FCC Reinforces that Those Who Knowingly Release Cell Numbers Grant Permission to be Called Under the TCPA--But Companies May Still Be Required to be Sure They Get the Number Directly from the Person to be Called

By Ronald G. London

We recently reported on two FCC declaratory rulings interpreting the Telephone Consumer Protection Act (TCPA), in the context of social-network text messages and package-delivery calls, that included broad, business-friendly statements that should help clarify TCPA rules for prior express consent to autodial, prerecorded-call and text cell phones. We noted that in one ruling, the FCC in some respects revived  a position staked out in 1992, in originally implementing the TCPA, that “persons who knowingly release their [cell] phone numbers have … given their invitation or permission to be called” there, an allowance whose viability had become less clear as TCPA precedent evolved. Shortly after the declaratory rulings, we also advised on the Eleventh Circuit’s Osorio v. State Farm decision, which increased the number of states in which the TCPA is interpreted as imposing strict liability on those who direct automated and/or prerecorded calls to cell phones under a mistaken belief they have prior express consent to do so. Now another case extends the Osorio analysis to potentially up the ante again. 

Continue Reading...

Acquisitions Don't Nullify Prior Privacy Promises--FTC's Letter to Facebook & WhatsApp Gives Caution to All to Honor Privacy Protections in Mergers

Social networking site Facebook announced in February its plans to acquire WhatsApp—a “rapidly growing cross-platform mobile messaging company”—for the princely sum of $19 billion. While Facebook and WhatsApp are looking forward to a bright future together, the Federal Trade Commission is keeping a watchful eye on both companies regarding the privacy protections that WhatsApp promised its users in the past.
On April 10, 2014, the Director of the FTC’s Bureau of Consumer Protection Jessica Rich wrote executives at Facebook and WhatsApp and made clear that both companies must continue to honor WhatsApp’s prior policies and statements against collecting and sharing user data with advertisers—policies that, as Director Rich notes, exceed Facebook’s current privacy protections for its users. 
Continue Reading...

Google "Street View" case may be headed for SCOTUS Review

By John D. Seiver

Google held true to its promise to seek SCOTUS review of the Ninth Circuit’s interpretation of the term “radio communications” in the Wiretap Act when it filed its Petition for Certiorari last week. Google had argued in the Ninth Circuit that intercepting unencrypted Wi-Fi transmissions is within a specific exemption, but the Ninth Circuit (initially and on rehearing) held instead that unencrypted Wi-Fi is protected from interception by the Wiretap Act. Absent an extension, oppositions are due April 30, 2014.
Continue Reading...

New Guidance for Employers Conducting Background Checks

By Angela Galloway

Employers who investigate workers' criminal or credit backgrounds may want to review federal guidelines released March 10.

The joint publication of the Federal Trade Commission and the Equal Employment Opportunity Commission provides detailed guidance for employers who check into the criminal or credit histories of applicants or employees. “Background Checks: What Employers Need to Know” aims to guide employers in complying with federal laws that prohibit workplace discrimination and regulate commercial background reporting agencies.

Separate laws restricting employers’ ability to request and/or rely on such background checks have also been enacted by many states and cities, including Seattle and San Francisco.

The publication released today offers guidelines for developing policies and practices that avoid improper practices or discriminatory employment decisions. For example, the report advises:

Continue Reading...

San Francisco Enacts Employee Privacy Ordinance

By Angela Galloway

A new San Francisco ordinance will prohibit employers and city contractors from asking job applicants about their criminal histories until after they conduct a live interview or make a conditional offer of employment. When the ordinance takes effect in August, San Francisco will join the ranks of 10 states and more than 50 cities to restrict employers' inquiries into applicants' criminal backgrounds. Check out our advisory on the San Francisco ordinance here.

Last year, Seattle restricted employers' ability to inquire about applicants' histories.

New Cellphone Promises Array of Built-in Privacy Features

By Angela Galloway

Consumers will soon have access to a smartphone that automatically encrypts calls and texts, and provides anonymous web browsing, according to reports about the "Blackphone."

Forbes reports that the phone, set for a spring release, caters to phone users who want built-in privacy protections -- and to avoid the hassle of manually changing privacy settings and adding protective features. For  $629, purchasers will get  three years of encrypted phone calls and messaging services plus 5 GB of encrypted storage, Forbes Reports. The phone also will include anti-tracking and anti-WIFI sniffing services. According to Forbes, the phone was developed by Spanish startup GeeksPhone and Washington D.C.-based Silent Circle.

Newsweek reports that the phone will lack an email app, at least at launch. The company is working with another firm to develop a secure email service. The Guardian reports that the phone  will run a version of Android that certain security holes and provides greater data control than third-party apps.

As Facial Recognition Technology is Poised to Enter Everyday Life, Regulators Express Concern

Recent news stories have highlighted the negative privacy implications of facial recognition technology. For example, a new app for Google Glass will pair facial recognition with data from social media and dating sites, allowing users to instantly see personal information about strangers they pass on the street. (Though Google does not permit facial recognition software to be used on its Google Glass platform, the app could be used on jailbroken Google Glass devices.) Forbes reports that Senator Al Franken has written to the app developer to express deep concern and ask it to delay the app’s launch, or at least require people to opt in before their data is displayed to others. Meanwhile, the New York Times reports that some retail stores and airports already use facial recognition technology, and other such uses are on the way. The Times quotes Jessica Rich, director of the FTC’s Consumer Protection Bureau, as saying, “This is another reason that we need omnibus privacy legislation.”
Continue Reading...

Oregon Restricts Employers' Access to Private Social Media Accounts

By Christie S. Totten, Chrys A. Martin, Angela Galloway, and Peter G. Finch

 Oregon recently joined numerous states in prohibiting employers from seeking access to employees’ or prospective employees’ private social-media accounts, personal email, and other online content. Employers may not:
  1. Require or request that an employee or applicant allow the employer access to the individual’s personal social media account (e.g. cannot ask for the password)
  2. Compel an employee or applicant to add the employer to the individual’s social media contact list, (e.g. cannot require the employee to “friend” the employer on Facebook); or 
  3. Compel an employee or applicant to allow the employer to view the personal account.
Continue Reading...

Advisory on China's New Online Information Protection Law

Check out our recent advisory detailing China’s New Online Information Protection Law.  In the advisory, Lin Zhu, Ron Cai, and Fraser Mendel explain how, on Dec. 28, 2012, the Standing Committee of China’s National People’s Congress enacted a 12-article Decision on Strengthening Online Information Protection, without public consultation and after just one reading.  The Decision was released following a recent spate of scandals resulting from online exposure of corrupt officials’ misdeeds and apparently in response to growing public concerns about lack of protection for personal privacy.  The Decision applies to only the electronic version of citizens’ personal “electronic information” and is a fairly broad outline providing guiding principles for protecting personal information online, but no implementation or enforcement details.  To learn more about the ramifications of the Decision, see the full text of the advisory here.

FTC Consent Decree Targets Allegedly Deceptive Toolbar

By David Silverman

The FTC has reached a settlement with UPromise, Inc., a membership reward service aimed at helping save for college, to resolve charges that company allegedly used a web-browser toolbar to collect consumers’ personal information, without adequately disclosing the extent of personal information collected. Under the settlement, UPromise must destroy all data it collected under the “Personalized Offers” feature of its “TubroSaver” toolbar, clearly disclose its data collection practices and obtain consent to collection of personal information from those using the toolbar before it is installed or re-enabled, and must further establish a comprehensive information security programing, requiring biennial independent security assessments, for the next 20 years.

Continue Reading...

Supreme Court Considers Damages for Privacy Violation's Emotional Harm

By Adam H. Greene

On Nov. 30, 2011, the U.S. Supreme Court held oral arguments in Federal Aviation Administration v. Cooper, No. 10-1024. At issue in the case is whether the plaintiff is entitled to damages under the Privacy Act of 1974 for emotional distress caused by the government’s disclosure of his HIV status, including “sleeplessness, loss of appetite, physical tension, agitation, isolation from friends and anxiety.”

Continue Reading...

Privacy Coalition Requests FTC to Probe Ask.com; In Response, Ask.com and its Allies Cry Foul

Posted by Hozaifa Cassubhai

The election season may be in full swing, and the buzz about the recent Superbowl at full throttle, but heated debates and bravado are not just limited these days to politicians and athletes.  Recently, search engine vendor Ask.com and its supporters have come out swinging against several privacy groups over a complaint they recently filed that requested the Feds to forcibly pull the plug on a new feature called AskEraser. As Nicholas Graham, a spokesman for Ask.com stated: [The complaint] merits a 15-yard penalty for unsportsmanlike conduct.

Continue Reading...

FTC Data Security Consent Decree Suggests Minimum Steps Companies Must Take

Posted by Ronald London

The FTC recently announced a consent decree with online retailer Life is good (www.lifeisgood.com) that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered such reassurances but failed to have in place sufficient measures (from the FTC's view) to back them up, based on the ability of a hacker to use SQL injection attacks on Life is good’s website to access consumers' credit card numbers, expiration dates, and security codes. To resolve allegations in a draft complaint the FTC had prepared alleging unfair trade practices, Life is good settled the claims by entering a consent decree requiring it to adopt a comprehensive information-security program and obtain biennial audits by an independent third-party security professional … for the next 20 years.

Continue Reading...

California Breach Disclosure Law Now Covers Medical Records

By Charlene Brownlee

California extended its data breach notification law to include incidents involving electronic medical and health insurance information. California's data breach law, SB 1386, had previously covered only financial records. The new law, AB 1298 took effect January 8, 2008. The law adds medical and health-related information to the existing breach notification law definition of "personal information" and expands the application of the Confidentiality of Medical Information Act (CMIA) to include any business organized for the purpose of maintaining medical information.

Continue Reading...

Report on the FTC's Conference on "Ehavioral Advertising"

Posted by K.C. Halm, Ronald London, Razeeb Hossain, and Anne Shelby

In early November the FTC held a series of roundtables and panels to discuss emerging issues in behavioral advertising. The FTC has posted transcripts, videos, the workshop agenda and a list of all participants on its website, found here.

Common discussion themes throughout the two-day workshop included the contradiction between consumers' failure to protect their personal information despite their stated concern with privacy; the perceived need for greater transparency in privacy policies, especially with respect to providing more detailed descriptions of data use; the disagreement between the infor-mation industry and consumer groups as to the efficacy of private sector self-regulation; debate over the best methods to inform consumers of their privacy choices; and concern over the coming use of developing technologies for data collection, use and disclosure.

A detailed discussion of the sessions follows below. 

Continue Reading...

Beware the Flirtbot

Posted by Brian Kennan

Ever since the computer was invented, people have wondered when such machines would be able to think. In 1950, mathematician Alan Turing suggested a simple test for computer intelligence: if a computer can fool a human being into thinking it is also human, said Turing, the machine should be considered intelligent.

Turing died in 1954 but must have rolled over in his grave last week when the Turing test's reputation hit a new low: security analysts discovered a "sex chat" computer program so lifelike it was fooling customers into disclosing their personal data.The program is called "CyberLover" and exploits a technique long known to security researchers as "social engineering," a fancy term for manipulating users into disclosing information. What's new with this con is that the one doing the social engineering is a computer program. And a hard working one.  According to Ina Fried, citing a report from PC Tools, CyberLover "can work quickly, too, establishing up to 10 relationships in 30 minutes.... It compiles a report on every person it meets complete with name, contact information, and photos."

Of course, the user must volunteer this information, which raises another intriguing question: Are users that are naive enough to give out personal information to a computer sex-chat program able to pass the Turing test themselves?

New AOL Initiative May Help Shield Consumers from Targeted Advertising

Posted by Hozaifa Y. Cassubhai

Web users may be better able to travel incognito online by the end of the year. 

AOL unveiled a new program last week that is designed to help webusers shield their online travels from advertisers. This technology would allow users to opt-out of online ads that are targeted to them based on their Web-surfing habits. The program aspires to “engender greater trust for targeted advertising by communicating with consumers in a more visible way, and by providing them more information about their choices,” stated Curt Viebranz, president of AOL’s ad platform.

Continue Reading...

Hollywood is 'LOOKing' in places you don't suspect

Posted by Tom Jeffry

An article about the upcoming AFI Festival in last Friday’s Los Angeles Times focused on a controversy around one of the film festival’s productions by Adam Rifkin titled “LOOK.” 

The description for this movie set forth in the AFI Festival Guide states: “There are approximately 30 million surveillance cameras in the United States capturing covert images of average Americans as much as 200 times a day. They're watching in department stores, gas stations, changing rooms, public bathrooms — seemingly no one and nowhere are free from the dispassionate eye of the hidden camera. LOOK pieces together this rush of information, finding several provocative, interwoven storylines amid the noise of life in a random city.” To drive home the point, a photo that accompanies the description depicts two scantly clad young women in a department store dressing room.

Continue Reading...

Nevada passes first law requiring business to encrypt customer personal information during transmission

Posted by Charlene Brownlee

Significance of the Law

Nevada has enacted the first data security law that mandates encryption for the transmission of customer personal information. ( NRS 597.970) The law goes into effect on October 1, 2008. While there are several laws that direct organizations in certain industries to consider using encryption and laws that make encryption a factor in decisions regarding breach notifications, no law required the encryption of personal information prior to this Nevada law.

Continue Reading...

Watching Them Watching Us

Posted by Thomas Jeffry

An interesting development from the American Medical Association is worth noting.

The AMA House of Delegates met in Chicago at the end of June where it received a report previously requested by that group’s governing body on the medical and ethical implications of the use of implantable radio frequency identification (RFID) microchips in humans. Use of RFID chips were approved for use in humans by the Food & Drug Administration in 2004. Similar versions of such chips are commonly used to tag pet dogs and cats for identification purposes. 

Continue Reading...

Access to Historical Cemetery Records Blocked on HIPAA/Patient Privacy Grounds

Posted by Thomas R. Burke

Just in time for Memorial Day... if the State of Nebraska has its way, the public will never know the names or anything else about nearly 1,000 former mental health patients buried between 49 and 110 years ago at a cemetery located at one of the state's rural facilities.  Using the Nebraska Public Records Act, the Adams County Historical Society in Hastings, Nebraska recently sought access to burial records for information about former patients who were buried in unmarked graves at the Hastings Regional Center -- originally known as the "state ayslum for the incurably insane."  The State is denying access to the records, citing to patient privacy statutes, including HIPAA.  The Nebraska Attorney General's Office late last week concluded that the names of the former patients could be properly kept secret, forever.  "These people are being denied the fact that they lived and died, and it's disgraceful," said Catherine Renschler, executive director of the Adams County Historical Society, commenting to the Associated Press in a recent article. As the nation celebrates Memorial Day 2007, it's unfortunate that the state is asserting patient privacy laws and HIPPA to deprive these individuals of some permanent dignity and to perpetuate social stigmas against those who currently suffer from mental illnesses.  

FULL DISCLOSURE -- DWT is representing the Adams County Historical Society, pro bono, in connection with this matter. 


Montana and Washington have passed laws refusing to comply with the federal government's Real ID Act

Posted by Bruce E. H. Johnson

The Real ID Act has been described by Crosscut columnist Skip Berger as creating "what is in essence America's first national identity card using driver's licenses that could be embedded with computer chips and biometric information, such as fingerprints. It has been proposed that such cards be required of every citizen who wants to drive, access government buildings, apply for federal benefits, or fly on commercial aircraft. Management of the vast databases would fall to each state's department of motor vehicles."

Continue Reading...

Pew Reports Most Teens Proactive in Seeking to Maintain Online Privacy

Posted by Ronald London

The Pew Internet & American Life Project has issued a report indicating that even teenagers who are very active on the Internet are careful to limit the personal information they place online out of concern over keeping sensitive data out of the hands of strangers, parents, and other adults. While almost two thirds of teenagers with online profiles acknowledged that someone hunting for information, armed with the right tools and incentive, could identify them based on information in their online profiles, most reported taking steps to make such identification more difficult, such as declining to post a full name, home phone number or cell phone number. The report is among the first in-depth looks at the privacy-related awareness and practices of teenagers that avidly use social networking sites such as MySpace or Facebook.

Continue Reading...

California's Constitutional Right to Privacy is Limited by Statutory Litigation Privilege

By Rory Eastburg

On April 5, 2007, a unanimous state Supreme Court ruled that California’s litigation privilege extends to claims based on the state’s constitutional right to privacy.  While conceding that the statutory privilege would have to yield to the constitutional privacy right if the two conflicted, the court concluded that “the statutory and constitutional provisions are not in conflict; they can and do coexist.”

Continue Reading...

Will the World of WiFi Broaden the Applicability of COPPA Requirements?

Posted by Teena Lee

As more neighborhoods offer WiFi capabilities, and as more mobile devices primarily designed for children offer access to WiFi networks, there appears to be a potential slippery slope that will develop over liability under the Children’s Online Privacy Protection Act (“COPPA”).

Continue Reading...

When your offline security is threatened by your online activity

Posted by Joe Addiego

The San Francisco Chronicle recently reported that there has been an up tick of Craigslist users around the country who have been robbed in recent months when meeting prospective buyers to complete a transaction initiated online. Apparently, the would be robbers locate their targets online and arrange for the meeting in less than busy areas, thereby maximizing their ability to execute the robberies without being caught.

Continue Reading...

Update on FCC Oversight of Data Brokers, Pretexters, Etc.

Posted by Ronald London

This week’s output at the Federal Communications Commission included several outgrowths of concerns that started to evolve last year (as reported on DWT's Privacy & Security Law Blog) regarding the apparent availability to third parties of sensitive phone records and other related data online and elsewhere. The records at issue often involve “customer proprietary information” (or “CPNI”) such as data relating to the quantity, type, destination, location and/or amount of use of telecommunications services by subscribers, which becomes available to the subscriber’s carrier solely by virtue of their status as customer. The data also can include potentially identifying information such as phone numbers, addresses, and other data. The Commission began looking into the matter late last year. In early 2006 it issued subpoenas to a number of online data brokers, and it investigated and/or issued notices of apparent liability (“NALs”) proposing fines against several telecommunications providers with respect to their submission to the FCC – or lack thereof – of certifications of compliance with federal CPNI rules and statutes.

Continue Reading...

White House Issues New Data Protection Security Guidelines

Posted by Stuart Louie and Peter Mucklestone

This past Friday, the White House Office of Management and Budget issued new data protection security guidelines directed at federal civilian agencies. The guidelines address the protection of personal information of the millions of employees and citizens held by such agencies. The Office of Management and Budget has stated that it will work with the agencies’ inspector generals to implement these new guidelines within 45 days; however, stopped short of categorizing the guidelines as “requirements” and has instead labeled them as “recommendations.”  

Continue Reading...

The Bush Administration: Western Union's Best Friend

By KM Das

In early February, I was saddened to hear that without any fanfare Western Union had sent its last telegraph. Although I was aware of the NSA’s warrantless electronic surveillance program at the time, I did not make the connection between the two news items at the time. With the revelation this past Thursday that the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) has been giving the Treasury Department all of its data on international wire transfer since soon after September 11, 2001, however, its hard to miss the connection. The Bush administration wants you to go back to sending telegraphs and wiring money through Western Union. It’s certainly no less credible an explanation than the explanation that this program, along with the NSA’s warrantless surveillance and telecommunications companies turning over their call data for data mining purposes, is meant to make us safer.

Continue Reading...

Sex Blogger Motion Denied

Posted by Bruce Johnson

Here's an update to my prior blog on Steinbuch v. Cutler. The United States District Court judge, Judge Paul Friedman, generally denied Cutler's motion to dismiss on Wednesday, except that he apparently recognized that much of the plaintiff's case was time-barred to the extent that it was filed after the one-year statute of limitations had run on such claims. A summary is available in today's Washington Post.

IRS Proposes Changes That Would Allow Accountants To Sell Tax Return Information

Posted by Kraig Baker

The IRS has changed a rule that permits tax-return preparers to sell information from individual returns to marketers and data brokers. The proposed rules do require that taxpayers "opt-in" before the tax information could be sold. Does anyone really believe that it will be difficult to get taxpayers to "opt in?" Not only to most taxpayers sign whatever their tax preparers put in front of them, but the slippery recent history of certain large commercial tax preparers suggest that it won't be difficult to get such opt-in consent. I expect that there will be a firestorm about these changes and that the IRS will back away from this change in the next month or so. Full story here.

Judge's Decision on DOJ's Google Subpoena Imminent

Posted by Thomas R. Burke

Still no final word from the court on yesterday's showdown between Google and the Justice Department -- although an order will likely come out this week -- but U.S. District Judge James Ware appears to appreciate the concern that the federal government's subpoena request smacks of surveillance. Delcan McCullagh's account of the contested hearing notes that the judge, based in San Jose, is reluctant to give "everything it wanted because of the 'perception by the public that this is subject to government scrutiny' when they type search terms into Google.com." Discovery battles are notoriously resolved by "splitting the baby" -- both sides are sent home with something, but far less than they wanted. This however, is not your typical discovery battle. It will be interesting to watch if Google will appeal Ware's decision. Ironically, Google's decision to continue this battle in the Ninth Circuit Court of Appeals will largely depend too on whether the company is comfortable with the public's perception of what search information -- from now on -- will be accessible by the federal government.

FTC Retains Children's Online Privacy Protection (COPPA) Rule

Posted by Peerapong Tantamjarik

On March 8, 2006, the Federal Trade Commission announced that it decided to retain, without changes, the regulations implementing COPPA, a federal law enacted in 1998 to better protect children's personal information on the web. Generally, COPPA applies to operators of websites and online services directed to children under 13 years of age that also collect personal information from children. COPPA requires such operators to adhere to a clear set of standards such as posting a privacy policy and a link to the policy everywhere personal information is collected; provide notice to parents and in most instances, obtain verifiable parental consent before collecting any child's personal information; provide parents access to their child's information and control over deletion of the information; and maintain the confidentiality, security, and integrity of the personal information collected from children.

Continue Reading...

Give Me Convenience or Give Me Death

Posted by Brian Wong

Google Vice President Marissa Mayer: "With everything, you trade privacy for a value-add."

This has long been true, and sometimes the only surprise is how little some people ask in return for their private information.

Continue Reading...

Government Access to Internet Search Records

Posted by Brian Bennett

The U.S. government's subpoena of Google search records may lead to greater public awareness of how search engines work and the related legal issues. A CBS News article looks at the privacy implications of the government subpoenas, and gives an overview of the risks to users of search engines. A weekend poll on the issue showed that 89% of Google users believe their Web searches are kept private, 56% said they don't want Google to release any Web search information to the government, and 38% said they would stop using Google if it gives information about their searches to the government.

Another Privacy Win for Consumers -- Even Apple Isn't Immune

Posted by Kraig Baker

Last week, Apple launched a new version of iTunes that included a "MiniStore." The MiniStore was designed to recommend new music to users. What Apple didn't disclose, however, was that in order to make the recommendations, they were monitoring users listening habits and using an ID that was tied to personal information. Moreover, Apple had this services turned on by default. After a large hue and cry, Apple has now agreed to turn off this service by default -- as Cory Doctorow at Boing Boing says, it should have done from the beginning. I think this is interesting for two reasons. First, it shows that consumers are sensitive to use of their personal information even in the case of "trusted" and "cult" brands like Apple or Google. In other words, consumer privacy concerns extend to the method of collection, not just the entity doing the collection. Second, it demonstrates once again that companies are very sensitive to consumer backlash regarding misuse of personal information. Look for more of these types of incidents as consumer demands for more personalization and customization collide with increasing sensitivity to monitoring and use of personal information.

Who Gave Schwarzenegger A Fat Lip?

Posted by Thomas R. Burke

California Governor Arnold Schwarzenegger's motorcycle crash this past weekend remains in the news. Not unexpectedly, the event has prompted stories and discussion about motorcycle safety, the special certification that is required to drive a motorcycle in California (one that Schwarzenegger admits he didn't have) and even comparisons between Schwarzenegger's sidecar and Boris Badenov and Natasha Fatale of "Rocky and Bullwinkle" fame.

Continue Reading...

Congressional Research Service Analysis Calls Into Question Legal Justification Behind NSA Monitoring of Communications

Posted by K.M. Das

On Thursday, January 5, 2006, the Congressional Research Service released a 44-page memorandum casting further doubt on the legality of the National Security Agency's monitoring of international communications of American citizens and residents. CRS, housed within the Library of Congress, is the "public policy research arm of the United States Congress." CRS is intended to give Congress "its own source of nonpartisan, objective analysis and research on all legislative issues."

Continue Reading...

NH Court: Right of Access Trumps Personal Privacy

Posted by Brian Bennett

The New Hampshire Supreme Court recently held that financial information a person discloses in divorce cases is not subject to privacy law protection. The court held that there is a constitutional right of access to court records including financial affidavits filed in domestic relations cases, and that this public right arises from "the need to maintain the integrity and accountability of the judiciary."

Continue Reading...

Spokane mayor's beefcake cache is not a public record, but list of websites he visited is

Posted by Bruce Johnson

Spokane Mayor James E. West's laptop was the subject of an interesting Public Disclosure Act decision on Thursday.

West, a Republican who is now subject to a recall vote on Dec. 6 for these activities, apparently used his city-owned laptop to access gay.com and other gay-oriented websites, and also conduct internet chats with prospective dates.

Continue Reading...

Phone Records Easily Available to All

Posted by Merrill Baumann

What high-tech gadgetry do you need to get complete records of phone calls made and received by another? An internet connection and a credit card will do the trick. Criticism is mounting over the ease in which anyone can obtain phone records of others.

Continue Reading...

Hi, Dad! Teen Uncovers Anonymous Sperm Donor Through Online Geneaology Database

Posted by Lance Koonce

As it turns out, had Oedipus been blessed with a good laptop and a secure wifi node instead of those cryptic Oracles (this kind, not that kind), he might have avoided the entire murder/incest/blinding thing.

Today's Washington Post reports that a 15-year-old boy whose mother was artificially inseminated by sperm from an anonymous donor managed to track down the donor using readily available online sources.

Continue Reading...

"No Fly" List Revelations

Posted by DWT

The Privacy and Security Law Blog is today able to release, for the first time anywhere, the final set of previously secret documents produced by the Transportation Security Administration ("TSA") and the FBI in connection with a high profile Freedom of Information Act ("FOIA") lawsuit involving the government "no fly" list. The documents include the names of TSA employees involved in the administration of the list:

TSA Documents, pages 1-12.
TSA Documents, pages 12-24.
FBI Documents, pages 1-6.

Continue Reading...

Proposition 73 in California - Abortions, a Minor's Privacy, and a Parent's Right to Know

Posted by Peerapong Tantamjarik

Here in California, it's that time of the year again... it's Special Election time! Where ordinary citizens, like you or me, or those with gobs of extra cash, can gather (or pay for) signatures and make a difference to the state by putting up for approval various propositions. Often times, these propositions can even amend our state Constitution. Proposition 73, currently on the November 8th, special election ballot, proposes to do just such a thing.

Continue Reading...

ThePrivacyPlace.Org 2005 Privacy Survey

Posted by DWT

We have been asked to help get the word out about an online survey being conducted by ThePrivacyPlace.Org. The survey will measure privacy policies and user values, and is supported by a National Science Foundation Information Technology Research grant. In the words of the survey's sponsor, the survey is "intended to evaluate individuals' views and opinions on privacy related issues in the context of the Internet."


Click here or on the image above for the survey.

Alito on Privacy

Posted by Brian Bennett

The initial reports on Supreme Court nominee Samuel Alito's views on privacy rights are mixed. In Third Circuit cases involving search warrants, Judge Alito has voted in dissent to uphold intrusive searches of women and children who were not named in search warrants and were not the subjects of any investigation. Judge Alito assured Senator Arlen Specter, on the other hand, that he endorses a constitutional right to privacy as cited by the Supreme Court in Griswold v. Connecticut, 381 U.S. 479 (1965). In Griswold, the Supreme Court invalidated a Connecticut law that outlawed contraception, stating that the Connecticut law violated a constitutional right to privacy. Conservative Justices such as Antonin Scalia, with whom Judge Alito has been compared, have criticized the concept of a constitutional right to privacy.

Privacy or Security?

Posted by Kraig Baker

One more thought about the presentations Thursday at the IAPP's Privacy Academy 2005 here in Vegas. It is increasingly clear to me that no one has figured out the ongoing tension between "security" and "privacy". These two concepts often get lumped together, but in addition to being complementary in some ways, they are, in many ways, conflicting. One can see the tension in almost every presentation at the conference.

Continue Reading...

Consumers Continue to Feel Privacy is Threatened

Posted by Kraig Baker

Consumers' distrust of Corporate America is growing. It's probably not surprising following a summer full of well-publicized data breaches, but a CBS News/New York Times Poll shows widespread concern about what has become a common business practice -- collecting personal information about individuals. A large majority of Americans express negative views about companies collecting personal information about individuals, including what they buy, their credit histories, and income information.

Continue Reading...

Think Your Anonymizer is Foolproof?

Posted by Lance Koonce

Those who rely on anonymizers to surf and transact business on the web may soon have their identities laid bare, if the National Security Agency has anything to say about it. According to World Net Daily, a new patent filed by the NSA,

describes a process based on latency, or time lag between computers exchanging data, of "numerous" known locations on the Internet to build a "network latency topology map" for all users. Identifying the physical location of an individual user, reports CNET News.com, could then be accomplished by measuring how long it takes to connect to an unknown computer from numerous known machines, and using the latency response to display location on a map.

Verizon Sues Telemarketers for Calling Wireless Customers

Posted by Ronnie London

In what is believed to be a first in the U.S., Verizon Wireless filed two separate lawsuits against telemarketers Intelligent Alternatives and Resort Marketing Trends, alleging that the companies violated the Telephone Consumer Protection Act ("TCPA") and state law by transmitting automated and/or prerecorded messages to Verizon Wireless customers. The suits, filed in New Jersey (where Verizon is headquartered) and California (where the largest proportion of the calls were received), seek injunctive relief and damages for what the company claims were more than a million calls by Intelligent Alternatives, and more than 200,000 calls by Resort Marketing to Verizon Wireless subscribers.

Continue Reading...

But the Miami-Dade Cop is a piker compared with Tesco

Posted by Bruce Johnson

From London, Tuesday's Guardian reports that the supermarket chain Tesco "is quietly building a profile of you, along with every individual in the country - a map of personality, travel habits, shopping preferences and even how charitable and eco-friendly you are. A subsidiary of the supermarket chain has set up a database, called Crucible, that is collating detailed information on every household in the UK, whether they choose to shop at the retailer or not."

Continue Reading...

Cops get ChoicePoint Data?

SiliconValley.com reports that a Miami-Dade County police officer has been relieved of duty and is under investigation for allegedly obtaining unauthorized access to Social Security numbers and other personal data on 4,689 people maintained by ChoicePoint Inc. The company reported that the Secret Service was investigating the matter -- at this point, it does not appear that any identity thefts have occurred.

Continue Reading...

Judge Roberts' Views on Government Searches & Privacy of Records Issues Are Unknown

Judge Roberts' impressive performance answering the questions of Senate Judiciary Committee members has left little doubt that he will be confirmed as the next Chief Justice. As one commentator noted, "The only real question about his prospects, it appears, is how many votes he will get from the Democratic senators."

Much attention has appropriately been given to Judge Roberts' views on the right to privacy at issue in Roe v. Wade and Griswold v. Connecticut. Little attention has been paid to other important issues, however, such as how he will approach his duties regarding the Foreign Intelligence Surveillance Act court and what his philosophy is regarding police and other government agencies' searches of individuals' property.

Continue Reading...

Dutch to Track Citizens From Cradle to Grave

The Dutch Ministry of Health has announced that beginning on January 1, 2007, all Dutch citizens will have their personal information maintained and tracked in one database that will include health, education, and family information, as well as police records.

Continue Reading...

Caveat Inventor

Note to all US patent holders: pay your maintenance fees if you value the privacy of your financial information. A recent investigative report (Patent Office Rules Allow Simple Access to Tax, Financial Data, 108 Tax Notes 1079 (Sept. 5, 2005)) reveals that patent holders who fall behind on fee payments with the U.S. Patent and Trademark Office (PTO), and then request a waiver of their payment obligations, may be asked to submit private information to validate claims of financial hardship. While the PTO claims that it never asks for or requires sensitive information, such as Social Security or account numbers, delinquent patent holders may unwittingly submit such information, which then could find its way to the publicly-available patent files. No legislative fix is imminent, but privacy advocates are investigating the issue further, and IRS Commissioner Don Alexander has urged members of the Bush cabinet to push for remedial action.

Posted by Merrill Baumann

Free Consumer Credit Reports Finally Available to All

The Fair Credit Reporting Act's guarantee of free credit reports took full effect on September 1. The links to the website, previously blocked, are now fully accessible, and reports for residents in States in the Eastern US have finally been made available. Persons may obtain one free report each year from each of the three major credit reporting agencies. For additional information, you may also visit EPIC's Fair Credit Reporting Act Page.

Posted by Merill Baumann

Agencies' Data Mining Efforts Criticized for Privacy Failures

In a recent report to a subcommittee of the Committee on Homeland Security and Governmental Affairs on data mining (i.e., the extraction of pertinent information from large volumes of data), the Governmental Accountability Office concluded that none of five agencies the GAO audited "followed all the key procedures" for the protection of personal information. The particular agency projects were chosen for review in part because they involved one of the following goals: (1) analysis of intelligence and detection terrorist activities; (2) detection of criminal activity; (3) identification of fraud, waste or abuse; or (4) efforts to improve service or performance.

Continue Reading...

David Brin on Our Omni-Surveilled Future

A fascinating article (site pass req'd) about the possible evolution of the surveillance culture in the August edition of Salon, by science fiction writer and scientist David Brin. In it, Brin anticipates flocks of miniature flying cameras providing video feeds from remote locations, wearable augmented reality devices providing real-time information to users about their environment, subvocal speech systems (a precursor to "tech-mediated telepathy"), and ubiquitous geographic location awareness (for people and devices).

Continue Reading...

Britney, Lindsay and Scarlett -- Can Anti-Paparazzi Laws Protect Our Endangered Starlets?

Posted by Kraig Baker

The LA Times reported another Paparazzi incident today. This time Scarlett Johansson hit a car carrying a family while trying to elude paparazzi who followed her home. Last month someone from Britney Spears' house shot a paparazzi with a pellet gun. Two months ago a celebrity photographer rammed Lindsay Lohan's car. With the voracious American appetite for all things celebrity and the intense competition among celebrity magazines, it's inevitable that we will have additional incidents. More to the point from a privacy perspective, look for additional anti-paparazzi legislation in California and other states within the next year.

Continue Reading...

Too Much Blogging Can Make You Go Blind

This is a legal blog, not one of those you might find at a domain ending in .xxx (oh, wait, those are on hold by White House request), so get your mind out of the gutter (but if you can't, see this recent report). The type of blindness we're talking about here is the kind that occurs when you've become so immersed in the daily routine of blogging that you've forgotten - or perhaps you never fully understood? - the legal concerns that blogging can raise. Over the next few months, on a quasi-regular basis, we'll be looking at some of the legal issues related to blogging that fall loosely under the umbrella of privacy and security law.

Continue Reading...

Secure Flight Program Violates Privacy Act

The US Government Accountability Office ("GAO") recently issued a report stating that the Department of Homeland Security Transportation Security Administration ("TSA") did not act in accordance with the Privacy Act while testing its Secure Flight Program, which is designed to compare airline passengers against a terrorist watch list.

Continue Reading...

Contrasting Views on Data Privacy

The Sunday New York Times "Week in Review" has an interesting article (subscription req'd), comparing the very different legal frameworks for privacy protection in the US and the EU (and much of the rest of the world ).

The article suggests that, in the US, 2005 is the "year of the consumer privacy breach" -- as the "personal information" for 50 million consumers "has been lost, stolen and even sold to thieves."

Continue Reading...

Wifi Hijacking Conviction

In the first case of its kind in the UK, a man has been prosecuted for hijacking a wireless broadband connection and has been fined 500 pounds and sentenced to twelve months's conditional discharge. While there have been several convictions for theft of credit card information over wireless networks, this case involved the theft of wifi signals for something as pedestrian as browsing the Internet. Considering the fact that in the United States there are millions of wifi users and that it is relatively easy to use a neighbor's signal even for users who have virtually no technical expertise, it may only be a matter of time before a litany of cases like this appear in U.S. courts.

Posted by Steve Chung

ATM Card Phishing

A report issued August 2, 2005, by Gartner, Inc. describes how thieves have stolen more than $2.75 billion by using phishing scams to obtain debit card account numbers and PINs from unsuspecting consumers. The thieves use the account numbers to create fake cards, then use the cards and PINs to drain consumers' accounts, leaving consumers to deal with the bounced checks and the banks to reimburse the victims, as described in more detail here. The debit cards of some banks, such as Bank of America, are not targets because the banks take advantage of a second track on the magnetic strips on their cards to embed additional security codes that consumers -- and therefore data phishing thieves -- don't know about. Banks whose debit cards have been hard hit by these attacks have begun using the second track on the magnetic strips on their cards and have beefed up their security codes in order to prevent the attacks.

Posted by Randy Gainer