Week 4, Feb 7 RFID papers: garfinkel Eckfeldt Stajano ---------- Loyola patent policy: luc.edu/ors/patentpolicy.shtml Technological Progress ---------------------- Life with Napster quote: pp 25-26 Is there really a Dark Side? Or has technology [broadband Internet] made that irrelevant? p 27: William Mitchell, dean at MIT: books are "tree flakes encased in dead cow" Charles Mann: "who will curl up with a computer in bed?" What did iPod do to this sentiment? H&I was written in pre-iPod world What about the Kindle [again]? Leather-bound books are fundamentally obsolete; hardcover books are generally bound in "buckram" and pasteboard, a fabric/ composite. Bottom line: *if* we want the old rules to continue, we need to find ways to ensure return on investment for creators of music, movies, and books. If. And such ways to ensure ROI can be legal, technical (eg DRM), or social. ===================== David Post & Jefferson's moose: interesting metaphor We need to open up to new ideas Touretzky DeCSS site: cs.cmu.edu/~dst/DeCSS/Gallery/ Check out efdtt.c, and the DVD logo!!! We'll return to this when we get to cyberspeech. parodies: South Park (almost any episode) Weird Al www.xkcd.com/c78.html Bored of the Rings wondermark.com wondermark.com/wm_stripdoc_index.html I'm not sure how many, if any, of the primary wondermark cartoons are actually new text for old cartoons. But there's some new-text examples in the links. ============================================================================== Project Gutenberg: gutenberg.org Eldred v Ashcroft: Eric Eldred maintained a website of public-domain books unrelated to Project Gutenberg's, although he did do some scanning/typing for them. eldrichpress.org: ============================================================================== ================= Hacker Ethic [p 22] v Ten Commandments of Computer Ethics [p 23] What do you think of the hacker ethic? Should information be free? What about the Ten Commandments? What about #6? What's #8 about? Is this consistent with file sharing? Technological Progress ---------------------- ===================== David Post & Jefferson's moose: interesting metaphor We need to open up to new ideas ============================================================================== ============================================================================== Start Privacy Privacy from: * government * commercial interests * workplace * local community (ie online info about us) Strange history: once upon a time we were mostly concerned about privacy from the government. ~1990, a big privacy issue was Caller ID. Whose privacy was at stake? Facebook and MySpace have made us our own worst privacy leakers. Some things we want to keep private: * past lives * life setbacks * medical histories (including mental health) * finances * alcohol/drug use * most sexual matters, licit or not * private digressions from public facade * different facades in different settings [friends, work, church] * comments we make to friends in context * minor transgressions (tax deductions, speeding, etc) What does Alan Westin say about the last one? Do you agree? Fourth amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated. What do computers have to do with privacy? Old reason: they make it possible to store (and share) so much more data Newer reasons: they enable complex data mining Allow us to find info on others via google Records are kept that we never suspected (eg google searches) electronic eavesdropping ====================================== Case 1: genetics testing Note DUAL reasons: govt security issue (nuclear terrorism) employer issue How would you answer the claim that being in a gov't DNA database could only be a problem if you are guilty? Should we have the right to keep genetic info from OURSELVES? How about from insurers? (classic scenario for Rawls argument) What about the idea that Lily's employer is just worried about legal liability? Dr James Watson, co-discoverer of DNA, has had his own genome published, (google: watson genome) He has avoided looking to see if he has inherited a susceptibililty to Alzheimer's disease. Case 2: Smyth v Pillsbury note that what is at issue is the TORT of invasion. Whatever happened to the CONTRACTUAL issue? Hint: long history of cases upholding "employment at will" doctrine. Judge: Charles Weiner How would the case have been different if: pillsbury had an email policy allowing such access? pillsbury had no policy at all? What are employers' interests in email exchange? Were the emails read out-of-context? (that is, Smyth and his boss were just being aggressive) Does OWNERSHIP matter? No!! ownership of a phone ownership of stationery ownership of an apartment building ========================================================================== # Smyth v. Pillsbury: Pennsylvania # Bourke v. Nissan: California similar: Bourke worked for Nissan; email was reviewed, it was highly personal, she got low evaluation. The email probably but not definitively contributed. # Shoars v. Epson: California Alana Shoars was involved in email training at Epson. She found supervisor Hillseth had been printing & reading employee emails. She objected, and removed some of the printouts from Hillseth's office. She also reported the incident to Epson's general manager. Hillseth then had Shoars fired, allegedly because she had asked for a private email account that was not accessible by Hillseth. Epson had informed employees that email was "private & confidential" California had a law prohibiting tapping of telephone lines. *May* have covered other communications, but that part was dismissed on a technicality: tapping alone didn't constitute eavesdropping, and the eavesdropping issue was never brought up. Discuss Smyth v Pillsbury: Contract v Tort Judge held that corporate eavesdropping is not offensive. Duh. (Could it be offensive IF the company had promised not to??) Judge says Smyth lost because email was "utilized by entire company" and Smyth's emails were "voluntary". Were they? Reasonable expectation of privacy does NOT mean the search is "offensive" Only searches that are "offensive" would allow legal action regarding firing of an "at-will" employee. Judge: Pillsbury's actions did not "tortuously" invade privacy unstated by judge: prevention of sexual harassment as justification. Arguably, though, this kind of talk between "buddies", with the self-image projected to fit that context, is EXACTLY what Westin is talking about. Not all context is "professional". What if Pillsbury recorded water-cooler or bathroom conversation? What the heck *is* a "reasonable expectation of privacy"??? "In the absence of a reasonable expectation of privacy, there can be no violation of the right to privacy." Could Smyth have sued for DAMAGES, instead of reinstatement? Footnote to judge's ruling: [eh-STOP-uhl] FN2. Although plaintiff does not affirmatively allege so in his Complaint ... the allegations in the Complaint might suggest that plaintiff is alleging an exception to the at-will employment rule based on estoppel, i.e. that defendant repeatedly assured plaintiff and others that it would not intercept e-mail communications and reprimand or terminate based on the contents thereof and plaintiff relied on these assurances to his detriment when he made the "inappropriate and unprofessional" e-mail communications in October 1994. The law of Pennsylvania is clear, however, that an employer may not be estopped from firing an employee based upon a promise, even when reliance is demonstrated. Paul v. Lankenau Hospital, 524 Pa. 90, 569 A.2d 346 (1990). Jurisdiction problems: what if one party to an email lives in a state that grants statutory privacy protections? This problem comes up all the time with phone calls: Plaintiffs: Kelly Kearney, Mark Levy; worked for company acquired by Worldcom. Worldcom case: Plaintiffs calls were recorded in Georgia, but plaintiffs were calling from California, which forbids that without notification of ALL parties. Massachusetts case: jurisdiction depends on *where* wiretapping physically took place, not where the speakers were. How does telephony relate to email? What *is* our expectation of privacy? What about personal use of gmail account, while at work? What about use of, say, a personal gmail account while at work? If employer monitors transactions with gmail.com? If employer obtains email from google directly? luc.edu/its/policy_email_general.shtml Persistence: email sticks around, although people USE it as if it were like the phone. ============================== Paul v Lankenau Hospital 524 Pa. 90, 93, 569 A.2d 346,348 (1990) ============== ======================= PA court Atlantic Reporter reference 2nd Series, vol 569 Starts page 346, actual reference on page 348 Dr Parle Paul, MD, would take home discarded hospital equipment. He would sell it or send it to clinics in Yugoslavia, his homeland. He got permission to take five discarded refrigerators. Unfortunately, he apparently did not have the RIGHT permission. Oops. He was fired, and filed suit for reinstatement and for defamation. A jury trial resulted in a verdict in Paul's favor, both for damages and reinstatement. Superior court affirmed. From the appellate decision: Equitable estoppel is not an exception to employment at-will. The law does not prohibit firing of an employee for relying on an employer's promise. Exceptions to the [at-will firing] rule have been recognized in only the most limited curcumstances, where discharges of at-will employees would threaten clear mandates of public policy. [some such: racial/ethnic discrimination, whistleblowing, refusal to commit illegal acts, unionizing, ...] Look at this another way. Smyth and his lawyers *knew* that he could be fired for any reason, regardless of Pillsbury's promises to the contrary. Smyth was asking for application of the TORT of invasion of privacy to be applied. Tortious invasion of privacy exists, but the standards are high and privacy must be a reasonable exception. In court cases, you can't add 30% of an argument for equitable estoppel and 70% of an argument for tortious invasion of privacy to get 100% of a case. ONE argument must be 100% sound. ======================================== Who decides when we have a "reasonable expectation of privacy"? If most people think email privacy is easy to breach, does it lose protection? Is email any easier to spy on than the phone? ============================================================================ Facebook/MySpace: When did Facebook stop being "closed"? Did anyone care? Facebook, MySpace, google, deja news, and dating deja.com (now run by google) Why do we want privacy?