
Illinois’ new social media legislation confirms that employers maintain the right to create lawful workplace policies that regulate the use of computer equipment, e-mail, and internet use. Moreover, the law also allows employers to monitor employee use of the employer’s electronic equipment and e-mail. Employers also may still obtain publicly available information concerning employees or prospective employees under the new law.
As part of the Right to Privacy in the Workplace Act, the law is subject to investigation and enforcement by the Illinois Department of Labor. Potential damages under the law include reasonable attorney’s fees if the violation is found to be willful and knowing.
This legislation comes in response to public criticism of reported incidences of employers seeking social media account password information for purposes of evaluating position applicants. Illinois employers who currently engage in such practices should be aware that any hiring policy or practice that requires applicants or employees to reveal such information will be a violation of Illinois law after the end of the calendar year.
Cross-posted to General Counselor.