Tag: privacy

Privacy? Nuthin’. Respect My Authoritah!

A fascinating enforcement action under the Health Insurance Portability and Accountability Act (HIPAA) shows what really matters in the world of privacy regulation.

The U.S. Department of Health and Human Services has imposed a $4.3 million civil penalty against Maryland-based Cignet Health for violations of its regulations. HHS’s Office for Civil Rights (OCR) found that Cignet violated 41 patients’ HIPAA rights by denying them access to their medical records, which they requested between September 2008 and October 2009. The penalty for these violations is $1.3 million.

But Cigna’s real crime was willful disobedience of the government. Who knows why, but according to the government:

During the investigations, Cignet refused to respond to OCR’s demands to produce the records. Additionally, Cignet failed to cooperate with OCR’s investigations of the complaints and produce the records in response to OCR’s subpoena. OCR filed a petition to enforce its subpoena in United States District Court and obtained a default judgment against Cignet on March 30, 2010. On April 7, 2010, Cignet produced the medical records to OCR, but otherwise made no efforts to resolve the complaints through informal means.

OCR also found that Cignet failed to cooperate with OCR’s investigations on a continuing daily basis from March 17, 2009, to April 7, 2010, and that the failure to cooperate was due to Cignet’s willful neglect to comply with the Privacy Rule. Covered entities are required under law to cooperate with the Department’s investigations.

The penalty for that was $3 million.

Notably, the HHS release says nothing about the condition of the aggrieved parties. How are they doing with their $31,000 a piece? Does it fully compensate for their inability to access medical records during the relevant period?

Just kidding! Nobody really cares.

This enforcement action has nothing to do with remedying a genuine breach of privacy—an annoyance and genuine paperwork problem, yes—and everything to do with sending a message: You will respect my authoritah!

Why the Senate’s Vote on the Patriot Act Is Actually Pretty Good News

Last night, By an overwhelming 86-to-12 margin, the Senate approved a temporary 90-day extension of three controversial provisions of the Patriot Act scheduled to sunset at the end of the month. The House just voted to move forward on a parallel extension bill, which will presumably pass easily. Because I’m seeing some civil libertarian folks online reacting with dismay to this development, I think it’s worth clarifying that this is relatively good news when you reflect on the outlook from just a couple of weeks ago.

The House has already approved a one-year extension that would plant the next reauthorization vote on the right eve of primary season in a Presidential election cycle, all but guaranteeing a round of empty demagoguery followed by another punt. As of last week, everyone expected the Senate to bring Sen. Dianne Feinstein’s three year reauthorization—which also extends the odious FISA Amendments Act of 2008—to the floor. The discussion on the Senate floor last night makes it clear that this didn’t happen because of pushback from legislators who were sick of kicking the can and wanted time to hold hearings on substantive reforms.

This is actually a better outcome than simply letting the three sunsetting powers lapse—which, realistically, was not going to happen anyway. First, because at least one of the expiring authorities, roving wiretaps, is a legitimate tool that ought to be available to intelligence investigators if it’s amended to eliminate the so-called “John Doe” loophole. Second, because while all three of these provisions have serious defects that raise legitimate concerns about the potential for abuse, they are collectively small beer compared with National Security Letters, which have already given rise to serious, widespread, and well documented abuses. One of the three sunsetting powers has never been used, and the other two are invoked a couple dozen times per year. All three involve court supervision. The FBI issues tens of thousands of National Security Letter requests each year, the majority targeting American citizens and legal residents, without any advance court approval. The vast majority of the thousands of Americans whose financial and telecommunications records are seized each year are almost certainly innocent of any wrongdoing, but their information is nevertheless retained indefinitely in government databases. With very few exceptions, these people will never learn that the government has been monitoring their financial transactions or communication patterns. Forcing a debate now on the expiring provisions opens a window for consideration of proposals to rein in NSLs—including a new sunset that would create pressure for continued scrutiny.

A new Pew poll released this week reports that Americans remain fairly evenly split on the question of whether the Patriot Act is “a necessary tool that helps the government find terrorists” or “goes too far and poses a threat to civil liberties.” (Perhaps unsurprisingly, with the change of administration, Democrats have become more supportive and Republicans somewhat more skeptical.) But this is actually a signally unhelpful way to frame debate about legislation encompassing hundreds of reforms to the byzantine statutory framework governing American intelligence investigations—more a toolbox than a “tool.” The question shouldn’t be whether you’re “for” or “against” it, but whether there are ways to narrow and focus particular authorities so that legitimate investigations can proceed without sweeping in so much information about innocent people. A three-month extension signals that Congress is finally, belatedly, ready to start having that conversation.

Physician, Heal Thyself

Announcing a new Senate subcommittee devoted to privacy, Senators Leahy (D-VT) and Franken (D-MN) said nothing about privacy threats from government.

A “boom of new technologies over the last several years has … put an unprecedented amount of personal information into the hands of large companies that are unknown and unaccountable to the American public,” Franken said, according to an AFP report.

A boom of new technologies has put an unprecedented amount of personal information into the hands of the federal government—in some cases, illegally. It takes a lot of gall to point at commercial data collection from the atop the dunghill of federal privacy invasion. But there’s a lot of gall to go around in Washington, D.C.

Patriot Act Extension Runs Into Conservative Opposition

Reports the Los Angeles Times:

A House GOP push to permanently extend expiring provisions of the Patriot Act is running into opposition from conservative and “tea party”-inspired lawmakers wary of the law’s reach into private affairs.

Congress has made a practice of kicking the Patriot Act can down the road, but it could be that the new crop of legislators isn’t inclined to go along.

Julian Sanchez has blogged here about the complexities of this government surveillance law. His podcast on the topic, released yesterday, is titled “The Patriot Act Sneaks to Renewal.” Maybe it can’t sneak through after all…

The New York Times’ Glib Call for Internet and Software Regulation

You have to read all the way to the end to get exactly what the New York Times is getting at in its Sunday editorial, ”Netizens Gain Some Privacy.”

Congress should require all advertising and tracking companies to offer consumers the choice of whether they want to be followed online to receive tailored ads, and make that option easily chosen on every browser.

That means Congress—or the federal agency it punts to—would tell authors of Internet browsing software how they are allowed to do their jobs. Companies producing browser software that didn’t conform to federal standards would be violating the law.

In addition, any Web site that tailored ads to their users’ interests, or the networks that now generally provide that service, would be subject to federal regulation and enforcement that would of necessity involve investigation of the data they collect and what they do with it.

Along with existing browser capabilities (Tools > Options > Privacy tab > cookie settings), forthcoming amendments to browsers will give users more control over the information they share with the sites they visit. That exercise of control is the ultimate do-not-track. It’s far preferable to the New York Times’ idea, which has the Web user issuing a request not to be tracked and wondering whether government regulators can produce obedience.

Thomas Stays the Course, Scalia Returns to the Fold

A bit lost in last week’s legal news regarding a majority of states now suing over Obamacare, the House voting to repeal Obamacare, and the anniversary of Citizens United, was the first interesting Supreme Court decision of the term.  Most notably, Justices Scalia and Thomas continued their valiant struggle to limit the scope of the constitutional misnomer that is “substantive due process” doctrine.

The case was NASA v. Nelson, a suit challenging the background checks for perspective NASA contractors as violating an evanescent constitutional right to informational privacy. The Court ruled unanimously against the challengers, with Justice Alito writing for the majority that, regardless whether such a right exists, it was not violated by the government’s probing questions on sexual history and mental health.

Justices Scalia and Thomas rightly found problems with this essentially useless ruling. Scalia, joined by Thomas, concurred in the result but wrote separately to say that if a right doesn’t exist then the Court should just say so.  He would have simply held that there is no constitutional right to “informational privacy”:

I must observe a remarkable and telling fact about this case, unique in my tenure on this Court: Respondents’ brief, in arguing that the Federal Government violated the Constitution, does not once identify which provision of the Constitution that might be. The Table of Authorities contains citations of cases from federal and state courts, federal and state statutes, Rules of Evidence from four states, two Executive Orders, a House Report, and even more exotic sources of law….  And yet it contains not a single citation of the sole document we are called upon to construe: the Constitution of the United States….  To tell the truth, I found this approach refreshingly honest. One who asks us to invent a constitutional right out of whole cloth should spare himself and us the pretense of tying it to some words of the Constitution.

In the course of his typically entertaining opinion we see Scalia back to his old self, caustically lambasting the “infinitely plastic concept of ‘substantive’ due process” and suggesting that it is “past time for the Court to abandon this Alfred Hitchcock line of our jurisprudence.”

Indeed, the seemingly oxymoronic concept of substantive due process has received much attention as of late, particularly in last term’s groundbreaking case of McDonald v. Chicago. McDonald, remember, examined whether the individual Second Amendment right articulated in District of Columbia v. Heller applied to the states.  I previously blogged about McDonald here and here, for example.

McDonald came out the right way but for the wrong reasons.  Rather than enforcing the right to keep and bear arms against the states via the Privileges or Immunities Clause, as nearly all constitutional scholars of every ideological stripe contend should be the case, the Court chose to invoke substantive due process.  Even Scalia agreed with this perversion, because apparently 140 years of bad precedent overrides originalism or whatever other interpretive theory he claims to support.  

Justice Thomas, on the other hand, agreed with the principled approach favored by most scholars (and Cato’s own amicus brief) and wrote separately to advocate overruling the Slaughter-House Cases and reinvigorate the Privileges or Immunities Clause.  Curiously, Justice Thomas couldn’t resist filing a separate one-paragraph concurrence in Nelson, seemingly for the sole purpose of citing—and reminding Justice Scalia of—his McDonald concurrence.

After all, Scalia is often regarded as the font of originalism.  In reality, he has proven himself to be an originalist of convenience, accepting corrupt interpretations when the mood strikes him.  During oral arguments in McDonald, for example, Scalia mocked attorney Alan Gura for daring to make an originalist argument that would overturn an old precedent.  Why challenge the substantive due process doctrine, wondered Scalia, when “even I have acquiesced to it?”

Scalia’s faint-hearted originalism does a disservice to that jurisprudential method.  With his acerbic wit, infectious personality, and unrivaled rhetorical skills, Scalia has become the poster-boy for originalism.  In response, the academic elite—who overwhelmingly reject originalism—focus on every Scalia opinion, hoping to catch a glimpse of the true justice who uses originalism to hide decisions often based largely on policy preferences.

Indeed, given Scalia’s pointed and insightful prose, there is always an opportunity to hoist him by his own petard.  In McDonald, for example, it was Scalia who, to use his own Nelson lines, “invoked the infinitely plastic concept of ‘substantive’ due process,” which of course “does not make this constitutional theory any less invented.”  For more on this, see “Judicial Takings and Scalia’s Shifting Sands,” the law review article I recently published with my colleague Trevor Burrus—in which we criticize Scalia’s conflicting views on constitutional fidelity in two cases from last term, McDonald and Stop the Beach Renourishment.

Recall that originalism involves a jurist’s resisting personal biases by trying to maintain fidelity to the very document that gives him his job.  This highly textualist approach is what makes Justice Thomas arguably the most predictable justice in the history of the Court.  And in the law, predictability is a good thing.  Underscoring this point is the concern about Justice Scalia’s vote in the Obamacare litigation—because of his concurring opinion in the medicinal marijuana case of Gonzales v. Raich—while Justice Thomas’s vote is assumed to be in hand.  (Precisely because Scalia is somewhat outcome-oriented, however, I personally don’t share that concern.)

I just hope that going forward, Justice Scalia will have the same thing for breakfast that he did the morning NASA v. Nelson came down.

H/t to my sometimes collaborator Josh Blackman; head over to his spectacular blog to read more extensive analysis.  And thanks to Trevor Burrus for his help with this post.

‘Why Your Boss Should Be Able To Fire You Over Facebook’

Suzanne Lucas, who blogs as Evil HR Lady, isn’t really evil, she’s just uncomfortably candid about many workplace truths that her fellow HR professionals tend to gloss over.

One of those truths is that in general no one owes you tenure in your job, even if you do it well. In our society, the principle of employment at will is still (fortunately) given much legal weight, meaning that an employment relationship continues only if both sides want it to.

And a consequence of that might just be that the law creates no right to slag your employer on your Facebook page one evening and demand that your employer overlook it the next morning:

So, why am I in favor of companies being able to terminate an employee for online behavior? (These things, of course, aren’t limited to Facebook. Myspace, Twitter, and blogs are all good candidates for firing). Here are 3 Reasons.

Easy firing=easy hiring. I want companies to hire people. In fact, my fondest wish is that all my readers who are searching for jobs find one this year. The more restrictions government places on terminating employees, the more hesitant companies are to hire new people.

Bad judgment isn’t limited to online behavior. Companies need employees they can trust to make good decisions. If you lack the critical thinking skills to say, “Hmmm, if I post that my boss is a jerk, my boss just might find out about it,” then you probably lack the critical thinking skills to do your job. Yes, people vent. But the internet is not private. And anyone who thinks they can trust all their 476 friends to keep something quiet isn’t someone I want on my staff.

Companies should be able to presume loyalty. I know, I know, your company doesn’t care much about your career and they have no problem firing you, so why should you care about them? Because they pay you to care about them….

You can read the whole thing, including the rest of her reasoning, here.