Computer Ethics, Spring 2012

CMUN 009; Mon 4:15-6:45, Week 5, Feb 20

Week 5 Readings

Chapter 2

TRANSFORMATIVE use

This describes copying where the "purpose .. of the use" (factor 1) is wholly different from the purpose of the original. Typically it may be important that the new use offer something to the public that was otherwise unavailable.

Parodies are usually considered transformative use.

Another example: from Diebold v Online Policy Group, & some Swarthmore students: (Actually, they were suing Diebold; the students had posted some internal Diebold memos, and Diebold was wildly filing DMCA takedown notices. The students, and the EFF, felt these were an abuse of the DMCA process.)

From the judge's opinion:

Finally, Plaintiffs' ... use was transformative: they used the email archive to support criticism that is in the public interest, not to develop electronic voting technology. Accordingly, there is no genuine issue of material fact that Diebold, through its use of the DMCA, sought to and did in fact suppress publication of content that is not subject to copyright protection.

The Kelly and Perfect 10 cases below address this doctrine of "transformative". We'll return to this under "Free Speech"

Kelly and Perfect 10

Baase p 232-233:
    Kelly v Arriba Soft: 2002
    Perfect 10 v Google: 2006 -- ??

Kelly was a photographer incensed that Arriba Soft's "ditto.com" search engine was displaying thumbnails of his images. (There still is a ditto.com, but I have no idea whether it is connected to the original one.) The 9th Circuit ruled thumbnails were fair use, but not links to full-sized images. They later reversed that last point.

Four-factor analysis:

Purpose and Character: use is transformative
Nature of work: creative work on internet; "slightly in favor of Kelly"
Amount & Substantiality: irrelevant; whole image must be copied
Effect on market: The court found no harm to Kelly's market; in fact, by helping people find Kelly's images they might help him. Use of thumbnails weighed heavily here: they aren't nearly as attractive as originals.

Now to the Perfect 10 case. Perfect 10 sold nude images; they claimed to have a business plan to sell thumbnail images to cellphone users. Note that, on the face of it, this last point undermines the Kelly reasoning on effect on the market.

This question goes pretty much to the heart of Google's ability to provide image searching.

images.google.com is an image-based search engine; it frames full-sized images, and caches thumbnails.

P10's images came up on google only when some third party posted them (at some third-party site), apparently without authorization.

District court:

The District Court ruled that links were ok, but thumbnails were not. More precisely, the court granted an injunction against the thumbnails, but not against the links. The case is still not decided completely (and probably won't be).

[What do you think of the links issue?]

Wikipedia documents the District Court ruling in http://en.wikipedia.org/wiki/Perfect_10_v._Google_Inc.

Judge Howard Matz (emphasis added):

The first, second, and fourth fair use factors weigh slightly in favor of P10. The third weighs in neither party’s favor. Accordingly, the Court concludes that Google’s creation of thumbnails of P10’s copyrighted full-size images, and the subsequent display of those thumbnails as Google Image Search results, likely do not fall within the fair use exception. The Court reaches this conclusion despite the enormous public benefit that search engines such as Google provide. Although the Court is reluctant to issue a ruling that might impede the advance of internet technology, and although it is appropriate for courts to consider the immense value to the public of such technologies, existing judicial precedents do not allow such considerations to trump a reasoned analysis of the four fair use factors.

Note that Judge Matz does not believe that value to the public has priority over the fair-use factors.

Google then appealed the case to the Ninth Circuit.

Ninth Circuit

In 2007 the Ninth Circuit then reversed, issuing a preliminary ruling that all of Google's use is likely enough fair use that P10 loses their injunction.
Their preliminary decision is at http://webpages.cs.luc.edu/~pld/ethics/Perfect10vGoogle9thCir12-2007.pdf.

The bottom line was that Google's use was TRANSFORMATIVE.

Google might still be liable for contributory infringement. However, it appears that P10 has mostly abandoned the case.

Appeals court ruling points:
1. Google DMCA defense
2. P10's "display right" and "distribution right" are at issue.
3. [server test: whose server are the images really on?]

From the preliminary decision:

Applying the server test, the district court concluded that Perfect 10 was likely to succeed in its claim that Google’s thumbnails constituted direct infringement but was unlikely to succeed in its claim that Google’s in-line linking to full-size infringing images constituted a direct infringement. Id. at 84345. As explained below, because this analysis comports with the language of the Copyright Act, we agree with the district court’s resolution of both these issues. [15458 (15), last ¶]

Google isn't doing it (the server test):

[6] Google does not, however, display a copy of full-size infringing photographic images for purposes of the Copyright Act when Google frames in-line linked images that appear on a user’s computer screen.[15460 (17)]

Contributory infringement is not at issue.

Perfect 10 incorrectly relies on Hotaling v. Church of Jesus Christ of Latter-Day Saints and Napster for the proposition that merely making images “available” violates the copyright owner’s distribution right. [15463 (20)]

Isn't this "making available" a core issue for file sharers?

At this point the appeals court turns to Google's Fair Use defense

In applying the fair use analysis in this case, we are guided by Kelly v. Arriba Soft Corp., ... In Kelly, a photographer brought a direct infringement claim against Arriba, the operator of an Internet search engine. ... We held that Arriba’s use of thumbnail images was a fair use primarily based on the transformative nature of a search engine and its benefit to the public. Id. at 818-22. We also concluded that Arriba’s use of the thumbnail images did not harm the photographer’s market for his image. [15466 (23)]

Recall the District Court judge's reluctance to put much stock in "benefit to the public"

Purpose and Character: Again, use is transformative. Very much so. Just what is this??
District Court: this was diminished, in terms of Google's use of thumbnails, by P10's plan to sell thumbnails. Also, google's use is commercial.

9th Circuit: "In conducting our case-specific analysis of fair use in light of the purposes of copyright,": this is an explicit acknowledgement of the Copyright Clause. [15470 (27), ¶ starting in middle of page]

Bottom line: Purpose & Character goes from DC's "slightly in favor of P10" to Ninth's "heavily in favor of Google"

Also note, same paragraph:

The Supreme Court, however, has directed us to be mindful of the extent to which a use promotes the purposes of copyright and serves the interests of the public.

One of the cases cited as evidence of this directive is Sony. Another is the 1993 Campbell case (about a 2 Live Crew parody of the Roy Orbison song Pretty Woman), in which the Supreme Court stated that "the more transformative the new work, the less will be the significance of other factors, like commercialism, that may weigh against a finding of fair use". [15471 (28)]. (See http://supreme.justia.com/us/510/569/case.html. A major element of the Campbell case was that the Supreme Court backed away from the idea that commercial use would seldom qualify as "Fair use"; compare this with the earlier Sony quote "although every commercial use of copyrighted material is presumptively an unfair exploitation of the monopoly privilege that belongs to the owner of the copyright,...." Another point was that the Campbell song was intended to poke fun directly at Orbison's song, not to be general social satire.

Also:

we note the importance of analyzing fair use flexibly in light of new circumstances [15471 (28)]

Nature of work: no change; still "slightly in favor of Kelly". Part of the "slightly" was that the images were already published.

Amount & Substantiality: irrelevant; whole image must be copied; see [15473 (30)]

Effect on market: P10 did not prove their market for thumbnail images was harmed. So this didn't count. But how would they ever do that?? More precisely, "the district court did not find that any downloads for mobile phone use had taken place." [15470 (27), last line of page]. There were echoes of this issue in the Sony case: Universal Studios did not prove that they were harmed, because the market for home sales of movie videotapes did not exist, because Sony's Betamax was the first VCR on the consumer market.

Whoa! Is that last issue really fair? Did the DC even consider that point?

More at [15474 (31)], end of 1st and 2nd paragraphs

We conclude that Google is likely to succeed in proving its fair use defense and, accordingly, we vacate the preliminary injunction regarding Google’s use of thumbnail images."

Note how the appellate court sort of finessed the "effect on the market" issue.

Another option: why were P10's images ever found? Because users uploaded them illegally. There is another path here: to allow google to provide thumbnails and links only so long as the originals are present. Then, P10 can go after the originals.

An interesting question: if P10 had been selling something more socially acceptable than soft-core pornography, might this decision have gone the other way? There's an old legal saying that "bad cases make bad law"; is this an example?

Dozier Internet Law, http://www.cybertriallawyer.com

1. Lots of solid mainstream copyright cases:
    architectural designs
    jewelry designs
    advertising work (sitforthecure.com)
    stolen websites for:
        gamers sites
        physicians
        small businesses

2. Their AMAZING user agreement:
    http://dozierinternetlaw.cybertriallawyer.com

We do not permit you to view such [website html] code since we consider it to be our intellectual property.

Where are they coming from?

3. Dozier Internet Law and Sue Scheff

Sue Scheff was a client of Dozier Internet Law. She won an $11.3 million dollar verdict in her internet-defamation case; she later wrote a book Google Bomb. The defendant was Carey Bock of Louisiana.

But see http://www.usatoday.com/tech/news/2006-10-10-internet-defamation-case_x.htm. It turns out Ms Bock couldn't afford an attorney, as she was at the time of the case a displaced person due to Hurricane Katrina, and she did not appear in the case at all.

So we don't really know what happened. However, it is clear that at this point Ms Scheff has become a master at reversing being google-bombed; if you google for her name, her multiple blogs touting her book will likely lead the list.

Kindle case

see:
    http://online.wsj.com/article/SB123419309890963869.html
    http://www.engadget.com/2009/02/11/know-your-rights-does-the-kindle-2s-text-to-speech-infringe-au
    http://mbyerly.blogspot.com/2009/02/authors-guild-versus-amazon-kindle-2.html

The kindle is intended primarily for letting people read e-books. However, it also has a feature to read the book to you, using a synthesized voice. This potentially affects the audiobook market.

The Authors Guild has protested vehemently. But they apparently did not actually file a lawsuit against Amazon.

pro-kindle arguments:

Book publishers have already agreed to kindle distribution
the synthetic voice has no inflection or emotion
The synthetic voice does not constitute a "performance"
No copy is made [is this a legitimate argument?]
Amazon is a leading seller of audiobooks; arguably they don't see a negative effect on the market.
what about reading for the blind?
what about conventional-text-to-braille scanners?
existing audiobook formats (CDs) are unsatisfactory
use is transformative

anti-kindle arguments

The kindle infringes on the right to create audio recordings of books
creation of a spoken "performance" is not a right that was granted by purchasing the text.
publishers thought this was a text-only deal
people who buy e-books to listen to while driving now may not buy the audio book.

They are watching you: http://www.youtube.com/watch?v=8JNFr_j6kdI.

Is this a real threat? (See especially the section between 0:45 and 1:25)

I'm offering this as an example of a possible threat, but which definitely has elements of "paranoia" as well. (I imagine somewhere on YouTube there's a video of someone explaining the dangers of the government eavesdropping on your conversations by beaming lasers on your windows.)

Privacy

What is privacy all about? Baase (p 45) says it consists of

control of information about oneself: who knows what about you?
freedom from intrusion -- the right to be left alone in peace
freedom from surveillance (watched, listened to, etc)

Are these all? Note that Baase put control of information as #2; I moved it to #1.

In some sense the second one is really a different category: the need to get away from others. A technological issue here is the prevalence of phones, blackberries, and computers and the difficulty of getting away from work.

The third one is to some degree a subset of the first: who gathers information about us, and how is it shared? Another aspect of the third one is freedom from GOVERNMENTAL spying. Privacy from the government is a major part of Civil Liberties.

Privacy is largely about our sense of control of who knows what about us. We willingly put info onto facebook, and are alarmed only when someone reads it who we did not anticipate.

Privacy from:

government
commercial interests
workplace
local community (ie online info about us)

Sometimes, when we try to argue for our privacy, we get asked what do you have to hide? Is this fair?

On the other hand, should we care at all about privacy? Or is it just irrelevant?

Strange history: once upon a time we were mostly concerned about privacy from the government, not from private commercial interests.

Once upon a time, concern about privacy was on the decline. People knew about the junk-mail lists that marketers kept, but it did not seem important, especially to younger people.

In the last few years, privacy has become a significant issue. Why is this?

Psychologists have ways of defining general personality traits, eg the OCEAN set of

Openness (to new ideas and experiences)
Conscientiousness
Extraversion
Agreeableness
Neuroticism (tendency towards anxiety and worry)

(The Myers-Briggs system has four dimensions, and classifies you as at one end or the other (eg extraverted or introverted) on each axis.)

Are we approaching the point that outsiders can create a psychological profile of us using online data only?

Is this even what we mean by losing our privacy? Psychologists have suggested that "getting to know someone" is based significantly on the slow voluntary exchange of personal information.

Or is it much simpler: perhaps the marketing information about us was too remote for us to be concerned, but that Facebook has ushered in a new era of online information about our social situation: friends, events, likes, and that these are the things that are relevant in our day-to-day interactions with others.

Personalization

We understand that all sorts of online purchasing information is collected about us in order for the stores to sell to us again. Whenever I go to Amazon.com, I am greeted with book suggestions based on past purchases. But at what point does this information cross the line to become "personalized pitches"?

What if the seller has determined that we are in the category "price-sensitive shopper", and they then call/mail/email us with pitches that offer us the "best price" or "best value"? (See the box on Baase, p 78, for a related example. Here, the British Tesco chain determined which shoppers were "price-conscious", and also what they were most likely to buy. These products (maybe the top 20 in sales volume?) were then priced below Wal*Mart's prices.)

Political parties do this kind of personalization all the time: they tailor their pre-election canvassing to bring up what they believe are the hot-button issues for you personally.

What do computers have to do with privacy?

Old reason: they make it possible to store (and share) so much more data
Newer reasons:

They enable complex data mining
They allow us to find info on others via google
Records are kept that we never suspected (eg google searches)
Electronic eavesdropping

Baase, p 45: Communist East-German secret police Stasi, and non-computerized privacy invasion

Fourth amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

Baase p 47: computers "make it easy to produce detailed profiles of our personal characteristics, relationships, activities, opinions, and habits"

Maybe also of what sales pitches we're likely to respond to??

Some non-governmental privacy issues:

shopping data
RFID chips in cards and merchandise
search-engine queries
cellphone GPS data
event data recorders in automobiles

Caller ID

When it first came out in the early 1990's, Caller ID was widely seen as a privacy intrusion. That is, it took away your "right" to call someone anonymously. Actually, that is a plausible right if you're calling a commercial enterprise; if you don't want them calling you back, you should be able to refuse to give them your number.

Within a decade, Caller ID was widely seen as a privacy boost: you could control who could interrupt you. This is privacy in sense #2 above; the original issue was privacy in sense #1.

Caller ID never caught on with stores; it did catch on with ordinary people.

Is there any right to phone someone anonymously? What if you're trying to give the police a tip? What if you're a parole officer?

Maybe some of the most sensitive information gathered about us today is our location, typically from a cellphone. Traditional phones do not necessarily track GPS in real time, unless an emergency call is placed, but "smartphones" do this continuously in order to display advertisements for nearby businesses. What undesireable things could be done with this information?

We will return to this later.

http://pleaserobme.com, listing twitter/foursquare announcements that you will not be At Home (now "off"; I wish I'd kept some sample data)

In ~1990, a big privacy issue was Caller ID. Whose privacy was at stake?

Facebook has made us our own worst privacy leakers.

Facebook and college admissions, employment, any mixed recreational & professional use

Some specific things we may want to keep private, from a few years ago:

past lives (jobs, relationships, arrests, ...)
life setbacks
medical histories
mental health histories, including counseling
support groups we attend
organizations of which we are members
finances
legal problems (certainly criminal, and often civil too)
alcohol/drug use
tobacco or alcohol purchases
most sexual matters, licit or not
pregnancy-test purchases; contraceptive purchases
private digressions from public facade
different facades in different settings [friends, work, church]
comments we make to friends in context
the fact that we went to the bar twice last week
the fact that we did not go to the gym at all last week
minor transgressions (tax deductions, speeding, etc)

In keeping these sorts of things private, are we hiding something?

More significantly, what has the rise of Facebook done to this list? How much do we care about this "general background" information as opposed to the kind of information that leaks out of Facebook: who we partied with last night, what we drank, who we partied with five years ago, where we were last night given that we said we would be volunteering at the soup kitchen?

Sometimes we want to keep things private simply to avoid having someone else misinterpret them.

Is this list what is really important to us in terms of privacy? Or are we really only concerned with more intangible attributes?

Why do we care about privacy? Is it true that we wouldn't care if we had nothing to hide? What about those "minor transgressions" on the list? Are they really minor?

Or is is true that "we live 'in a nation whose reams of regulations make almost everyone guilty of some violation at some point'" [Baase p 69]

Once upon a time (in the 1970's) there was some social (and judicial) consensus that private recreational drug use was reasonably well protected: police had to have some specific evidence that you were lighting up, before they could investigate. Now, police are much more free to use aggressive tactics (eg drug-sniffing dogs without a warrant, though they can't use thermal imaging without a warrant).

Is this a privacy issue?

On page 47, Baase quotes Edward J Bloustein as saying that a person who is deprived of privacy is "deprived of his individuality and human dignity". Dignity? maybe. But what about individuality? Is there some truth here? Or is this overblown?

On page 67, Baase quotes Justice William O. Douglas as saying, in 1968,

In a sense a person is defined by the checks he writes. By examining them agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliation, educational interests, the papers and magazines he reads, and so on ad infinitum.

Nowadays we would add credit-card records. Is Douglas's position true?

Privacy from the government

This tends not to be quite as much a COMPUTING issue, though facial recognition might be an exception. "Matching" was an exception once upon a time. Interception of electronic communications generally fits into this category; the government has tried hard to make sure that new modes of communication do not receive the same protections as older modes. They have not been entirely successful.

To large extent, we'll deal with this one later.

One of the biggest issues with government data collection is whether the government can collect data on everyone, or whether they must have some degree of "probable cause" to begin data collection. On p 73 of Baase there is a paragraph about how the California Department of Transportation photographed vehicles in a certain area and then looked up the registered owners and asked them to participate in a survey on highway development in that area. Why might that be a problem?

Canadian position: government must have a "demonstrable need for each piece of personal information collected".

Commercial data, based on transaction history
    Primary use is some sort of marketing

Other data
    legal, workplace, medical, etc
    Traditional "paper" data;
    The computerization issue is easy/universal access to such data

personal
    facebook, etc

Some data collection that we might not even be aware of:

browser-search data from google
ISPs and browser-search data
web cookies
automobile event recorders
Event data recorders in cars: lots of cars have them.
fresh-values / preferred card
LOTS of people are uneasy about privacy issues here, but specific issues are hard to point to.
My local Jewel never asks for Preferred cards for alcohol sales
street-level car cameras
street-level pedestrian cameras
bookstore purchases
library records
RFID data
browser location data

Google Buzz

Google Buzz was google's first attempt at a social-networking site, back in ~2009[?]. When it was first introduced, your top gmail/gchat contacts were made public as "friends", even though the existence of your correspondence may have been very private. For many, the issue isn't so much that yet another social-networking site made a privacy-related goof, but that it was google, which has so much private information already. Google has the entire email history for many people, and the entire search history for many others. The Google Buzz incident can be interpreted as an indication that, despite having so much personal information, Google is "clueless" about privacy. At the very least, Google used personal data without authorization.

For many people, though, the biggest issue isn't privacy per se, but the fact that their "google profile" overnight became their buzz page, without so much as notification.

See http://www.nytimes.com/2010/02/15/technology/internet/15google.html.
Or http://searchengineland.com/how-google-buzz-hijacks-your-google-profile-36693.

Tyler Clementi

On September 19, 2010, Rutgers University Tyler Clementi asked his roommate to be out of the room for the evening. Clementi then had a sexual encounter with another male. The roommate, meanwhile, turned on his webcam remotely from a friend's room, watched the encounter, and streamed it live over the internet.
(More at http://news.yahoo.com/s/ap/20101001/ap_on_re_us/us_student_taped_sex.)

Three days later Clemente leapt to his death from the George Washington bridge, presumably because he felt "outed".

How much is this about harassment of homosexuals?

How much is this about bullying?

How much is this about invasion of privacy?

Would the situation be seen differently if Clemente's tryst had been with a woman?

Is this at all about "cyber harassment"?

Is it about abuse of "social media"?

What about "outing" that was once relatively common within the gay community?

What about Erin Andrews, the ESPN reporter who was videoed while undressed in her New York hotel room, allegedly by Michael Barrett, apparently now convicted? This video too was circulated on the internet; the case made headlines in July 2009 (though when the videos were actually taken is unclear). Barrett got Andrews' room number from the hotel, reserved a room next to hers, and either modified the door peephole somehow, or drilled a hole through the wall and added a new peephole.

Is Andrews' situation any different from Clementi's? (Aside from the part about damages to hotel property).

What should the law say here? Is it wrong to place security cameras on your business property? Is it wrong to place "nannycams" inside your house? What sort of notice do you have to give people?

When we record the ACM lectures at Loyola, what sort of notice do we have to give the audience? The speakers?

Note that in Illinois it is a felony to record conversations without the consent of all parties, even in a public place. In particular, this means you cannot record the police if they stop or harass you. Youalso cannot record others who harass you (eg in the workplace). More at http://www.chicagobreakingnews.com/2010/08/aclu-challenges-illinois-eavesdropping-act.html. For a stronger slant on the recording-police issue, see http://gizmodo.com/5553765/are-cameras-the-new-guns (there is at least some evidence that the Illinois law in question was intended to disallow recording of police).

Note: Under New Jersey’s invasion-of-privacy statutes, it is a fourth degree crime to collect or view images depicting nudity or sexual contact involving another individual without that person’s consent, and it is a third degree crime to transmit or distribute such images. The penalty for conviction of a third degree offense can include a prison term of up to five years.

New Jersey lists "nudity" and "sexual contact" as entitled to privacy; some other states list "expectation of privacy".

One final note: if Clementi killed himself simply because he had been "outed", then any sex partner could have outed him legally. Sex partners could not legally have filmed him without his consent, but (like the Paris Hilton sex tape) a lover could later release a tape that had been made with consent, or simply release a textual narrative.

AOL search leak, 2006

Baase p 48: search-query data: Google case, AOL leak.
In August 2006, AOL leaked (actually, released) 20,000,000 queries from ~650,000 people. MANY of the people involved could be individually identified, because they:

searched for their own name
searched for their car, town, neighborhood, etc

Many people searched for medical issues.

Wikipedia: "AOL_search_data_scandal"
Thelma Arnold

Mirror site: http://gregsadetsky.com/aol-data/

An article:
http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data

Google strongly resisted releasing "anonymized" search data to the government.

What would make search data sufficiently anonymous?

Question: Is it ethical to use the actual AOL data in research? What guidelines should be in place?

Are there other ways to get legitimate search data for sociological research?

Where is google-search-history stored on your computer?

What constitutes "consent" to a privacy policy?
Are these binding? (Probably yes, legally, though that is still being debated)

Have we in any way consented to having our search data released?

Pennsylvania school laptops

In the Lower Merion school district in Ardmore PA, school-owned laptops were sent home with students. School officials have now been accused of spying on students by turning on the laptops' cameras remotely, while the laptops were in the students' homes.

The school's position is that remote camera activation was only done when the laptop was reported lost or stolen, as part of the LANRev software package (see also the open-source preyproject.com site). Note that the current owners of LANRev now state:

We discourage any customer from taking theft recovery into their own hands," said Stephen Midgley, the company's head of marketing, in an interview Monday. "That's best left in the hands of professionals."

However, the AP article on the incident states the following:

The Robbinses said they learned of the alleged webcam images when Lindy Matsko, an assistant principal at Harriton High School, told their son that school officials thought he had engaged in improper behavior at home. The behavior was not specified in the suit.

"(Matsko) cited as evidence a photograph from the webcam embedded in minor plaintiff's personal laptop issued by the school district," the suit states.

Supposedly the camera was activated because the laptop was reported as missing, but that in the case in question the laptop was declared missing by the school because insurance fees were not paid. Matsko saw the student ingesting something that looked to her like drug capsules; the student in question claimed it was Mike-and-Ike candy and there was considerable corroborating evidence that that was the case.

Some technical details, including statements made by Mike Perbix of the school's IS department, are available at http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html. The stryde.hax article also makes the following claims:

Possession of a monitored Macbook was required for classes
Possession of an unmonitored personal computer was forbidden and would be confiscated
Disabling the camera was impossible
Jailbreaking a school laptop in order to secure it or monitor it against intrusion was an offense which merited expulsion

The first, if true, would seem odd; the other points are fairly standard (though black electrical tape is wonderfully effective at disabling what the camera can see).

Note that public schools are part of the government, and, as such, must abide by the Fourth Amendment (though schools may be able to search lockers on school property). (Loyola, as a private institution, is not so bound, though there are also several Federal statutes that appear to apply.)

Students and parents do sign an Acceptable Use policy. However, a signature is required for the student to be issued a laptop. Also, students are minors, and it appears to be the case that parents are not authorized to sign away the rights of minors.

In April 2010 the school's attorneys issued a report claiming there was no "wrongdoing", but nonetheless documenting rather appalling privacy practices. Some information from the report is at http://www.physorg.com/news192193693.html. The most common problem was that eavesdropping was not terminated even after the equipment was found.

Another school-laptop case

(Will these ever stop?)

Susan Clements-Jeffrey, 52-year-old long-term substitute teacher at Keifer Alternative School (K-12) in Springfield OH, bought a used laptop from one of her students in 2008. She paid $60 for it. That's cheap for a laptop, but the non-free application software had been removed and, well, the case sort of hinges on whether it was preposterously cheap. The lowest prices I could find for used laptops were ~$75, on eBay.

The laptop in fact had been stolen from Clark County School District in Ohio, and on it was LoJack-for-Laptops software to allow tracking. Once it was reported missing, the tracking company, Absolute Software, began tracking it. Normal practice would have been to track it by IP address (the software "phones home" whenever the computer is online, and then turn that information over to the police so they could find out where it was located, but Absolute investigator Kyle Magnus went further: he also recorded much communication via the laptop (including audio and video).

Clements-Jeffrey used the laptop for intimate (that is, sexually explicit) conversation with her boyfriend. Absolute recorded all this, including at least one nude image of Clements-Jeffrey from the webcam. Police eventually did come and retrieve the laptop; theft charges were quickly dropped.

Clements-Jeffrey, however, is now suing Absolute for violation of privacy, under the Electronic Communications Privacy Act that forbids interception of electronic communication. Absolute's defense has been that Clements-Jeffrey knew or should have known the laptop was stolen, and if she had in fact known this then her suit would likely fail. However, it seems likely at this point that she did not know this.

Absolute has also claimed that they were only acting as agent of the government (ie the school district). The school district denies any awareness that eavesdropping might have been done. And claiming that actions on behalf of a school district are automatically "under color of law" seems farfetched to me.

In August 2011, US District Judge Walter Rice ruled that Clements-Jeffrey's lawfacebook timelinesuit against Absolute could go forwards.

More at http://www.wired.com/threatlevel/2011/08/absolute-sued-for-spying.

Event data recorders in automobiles

Who owns the data? Should you know it is there?

What if it's explained on page 286 of the owners manual?

Should it be possible for the police or the vehicle manufacturer to use it AGAINST you at a trial?facebook timeline

See wikipedia: "Event_data_recorder"

Facebook and privacy

When did Facebook stop being "closed", ie access was limited to your "network" (eg Loyola)? Did anyone care?

Facebook privacy issues are getting hard to keep up with! For example, what are the privacy implications of Timeline? Switching to Timeline doesn't change any permissions, but all of a sudden it's much easier for someone to go way back in your profile.

Facebook know a lot about you. It knows

who your friends are
what you are writing to whom (using facebook)
your age
your education
your job (probably)
your hobbies
what you "like"
whether you are outgoing (extraverted?) or not

In May 2010 Facebook made perhaps their most dramatic change in privacy policy, when they introduced changes requiring that some of your information be visible to everyone: your name, your schools, your interests, your picture, your friends list, and the pages you are a "fan" of. Allegedly your "like" clicks also became world-readable. Here's an article by Vadim Lavrusik spelling out why this can be a problem: http://mashable.com/2010/01/12/facebook-privacy-detrimental. Lavrusik's specific concern is that he sometimes joins Facebook groups as part of journalistic investigation, not out of any sense of shared interest.

Here's a timeline of the progressive privacy erosion at facebook: eff.org/deeplinks/2010/04/facebook-timeline

Around the same time Facebook also proposed "sharing" agreements with some other sites, and made data-sharing with those sites the default. Some of the sites (from readwriteweb.com) are:

yelp.com: a restaurant/shopping/etc rating site
docs.com: a googledocs competitor owned by Microsoft
pandora.com (a web-radio site in which you say what music you "like" and you get similar music)

Eventually Facebook has again stepped back from a full roll-out of the sharing feature.

Facebook has long tinkered with plans for allowing a wide range of third-party sites to have access to your facebook identity. Back in 2007, this project was code-named Beacon. Supposedly the Beacon project has been dropped, but it seems the idea behind it has not.

Ironically, third-party sites might not need Facebook's cooperation to get at least some information about their visitors (such as whether they are even members of Facebook). Your browser itself may be giving this away. See http://www.azarask.in/blog/post/socialhistoryjs. (Note that this technique, involving the third party's setting up invisible links to facebook.com, myspace.com, etc, and then checking the "link color" (doable even though the link is invisible!) to see if the link has been visited recently, cannot reveal your username.)

After resisting the May 2010 uproar for a couple weeks, Facebook once again changed. However, they did not apologize, or admit that they had broken their own past rules.

Here's an essay from the EFF, http://www.eff.org/deeplinks/2010/05/facebook-should-follow, entitled Facebook Should Follow Its Own Principles, in which they point out that Facebook's 2009 principles (announced after a similar uproar) state

People should have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices.

But Facebook's initial stance in 2010 was that users always had the freedom to quit facebook if they didn't like it. Here's part of Elliot Schrage, FB VP for Public Policy, as quoted in a May 11, 2010 article at http://bits.blogs.nytimes.com/2010/05/11/facebook-executive-answers-reader-questions:

Joining Facebook is a conscious choice by vast numbers of people who have stepped forward deliberately and intentionally to connect and share. We study user activity. We’ve found that a few fields of information need to be shared to facilitate the kind of experience people come to Facebook to have. That’s why we require the following fields to be public: name, profile photo (if people choose to have one), gender, connections (again, if people choose to make them), and user ID number.

Later, when asked why "opt-in" (ie initially private) was not the default, Schrage said

Everything is opt-in on Facebook. Participating in the service is a choice. We want people to continue to choose Facebook every day. Adding information — uploading photos or posting status updates or “like” a Page — are also all opt-in. Please don’t share if you’re not comfortable.

That said, much of your information is still public by default.

Two weeks after Schrage's claim that users would always be free not to use Facebook if they didn't like it, Facebook CEO Mark Zuckerberg weighed in, with a May 24, 2010 article in the Washington Post: http://www.msnbc.msn.com/id/37314726/ns/technology_and_science-washington_post/?ns=technology_and_science-washington_post. In the article, Zuckerberg does not seem to acknowledge that any mistakes were made. He does, however, give some Facebook "principles":

You have control over how your information is shared.
We do not share your personal information with people or services you don't want.
We do not give advertisers access to your personal information.
We do not and never will sell any of your information to anyone.
We will always keep Facebook a free service for everyone.

The first principle is a step back from the corresponding 2009 principle.

Facebook vigorously claims that your information is not shared with advertisers, by which they mean that your name is not shared. However, your age, interests, and general location (eg town) are shared, leading to rather creepy advertisements at best, and cases where your identity can be inferred at worst.

Recall that advertisers are Facebook's real customers. They are the ones who pay the bills. The users are just users.

Deja News, once at deja.com (now run by google): where is it now? It still lets you search archives of old usenet posts, though the social significance of that is reduced in direct proportion to the reduced interest in Usenet. Think of being able to search for someone's years-old facebook posts, though (and note that there's no reason Facebook can't just enable this).

Facebook mini-feeds, Baase p 55
Allowed active notification to your friends whenever you change your page. Why was this considered to be a privacy issue?

I note that lots of people have left these enabled.

The mini-feed issue originally came up in 2006. However, modifications of the feature still occasionally reopen the privacy issue. The latest issue is that you can get "realtime" minifeed updates, and also somewhat fine-tune which updates you receive about whom; you can thus "eavesdrop" on someone by subscribing to everything they do on FB, and then monitoring the feed. See http://www.infoworld.com/t/social-networking/facebook-makes-it-easier-ever-eavesdrop-173657 for more detail. (Note on 9/29/2011: I could not get the realtime feeds shown in the infoworld article, now over a week old. Maybe FB has dropped this feature? Maybe the feature was timed to coincide with the public opening of google+?)

Is this a privacy issue or not?

Whatever one says about Facebook as a source of privacy lost, it is pretty clear to everyone that posting material to Facebook is under our control, though perhaps only in the sense that we participate in Facebook voluntarily. Thus, the Facebook privacy question is really all about whether we can control who knows what about us, and continue to use Facebook.