Tag: privacy

“Just Follow the Damn Constitution”

At a hearing this week on mobile device security, law enforcement representatives argued that technology companies should weaken encryption, such as by installing back doors, so that the government can have easier access to communications. They even chastised companies like Apple and Google for moving to provide consumers better privacy protections.

As an Ars Technica report put it, “Lawmakers weren’t having it.” But a particular lawmaker’s response stands out. It’s the statement of Rep. Ted Lieu (D-CA), one of the few members of Congress with a computer science degree. He also “gets” the structure of power. Lieu articulated why the Fourth Amendment specifically disables government agents’ access to information, and how National Security Agency spying has undercut the interests of law enforcement with its overreaching domestic spying.

Give a listen to Lieu as he chastises the position taken by  a district attorney from Suffolk County, MA:

The Fatal Conceit of the “Right to be Forgotten”

Intelligence Squared hosted a lively debate last week over the so-called “Right to be Forgotten” embraced by European courts—which, as tech executive Andrew McLaughlin aptly noted, would be more honestly described as a “right to force others to forget.”  A primary consequence of this “right” thus far has been that citizens are entitled to demand that search engines like Google censor the results that are returned for a search on the person’s name, provided those results are “inadequate, irrelevant, or no longer relevant.”  In other words, if you’re unhappy that an unflattering item—such as a news story—shows up as a prominent result for your name, you can declare it “irrelevant” even if entirely truthful and ask Google to stop showing it as a result for such searches, with ultimate recourse to the courts if the company refuses.  Within two months of the ruling establishing the “right,” the company received more than 70,000 such requests.

Hearteningly, the opponents of importing this “right” to the United States won the debate by a large margin, but it occurred to me that one absolutely essential reason for rejecting this kind of censorship process was only indirectly and obliquely invoked.  As even the defenders of the Right to be Forgotten conceded, it would be inappropriate to allow a person to suppress search results that were of some legitimate public value: Search engines are obligated to honor suppression requests only when linking some piece of truthful information to a person’s name would be embarrassing or harmful to that person without some compensating benefit to those who would recieve the information.  Frequent comparison was made to the familiar legal standards that have been applied to newspapers publishing (lawfully obtained) private information about non-public figures. In those cases, of course, the person seeking to suppress the information is typically opposed in court by the entity publishing the information—such as a newspaper—which is at least in a position to articulate why it believes there is some public interest in that information at the time of publication. 

Stingrays and Police Secrecy

The New York Times this week published a troubling article detailing the secrecy surrounding police use of Stingray cellular site simulators.  Essentially, these devices (which can be mounted on vehicles or carried by hand) mimic the signals of a cell phone tower in order to force cell phones in a given area to connect to the device.  Both data on the phone (including numbers, texts, emails, and any other data stored on the phone) and the phone’s physical location can then be accessed and recorded by police.

Additionally concerning is the extensive use of non-disclosure agreements by the Harris Corporation, which sells the devices, to prevent the public (and in some cases even judges, defense attorneys, and prosecutors) from finding out how these devices are being used or even whether a given department owns any.   The preference for secrecy is so powerful that prosecutors have dropped serious criminal charges simply to avoid having the police use of Stingrays subjected to examination by defense attorneys or judges.

According to the Times,

The confidentiality has elevated the stakes in a longstanding debate about the public disclosure of government practices versus law enforcement’s desire to keep its methods confidential. While companies routinely require nondisclosure agreements for technical products, legal experts say these agreements raise questions and are unusual given the privacy and even constitutional issues at stake.

The stated reason for the secrecy is the common refrain that terrorists will circumvent the technology if they know what law enforcement is up to.  However, a recent ACLU report was unable to uncover a single instance of these devices being used to bring domestic terrorists to justice in any jurisdiction surveyed. 

The ACLU report estimates that Stingrays are in wide and rapidly increasing use in law enforcement agencies across America.  However, there appears to be very little oversight structure for police departments, legislatures, or courts governing the use of these devices. In some instances, it seems that courts have even unwittingly been authorizing their use without the judge’s full understanding.  For instance, a sampling of applications for court orders from Florida law enforcement agencies informs the judge that the order is for cell phone records, but doesn’t mention anything about how they’re to be obtained.  Police claim such vague orders authorize Stingray deployment, but some judges have been less than enthused upon finding out.

Does the Government Require Your Hotel to Spy on You?

If you’re a privacy conscious traveler, you may have wondered from time to time why hotels ask for ID when you check in, or why they ask you to give them the make and model of your car and other information that isn’t essential to the transaction. What’s the ID-checking for? There’s never been a problem with fraudsters checking into hotels under others’ reservations, paying for the privilege to do so…

Well, in many jurisdictions around the country, that information-gathering is mandated by law. Local ordinances require hotels, motels, and other lodgers (such as AirBnB hosts), to collect this information and keep it on hand. These laws also require that the information be made available to the police on request, for any reason or no reason, without a warrant.

That’s the case in Los Angeles, which not only requires this data retention about hotel guests for law enforcement to access at will or whim. It also requires hoteliers to check a government-issued ID from guests that pay cash.

Open access to hotel records may have been innocuous enough in the early years of travel and lodging. Reading through hotel registers was a social sport among the wealthy, who could afford long-distance travel and lodging. Today, tourism is available to the masses, and hotel records enjoy tighter privacy protections. Most people would quit a hotel that left their information open to the public, and many would be surprised that hoteliers’ records are open to law enforcement collection and review without any legal process.

Big Brother Wants to Watch You Drive

In 2008, the Washington legislature passed a law mandating a 50 percent reduction in per capita driving by 2050. California and Oregon laws or regulations have similar but somewhat less draconian targets.

The Obama administration wants to mandate that all new cars come equipped with vehicle-to-infrastructure communications, so the car can send signals to and receive messages from street lights and other infrastructure.

Now the California Air Resources Board is considering regulations requiring that all cars monitor their owners’ driving habits, including but not limited to how many miles they drive, how much fuel they use, and how much pollution or greenhouse gases they emit.

Put these all together and you have a system in which the government will not only know where your vehicle is at all times, but can turn off your vehicle if it decides you are driving too much or driving in a way that emits too many grams of carbon dioxide or is otherwise offensive to some bureaucratic imperative.

I sometimes think privacy advocates are a paranoid bunch, seeing men in black around every corner and surveillance helicopters or drones in the air at all times. On the other hand, if a technology is available–such as the ability to record cell phone calls–the government has proven it will use it.

Consider all of the lovable progressives out there who think the government should “punish climate change liars,” meaning people who have differing opinions on scientific issues. It’s not much a stretch to think that, any time they happen to be in power, they will use the available technology to make people stop driving. After all, just how important can that extra trip to the supermarket be compared to the absolute imperative of preventing the seas from rising a quadrillionth of an inch?

Of course, the elected officials and bureaucrats who run this system will exempt themselves from the rules. After all, nothing is more important than their work of running the country and making sure people don’t abuse their freedom by engaging in too much mobility.

As California writer Steven Greenhut points out, we already have red-light cameras, and some “eastern states have suspended drivers from using toll lanes after their transponders showed them to be speeders.” They’re not invading our privacy, the greens will argue, they are just making sure that our actions aren’t harming Mother Earth.

Of course, for many it really isn’t about greenhouse gas emissions. Mobility allows (or, as anti-auto groups would say, forces) people to living in low-density “sprawl” where they can escape taxation by cities eager to subsidize stadiums, convention centers, and light-rail lines. All they have to do is ramp down people’s monthly driving rations–something like a cap-and-trade system that steadily reduces the caps–and suburbanites will eventually find that they have to move back to the cities.

No doubt some will argue that even those who drive the most fuel-efficient cars should be subject to the same driving limits because suburban homes waste energy too. Or that people will be safer from terrorists if they are all jammed together in cities close to emergency facilities than if they are spread across the countryside. Or that suburbanites are parasites on the cities and should be reassimilated back into the cities’ benign embrace and taxing districts.

Whatever the argument, the point is that if the technology is there, the government will use it. If people really want to buy cars that monitor their every move and are capable of communicating those moves to some central infrastructure, they should be allowed to do so. But allowing the government to mandate these things is simply asking to have well-meaning, and sometimes not-so-well-meaning, government bureaucrats control how we travel and where we live.

Connolly: Yes to Privacy Act Liability for Mental and Emotional Distress

A couple of years ago I wrote here about the Supreme Court case denying that a person could collect damages from the government under the Privacy Act based on mental and emotional distress. It’s a narrow point, but an important one, because the harm privacy invasions produce is often only mental and emotional distress. If such injuries aren’t recognized, the Privacy Act doesn’t offer much of a remedy.

Many privacy advocates have sought to bloat privacy regulation by lowering the “harm” bar. They argue that the creation of a privacy risk is a harm or that worrisome information practices are harmful. But I think harm rises above doing things someone might find “worrisome.” Harm can occur, as I think it may have in this case, when one’s (hidden) HIV status and thus sexual orientation is revealed. It’s shown by proving emotional distress to a judge or jury.

Rep. Gerry Connolly (D-VA) has introduced the fix for the Supreme Court’s overly narrow interpretation of the Privacy Act. His Safeguarding Individual Privacy Against Government Invasion Act of 2014 would allow for non-pecuniary damages—that is, mental and emotional distress—in Privacy Act cases.

It’s a simple fix to a contained problem in federal privacy legislation. It’s passage would not only close a gap in the statute. It would help channel the privacy discussion in the right way, toward real harms, which include provable mental and emotional distress.

Riley and Wurie: Beyond “Get a Warrant”

As Ilya noted earlier, the Supreme Court struck a blow for privacy and the Fourth Amendment today. It ruled that a warrant is generally required when law enforcement officers want to search a cell phone they have seized. Justice Roberts’ opinion for a unanimous court provides some crisp language:

Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans “the privacies of life.” (citation omitted) The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought. Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple—get a warrant.

In this case, we pretty well knew we were going to get a win. So let’s set aside the trumpets and talk about the margin of victory. Did we get improvements in Fourth Amendment doctrine that will bolster privacy protection in cases to come? Only a little.

OK, let’s trumpet the case a bit. This is a unanimous case with a bright-line rule. It’s about the best outcome you could hope for in Riley and Wurie themselves (argued separately, decided together), and it’s a great vindication of the constitutional status of cell phones and our data on them.

Chief Justice Roberts seems to have brought the Court together on this one (save a niggling Alito concurrence) to produce a strong opinion that doesn’t show gaps among the justices. (They may all have felt a need to huddle, avoiding an open fight or the tipping of hands on the NSA spying controversy, for example.)

And on the major privacy controversy of the day, the Court did not tip its hand. It distinguished Smith v. Maryland, the case the government uses to justify gathering records about every U.S. phone. Smith held that using a pen register to gather phone calling information was not a search. “There is no dispute here that the officers engaged in a search of Wurie’s cell phone,” Chief Justice Roberts wrote, punting for the Court in this case based on the consensus among parties.

The errant decision in Smith relied on the “reasonable expectation of privacy” test arising from the 1967 case, Katz v. United States. The very good news from this decision is that the Court once again declined to use the Katz test in resolving a Fourth Amendment issue, as our briefs invited the Court to do (or not to do, as it were). Instead, the Court implicitly found that there were searches in both cases and that those searches were of persons, houses, papers, or effects. Then it examined the reasonableness of searching cell phones.

That’s important because it means that the Court is interpreting the Fourth Amendment more like a law and not as the stack of doctrines that I’ve previously called a “jumble of puzzles.”

Pages