Generally, most employer monitoring falls under one of these. Note that the "provider" exception is a specific feature of ECPA; ownership of the hardware does not create a general right of access and in particular ownership of a telephone system does not create a right to eavesdrop.
Phone surveillance in the workplace
Keystroke monitoring
Location monitoring
Do computers empower workers, or shackle them?
While we're on the topic of ECPA, there is:
Title I, covering electronic communications in transit (USC
Title18 Chapter 119)
no interception: http://www.law.cornell.edu/uscode/18/usc_sec_18_00002511----000-.html
evidence exclusion: http://www.law.cornell.edu/uscode/18/usc_sec_18_00002515----000-.html
Title II, the Stored
Communications Act. (USC
Title 18 Chapter 121)
email stored 180 days or less: gov't needs a warrant
more than 180 days: warrant, subpoena, or court order
See http://www.law.cornell.edu/uscode/18/usc_sec_18_00002703----000-.html
§2703 (a): less than 180 days (b): more than 180 days
Here's that part from §2703(b) preserved for posterity:
§2703(b) has much less stringent restrictions. Debate continues as to
the appropriate category for email messages.
ECPA amended the Wiretap Act of 1968.
Bradford Councilman ran a website that listed rare books; he also
gave email accounts (actually aliases) to booksellers within the domain
"interloc.com" (this might be comparable to amazon.com giving email
aliases to their associated private sellers, or even ebay). However,
Councilman examined these dealer emails in order to develop a
competitive strategy (these emails would show what rare books were in
demand, for example; apparently the real target was amazon.com).
In the case US v Councilman, the government prosecuted Councilman for interception of email in violation of the EPCA/Wiretap Act. Councilman argued that he only examined the email as it was stored on servers temporarily while being routed to its final destination, and that accessing stored documents did not constitute "interception" for the purposes of the Wiretap Act. The District Court and a 3-judge panel of the Appellate Court agreed with Councilman's theory. In 2005, however, the First Circuit court ruled en banc that, yes, EPCA in-transit rules did apply to data stored temporarily on disks (filesystems) as well.
Note that the issue here is not
government access to electronic communications.
Note also that the status of email as it sits in storage remains
contentious.
Email differs technically from voice in that as email is forwarded to its destination the full message sits briefly on various intermediate servers. Phone servers store at most a few bits of a voice stream at a time. The First Circuit ruled very definitively that, despite the appearance that email was being stored, the practical understanding was that it was in transit, and as such was protected. This is a good example of the courts rejecting a "technical" argument for the "big picture"; note, however, that the first two courts to hear the case agreed with the technical argument.
The full First Circuit decision is at http://www.ca1.uscourts.gov/pdf.opinions/03-1383EB-01A.pdf
This was a case involving government
compliance with EPCA. Steven Warshak ran a mail-order operation
promoting "Enzyte" for "natural male enhancement." There were several
allegations of fraud: that the physician testimonials for the product
were entirely fictitious, that many customers were enrolled a monthly
"auto-ship" program without notification, and that the merchant bank
accounts were manipulated to make credit-card complaints seem to be a
smaller percentage than there actually were. Eventually the government
investigated and then prosecuted.
The government got a subpoena order from a US Magistrate asking for his email records. The emails were turned over to him.
Eventually Warshak found out about this. As the emails were
incriminating, Warshak argued that the US needed a warrant, which is
much stronger than a subpoena.In 2006 he filed a claim seeking a declaratory judgement
that a warrant and not a subpoena was needed. (A declaratory judgement
is a court ruling on a procedural matter where there is no actual
action ordered.)
Are subpoena rules for email overly broad?
US argument: users of ISPs don't have a reasonable expectation of
privacy.
This is clear (post-Smyth) for employer-provided email, though there's no reason to suppose loss of privacy extends to the government.
But what about commercial email? Here's an imaginary Yahoo Terms-of-service by Mark Rasch, from securityfocus.com/columnists/456/3 :
Because a customer acknowledges that Yahoo! has unlimited access to her e-mail, and because she consents to Yahoo! disclosing her e-mail in response to legal process, compelled disclosure of e-mail from a Yahoo! account does not violate the Fourth Amendment.
The point here is that because Yahoo has access to your email, the government
thinks that all your email should be treated just like any other
commercial records. You have no "expectation of privacy".
The government argued that this case was like the 1976 US v Miller
case, where bank
records were found NOT to be protected. However, bank records are
pretty clearly different from email. For one thing, under the
"transaction" theory of privacy, bank records belong to the bank, as well as to you. Email does not belong, in any sense, to your
ISP.
But there's also the issue that ISPs do not just route your email messages, they also store them. Sometimes indefinitely, even after you have read them.
Stored Communications Act, part of ECPA
email stored 180 days or less: gov't needs a warrant
more than 180 days: warrant, subpoena, or court order
Warshak was arguing that the government should need a warrant for ANY of
his email.
At the district court level,
Warshak won in his declaratory-judgement quest. (Quote from full 6th circuit decision)
In June 2007 a 3-judge panel of 6th circuit appellate court [Judges
Boyce Martin, Martha Daughtry, William Schwarzer (District Court judge
sitting in)] again
ruled for Warshak. The decision was far-reaching, not specific to
the facts at hand; the court issued an injunction forbidding the US
government from obtaining emails without a warrant. From the ruling (at
www.ca6.uscourts.gov/opinions.pdf/07a0225p-06.pdf):
October 2007: 6th circuit agrees to en banc review (whole court)
July 2008: full court ruled that the case was not "ripe": the broad question was not ready to be addressed. The injunction was lifted.
The ripeness doctrine serves to "avoid[] . . . premature
adjudication"
of legal questions and to prevent courts from "entangling themselves
in abstract" debates that may turn out differently in different
settings.
That makes sense, but the full court also said some strange things about expectations of privacy:
(See Eugene Volokh, volokh.com/posts/1176832897.shtml)
Traditionally, the courts consider 4th-amendment cases only in concrete
contexts and not in the abstract. To be sure, the case as a whole was
still at the declaratory-judgement stage; the full court may have felt
that the email situation should wait to be decided at the actual trial. But the comments above about the subjective nature of expectations of privacy, and the idea that the terms of service might play a role in this expectation, are unsettling.
While this appeal was going on the US continued to prosecute its
criminal case against Warshak. He was convicted in February 2008.
In
December 2010, a three-judge panel of the 6th circuit ruled (http://www.ca6.uscourts.gov/opinions.pdf/10a0377p-06.pdf) that emails
were in fact protected under the fourth amendment, and that to the
extend the SCA (above) held otherwise (for emails held longer than 180
days), the SCA was unconstitutional. This time the judges were Damon Keith, Danny Boggs, and David McKeague. Alas for Warshak,
the court also held that the emails were nonetheless admissible as
evidence, because the government had acted in good faith (believing the
SCA). The court based its protection of email on the principle that
wiretapping of telephones has long been regarded as a fourth-amendment
search (that is, requiring a warrant).
As for an ISP's ability to read emails, the court wrote
The case could still be appealed to the full 6th circuit or to the Supreme Court.
In June 2008 the Ninth Circuit ruled in favor of fourth-amendment
protection for both text messages and emails, in Quon v Arch Wireless.
Email has been around for ~20 years. Why has this taken so long?
It may not be done yet. In January 2011 the California Supreme Court
ruled that, when someone is arrested at a traffic stop and the police
search the vehicle, they may extend the search to any and all contents
of any smartphones they find.The police rationale here was to tie a
suspect to a drug deal an hour before, through SMS messages.
1. They are often transmitted as cleartext.
2. The government is likely to argue that the 4th amendment does not apply.
3. They are not 'wire communications', and thus escape the Wiretap
Act rule that illegally intercepted messages cannot be used against you.
4. Your local police are not likely to be intercepting SMS messages, but it's always a risk. The ECPA does require a court order.
More at https://ssd.eff.org/book/export/html/23
All gmail is read at google. Just not necessarily by people. Does this matter?
Note that gmail has access to the full text of your email itself.
This means google knows more about you than any regular web advertiser
(except those doing full keystroke capture, which I'm still not sure
actually occurs).
What if Bradford Councilman, of the email-scanning scheme, had had automated software read the email, and
this software then updated Councilman's book-pricing lists? Is this
different from what gmail does, or the same?
What if google searched gmail for inside stock tips, and then
invested?
What could google do with
the information it learns about you? What could they do beyond learning of your areas of interest?
Original reading: Simson Garfinkel,
Adopting Fair Information Practices
to Low Cost RFID Systems.
Overall survey of active v passive rfid tags.
Why they might remain attached to purchased items.
RFID tags in identification cards
Differences between RFID and bar codes. In one sense, both types
work by being "illuminated" by a source of electromagnetic radiation.
In practice, most ordinary materials are not opaque to RFID
frequencies, and more information can be stored.
creeping incursions: when do we take notice? Is there a feeling that this "only applies to stores"? Are there any immediate social consequences? Is there a technological solution?
How do we respond to real threats to our privacy? People care about SSNs now; why is that?
Are RFID tags a huge invasion of privacy, touching on our "real personal space", or are they the next PC/cellphone/voip/calculator that will revolutionize daily life for the better by allowing computers to interact with our physical world?
Imagine if all your clothing displays where you bought it: "Hello. My
underwear comes from Wal*Mart"
(Well, actually, no; RFID tags don't take well to laundering.)
RFID tags on expensive goods, signaling that I have them: iPods, cameras, electronics
Loyola RFID cards
RFID v barcodes: unique id for each item, not each type readable remotely without your consent
"Kill" function
Active and passive tags
Are there ways to make us feel better about RFID??
Garfinkel's proposed RFID Bill of Rights:
Users of RFID systems and purchasers of products containing RFID tags
have:
What about #3 and I-Pass? And cellphones?
Serious applications:
Technological elite: those with access to simple RFID readers? Sort of like those with technical understanding of how networks work?
2003 boycott against Benetton over RFID-tagged clothing: see boycottbenetton.com: "I'd rather go naked" (who, btw, do you think is maintaining their site? This page is getting old!)
Some specific reasons for Benetton's actions:
Is the real issue a perception of control? See
Guenther
& Spiekermann Sept 2005 CACM article, p 73 [not assigned as
reading]. The authors developed two models for control of RFID
information on tagged consumer goods:
Is there a "killer app" for RFID? Smart refrigerators don't seem to be it.
I-Pass is maybe a candidate, despite privacy issues
(police-related) Speedpass
(wave-and-go credit card) is another example. And cell phones do allow
us to be tracked and do function as RFID devices. But these are all
"high-power" RFID, not passive tags.
What about existing anti-theft tags? They are subject to some of the same misuses.
Papers: Bruce Eckfeldt: focuses on benefits RFID can bring. Airplane luggage, security [?], casinos, museum visitors
Does RFID really matter? When would rfid matter?
RFID:
tracking people within a fixed zone, eg
tracking within a store:
Entry/exit tracking
profiling people
cell-phone tracking: when can this be done?
Are there implicit inducements to waive privacy? If disabling the
RFID tag means having to take products to the "kill"
counter and wait in line, or losing warranty/return privileges, is that
really a form of pressure to get us to leave the tag alone?
RFID shopping carts in stores: scan your card and you get targeted ads as you shop. From nocards.org:
"The other way it's useful is that if I have your shopping habits
and I know in a category, for instance, that you're a loyal customer
of Coca Cola, let's say, then basically, when I advertise Coca Cola
to you the discount's going to be different than if I know that you're
a ... somebody that's price sensitive." Fujitsu representative Vernon
Slack
explaining how his company's "smart cart" operates.
RFID MTA hack? We'll come to this later, under "hacking". But see http://cs.luc.edu/pld/ethics/charlie_defcon.pdf
(especially pages 41, 49, and 51) and (more mundane) http://cs.luc.edu/pld/ethics/mifare-classic.pdf.
Card-skimming is the practice of reading information on
magnetic-stripe cards (usually ATM cards) by attaching a secondary
reader over the primary card slot. Readers can be purchased (illegally)
to blend in with almost any model of ATM. Together with a hidden camera
to capture your PIN number, these systems can be used to max out the
withdrawals of dozens or even hundreds of accounts each day.
At first sight, RFID seems like it would make this situation even
worse: your card (but not PIN) can be skimmed while in your wallet. However, RFID can easily be coupled with "smart card"
technology: having a chip on the card that can do public-key encryption
and digital signing. (Interfacing such a chip with magnetic-stripe
readers is tricky.) With such a smart card, and appropriate
challenge-response infrastructure, skimming is useless.
See also http://getyouhome.gov
US passports have had RFID chips embedded for some years now. In the
article at http://news.cnet.com/New-RFID-travel-cards-could-pose-privacy-threat/2100-1028_3-6062574.html,
it is stated that
Homeland Security has said, in a government procurement notice posted in September [2005?], that "read ranges shall extend to a minimum of 25 feet" in RFID-equipped identification cards used for border crossings. For people crossing on a bus, the proposal says, "the solution must sense up to 55 tokens."
The notice, unearthed by an anti-RFID
advocacy group, also
specifies: "The government requires that IDs be read under
circumstances that include the device being carried in a pocket, purse,
wallet, in traveler's clothes or elsewhere on the person of the
traveler....The traveler should not have to do anything to prepare the
device to be read, or to present the device for reading--i.e., passive
and automatic use."
The article also talks, though, about how passports (as opposed to
the PASS cards usable for returning from Canada or Mexico) now have
RFID-resistant "antiskimming material" in the front (and back?) cover,
making the chip difficult to read when the passport is closed.
Currently, passport covers do provide moderately effective shielding.
Furthermore,
the data stream is encrypted, and cannot be read without the possession
of appropriate keys (although it may still identify the passport bearer as a US citizen). An article in the December 2009 Communications of
the ACM by Ramos et al
suggested that the most effective attack would be to:
see http://cpsr.org/issues/privacy/ssn-faq/
Privacy Act of 1974: govt entities can't require its use unless:
SSN and:
There had been a trend against
using the SSN for student records; some students complained that no
federal law authorized its collection for student records and therefore
state schools could not
require it. Alas, while this idea was gaining traction Congress
introduced the Hope education tax credits and now it is required that students give their SSN
to colleges. Even if they don't intend to claim the credit.
What exactly is identity theft?
National Identity Card:
What are the real issues?
tracking?
matching between databases?
Identity "theft"?
Starting on page 85, there's a good section in Baase on stolen data;
see especially the table of incidents on page 87. What should be done
about this? Should we focus on:
Matching:
Should the government be able to do data mining on their databases?
In particular, should they be able to compare DBs for:
Government and e-privacy:
What if FACIAL RECOGNITION were to really take off? What would be the consequences? There are all those cameras already.
Most arguments today against facial recognition are based on the idea that there are too many false positives. What if that stopped being the case?
What about camera evidence of running lights or speeding?
E-bay privacy - Ebay has (or used to have) a policy of automatically opening up their records on any buyer/seller to any police department, without subpoena or warrant.
This one is quite remarkable. What do you think? Is this ethical?
HIPAA (Health Insurance Portability & Accountability Act) has had a
decidedly privacy-positive effect here.
basic supply/demand: one draws curves with price on the horizontal
axis, and quantity on the vertical. The supply curve is increasing; the
higher the price the greater the supply. The demand curve, on the other
hand, decreases with increasing price. However, these are for
aggregates.
Now suppose you set price P, and user X has threshold Px.
The demand curve decreases as you raise P because fewer X's are willing
to buy. Specifically:
But what you really want is to charge user X the price Px.
Example: Alice & Bob each want a report. Alice will pay €1100, bob will pay €600. You will only do it for €1500. If you charge Alice €1000 and Bob €500, both think they are getting a deal.
But is this FAIR to Alice?
In one sense, absolutely yes.
But what would Alice say when she finds out Bob paid half, for the same thing?
Possible ways to improve the perception of value:
What do computers have to do with this?
Airline pricing: horrendously complicated, to try to maximize revenue for each seat.
Online stores certainly could
present different pricing models to different consumers. Does this
happen? I have never seen any evidence of it, beyond recognizing
different broad classes of consumers. Perhaps it takes the form
of discounts for favorite customers, but that's a limited form of price
discrimination.
Dell: different prices to business versus education This is the same thing, though the education discount is not nearly as steep now.
Academic journal subscriptions and price discrimination: Libraries pay as much as 10 times for some journals as individuals!
two roundtrip tickets including weekends can be less than one
(this example is ~ 2005; all
flights are round-trips)
origin |
destination |
outbound |
return |
cost |
Minneapolis |
Newark |
Wed |
Fri |
$772.50 |
Minneapolis |
Newark |
Wed |
next week |
$226.50 |
Newark |
Minneapolis |
Fri |
next week |
$246.50 |
If you buy the second and third tickets and throw out the returns, you save almost $300! Airlines have actually claimed that if you don't fly your return leg, they can charge you extra.
The issue is not at all specific to online shopping; it applies to normal stores as well. Sometimes it goes by the name "versioning": selling slightly different versions to different market segments, some at premium prices.
What about grocery stores?
CASPIAN: http://nocards.org
They're against grocery discount cards, also known as club cards or
surveillance cards.
A big part of Caspian's argument appears to be that the cards don't
really save you money; that is, the stores immediately raise prices.
customer-specific pricing: http://nocards.org/overview
One recent customer-specific-pricing strategy: scan your card at a
kiosk to get special discounts.
nocards.org/news/index.shtml#seg3
Jewel's "avenu" program is exactly this: http://www.jewelosco.com/savings/avenu.jsp.
One clear goal within the industry is to offer the deepest
discounts to those who are less likely to try the product anyway.
In many cases, this means offering discounts to shoppers who
are known to be price-sensitive, and not to others.
Clearly, the cards let stores know who is brand-sensitive and who is price-sensitive.
Loyal Skippy peanutbutter customers would be unlikely to get Skippy discounts, unless as part of a rewards strategy. They might qualify for Jif discounts.
Classic price discrimination means charging MORE to your regular
customers, to whom your product is WORTH more, and giving the
coupons to those who are more price-sensitive. Well, maybe the
price-sensitive shoppers would get coupons for rice, beans, and peanut
butter, while the price-insensitive shoppers would get coupons to
imported chocolates, fine wines, and other high-margin items.
"shopper surveillance cards": 1. Allow price discrimination: giving coupons etc to the price-sensitive only. There may be other ways to use this; cf Avenu at Jewel
The idea used to be that you, the consumer, could shop around, compare goods and prices, and make a smart choice. But now the reverse is also true: The vendor looks at its consumer base, gathers information, and decides whether you are worth pleasing, or whether it can profit from your loyalty and habits. -- Joseph Turow, Univ of Pennsylvania
2. segmentation (nocards.com/overview)
What about arranging the store to cater to the products
purchased by the top 30% of customers (in terms of profitability)?
Caspian case: candy aisle was reduced, although it's a good seller,
because top 30% preferred baby products. Is this really enough to make
the cards worth it to the stores, though?
Using a card anonymously doesn't help here, as long as you keep using the same card!
Using checkout data alone isn't enough, if "the groceries" are bought
once a week but high-margin items are bought on smaller trips.
One of the most significant examples of price discrimination is
college tuition. The real tuition equals the list price minus your
school scholarship. While many scholarships are outside of the control
of the school, the reality is that schools charge wealthier families
more for the same education.
Congress shall make no law ... abridging the
freedom of speech, or of the press;
Right off the bat note the implicit distinction between "speech" and "the press": blogging wasn't foreseen by the Founding Fathers!
The courts have held that Congress can
abridge "offensive" speech. For example: