Posts tagged as:

privacy

A judge in Quebec has told Google to pay C$2250 to a woman caught by a Google Street View camera on her front porch in revealing, though legal, attire [Syracuse.com via Stewart Baker]

The EU’s newly minted “right to be forgotten” may generate an Orwellian memory hole into which can be thrown the inconvenient past. “The [Washington] Post received a letter from Mr. Lazi? in September requesting that [classical music critic Anne] Midgette’s review be scrubbed from the Web. When she failed to reply, he upped the ante by claiming that it was ‘defamatory, offensive and mean-spirited’ and thus violates his legal right to be forgotten.” [Terry Teachout, WSJ via Arts Journal]

Via Politico, a WSJ news item from last month that should not pass unremarked:

New York’s banking regulator is pushing to install government monitors inside the U.S. offices of Deutsche Bank and Barclays … as part of an intensifying investigation into possible manipulation in the foreign-exchange market … The state’s Department of Financial Services notified lawyers for the two European banks earlier this month that it wanted to install a monitor inside each firm, based on preliminary findings in the agency’s six-month currencies-market probe … Negotiations are continuing over the details of the monitors’ appointments, but New York investigators expect to reach an agreement soon.

The regulatory agency has selected Deutsche Bank and Barclays for extra scrutiny partly because the records it has collected so far from more than a dozen banks under its supervision point to the greatest potential problems at those two banks, the people said. Plus, Deutsche Bank and Barclays are among the dominant players in the vast foreign-exchange market, so investigators hope a close-up view into their businesses will help them observe other players and trading patterns [emphasis added -- W.O.].

We’ve covered the expanding role of settlement and litigation monitors in past posts, and noted the seemingly arbitrary and unaccountable powers these monitors may exercise during their stay within the enterprises to which they are embedded. But there’s something novel (isn’t there?) about the installation of monitors loyal to state overseers whose mission includes watching other firms and market players besides the one that has admitted misbehavior (or has been found by a court to have misbehaved). When you have dealings with a company, and perhaps decide to entrust your sensitive personal or business data to it, should you be worried that it wind up crossing the screen or desk of a quietly emplaced monitor reporting back to Albany, or perhaps Washington?

…study this comment on our thread about activists’ FOIA-ing of University of Virginia professor Douglas Laycock:

Scott Rose 05.30.14 at 9:40 am

That Laycock and/or the university would refuse to show the requestors the material they are requesting suggests that Laycock has something to hide, and that what he is hiding shows that he has been behaving unethically.

The story has broken out into widespread discussion this week; check out contributions by Will Creeley at FIRE, Dahlia Lithwick at Slate, and Megan McArdle at Bloomberg View.

It is now legally safer to record Illinois public servants generally, as well as cops in particular, as they go about their public duties. [Timothy Geigner, TechDirt]

And goodbye to an Atlanta-based lab services business [Ed Hudgins, Atlas Business Rights Center] Law-enforcement-for-profit sidelight: according to owner Michael Daugherty, allegations of data insecurity at LabMD emanated from a private firm that held a Homeland Security contract to roam the web sniffing out data privacy gaps at businesses, even as it simultaneously offered those same businesses high-priced services to plug the complained-of gaps.

  • “Live or travel within 100 miles of a US Border? America’s Internal Checkpoints” [Wes Kimbell, Reason]
  • EFF, ACLU sue Los Angeles seeking disclosure of how automatic license plate readers [ALPRs] are used to track motorists [The Newspaper]
  • Would cops run unauthorized background checks on someone appointed to a police oversight board? [Ed Krayewski/Reason, St. Louis County, Mo.]
  • “How the NSA bulk data seizure program is like gun registration” [Randy Barnett]
  • Text sent to Kiev protesters points up downside of cellphone location signaling: “Dear subscriber, you are registered as a participant in a mass disturbance.” [NY Times]
  • As New York AG Schneiderman pursues AirBnB, privacy is collateral damage [Ilya Shapiro and Gabriel Latner, Daily Caller]
  • Oops! California Obamacare exchange passed along visitors’ personal info to insurance agents without permission [L.A. Times]
  • Harassing Google executives at their homes: what better way to show you truly care about privacy? [Ars Technica]
  • Feds arrest Bitcoin executive on charges of “money laundering” and running an unlicensed cash transmission service, latest of what looks very much like a series [Reason, Rob Wile/Business Insider, earlier on Bitcoin]
  • Know (and babysit) your customers: “HSBC imposes restrictions on large cash withdrawals,” then backs off [BBC, earlier on KYC as outgrowth of money-laundering law]
  • “Banks say no to marijuana money, legal or not” [NY Times]
  • Randy Maniloff on the Target data breach and the example of the T.J. Maxx case [Coverage Opinions and more on class actions] “Swipe fee” price controls don’t help in allocating the costs of response and prevention for card data breaches [John Berlau, CEI "Open Market"] and
  • “Financial Disclosures as Regulation” panel video, part of Vermont Law School symposium “The Disclosure Debates” that I participated in last fall; participants include Tennessee lawprof Joan Heminway and moderator Jennifer Taub [YouTube]

{ 4 comments }

Stewart Baker is running a year-end contest to name the most regrettable uses of privacy law over the past year. Among his nominations: the “Agriculture Department, which cited privacy grounds in refusing to name any of the beneficiaries of the notoriously fraud-ridden ‘Pigford‘ settlement”; Health and Human Services Secretary Kathleen Sebelius, who imposed millions of dollars in fines on private health companies for lacking adequate technical controls on the privacy of health data, “even when there was no evidence that any data had been compromised,” at the same time as her own department was launching healthcare.gov, a data intake site with much more critical privacy and safety flaws; racing mogul Max Mosley, who prevailed on a French court to order Google to de-index scandal coverage of Mosley’s recreational indiscretions; and federal judge Lucy Koh, for finding Gmail’s business model potentially violative of wiretap laws. All the examples above were winners in their categories, save Mosley who trailed behind two others in the category “Worst Use of Privacy Law to Protect Power and Privilege.”

{ 2 comments }

Last year we linked a report about a series of unfortunate events that kept happening to elected officials in Costa Mesa, Calif. after they resisted negotiating demands from the city’s police union. One saw his supporters’ businesses harassed by cops, while another was picked up on a bogus DUI charge phoned in by a private eye with ties to an Upland, Calif. law firm, Lackie, Dammeier, McGill, and Ethir, known for extremely aggressive representation of police unions around California.

Now the Lackie, Dammeier firm is in turmoil following a raid on its offices by the Orange County District Attorney’s office. Former Costa Mesa councilman Jim Righeimer, target of the bogus DUI report, and council colleague Steve Mensinger have also alleged in a lawsuit that the law firm’s private investigator attached a GPS device to Mensinger’s car. Lawyers for the two believe the device allowed the investigator to trace the pair’s whereabouts to the bar, allowing for the called-in DUI report which failed when Righeimer produced evidence he had consumed only a couple of Diet Cokes. Mensinger “said the device was affixed to his car during the entire 2012 election season and came to his attention only when he was alerted by the Orange County district attorney’s office.” [L.A. Times, more] The Orange County Register reported: “Mensinger and Righeimer are strong supporters of reforming public pensions and privatizing some city services. … Besides Mensinger, [investigator Chris] Lanzillo is also suspected of following former El Monte City Manager Rene Bobadilla to his home in June 2011, according to a police report obtained by the Orange County Register.” And more recently: “Though they made no admissions, lawyers for the law firm and Lanzillo argued in court papers that placing a tracking device on Mensinger’s truck wouldn’t be an invasion of privacy.” The Costa Mesa police union, also named as a defendant, says in a separate filing that it wasn’t involved with any GPS-tracking plan. [Daily Pilot]

That’s not the only trouble facing the firm: “A statewide police defense fund is no longer sending [it cases] after a forensic audit uncovered triple-billing, bogus travel expenses and ‘serious acts of misconduct.'” [Orange County Register] According to press reports, the firm is in the course of dissolving.

{ 3 comments }

How tort law harms privacy

by Walter Olson on December 2, 2013

Per Eugene Volokh‘s new article, a wide range of actors from landlords to employers to colleges to product manufacturers correctly see themselves as being at legal risk if they don’t surveill, probe, and share information about those they deal with:

Gathering or disclosing information about people’s backgrounds, tendencies, and actions is increasingly inexpensive, and increasingly effective at helping avoid, interrupt, or deter harm. …Failure to take those precautions thus becomes negligent. … Failure to provide camera surveillance is now a common claim in negligence cases.

An especially fertile source of such incentives is the duty (much expanded by modern developments in liability law) to take reasonable precautions against criminal acts by others. It will soon be feasible at low cost, if it is not already, for automakers to install electronic components in new cars that send a warning communication — to police monitors, for example — when a motorist tries to drive at very high speed. What will happen after automakers begin to be sued after accidents for not installing such components?

Tech roundup

by Walter Olson on November 6, 2013

  • Far-reaching, little-discussed new regulation: Stewart Baker on NIST rules mandating cybersecurity at private enterprises [Volokh; first, second, third, fourth posts]
  • “Ominous Developments on the Internet Governance Front” [David Post]
  • “The Exaggeration Of The Cyberbullying Problem Is Harming Anti-Bullying Efforts” [Tim Cushing, TechDirt]
  • “Will California’s New Data Breach Notification Duty Stimulate Class Action Litigation?” [Glenn Lammi, WLF]
  • Some thoughts on how the law should treat domestic drones, public and private [Kenneth Anderson]
  • Privacy lawsuit against Gmail could do a lot of damage [Mike Masnick, TechDirt; Matt Powers, CEI "Open Market", parts one, two]
  • Warning: more efforts ahead from legal academia to come up with stringent liability schemes for software makers [New Republic and Lawfare]

{ 1 comment }

This fairly gripping New York Times account by reporter Serge Kovaleski gives the backstory of the horrendous Navy Yard massacre — a contract employee with a security clearance had been displaying increasingly florid symptoms of paranoid schizophrenia, yet was not taken off his job — but is missing one angle I was curious about:

On Aug. 9, the director of human resources for the Experts spoke to Mr. Alexis’ mother, who told the director of his previous paranoid behavior, the person with knowledge of the investigation said. His mother told the director that Mr. Alexis’ paranoia tended to subside with time, but that “he likely needed to see a therapist.”

That same day, the director convened a meeting of “senior-level personnel” at the Experts who concluded that he could be sent back to work. The Hewlett-Packard investigation found that the Experts did not attempt to get Mr. Alexis to seek mental health care, a finding that the Experts has not disputed.

…In an e-mail message, the Experts said that a Hewlett-Packard manager in Newport said she was “comfortable” having Mr. Alexis come back to work after he reported hearing voices.

Hewlett-Packard said its manager in Newport was a low-level employee who was not given full details by the Experts about Mr. Alexis’ problems. The company said it has placed that manager on administrative leave.

The missing angle is: what if any role was played by the legal constraints on the various entities that directly or indirectly employed Mr. Alexis? Severe mental illness is a protected condition under the ADA, and employers may not be free to take workers off their duties unless and until they can assemble evidence that would stand up in court documenting a “direct threat,” “undue hardship” or other adequate reason for removal; the law places limits on the employer’s right to demand medical exams to evaluate the exact contours of disability; and privacy rules limit sharing of medically relevant information between different entities, as we saw in the Seung-Hui Cho/Virginia Tech case. All these rules apply to ordinary larger private businesses, but some come in especially stringent form when applied to federal contractors.

Did any of these legal doctrines influence the course of decision-making by which Mr. Alexis received oddly hands-off treatment even as his mental state spun out of control? One hopes a future NYT article will return to take a look at those questions.

{ 6 comments }

If a private employer tried to pull this kind of thing I expect there’d be an outcry:

Glendale school officials have hired a Hermosa Beach company to monitor and analyze public social media posts, saying the service will help them step in when students are in danger of harming themselves or others.

And with a private employer, you’d be there by your own choice.

{ 2 comments }

Regarding the right to publish illicitly obtained secrets, the venerable Guardian would come off as a nobler martyr had it not been in the front lines cheering a police-led legal war on British tabloids [Brendan O'Neill, Spiked Online; The Spectator]

“1) Something bad could happen. 2) I can see it; others can’t. 3) Something must be done! 4) Ignore costs.” [@AdamThierer]

{ 3 comments }

The head of Lavabit — one of two small encrypted email providers that just closed down pre-emptively rather than fight federal government demands — “says he’s been told it’s illegal even to discuss what demand the feds made of him.” [Kashmir Hill/Forbes, more, TechCrunch, Guardian] “Wyden’s constant references to location tracking in this context would be nothing short of bizarre unless he had reason to believe that the governments assurances on this score are misleading, and that there either is or has been some program involving bulk collection of phone records.” [Julian Sanchez, Cato] “The Public-Private Surveillance Partnership” [Bruce Schneier, Bloomberg] “A Guide to What We Now Know About the NSA’s Dragnet Searches of Your Communications” [Brett Max Kaufman, ACLU] The Cato Institute has filed a brief urging the Supreme Court to accept a case challenging the legality of current programs of mass surveillance, in a case filed by the Electronic Privacy Information Center.

More: No right to noisy exit? “Feds Threaten To Arrest Lavabit Founder For Shutting Down His Service” [TechDirt] And now (Sunday): with no charges and no arrest, authorities at Heathrow held and interrogated the partner of journalist Glenn Greenwald (who has exposed the NSA program) for nine hours, exactly as long as they could under Britain’s anti-terror law without pressing a charge. They also confiscated his phone, laptop, USB sticks and other electronic gear. [Guardian, Greenwald, NY Times, Lowering the Bar, Peter Maass/NYT Magazine (filmmaker and Greenwald collaborator Laura Poitras regularly detained and interrogated at airports), Joel Mathis/Philly Mag] But see The Spectator (Miranda “carrying encrypted files from Snowden to Greenwald”).

Yes, “copyright infringement”:

Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the [National Security Agency's] vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say. …

“It’s a very common complaint about N.S.A.,” said Timothy H. Edgar, a former senior intelligence official at the White House and at the office of the director of national intelligence. “They collect all this information, but it’s difficult for the other agencies to get access to what they want.”

“The other agencies feel they should be bigger players,” said Mr. Edgar, who heard many of the disputes before leaving government this year to become a visiting fellow at Brown University. “They view the N.S.A. — incorrectly, I think — as this big pot of data that they could go get if they were just able to pry it out of them.”

Rep. Justin Amash (R-Mich.) speaks out on NSA bulk surveillance in this new Cato video with Caleb Brown. Earlier on surveillance here, here, and here; earlier on panopticons here. For the use of “money laundering” laws to pursue financial flows having nothing to do with terrorism or drug smuggling, see our reports here, here, here, here, etc.

{ 1 comment }