You are here

privacy law

Merger of Online & Offline Data Heightens Intrusiveness of Tracking

ProPublica's Julia Angwin reported this week on how marketers' tracking of customers is getting more intrusive: "Online marketers are increasingly seeking to track users offline, as well, by collecting data about people's offline habits—such as recent purchases, where you live, how many kids you have, and what kind of car you drive."

Angwin goes on to explain how it works: after sharing your e-mail address with a store, a marketer locates customers online when they use their email addresses to log into websites, then a marketer tags customers' computers with a tracker, and then when customers arrive at the website of the same story they will see a site customized to them.

Europe Siding with Right to Be Forgotten Over Free Speech

The Washington Post reports on the Court of Justice of the European Union's's decision this week that Internet users have the right to demand that Google-search links be deleted. Europeans have the right to be forgotten. Americans don't. "Those seeking a similar right in the United States have stumbled upon the expansive free-speech protections in the First Amendment. Blocking access to even the most damaging information — mug shots, videos of intimate acts, or Web pages created by cyber-stalkers — can be difficult and often impossible, experts say. Online news accounts of past personal problems are even harder to leave behind," the Post further reports.

The European court, however, drew a distinction between newspapers keeping such news reports alive but not search engine results, the Post reports.

Sprint Given Secret Legal Basis for NSA Program, Washington Post Reports

Sprint, the country's third-largest wireless provider, was the only cellphone company to receive "the secret legal basis of a then-classified program that collected Americans’ phone records by the billions for counterterrorism purposes" because it was the only company to demand access to that legal rationale before the program was revealed last year by Edward Snowden's leaks, the Washington Post reports. After receiving the rationale, Sprint continued to turn over phone call records to the NSA, the Post also reports.

Effort to Link Millions of Patient Health Records Raises Privacy Concerns

Government-funded scientists are connecting "terabytes of patient medical records" at 11 sites across the country, The Washington Post reports. The result would be possibly the largest repository of medical information in the country, containing the medical information of 26 million to 30 million Americans. The new repository also raises privacy and propietary concerns, presenting "tricky ethical questions about who owns and controls the data, how to protect patient privacy and how research questions will be prioritized," The Post also reports.

"'The raw data is not what is being shared. That remains with the institution that the patient trusts,' said Devon McGraw, director of the health privacy project for the Center for Democracy and Technology," The Post further reports.

The project arises out of a Affordable Care Act provision  to create an independent nonprofit to help doctors and patients make better-informed decisions about their care, The Post further reports.

Obama Administration Plans to End Bulk Surveillance of Phone Calls

President Barack Obama plans to get the National Security Agency out of the business of collecting phone call records in bulk, The New York Times' Charlie Savage reports: "Under the proposal, they said, the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order." A House Intelligence Committee would allow the NSA to issue subpoenas for specific phone records without judicial approval, The Times also reports.

Panel: Disclosure, Not Consent, Will Protect Privacy in Era of Big Data

Submitted by Amaris Elliott-Engel on Tue, 03/18/2014 - 10:10

Consent does not protect privacy in the era of big data because it is not meaningful in an era of giving permission through clicks on a screen, said Kate Crawford, a researcher at Microsoft Research and MIT, at the Social, Cultural & Ethical Dimensions of 'Big Data' held last night.

Big data analytics are being sliced and diced to create personalization and segmentation, Crawford said. But predictive analytics can create "predictive privacy harms" under the "rubric of personalization," Crawford said.

Instead of using consent to cure potential harms, there should be a data due process framework "placing accountability at the very end of the chain," Crawford argues. When data about a person is being used to make a decision that would affect their lives, disclosure should be mandated so that he or she can have the opportunity to respond, she further argues.

There should be more protection when the decisions involve important matters like health and employment, and there could be weaker protection when the decisions involve less weighty matters like advertising, Crawford said.

Even the most sophisticated systems can leak privacy information, Crawford said. The combination of private signals with public signals can be combined so that people's privacy is deeply violated, Crawford said.

"We need to be a little bit more skeptical when people tell us data is going to be secure," Crawford said. 

 

Steven Hodas, a consultant who has worked on data projects for educational systems, said that the backlash against the InBloom, the company trying to collect, store and share student data with the support of the Gates Foundation, was because parents felt that their kids were being reduced to algorithms and they did not want teaching reimagined as educating a cohort.

Personalization does not mean more human interaction, but better data configuration, he said. We are "headed for dissonance with dissidence not too far behind," he said.

Parents want teachers to be "analog craftsmen, not maker bots," Hodas said.

The blowback against InBloom might have been averted if there had been portals for parents to access parent-oriented data, Hodas added.

Columbia University scholar Alondra Nelson said that data about genetics is a disproportionate issue for minorities because more minorities are arrested or convicted and have their DNA uploaded into criminal justice system databases. Blacks make up 13 percent of the American population, but they are 40 percent of felony convictions, she said. Even innocent people who are not ultimately convicted have their DNA included in the databases, she added.

In another example of how genetic data implicates privacy, sequencing the genome of the HeLa cell line and uploading it on-line meant that personal information about Henrietta Lacks, the woman from whose cervical cancer cells the cell line was developed, and her family could be identified, Nelson said. That included genetic markers for physical appearance and disposition for diseases.

The event was cohosted by the Data & Society Research Institute, the White House Office of Science and Technology Policy, and New York University's Information Law Institute. 

Nicole Wong, a former legal director at Twitter and now a deputy U.S. chief technology offer working in the White House' big data workgroup, said we need to "lean into those hard questions" about the issues of technology, privacy and individual liberties.

Upcoming Supreme Court Cases Will Determine Cell Phone Privacy

When we get arrested, do police have the right to search phones without a warrant, Reason's Damon Root asks. Do warrantless cell-phone searches constitute unreasonable searches and seizures?

While it is constitutionally permissible for police to search arrestees, their possessions and the immediate vicinity around the arrest site without a warrant, "cell phones contain previously unimaginable amounts of personal information, including not only words and images but also GPS location data. In other words, should getting arrested for a minor offense like jaywalking be sufficient to allow the police virtually unlimited access to your private affairs in search of additional wrongdoing?," Reason also asks.

The two cases the U.S. Supreme Court will hear are Riley v. California and United States v. Wurie.

The Story of the FISA Court's Evolution

The New York Times' Charlie Savage and Laura Poitras report on the evolution of the Foreign Intelligence Surveillance Court since the 9/11 attacks. Files leaked by Edward Snowden "help explain how the court evolved from its original task — approving wiretap requests — to engaging in complex analysis of the law to justify activities like the bulk collection of data about Americans’ emails and phone calls," they write. The court transformed from an adjudicator of surveillance applications to an interpreter of the law, Steven Aftergood, of the Federation of American Scientists, commented to The Times.

Among other revelations is that "the newly disclosed documents also refer to a decision by the court called Large Content FISA, a term that has not been publicly revealed before. Several current and former officials, speaking on the condition of anonymity, said Large Content FISA referred to sweeping but short-lived orders issued on Jan. 10, 2007, that authorized the Bush administration to continue its warrantless wiretapping program."

Use Digital Rights Management to Protect Privacy

Craig Mundie, writing in Foreign Affairs, says that in the era of big data a new approach is needed. Instead of worrying about limiting data collection, control should be focused on "the moment when it is used."

One of Mundie's arguments against curbing the collection of data is that there can be dividends from aggregated data, such as learning how to "better address public health issues, learn more about how economies work, and prevent fraud and other crimes."

Mundie suggests building a version of digital rights management into electronic personal data in order to protect it: "All electronic personal data would have to be placed within a 'wrapper' of metadata, or information that describes the data without necessarily revealing its content. That wrapper would describe the rules governing the use of the data it held. Any programs that wanted to use the data would have to get approval to 'unwrap' it first. Regulators would also impose a mandatory auditing requirement on all applications that used personal data, allowing authorities to follow and observe applications that collected personal information to make sure that no one misused it and to penalize those who did."

Cell-Phone Data Requires Warrant, MA Supreme Court Rules

The Massachusetts Supreme Judicial Court, 5-2, ruled this week that law enforcement may not a track a suspect's movements from cellphone data without getting a warrant, The Wall Street Journal reports. The court held, "'“even though restricted to telephone calls sent and received (answered or unanswered), the tracking of the defendant’s movements in the urban Boston area for two weeks was more than sufficient to intrude upon the defendant’s expectation of privacy,'" WSJ reported from the opinion. The court was applying the state constitution, not the federal constitution.

Pages

Subscribe to RSS - privacy law