Posts tagged as:

privacy

It is now legally safer to record Illinois public servants generally, as well as cops in particular, as they go about their public duties. [Timothy Geigner, TechDirt]

{ 0 comments }

And goodbye to an Atlanta-based lab services business [Ed Hudgins, Atlas Business Rights Center] Law-enforcement-for-profit sidelight: according to owner Michael Daugherty, allegations of data insecurity at LabMD emanated from a private firm that held a Homeland Security contract to roam the web sniffing out data privacy gaps at businesses, even as it simultaneously offered those same businesses high-priced services to plug the complained-of gaps.

  • “Live or travel within 100 miles of a US Border? America’s Internal Checkpoints” [Wes Kimbell, Reason]
  • EFF, ACLU sue Los Angeles seeking disclosure of how automatic license plate readers [ALPRs] are used to track motorists [The Newspaper]
  • Would cops run unauthorized background checks on someone appointed to a police oversight board? [Ed Krayewski/Reason, St. Louis County, Mo.]
  • “How the NSA bulk data seizure program is like gun registration” [Randy Barnett]
  • Text sent to Kiev protesters points up downside of cellphone location signaling: “Dear subscriber, you are registered as a participant in a mass disturbance.” [NY Times]
  • As New York AG Schneiderman pursues AirBnB, privacy is collateral damage [Ilya Shapiro and Gabriel Latner, Daily Caller]
  • Oops! California Obamacare exchange passed along visitors’ personal info to insurance agents without permission [L.A. Times]
  • Harassing Google executives at their homes: what better way to show you truly care about privacy? [Ars Technica]
  • Feds arrest Bitcoin executive on charges of “money laundering” and running an unlicensed cash transmission service, latest of what looks very much like a series [Reason, Rob Wile/Business Insider, earlier on Bitcoin]
  • Know (and babysit) your customers: “HSBC imposes restrictions on large cash withdrawals,” then backs off [BBC, earlier on KYC as outgrowth of money-laundering law]
  • “Banks say no to marijuana money, legal or not” [NY Times]
  • Randy Maniloff on the Target data breach and the example of the T.J. Maxx case [Coverage Opinions and more on class actions] “Swipe fee” price controls don’t help in allocating the costs of response and prevention for card data breaches [John Berlau, CEI "Open Market"] and
  • “Financial Disclosures as Regulation” panel video, part of Vermont Law School symposium “The Disclosure Debates” that I participated in last fall; participants include Tennessee lawprof Joan Heminway and moderator Jennifer Taub [YouTube]

{ 4 comments }

Stewart Baker is running a year-end contest to name the most regrettable uses of privacy law over the past year. Among his nominations: the “Agriculture Department, which cited privacy grounds in refusing to name any of the beneficiaries of the notoriously fraud-ridden ‘Pigford‘ settlement”; Health and Human Services Secretary Kathleen Sebelius, who imposed millions of dollars in fines on private health companies for lacking adequate technical controls on the privacy of health data, “even when there was no evidence that any data had been compromised,” at the same time as her own department was launching healthcare.gov, a data intake site with much more critical privacy and safety flaws; racing mogul Max Mosley, who prevailed on a French court to order Google to de-index scandal coverage of Mosley’s recreational indiscretions; and federal judge Lucy Koh, for finding Gmail’s business model potentially violative of wiretap laws. All the examples above were winners in their categories, save Mosley who trailed behind two others in the category “Worst Use of Privacy Law to Protect Power and Privilege.”

{ 2 comments }

Last year we linked a report about a series of unfortunate events that kept happening to elected officials in Costa Mesa, Calif. after they resisted negotiating demands from the city’s police union. One saw his supporters’ businesses harassed by cops, while another was picked up on a bogus DUI charge phoned in by a private eye with ties to an Upland, Calif. law firm, Lackie, Dammeier, McGill, and Ethir, known for extremely aggressive representation of police unions around California.

Now the Lackie, Dammeier firm is in turmoil following a raid on its offices by the Orange County District Attorney’s office. Former Costa Mesa councilman Jim Righeimer, target of the bogus DUI report, and council colleague Steve Mensinger have also alleged in a lawsuit that the law firm’s private investigator attached a GPS device to Mensinger’s car. Lawyers for the two believe the device allowed the investigator to trace the pair’s whereabouts to the bar, allowing for the called-in DUI report which failed when Righeimer produced evidence he had consumed only a couple of Diet Cokes. Mensinger “said the device was affixed to his car during the entire 2012 election season and came to his attention only when he was alerted by the Orange County district attorney’s office.” [L.A. Times, more] The Orange County Register reported: “Mensinger and Righeimer are strong supporters of reforming public pensions and privatizing some city services. … Besides Mensinger, [investigator Chris] Lanzillo is also suspected of following former El Monte City Manager Rene Bobadilla to his home in June 2011, according to a police report obtained by the Orange County Register.” And more recently: “Though they made no admissions, lawyers for the law firm and Lanzillo argued in court papers that placing a tracking device on Mensinger’s truck wouldn’t be an invasion of privacy.” The Costa Mesa police union, also named as a defendant, says in a separate filing that it wasn’t involved with any GPS-tracking plan. [Daily Pilot]

That’s not the only trouble facing the firm: “A statewide police defense fund is no longer sending [it cases] after a forensic audit uncovered triple-billing, bogus travel expenses and ‘serious acts of misconduct.’” [Orange County Register] According to press reports, the firm is in the course of dissolving.

{ 3 comments }

How tort law harms privacy

by Walter Olson on December 2, 2013

Per Eugene Volokh‘s new article, a wide range of actors from landlords to employers to colleges to product manufacturers correctly see themselves as being at legal risk if they don’t surveill, probe, and share information about those they deal with:

Gathering or disclosing information about people’s backgrounds, tendencies, and actions is increasingly inexpensive, and increasingly effective at helping avoid, interrupt, or deter harm. …Failure to take those precautions thus becomes negligent. … Failure to provide camera surveillance is now a common claim in negligence cases.

An especially fertile source of such incentives is the duty (much expanded by modern developments in liability law) to take reasonable precautions against criminal acts by others. It will soon be feasible at low cost, if it is not already, for automakers to install electronic components in new cars that send a warning communication — to police monitors, for example — when a motorist tries to drive at very high speed. What will happen after automakers begin to be sued after accidents for not installing such components?

Tech roundup

by Walter Olson on November 6, 2013

  • Far-reaching, little-discussed new regulation: Stewart Baker on NIST rules mandating cybersecurity at private enterprises [Volokh; first, second, third, fourth posts]
  • “Ominous Developments on the Internet Governance Front” [David Post]
  • “The Exaggeration Of The Cyberbullying Problem Is Harming Anti-Bullying Efforts” [Tim Cushing, TechDirt]
  • “Will California’s New Data Breach Notification Duty Stimulate Class Action Litigation?” [Glenn Lammi, WLF]
  • Some thoughts on how the law should treat domestic drones, public and private [Kenneth Anderson]
  • Privacy lawsuit against Gmail could do a lot of damage [Mike Masnick, TechDirt; Matt Powers, CEI "Open Market", parts one, two]
  • Warning: more efforts ahead from legal academia to come up with stringent liability schemes for software makers [New Republic and Lawfare]

{ 1 comment }

This fairly gripping New York Times account by reporter Serge Kovaleski gives the backstory of the horrendous Navy Yard massacre — a contract employee with a security clearance had been displaying increasingly florid symptoms of paranoid schizophrenia, yet was not taken off his job — but is missing one angle I was curious about:

On Aug. 9, the director of human resources for the Experts spoke to Mr. Alexis’ mother, who told the director of his previous paranoid behavior, the person with knowledge of the investigation said. His mother told the director that Mr. Alexis’ paranoia tended to subside with time, but that “he likely needed to see a therapist.”

That same day, the director convened a meeting of “senior-level personnel” at the Experts who concluded that he could be sent back to work. The Hewlett-Packard investigation found that the Experts did not attempt to get Mr. Alexis to seek mental health care, a finding that the Experts has not disputed.

…In an e-mail message, the Experts said that a Hewlett-Packard manager in Newport said she was “comfortable” having Mr. Alexis come back to work after he reported hearing voices.

Hewlett-Packard said its manager in Newport was a low-level employee who was not given full details by the Experts about Mr. Alexis’ problems. The company said it has placed that manager on administrative leave.

The missing angle is: what if any role was played by the legal constraints on the various entities that directly or indirectly employed Mr. Alexis? Severe mental illness is a protected condition under the ADA, and employers may not be free to take workers off their duties unless and until they can assemble evidence that would stand up in court documenting a “direct threat,” “undue hardship” or other adequate reason for removal; the law places limits on the employer’s right to demand medical exams to evaluate the exact contours of disability; and privacy rules limit sharing of medically relevant information between different entities, as we saw in the Seung-Hui Cho/Virginia Tech case. All these rules apply to ordinary larger private businesses, but some come in especially stringent form when applied to federal contractors.

Did any of these legal doctrines influence the course of decision-making by which Mr. Alexis received oddly hands-off treatment even as his mental state spun out of control? One hopes a future NYT article will return to take a look at those questions.

{ 6 comments }

If a private employer tried to pull this kind of thing I expect there’d be an outcry:

Glendale school officials have hired a Hermosa Beach company to monitor and analyze public social media posts, saying the service will help them step in when students are in danger of harming themselves or others.

And with a private employer, you’d be there by your own choice.

{ 2 comments }

Regarding the right to publish illicitly obtained secrets, the venerable Guardian would come off as a nobler martyr had it not been in the front lines cheering a police-led legal war on British tabloids [Brendan O'Neill, Spiked Online; The Spectator]

“1) Something bad could happen. 2) I can see it; others can’t. 3) Something must be done! 4) Ignore costs.” [@AdamThierer]

{ 3 comments }

The head of Lavabit — one of two small encrypted email providers that just closed down pre-emptively rather than fight federal government demands — “says he’s been told it’s illegal even to discuss what demand the feds made of him.” [Kashmir Hill/Forbes, more, TechCrunch, Guardian] “Wyden’s constant references to location tracking in this context would be nothing short of bizarre unless he had reason to believe that the governments assurances on this score are misleading, and that there either is or has been some program involving bulk collection of phone records.” [Julian Sanchez, Cato] “The Public-Private Surveillance Partnership” [Bruce Schneier, Bloomberg] “A Guide to What We Now Know About the NSA’s Dragnet Searches of Your Communications” [Brett Max Kaufman, ACLU] The Cato Institute has filed a brief urging the Supreme Court to accept a case challenging the legality of current programs of mass surveillance, in a case filed by the Electronic Privacy Information Center.

More: No right to noisy exit? “Feds Threaten To Arrest Lavabit Founder For Shutting Down His Service” [TechDirt] And now (Sunday): with no charges and no arrest, authorities at Heathrow held and interrogated the partner of journalist Glenn Greenwald (who has exposed the NSA program) for nine hours, exactly as long as they could under Britain’s anti-terror law without pressing a charge. They also confiscated his phone, laptop, USB sticks and other electronic gear. [Guardian, Greenwald, NY Times, Lowering the Bar, Peter Maass/NYT Magazine (filmmaker and Greenwald collaborator Laura Poitras regularly detained and interrogated at airports), Joel Mathis/Philly Mag] But see The Spectator (Miranda “carrying encrypted files from Snowden to Greenwald”).

Yes, “copyright infringement”:

Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the [National Security Agency's] vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say. …

“It’s a very common complaint about N.S.A.,” said Timothy H. Edgar, a former senior intelligence official at the White House and at the office of the director of national intelligence. “They collect all this information, but it’s difficult for the other agencies to get access to what they want.”

“The other agencies feel they should be bigger players,” said Mr. Edgar, who heard many of the disputes before leaving government this year to become a visiting fellow at Brown University. “They view the N.S.A. — incorrectly, I think — as this big pot of data that they could go get if they were just able to pry it out of them.”

Rep. Justin Amash (R-Mich.) speaks out on NSA bulk surveillance in this new Cato video with Caleb Brown. Earlier on surveillance here, here, and here; earlier on panopticons here. For the use of “money laundering” laws to pursue financial flows having nothing to do with terrorism or drug smuggling, see our reports here, here, here, here, etc.

{ 1 comment }

Many loyal users (including me) were beyond glum when Google decided to close down its venerable RSS reader, effective yesterday. Maxim Lott at Fox News has this report:

“You would think that it would take little effort to maintain the site, but compliance keeps the cost up,” the source ["familiar with the matter"] told FoxNews.com.

He gave one example of a costly regulation.

“In Europe they’ve had a regulation for years where basically, if someone requests that all their data on a site be deleted, the company must comply. Reader wasn’t compliant with that. So it comes down to, do you spend a lot more resources making the service compliant, or working on something new?”…

Google spokeswoman Nadja Blagojevic declined to comment about whether regulatory costs played a role in Reader’s demise.

{ 6 comments }

But it’s been “very seldom” so far. Oh, well, then that’s okay. [Mashable, Guardian, earlier]

More: Most of us would say a drone hovering 20 feet above our back yard invades our property. Will the FAA agree? [Voss, NoWayFAA.org]

{ 3 comments }

Yesterday, in the case of Maracich v. Spears, the Supreme Court ruled that the Driver’s Privacy Protection Act of 1994 (DPPA) prohibits trial lawyers from accessing names and contact information from states’ drivers license databases with the intention of soliciting potential clients for litigation. Under DPPA, the general rule is that states must keep the information in such databases private; there is a “litigation exception” for queries intended to investigate or prepare for legal proceedings, but the Court ruled that soliciting clients was not part of its scope. As I argue in a new post at Cato at Liberty, the dispute brought about a curious reversal in the polarities displayed in the case of Maryland v. King earlier this month: the pro-privacy justices in that case were more likely to be willing to dispense with privacy this time, and vice versa.

The underlying lawsuit (Kevin Russell at SCOTUSBlog and background here, here) also involves a bit of a reversal: class action lawyers are themselves being sued in a class action. The majority opinion by Justice Anthony Kennedy sketches in some of the background:

In the case now before the Court, petitioners are South Carolina residents whose personal information was obtained by respondents from the South Carolina DMV and used without their consent to send solicitation letters asking them to join the lawsuits against the car dealerships. Petitioner Edward Maracich received one of the letters in March 2007. While his personal information had been disclosed to respondents because he was one of many buyers from a particular dealership, Maracich also happened to be the dealership’s director of sales and marketing. Petitioners Martha Weeks and John Tanner received letters from respondents in May 2007. In response to the letter, Tanner called Richard Harpootlian, one of the respondent attorneys listed on the letter. According to Tanner, Harpootlian made an aggressive sales pitch to sign Tanner as a client for the lawsuit without asking about the circumstances of his purchase.

Some of these points may be relevant on remand, because the court will be asked to consider whether the original solicitation letter (marked “SOLICITATION”) had the predominant purpose of investigating the developing lawsuit, or of attracting clients for it. And this leads to the third turnabout. In the second class action, the one over privacy and the lawyers’ use of the DMV database, petitioners are seeking specified statutory damages of $2,500 for each person whose privacy was breached, which could add up to an “astronomical” (as Justice Ginsburg put it in her dissent) sum of hundreds of millions of dollars in all. Indeed, the majority opinion as well as the dissent signaled disquiet at a possible assessment of damages so far out of proportion to any actual harm done — a phenomenon we have seen again and again in statutory class or group damages cases in the past. Some trial lawyers have in the past pooh-poohed, as the griping of sore losers, complaints about mechanical multiplication of statutory damages into huge sums (e.g. FACTA, junk faxes, song piracy, California Labor Code). In this case, such multiplication could pose a threat to the fiscal well-being of some of their own number. (& welcome TortsProf, Legal Ethics Forum, SCOTUSBlog, JOLT Digest (Harvard Journal of Law and Technology) readers)

{ 1 comment }

Surveillance roundup

by Walter Olson on June 14, 2013

  • “Old crisis creates new leviathan” [Barton Hinkle] Some other things that maybe should happen before Snowden gets prosecuted [Bruce Schneier] “Were they here, my parents might have asked, ‘What happened to America?’” [Nat Hentoff]
  • Candidate Obama, meet President Obama; on surveillance, you’ll find you have little in common [graphic courtesy Caleb Brown, Cato at Liberty] Don’t say the president wants to be trusted with complete discretion unfettered by the other branches of government; that’s his assassination program, not his surveillance program [Jacob Sullum]
  • A different view: two leading libertarian legal thinkers, Roger Pilon and Richard Epstein, defend the NSA surveillance program [Chicago Tribune]
  • How very wrong David Simon is about the NSA’s capabilities [Clay Shirky, Guardian]
  • Tracking by advertisers just as bad? No, here’s why state surveillance is worse [Jason Kuznicki, Brian Doherty]
  • I’m not the only one wondering whether prosecution of QWest’s Joseph Nacchio relates to his non-cooperation with NSA [Michael Kelly/Business Insider, Scott Shackford/Reason, Greg Campbell/Daily Caller]
  • What would it take to bring back a Watergate-era spirit of reform? [Jesse Walker]
  • “As the NSA has made all too clear, unless we update our concept of the Fourth Amendment to fit the realities of the Internet Age, those general warrants [despised by colonists] will be back — on a far larger scale, and in secret.” [Julian Sanchez]

{ 1 comment }