Transcript Do you have any privacy, and why not? PROFS. KARL MANHEIM & JOHN NOCKLEBY.

Do you have
any privacy,
and why
not?
PROFS. KARL MANHEIM & JOHN NOCKLEBY
Privacy Headlines – May, 2013
●
DoJ Fights to Stop Release of Secret Court
Opinion on Unlawful Surveillance of Americans
●
Judge orders Google to give customer data to FBI
●
Dean in E-Mail Searches Steps Down at Harvard
●
Firms Brace for New European Data Privacy Law
●
Privacy Breach on Bloomberg’s Data Terminals
●
F.T.C. Warns Data Firms on Selling Information
●
Lawmakers Concerned About Google’s New Glasses
●
U.S. Secretly Obtains A.P. Phone Records
JLS - Privacy
June 2012
Today’s Agenda
1.
2.
3.
4.
5.
JLS
What do we mean by privacy, why is it important?
Technological challenges to privacy
Government surveillance
Sources of privacy law
Globalization of privacy
2013
1. What do we mean by Privacy?
●
Decisional Privacy
●
●
Informational Privacy
●
●
●
JLS
Personal autonomy
Confidentiality of information
Data Security
Anonymity, Seclusion & Publicity
2013
Everyone wants my info – and most can get it
●
JLS
Types of personal information
●
Government Records
●
Financial
●
Health & Genetic
●
Communications
●
Location & Movement
●
Employment & Insurance
●
Private Life
●
Online Profiles
2013
JLS
2013
The Cat-out-of-the-bag Privacy problem
Once
published,
information
is no longer
“private”
JLS
2013
Privacy competes with other values
●
●
●
●
●
Safety of others?
National
security?
Prevention of
terrorism?
Openness of
information?
Commercial use
& marketing?
JLS
2013
2. Our world has changed
●
New technologies of capture
●
●
Digitalization of the world of information
●
●
●
Complex algorithms create new information profiles
Social networking permits new connections & monitoring
Motivated collectors
●
●
JLS
Cheap storage, transfer, & sharing
Profile analytics
●
●
E.g., remote sensing; location awareness
Data is valuable
Data mining is profitable
2013
Many people have access to your information
JLS
2013
The Data Ecosystem
JLS
2013
Main technological challenges
●
Digitization/Analytics/Big Data
●
●
JLS
Collection, Storage, Access & Distribution
Analytics & Use
2013
Commodification of personal information
●
●
●
●
JLS
Credit Reporting
GPS data for sale
Passwords for sale
E-profiles
2013
Disappearing Anonymity
“[A] large portion of the US population can be reidentified using a combination of 5-digit zip
code, gender, and date of birth.”
JLS
2013
Main technological challenges
●
Remote/Enhanced Sensing
●
●
●
Tele- & wide-spectral imaging
RFID
Genetic profiling
high altitude aerial surveillance
with high resolution imaging
JLS
2013
Thermal Imaging
In Kyllo v. U.S. (2001)
the Supreme Court
held that thermal
imaging of house
required a 4th
Amendment warrant if
conducted by the
government.
Ruling does not
apply to private
parties (state
action doctrine)
JLS
2013
Thermal Imaging
Query whether Kyllo
holding also applies to
thermal imaging outside
of one’s home
JLS
2013
Airport Full Body Scans
Security measure introduced in
2008 at some airports:
Millimeter wave technology
produces whole body images that
reveal what's under your clothes.
Metallic and non-metallic objects
are displayed.
X-ray body scans discontinued
Susan Hallowell, director ofTSA’ssecurity laboratory, is Xrayed by the "backscatter" machine, which bounces X-rays
off the skin, producing a black-and-white image. She is
dressed in a skirt and blazer. On the monitor she is naked,
except for a gun and a bomb that she hid under her outfit.
JLS
2013
Main technological challenges
●
Biometrics/Recognition
●
Identification & verification
Brain fingerprinting
JLS
2013
Biometric Identifiers: Physiological or Behavioral
Physiological Examples: height, weight, fingerprint,
facial image, iris image and hand geometry.
Fingerprint
JLS
Hand
Biometric
Facial
Thermography
Pattern biometric
2013
RetinalScan
Other examples of physiological biometric features include
body odor,
the pattern of veins,
face recognition,
human ear canal,
DNA
JLS
2013
Behavioral Biometrics
Examples of behavioral biometrics are
signature and keystroke sequences, gait
(the body movement while walking) &
voice patterns .
●
JLS
2013
Next Gen? Brain Scans
●
JLS
Brain fingerprinting
2013
Main technological challenges
●
Tracking/Geolocation
●
●
JLS
Panopticon video surveillance
“Smart” devices & networks
2013
The Modern Panopticon
JLS
2013
Location Awareness – The Good
JLS
2013
Location Awareness – The Bad
JLS
2013
Location Awareness – The Ugly
●
●
●
●
Apple Collects ”Precise" ”RealTime Geographic Location" of All
iPhones, iPads and Computers.
That’s No Phone. That’s My
Tracker
Police Are Using Phone Tracking
as a Routine Tool
Courts Divided Over Searches of
Cellphones
JLS
2013
Radio Frequency Identification (RFID)
●
●
JLS
Passive RFID tags can be read up
to 20 feet away, though usually
read just a few inches away.
Low production costs –e.g., $.05.
2013
Do you consider these to raise any privacy issues?
●
Attaching Passive Tags to food (provided no health impairment)?
Kodak developed a
tiny , digestible RFID
tag The tags are
covered by a soft
gelatin which takes
awhile to digest in
the stomach.
●
JLS
Or to your Vaccine?
2013
RFID Implants
JLS
2013
Main technological challenges
●
Cloud Computing
●
●
3rd party (misplaced trust) doctrine
security breaches & liability
Cloud
issues
JLS
2013
In the Cloud – You May be Exposed
ElcomSoft’s largest
customer base – US
police departments
“ElcomSoft researchers analyzed the communication protocol connecting
iPhone users with Apple iCloud and were able to emulate the correct commands
in order to retrieve the content of iOS users’ iCloud storage. Data retrieved from
iCloud is received in plain, unencrypted form. The 5GB of storage space can be
retrieved in reasonable time, while receiving incremental updates is even faster.”
JLS
2013
The growing importance of data security
JLS
2013
Identity Theft
JLS
2013
Main technological challenges
●
Social Media/Internet
●
●
●
●
●
Tracking
Data mining (profiling)
Behavioral advertising
Invisible embedded content
Children
re-re-re-revised
Nov. 21, 2012
JLS
2013
Online tracking mechanisms
●
●
●
JLS
Cookies
Web bugs
Cross
referencing
websites
2013
Behavioral Advertising to Gmail Users
JLS
2013
Let Google Diagnose You
JLS
2013
3. Government Surveillance
JLS
2013
Summary: A World of Surveillance
surveiller (fr.): to watch over
●
Electronic Surveillance
●
●
Computer Surveillance
●
●
JLS
e.g., Xray machines, body scanning
Biometric Surveillance
●
●
e.g., RFID, Geolocation
Enhanced Sensing
●
●
e.g., data mining, social network analysis
Remote Sensing
●
●
e.g., phone, email interception, bugs
e.g., collecting DNA
Ubiquitous Observation
2013
Narus Insight
“deep packet inspection”
JLS
2013
Gov’t can easily purchase private databases
●
In 2009, FBI compiled a database of "more
than 1.5 billion government and privatesector records" and has been mining this
database for use in criminal investigations.
The data was obtained from a
number of private companies,
includes transaction records
from hotels, rental car
companies and retailers.
●
Sept, 2009, WIRED Magazine
●
JLS
2013
Journalists’ Phone Records Seized by U.S.
●
DoJ secretly obtained AP telephone toll records in 2012
●
●
●
●
Investigation of leak
●
●
no advance notice to AP or any of the affected journalists
AP bureaus in New York, D.C., Hartford, House of Representatives
including home phones and cell phone of individual journalists
DoJ contends that a double agent was indirectly exposed when the AP
distributed a story in May 2012 about how the CIA foiled an Al Qaeda
plot to sneak a bomb aboard an airline bound for the United States.
FBI obtained sealed search warrant to read James Rosen’s
(Fox News) personal emails under Espionage Act
●
●
Rosen solicited classified information about North Korea for news story
Google ordered not to disclose that it had given the FBI access
JLS - Privacy
June 2013
AP – statutory protection and provision
●
18 U.S.C.A. § 2709: Counterintelligence access to telephone
toll/transactional records
(b) Required certification.The Director of the FBI, or his designee .. may
request the name, address, length of service, and local and long distance toll billing
records
●
if certified in writing that the records sought are relevant to an authorized investigationto protect against international terrorism or clandestine intelligence activities
●
investigation of a US person must not be conducted solely on the basis of activities
protected by the 1st Amendment
●
(c) (1)Prohibition of certain disclosure.— no wire or electronic
communications service provider … shall disclose to any person that the
FBI has sought or obtained access to records/information
●
28 C.F.R. §50.10: in all cases and without exception, subpoena
for a reporter’s toll records must be as narrowly drawn as possible
JLS - Privacy
June 2013
Electronic surveillance without court order
●
50 U.S.C. § 1802
●
●
●
(a)(1) Notwithstanding any other law, the President, through the Attorney
General, may authorize electronic surveillance without a court order under
this subchapter to acquire foreign intelligence information for periods of up
to one year if the Attorney General certifies in writing under oath that-(A) the electronic surveillance is solely directed at-- (ii) the acquisition of
technical intelligence, other than the spoken communications of individuals,
from property or premises under the open and exclusive control of a foreign
power
50 U.S.C. § 1801(g) “Attorney General”
●
Definition: the Attorney General of the United States (or Acting Attorney
General), the Deputy Attorney General, or, upon the designation of the
Attorney General, the Assistant Attorney General designated as the Assistant
Attorney General for National Security
JLS - Privacy
June 2013
4. Sources of Privacy Law
●
●
●
JLS
Federal Law
●
Constitutional
●
Federal Statutes & Administrative Regulations
State Law
●
State Statutes and Constitutions
●
Decisional Law (common law)
International Law
●
Conventional & Customary Law
●
Decisions of Int’l Tribunals
2013
Current Hodgepodge of Privacy Laws
●
●
●
●
●
●
●
●
●
●
JLS
Federal Communications Act (1934)
Census Confidentiality Act (1954)
Freedom of Information Act (1966)
Fair Credit Reporting Act (1970)
Privacy Act (1974)
Family Education Rights & Privacy Act (1974)
Foreign Intelligence Surveillance Act (1978)
Electronic Communications Privacy Act (1986)
Video Privacy Protection Act (1988)
Telephone Consumer Protection Act (1991)
2013
Current Hodgepodge of Privacy Laws - 2
●
●
●
●
●
●
●
●
●
●
JLS
Communications Assistance for Law Enforcement (1994)
Driver’s Privacy Protection Act (1994)
Children’s Online Privacy Protection Act (1998)
Gramm-Leach-Bliley Act (1999)
USA PATRIOT (2001)
HIPPA Privacy Rule (2003)
Fair & Accurate Credit Transactions Act (2003)
Do Not Call Act (2003)
Genetic Information Non-discrimination Act (2008)
FISA Amendments Act (2008)
2013
Electronic Communications Privacy Act
●
●
●
Title I – Wiretap Act
Title II – Stored Communications Act
Title III - Pen Register Act
●
●
JLS
Different warrant requirements
Different remedies
2013
Proposed ECPA Update
●
Electronic Communications Privacy Modernization Act
of 2012 (H.R. 6339)
●
Uniform requirement that government obtain a warrant before it
can mandate disclosure of communications from third parties
●
●
●
JLS
Establishes notice requirements for disclosures
Provides statutory suppression remedies for unauthorized receipt of
electronic communications (same as 4th Amd suppression)
Expands reporting requirements to Congress for effective oversight
and possible future reforms
2013
Proposed ECPA Update
●
Electronic Communications Privacy Amendments Act
of 2011 (S. 1011) (H.R. 2471*)
●
●
Eliminates current “180-day rule” and requires search warrant
showing probable cause to access electronic communications
Adds geolocation to types of service provider required to disclose
customer or subscriber information to a governmental entity
●
●
●
JLS
Requires notification to subscriber with exceptions (Ex: if such
disclosure would harm national security)
Exception to nondisclosure: service providers can notify government
or third party of important information in the event of a cyber attack
House version excludes geolocation and weakens Video Privacy
Protection Act - Passed Senate Judiciary Committee 11/29/12
2013
CALEA (1994)
●
●
Communications Assistance for Law Enforcement Act
Requires Telecom Providers (eg., telcos, ISPs):
●
install wiretap-friendly equipment to allow interception
●
●
●
allow real-time surveillance of telephone/Internet traffic
●
See NarusInsight supercomputer
deliver decrypted communications
and call-identifying information to
FBI CALEA Implementation Plan (2003)
●
FBI Electronic Surveillance Needs for Carrier-Grade Voice
over Packet (CGVoP) Service
CAUTION: this
document is classified
“FOR OFFICIAL USE ONLY”
JLS
2013
USA PATRIOT Act (2001)
●
Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct
Terrorism Act
●
Amends: FISA, ECPA, INA, Bank Secrecy Act
●
●
Sunset in Security
2006; Reauthorized
/ permanent
Domestic
Enhancement
Act
(PATRIOT II, 2003)
●
●
JLS
Delayed notice of search warrants
Not passed. See EFF analysis of Internet
privacy implications
2013
Compelled Production of Keys
●
4th Amendment Issues
●
●
Can police obtain a warrant to search PW-protected computer?
When can police search PW-protected computer w/o warrant?
●
●
●
5th Amendment Issues
●
Can you be forced to provide passwords or decryption keys?
●
●
JLS
Statutory authorization (e.g., CALEA, PATRIOT)
Consent
UK: yes (Regulation of Investigatory Powers Act of 2007)
US: ? (In re Grand Jury Subpoena, 11th Cir. Feb. 23, 2012)
●
May turn on whether the police already know about the files and
are seeking production (analogous to turning over the key to a
safe-deposit box) or are searching for information in the 1st place
2013
Financial Services Industry
●
Information Warehouse
●
●
●
Big 3 CRAs have financial info on every American
Credit reports affect all financial transactions
Fair Credit Reporting Act (1970)
●
Mainly covers disclosure and use of credit reports
●
●
●
Fair & Accurate Credit Transactions Act (2003)
●
●
●
JLS
Allows access for nearly any legitimate business purpose
Law Enforcement Access
●
Notification & consent may be required
Identity Theft Protection
Disclosure to consumer of her credit score
preempts state law
2013
Fair Credit Reporting Act (1970)
●
Applies to all Consumer Reporting Agencies
●
Mainly covers disclosure &use of credit reports
●
●
●
●
●
Law Enforcement Access
Investigative Consumer Reports (character vs. credit)
Consumer Rights
●
Right to Dispute Accuracy
●
●
●
JLS
Permits access for legitimate business purposes
Consumer Notification & Consent may be required
Correction, deletion of unverified items
Consumer statements included in data base
Civil Liability – Private Right of Action
2013
Sample Credit Query
JLS
2013
Gramm-Leach-Bliley Act (1999)
●
Amends Glass-Steagall (1933)
Allows banking consolidation
Gives rise to multi-tenant (shared) databases
Allows disclosure of nonpublic financial data to affiliates and
others
Notice to customers
●
●
●
●
●
●
●
Boilerplate sufficient (non specific)
No opt-out required for affiliates (only non-affiliates) or credit agency
Information Security Program must be maintained
Stiglitz: GLB was a cause of the
crisis by enabling CDOs & swaps
Krugman: Phil Gramm is the
“father of the financial crisis”
JLS
2013
Identity Theft Statutes
●
Identity Theft&Assumption Deterrence Act (1998)
●
●
●
Help for victims of ID theft (fraud alerts, blocking)
California (list of statutes & obligations)
●
●
●
●
Victim access to fraudulent applications
Right to stop creditors
Credit agencies must “freeze” credit reports
Private right of action
California Office of Privacy Protection
JLS
FTC Red Flag rules
Fair and Accurate Credit Transactions Act (2003)
●
●
Federalizes ID violations of state law
Criminal only; no private right of action
File ID Theft Report
2013
Health Insurance Portability
& Accountability Act (1996)
●
Federal Privacy Rule (2003)
●
Access, use and disclosure of PII
●
●
Standards for electronic exchange
●
●
of medical information
HHS Health Privacy Website
Covered entities
●
●
Treatment and payment
Insurers, clearing houses, data processors, providers
●
Small plans (< 50 participants) exempted
Disclosure prohibited
●
Firewall required between insurance plan and employers
●
Except on patient request, or to assure HIPAA compliance
New HIPAA requirements in 2010 stimulus bill
JLS
2013
Proposed Legislative Updates
●
COPPA
●
ECPA
●
Location Awareness
●
Do Not Track
●
EU Regulation
JLS
2013
COPPA Rule *
●
1st 5-year review 2005
●
●
Review concluded without amendment (71 FR 13247)
2nd 5-year review 2010
●
●
Request for Comment (RFC 4/5/2010)
Proposed Amendment (NPRM 9/27/2011) (76 Fed.Reg. 59804)
●
●
●
●
clearer notice and consent requirements
broader category of covered information (e.g., videos, geolocation)
higher security standards for data collected on children
rejects raising age of “children” (COPPA does not cover “teens”)
* 16 CFR 312.3: Regulation of unfair or deceptive acts or practices
in connection with the collection, use, and/or disclosure of
personal information from and about children on the Internet.
JLS
2013
COPPA Rule
●
Further Amendment (NPRM 8/6/2012) (77 Fed. Reg. 46643)
●
expands restrictions proposed in 2011 FTC amendment
●
●
●
JLS
operators of websites who choose to use advertising services and
plug-ins that collect data about children have to comply with COPPA
allows mixed-audience websites to age-screen visitors
clarifies the circumstances in which persistent
identifiers such as cookies or IP addresses are
considered "personal information”
2013
COPPA Rule
●
Response to Proposed 2012 Amendment
Children advocacy groups disappointed
●
●
●
●
Tech Industry concerned
●
●
JLS
bill doesn’t go far enough
bill makes children more vulnerable to cyber mischief
bill would negatively impact internet and the future of innovative
children’s software
Facebook: bill should not apply to a Web site’s ability to incorporate
a “like” button, because that would inhibit free expression
2013
Location Awareness – Pending Bills
●
S. 1011 – ECPA Amendments Act of 2011
●
Adds geolocation data to Stored Comm’s Act (Title II of ECPA)
●
●
Pen Register Act (Title III of ECPA)
●
●
Requires express opt-in for sharing of GPS/location data
H.R. 2168 – Geolocation Privacy & Surveillance Act
●
JLS
Allows FBI to collect data relevant to terrorism/intelligence function
S. 1223 – Location Privacy Protection Act of 2011
●
●
Search warrant, notification and exceptions
Criminalizes certain interception/disclosure of GPS/geo data
2013
Do Not Track
JLS
2013
Do Not Track
●
FTC Proposal (2010)
●
●
Consumers should be offered technical means to deploy DNT
NGO/engineering standards groups
●
Internet Engineering Task Force (IETF)
●
●
●
World Wide Web Consortium (W3C)
●
●
●
JLS
Open standards org. with practical authority over Internet (TCP/IP)
Proposed preference signaling mechanism in HTML header syntax
Open standards org. with practical authority over web & browsers
Tracking Protection Working Group (Peter Swire, new co-chair)
●
DNT Header Field for HTTP requests & other protocols (e.g., Java)
Industry giants defecting from W3C (standards are non-binding)
2013
Self-help
JLS
2013
State Electronic Surveillance Laws
●
Not preempted by ECPA
●
●
Text is silent, but Committee Report makes clear
California
●
Cal. Crim. Code, Title 15, Ch. 1.5 (Invasion of Privacy)
●
●
●
Bus & Prof Code § 17200
●
●
injunctive relief for unfair business practices
Other call Monitoring laws <link>
●
JLS
§§ 631, 632. Wiretaps (consent of all parties required)
§ 637 creates civil right of action for violation
often performed by third party services
2013
Tort of Intrusion Upon Seclusion
One who intentionally intrudes, physically or
otherwise, upon the solitude or seclusion of
another or his private affairs or concerns, is
subject to liability to the other for invasion of
his privacy, if the intrusion would be highly
offensive to a reasonable person.
JLS
2013
§ 652D PUBLICITY GIVEN TO PRIVATE LIFE
One who gives publicity
to a matter concerning
the another is subject
to liability to the other
for invasion of his
privacy, if the matter
publicized is of a kind
that
(a) would be highly
offensive to a
reasonable person, and
(b) is not of legitimate
concern to the public.
JLS
2013
Bartnicki v. Vopper
●
●
●
JLS
During collective-bargaining
negotiations between a teachers'
union and a local school board, the
chief union negotiator, Gloria
Bartnicki, said during a private cell
phone conversation that she wanted
to "blow off [the school board
members'] front porches."
The cell phone conversation was
intercepted by unknown third
parties in violation of state and
federal wiretapping statutes
Someone gave the tape to radio host
(Vopper) who broadcast the tape.
2013
Bartnicki v. Vopper
Issue: Could the radio host who broadcast the
conversation be held liable for violating federal
law? Court holds NO.
(1) The radio host who aired the conversation
played no part in the illegal interception.
(2) The radio host lawfully obtained access to
the tapes, even though the information itself
was intercepted unlawfully by someone else.
(3) The subject matter of the conversation
was deemed a “matter of public concern.”
JLS
2013
Breach of fiduciary Duty to Maintain Confidence
●
Distinct from Privacy Torts
●
●
Limited set of trusting relationships
covered
●
●
●
JLS
Origin in Trust Law
Physicians
Attorneys
Financial professionals
2013
5. Globalization of Privacy
●
●
●
●
●
JLS
EU Safe Harbor
EUJF v. Twitter
Internet Governance (US dominance)
Libel Tourism
Privacy Tourism
2013