Computer Ethics, Summer 2012

Corboy Law 602; Tuesdays & Thursdays, 6:00-9:00
Week 3, Class 5
      

Readings

Read all of chapter 1 and the first three sections of chapter 4
  
Read Chapter 2, on privacy

Takehome midterm: to be released Saturday morning, June 9, on Blackboard, and due Monday, June 11, by midnight.


online music services and pricing differences for "computers" versus "portable devices": the privacy issue. Why should providers know just what kind of computer you have?


May 31, 2012: in Oracle v Google, the judge ruled that the Java API interface is not copyrightable
See: http://www.groklaw.net/article.php?story=20120531173633275
We will return to this when we consider patent protection for software.

Pennsylvania school laptops

In the Lower Merion school district in Ardmore PA, school-owned laptops were sent home with students. School officials have now been accused of spying on students by turning on the laptops' cameras remotely, while the laptops were in the students' homes.

The school's position is that remote camera activation was only done when the laptop was reported lost or stolen, as part of the LANRev software package (see also the open-source preyproject.com site). Note that the current owners of LANRev now state:

We discourage any customer from taking theft recovery into their own hands," said Stephen Midgley, the company's head of marketing, in an interview Monday. "That's best left in the hands of professionals."

Some sources:
Parents became aware of the incident when Blake Edwards, then 15, was called into the principal's office:

The Robbinses said they learned of the alleged webcam images when Lindy Matsko, an assistant principal at Harriton High School, told their son that school officials thought he had engaged in improper behavior at home. The behavior was not specified in the suit.

"(Matsko) cited as evidence a photograph from the webcam embedded in minor plaintiff's personal laptop issued by the school district," the suit states. [AP article]

Ms Matsko had seen the student ingesting something that looked to her like drug capsules; the student in question claimed it was Mike-and-Ike candy and there was considerable corroborating evidence that that was the case. It is not clear whether Matsko had formally disciplined the student.

Supposedly the laptop camera was activated because the laptop was reported as missing, but that in the case in question Robbins had, according to the school district, been issued a "loaner" laptop because he had not paid the insurance fees for a regular laptop. Loaner laptops were not supposed to go home with students, but it is not clear that Robbins was ever told that. Furthermore, there were about two weeks' worth of photos collected by the webcam, despite Robbins' regular attendance at school.

Some technical details, including statements made by Mike Perbix of the school's IS department, are available at http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html. The stryde.hax article also makes the following claims:
The first, if true, would seem odd, in that generally students also have the option of using school computing labs plus home computing resources; the other points are fairly standard (though black electrical tape is wonderfully effective at disabling what the camera can see).

The Strydehax article also makes it clear that Perbix had gone to some lengths to disable the camera for student use, but to still allow the camera to be used by the administrative account. Perbix had written on https://groups.google.com/group/macenterprise/browse_thread/thread/98dd9da15da4189f/d461836b9996c4d8?lnk=gst&q=perbix+isight (google login may be necessary):

[to disable the iSight camera] You have can simply change permission on 2 files...what this does is prevent internal use of the iSight, but some utilities might still work (for instance an external application using it for Theft tracking etc)...I actually created a little Applescript utility and terminal script which will allow you to do it remotely, or allow a local admin to toggle it on and off.

Some students noticed that the LED by the camera occasionally blinked or came on. They were apparently told this was a glitch, and not that the camera was tracking them (student testimonials in this regard are on the Strydehax site).

Before the laptops were even handed out, Perbix had replied to another employee's concern with the following (from wikipedia):

[T]his feature is only used to track equipment ... reported as stolen or missing. The only information that this feature captures is IP and DNS info from the network it is connected to, and occasional screen/camera shots of the computer being operated.... The tracking feature does NOT do things like record web browsing, chatting, email, or any other type of “spyware” features that you might be thinking of.

Note that public schools are part of the government, and, as such, must abide by the Fourth Amendment (though schools may be able to search lockers on school property). (Loyola, as a private institution, is not so bound, though there are also several Federal statutes that appear to apply.)

Students and parents do sign an Acceptable Use policy. However, a signature is required for the student to be issued a laptop. Also, students are minors, and it appears to be the case that parents are not authorized to sign away the rights of minors.

A second student, Jalil Hasan, also had his webcam activated. he had apparently lost his laptop at school; it was found and he retrieved it a couple days later. However, his webcam was now taking pictures, and continued to do so for two months.

In April 2010 the school's attorneys issued a report claiming there was no "wrongdoing", but nonetheless documenting rather appalling privacy practices. Some information from the report is at http://www.physorg.com/news192193693.html. The most common problem was that eavesdropping was not terminated even after the equipment was found.

In October 2010, the Lower Merion School District settled the Robbins and Hasan cases for $610,000. Of that amount, 70% is for attorneys' fees.

The FBI did investigate for violations of criminal wiretapping laws. Prosecutors eventually decided not to bring any charges. While there may not have been criminal intent, the policies of the school and its IT group showed a gross disregard for basic privacy rights. While "accidentally" taking pictures remotely might be a possibility, going ahead and then using those pictures (eg to discipline students, or even to share them with teachers and academic administrators) is a pretty clear abuse of privacy rules.

Another school-laptop case


Susan Clements-Jeffrey, 52-year-old long-term substitute teacher at Keifer Alternative School (K-12) in Springfield OH,  bought a used laptop from one of her students in 2008. She paid $60 for it. That's cheap for a laptop, but the non-free application software had been removed and, well, the case sort of hinges on whether it was preposterously cheap. The lowest prices I could find for used laptops were ~$75, on eBay.

The laptop in fact had been stolen from Clark County School District in Ohio, and on it was LoJack-for-Laptops software to allow tracking. Once it was reported missing, the tracking company, Absolute Software, began tracking it. Normal practice would have been to track it by IP address (the  software "phones home" whenever the computer is online, and then turn that information over to the police so they could find out where it was located, but Absolute investigator Kyle Magnus went further: he also recorded much communication via the laptop (including audio and video).

Clements-Jeffrey used the laptop for intimate (that is, sexually explicit) conversation with her boyfriend. Absolute recorded all this, including at least one nude image of Clements-Jeffrey from the webcam. Police eventually did come and retrieve the laptop; theft charges were quickly dropped.

Clements-Jeffrey, however, has now sued Absolute for violation of privacy, under the Electronic Communications Privacy Act that forbids interception of electronic communication. Absolute's defense has been that Clements-Jeffrey knew or should have known the laptop was stolen, and if she had in fact known this then her suit would likely fail. However, it seems likely at this point that she did not know this.

Absolute has also claimed that they were only acting as agent of the government (ie the school district). The school district denies any awareness that eavesdropping might have been done. And claiming that actions on behalf of a school district are automatically "under color of law" seems farfetched to me.

In August 2011, US District Judge Walter Rice ruled that Clements-Jeffrey's lawfacebook timelinesuit against Absolute could go forwards. In September there was an undisclosed financial settlement.

More at http://www.wired.com/threatlevel/2011/08/absolute-sued-for-spying.

Event data recorders in automobiles

Who owns the data? Should you know it is there?

What if it's explained on page 286 of the owners manual?

Should it be possible for the police or the vehicle manufacturer to use it AGAINST you at a trial?

See wikipedia: "Event_data_recorder"

Facebook and privacy

When did Facebook stop being "closed", ie access was limited to your "network" (eg Loyola)? Did anyone care?

Facebook privacy issues are getting hard to keep up with! For example, what are the privacy implications of Timeline? Switching to Timeline doesn't change any permissions, but all of a sudden it's much easier for someone to go way back in your profile.

Facebook know a lot about you. It knows
In May 2010 Facebook made perhaps their most dramatic change in privacy policy, when they introduced changes requiring that some of your information be visible to everyone: your name, your schools, your interests, your picture, your friends list, and the pages you are a "fan" of. Allegedly your "like" clicks also became world-readable. Here's an article by Vadim Lavrusik spelling out why this can be a problem: http://mashable.com/2010/01/12/facebook-privacy-detrimental. Lavrusik's specific concern is that he sometimes joins Facebook groups as part of journalistic investigation, not out of any sense of shared interest.

Here's a timeline of the progressive privacy erosion at facebook: eff.org/deeplinks/2010/04/facebook-timeline

Around the same time Facebook also proposed "sharing" agreements with some other sites, and made data-sharing with those sites the default. Some of the sites (from readwriteweb.com) are:
Eventually Facebook has again stepped back from a full roll-out of the sharing feature.

Facebook has long tinkered with plans for allowing a wide range of third-party sites to have access to your facebook identity. Back in 2007, this project was code-named Beacon. Supposedly the Beacon project has been dropped, but it seems the idea behind it has not.

Ironically, third-party sites might not need Facebook's cooperation to get at least some information about their visitors (such as whether they are even members of Facebook). Your browser itself may be giving this away. See http://www.azarask.in/blog/post/socialhistoryjs. (Note that this technique, involving the third party's setting up invisible links to facebook.com, myspace.com, etc, and then checking the "link color" (doable even though the link is invisible!) to see if the link has been visited recently, cannot reveal your username.)

After resisting the May 2010 uproar for a couple weeks, Facebook once again changed. However, they did not apologize, or admit that they had broken their own past rules.

Here's an essay from the EFF, http://www.eff.org/deeplinks/2010/05/facebook-should-follow, entitled Facebook Should Follow Its Own Principles, in which they point out that Facebook's 2009 principles (announced after a similar uproar) state

People should have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices.

But Facebook's initial stance in 2010 was that users always had the freedom to quit facebook if they didn't like it. Here's part of Elliot Schrage, FB VP for Public Policy, as quoted in a May 11, 2010 article at http://bits.blogs.nytimes.com/2010/05/11/facebook-executive-answers-reader-questions:

Joining Facebook is a conscious choice by vast numbers of people who have stepped forward deliberately and intentionally to connect and share. We study user activity. We’ve found that a few fields of information need to be shared to facilitate the kind of experience people come to Facebook to have. That’s why we require the following fields to be public: name, profile photo (if people choose to have one), gender, connections (again, if people choose to make them), and user ID number.

Later, when asked why "opt-in" (ie initially private) was not the default, Schrage said

Everything is opt-in on Facebook. Participating in the service is a choice. We want people to continue to choose Facebook every day. Adding information — uploading photos or posting status updates or “like” a Page — are also all opt-in. Please don’t share if you’re not comfortable.

That said, much of your information is still public by default.


Two weeks after Schrage's claim that users would always be free not to use Facebook if they didn't like it, Facebook CEO Mark Zuckerberg weighed in, with a May 24, 2010 article in the Washington Post: http://www.msnbc.msn.com/id/37314726/ns/technology_and_science-washington_post/?ns=technology_and_science-washington_post. In the article, Zuckerberg does not seem to acknowledge that any mistakes were made. He does, however, give some Facebook "principles":
The first principle is a step back from the corresponding 2009 principle.

Facebook vigorously claims that your information is not shared with advertisers, by which they mean that your name is not shared. However, your age, interests, and general location (eg town) are shared, leading to rather creepy advertisements at best, and cases where your identity can be inferred at worst.

Recall that advertisers are Facebook's real customers. They are the ones who pay the bills. The users are just users.

 
Deja News, once at deja.com (now run by google): where is it now? It still lets you search archives of old usenet posts, though the social significance of that is reduced in direct proportion to the reduced interest in Usenet. Think of being able to search for someone's years-old facebook posts, though (and note that Facebook Timeline has in effect enabled just this).
 

 
Facebook mini-feeds, Baase p 55
Allowed active notification to your friends whenever you change your page. Why was this considered to be a privacy issue?

I note that lots of people have left these enabled.

The mini-feed issue originally came up in 2006. However, modifications of the feature still occasionally reopen the privacy issue. The latest issue is that you can get "realtime" minifeed updates, and also somewhat fine-tune which updates you receive about whom; you can thus "eavesdrop" on someone by subscribing to everything they do on FB, and then monitoring the feed. See http://www.infoworld.com/t/social-networking/facebook-makes-it-easier-ever-eavesdrop-173657 for more detail. (Note on 9/29/2011: I could not get the realtime feeds shown in the infoworld article, now over a week old. Maybe FB has dropped this feature? Maybe the feature was timed to coincide with the public opening of google+?)

Is this a privacy issue or not?

Whatever one says about Facebook as a source of privacy lost, it is pretty clear to everyone that posting material to Facebook is under our control, though perhaps only in the sense that we participate in Facebook voluntarily. Thus, the Facebook privacy question is really all about whether we can control who knows what about us, and continue to use Facebook.


Facebook data reapers

How about this site: Social Intelligence Corp, www.socialintel.com.

What they do is employee background screening. They claim to take some of the risk out of do-it-yourself google searches, because they don't include any information in their report that you are not supposed to ask for. What they do is gather all the public Facebook information about you (and also from other sources, such as LinkedIn), and store it. They look, in particular, for
While they do not offer this upfront, one suspects they also keep track of an unusually large number (more than four?) of drunken party pictures.

Think you have no public Facebook information? Look again: the information does not have to have been posted by you. If a friend posts a picture of you at a party, and makes the album world-viewable, there may have gone your chance for that job at Microsoft.

To be fair, Social Intelligence is still fine-tuning their rules; the latest version appears to be that they keep the information for seven years, but don't release it in a report unless it's still online at the time the report is requested. Unless things change, and they need to go back to the old way to make more money.

In June 2011 the FTC ruled that Social Intelligence's procedure was in compliance with the Fair Credit Reporting Act.

See:
Is this a privacy issue?


While we're on the subject of data collection, consider ChoicePoint and Acxiom. (ChoicePoint is now LexisNexis.com/risk (for Risk Solutions)

Look at the websites. Are these sites bad?

What if you are hiring someone to work with children? Do such employees have any expectation of privacy with regard to their past?

ChoicePoint sells to government agencies data that those agencies are often not allowed to collect directly. Is this appropriate?

ChoicePoint might argue that it is similar to a credit bureau, though exempt from the rules of the Fair Credit Act because they don't actually deal with credit information.

Baase p 60: "At least 35 government agencies are or were clients of ChoicePoint". Some of the data collected (again from Baase):
(By the way, if a company offering you for a job pushes you hard to tell them your birthdate, which is illegal for companies with four or more employees, they are probably after it in order to search for criminal-background data.)

Facebook and other sites

Facebook now shows up on unrelated sites. Sites are encouraged to enable the Facebook "like" button, and here's an example of theonion.com displaying my (edited) friends and their likes: http://cs.luc.edu/pld/ethics/theonionplusFB.html. How much of this is an invasion of privacy?

While Facebook does seem interested in data-sharing agreements with non-FB sites, it is often not at all clear when such sharing is going on. The two examples here, for example, do not necessarily involve any sharing. An embedded "like" button, when clicked, sends your information to Facebook, which can retrieve your credentials by using cookies. However, those credentials are hopefully not shared with the original site; the original site may not even know you clicked "like". As for the box at theonion.com listing what my friends like, this is again an example of "leased page space": Facebook leases a box on theonion.com and, when you visit the site, it retrieves your FB credentials via cookie and then fills in the box with your friends' "likes" of Onion articles. The box is like a mini FB page; neither the likes nor your credentials are shared with The Onion.

One concern with such pseudo-sharing sites is that they make it look like sharing is in fact taking place, defusing objections to such sharing. If someone does object, the fact that no sharing was in fact invoved can be trotted out; if there are not many objections, Facebook can pursue "real" sharing agreements with confidence. They also make it harder to tell when objectionable sharing is occurring.

An example of a true data-sharing agreement would be if a restaurant-review site let you log into their site using your Facebook cookies, and then allowed you to post updates about various restaurants.

Facebook "connections": http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook

Your connections are not communications with other users, but are links to your school, employer, and interests. It is these that Facebook decided to make "public" in May 2010; these they did back off from.

Facebook and advertising

Facebook claims that user data is not turned over to advertisers, and this seems true (with a couple slip-ups): advertisers supply criteria specifying to whom their ads will be shown, and Facebook shows the ads to those users. For example, if I see an ad for "Illinois drivers age 54", it doesn't mean that Facebook has turned over my age; it is more likely that the advertiser has created an ad for each age 30-65, perhaps, and asks Facebook to display to a user the one that matches his or her age.

Once you click on the ad, however, the advertiser does know what ad you are responding to, and thus knows your age if you choose to give them your name. There was a slip-up a couple years ago where game sites (often thinly veiled advertising) were able to obtain the Facebook ID of each user. Here's what they say:

In order to advertise on Facebook, advertisers give us an ad they want us to display and tell us the kinds of people they want to reach. We deliver the ad to people who fit those criteria without revealing any personal information to the advertiser.

For more information on how to do this, see http://www.facebook.com/adsmarketing/index.php?sk=targeting_filters. Facebook supports targeting based on:
Note that you don't get to choose what attributes advertisers can use, because advertisers do not see them! And Facebook itself has access to everything (duh).

Like → advertisement

FB "likes" have long been somewhat randomly displayed to Friends. But FB has a new (in 2012) feature: social advertisements. Now, if you "like" something on Facebook, it may automatically be converted to an advertisement, paid for by the company whose product you liked. You can block this, but by default this is apparently allowed. Did you know this?

Here's an example: http://www.nytimes.com/2012/06/01/technology/so-much-for-sharing-his-like.html?_r=2. Nick Bergus discovered that Amazon was selling personal lubricant in 55-gallon-drum quantities, and posted a satirical "like". Actually, he posted a comment. Much to Nick's surprise, his "comment" became part of an ad for the product shown to his friends, paid for by Amazon; FB's policy is that an advertiser may purchase any likes/comment it wishes and convert them to paid ads, with no royalties to the liker. Such "social ads" are displayed only to friends of the liker [if I understood this correctly]. Note, however, that presumably none of Mr Bergus' friends would have been targeted for this particular ad if Mr Bergus hadn't "endorsed" the product. Alas for FB, Amazon and perhaps Mr Bergus, FB's ad-selection mechanism seems to be clueless about the realities of sarcasm.

Here is the relevant part of the policy, from May 2012:

10. About Advertisements and Other Commercial Content Served or Enhanced by Facebook

Our goal is to deliver ads that are not only valuable to advertisers, but also valuable to you. In order to do that, you agree to the following:
  1. You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us. You give us permission to use your name and profile picture in connection with that content, subject to the limits you place.
  2. We do not give your content or information to advertisers without your consent.
  3. You understand that we may not always identify paid services and communications as such.
Conversely, if you do not use your privacy settings to limit how your identity may be used in ads, you have agreed to such use!

Here are FB's rules for social ads:
I tried setting my social-ad preferences. I found them at Privacy Settings → Ads, Apps and Websites → Ads → Edit Settings. My settings were "no one"; I have no idea why.


Facebook and privacy more fine-grained than the Friend level

What if you've Friended your family, and your school friends, and want to put something on your wall that is visible to only one set? The original Facebook privacy model made all friends equal, which was sometimes a bad idea. Facebook has now introduced the idea of groups: see http://www.facebook.com/groups. Groups have been around quite a while, but have been repositioned by some (with Facebook encouragement) as subsets of Friend pools:

Have things you only want to share with a small group of people? Just create a group, add friends, and start sharing. Once you have your group, you can post updates, poll the group, chat with everyone at once, and more.

For better or worse, groups are still tricky to manage, partly because they were not initially designed as Friend subsets. When posting to a group, you have to go to the group wall; you can't put a message on your own wall and mark it for a particular group. News feeds for group posts are sometimes problematic, and Facebook does not make clear what happens if a group posting is newsfed to your profile and then you Comment on it. You may or may not have to update your privacy settings to allow group posts to go into your newsfeed. Privacy Settings do not mention Groups at all (as of June 2011).

Maybe the biggest concern, however, is that Facebook's fast-and-furious update tradition is at odds with the fundamental need to be meticulous when security is important.

Google+ came out with circles, which promptly changed all this. FB has now introduced new competitive features (groups), which I have been too lazy to bother with. (Part of the issue is that FB groups were invented to deal with larger-scale issues; as originally released they were an awkward fit for subsets of Friends.)

But the issue is not really whether they work. Here's a technical analogue: are NTFS file permissions better than Unix/Linux? Yes, in the sense that you can spell out who has access to what. But NTFS permissions are very difficult to audit and to keep track of; thus, in a practical sense, they have been a huge disappointment.


Finally, here is a lengthy essay by Eben Moglen, author of the GPL, on "Freedom in the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing": http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html. Mr Moglen adds some additional things that can be inferred from Facebook-type data: You get free email, free websites, and free spying too!

Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.

Because he harnessed Friday night. That is, everybody needs to get laid and he turned it into a structure for degenerating the integrity of human personality and he has to a remarkable extent succeeded with a very poor deal. Namely, “I will give you free web hosting and some PHP doodads and you get spying for free all the time”. And it works.Takehome midterm

Later:

I’m not suggesting it should be illegal. It should be obsolete. We’re technologists, we should fix it.

Did Google+ fix anything? Does anyone trust google more than Facebook? Google+ circles do seem easier to use.



Here are some of the June 2010 Facebook privacy settings (that is, a month after the May 2010 shift), taken from privacy settings → view settings (basic directory information). Note that there is by this point a clear Facebook-provided explanation for why some things are best left visible to "everyone".

Your name, profile picture, gender and networks are always open to everyone. We suggest leaving the other basic settings below open to everyone to make it easier for real world friends to find and connect with you.

* Search for me on Facebook
This lets friends find you on Facebook. If you're visible to fewer people, it may prevent you from connecting with your real-world friends.
      Everyone

* Send me friend requests
This lets real-world friends send you friend requests. If not set to everyone, it could prevent you from connecting with your friends.
      Everyone

* Send me messages
This lets friends you haven't connected with yet send you a message before adding you as a friend.
      Everyone

* See my friend list
This helps real-world friends identify you by friends you have in common. Your friend list is always available to applications and your connections to friends may be visible elsewhere.
      Everyone

* See my education and work
This helps classmates and coworkers find you.
      Everyone

* See my current city and hometown
This helps friends you grew up with and friends near you confirm it's really you.
      Everyone

* See my interests and other Pages
This lets you connect with people with common interests based on things you like on and off Facebook.
      Everyone

Here are some more settings, from privacy settings => customize settings (sharing on facebook)

    * Things I share
          o Posts by me (Default setting for posts, including status updates and photos)
                Friends Only
          o Family:                                                 Friends of Friends
          o Relationships:                                        Friends Only
          o Interested in and looking for:                Friends Only
          o Bio and favorite quotations:                 Friends of Friends
          o Website:                                               Everyone
          o Religious and political views:                 Friends Only
          o Birthday:                                               Friends of Friends
         .
    * Things others share
          o Photos and videos I'm tagged in:                Friends of Friends
          o Can comment on posts:                             Friends Only
          o Friends can post on my Wall:                    Enable
          o Can see Wall posts by friends:                  Friends Only
    * Contact information
          o Friends Only

The core problem here is not that these settings are hard to do, or that the defaults are bad. The core problem is simply that you keep having to make new settings, as things evolve. Examples:
Another issue is whether the settings options are user-friendly. Here's a technical analogue: are NTFS file permissions better than Unix/Linux? Yes, in the sense that you can spell out who has access to what. But NTFS permissions are very difficult to audit and to keep track of; thus, in a practical sense, they have been a huge disappointment.


SCOTUS cases on privacy -- Baase pp 69ff


1928: Olmstead v United States
The 4th amendment does NOT apply to wiretaps

1967: Katz v United States
The 4th amendment does too apply to wiretaps! Privacy may still exist in a public area.
Katz was using a pay phone; the FBI had a microphone just outside the phone booth. To the appellate court, the fact that the microphone did not intrude into the phone booth was significant in finding for the FBI, but the supreme court reversed.

Doctrine of "reasonable expectation of privacy" (REoP) replaced the doctrine of "physical intrusion"

Problem with REoP: as technology marches on, isn't our reasonable expectation diminished? And does this then give the government more license to spy?


1976: US v Miller
information we share with others (eg our bank) is NOT private. Government can ask the bank, and get this information, without a warrant. (However, the bank could in those days refuse.)

1979: Smith v Maryland
Reduction of REoP by the police is not SUPPOSED to diminish our 4th-amendment rights. However, in that case the supreme court ruled that "pen registers" to record who you were calling did NOT violate the 4th amendment.

http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=CASE&court=US&vol=442&page=735


Application of the Fourth Amendment depends on whether the person invoking its protection can claim a "legitimate expectation of privacy" that has been invaded by government action. This inquiry normally embraces two questions: first, whether the individual has exhibited an actual (subjective) expectation of privacy; and second, whether his expectation is one that society is prepared to recognize as "reasonable."

First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must "convey" phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial....

If you want to keep a number private, don't call it!

Note the crucial issue that the defendant voluntarily shared the number with the phone company!

Justices Stewart & Brennan dissented

The telephone conversation itself must be electronically transmitted by telephone company equipment, and may be recorded or overheard by the use of other company equipment. Yet we have squarely held that the user of even a public telephone is entitled "to assume that the words he utters into the mouthpiece will not be broadcast to the world." Katz v. United States

What do you think of this distinction? Is there a difference between sharing your phone number with the phone company and sharing your actual conversation with them?


2001: Kyllo v United States

Thermal imaging of your house IS a 4th-amendment search! This is a very important case in terms of how evolution in technology affects what is a REoP

http://www.law.cornell.edu/supct/html/99-8508.ZS.html

Held: Where, as here, the Government uses a device that is not in general public use, to explore details of a private home that would previously have been unknowable without physical intrusion, the surveillance is a Fourth Amendment “search,” and is presumptively unreasonable without a warrant.

How long into the future will this hold? Could it be that part of the issue was that the general public was not very aware of the possibility of thermal imaging? If thermal imaging were to come into not only general public awareness but also general public use (eg by equipping cellphones with IR cameras), would the situation change?

I believe there was a trial-level civil case in which a judge ruled that eavesdropping on someone else's phone call made on an old-fashioned cordless phone (remember those?) was not an invasion of privacy because no one had a "reasonable expectation of privacy" when using a cordless phone because "everyone" knew that it was easy to listen in to someone else's call simply by playing with the channel button. However, I cannot find this case.

2012: United States v Antoine Jones

Jones was an alleged cocaine dealer in the Washington, DC area. Police attached a GPS tracker to his car while it was parked in the driveway. By following him over a 30-day period, the police were able to build a strong case against him. But Jones argued that such tracking was unreasonable warrantless search, despite a 1983 Supreme Court ruling that allowed wireless tracking for single trips. The Department of Justice argued that no one has a REoP regarding his or her movements on public streets. The DoJ also pointed to the 1983 US v Knotts case in which police had the manufacturer attach a radio beeper to a drum of chloroform. When Knotts purchased the drum, police used the beeper to track him to his cabin in the woods.

In August 2010, the DC Court of Appeals agreed with Jones, and overturned his conviction.

The ninth circuit and the seventh circuit (including Illinois) had ruled otherwise, however.

The Supreme Court ruled unanimously in January 2012 that "the Government’s attachment of the GPS device to the vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a search under the Fourth Amendment." As such, a warrant would be required.

However, by 5-4 the court also ruled that the issue here was the government's trespass onto private property to install the GPS tracker. That is, the court did not rule broadly (by explicit choice!) on the question of whether sustained GPS tracking itself violated a person's reasonable expectation of privacy. Justice Scalia wrote the majority opinion, arguing that rules against government trespass should coexist with the REoP approach, and that this particular case could be decided on trespassing grounds without the need to consider REoP (which others on the court agreed was a problematic standard). Note that the trespass ruling makes the decision consistent with Knotts.

Jones will be tried again, but this time without the GPS evidence.


The FBI and cellphone location records
nearest-tower (cell-handoff) records v GPS records
Supposedly the Justice Department gets warrants for GPS data (nearest few feet), but usually does not for nearest-tower data (which positions you to within a few miles at worst, a few hundred feet at best).

Another distinction is between realtime data (where you are now) and "historical" data (where you were).

The federal government has tried to claim that nearest-tower data simply amounted to "routine business records". Are they?

Note that the Jones opinion does not apply here as the police do not trespass when they acquire GPS phone records.


Video surveillance -- Baase p 72


This is a big issue in Chicago, where there are both "obvious" and "hidden" cameras.

2001 Super Bowl: Tampa police used facial-recognition software on all 100,000 fans. It didn't work terribly well.

London: heavy camera use to:

London in 2005:
What about the rate of false positives?

Should the London cameras be used to track lesser crimes, such as pickpocketing? Supposedly the Chicago street cameras have been quite effective in handling minor crimes.


Baase p 61: case study on federal DB on all US college students. The database would list all courses taken, with grades; it would also include loan and scholarship records.

Good example of a fairly common situation: creation of a new database containing confidential information.

Benefits:

Drawbacks:

Is such a database a good idea?

What if in 2012 a law is passed giving prospective employers access to the data, if the job applicant signs a consent form? What do you think would happen if you refused to sign?

Related "database-matching" issue: should the government be able to link databases of:


Joe the Plumber

aka Samuel Joseph Wurzelbacher

He went to an Obama rally and asked a serious question about Obama's tax plan (in which he apparently confused income with profit). Obama made his "spread the wealth" remark in response. After this was in the press, McCain ran with it, and referred to him multiple times in the debate, as a symbol of middle-america and small businesses.

One reporter (in a print newspaper column I failed to save) argued that Wurzelbacher should have no expectation of privacy. At what point does this become true? Is it true of Obama? Was it true for Palin, or McCain? Wurzelbacher did try to capitalize on his sudden fame, and some might argue that in doing so he lost his expectation of privacy. But suppose he had tried to remain a private citizen?

Allegations about him:
Lucas county clerk of courts: http://apps.co.lucas.oh.us/onlinedockets/Default.aspx

Search for "Wurzelbacher".

Is the availability of this kind of search appropriate?

See also Baase, §2.3.5, on Public Records. Her examples include:

What of the above is legitimate to talk about for a private citizen?
At what point did Wurzelbacher stop being a private citizen?

Wurzelbacher asked Obama a financial question. Does this make W's income and taxes fair game? What about his child-support records?

Aw, to hell with facts: see http://www.slate.com/id/2202480

Search records and computer forensics

In 2002, Justin Barber was found shot four times on a beach in Florida. None of his injuries were serious. His wife April, however, had been shot dead. Barber described the event as an attempted robbery.

There were some other factors though:
Police searched Barber's computer for evidence of past google searches. They apparently did not contact google directly. Barber had searched for information on gunshot wounds, specifically to the chest, and under what circumstances they were less serious. Barber was convicted.

More at: http://news.cnet.com/8301-13578_3-10150669-38.html


Case of Lee Harbert:
Harbert's vehicle struck and killed Gurdeep Kaur in 2005. Harbert fled the scene. When arrested later, his defense was that he thought he had hit a deer. But his on-computer searches were for
    "auto glass reporting requirements to law enforcement"
    "auto glass, Las Vegas" (the crime was in California)
    "auto theft"
He also searched for information on the accident itself. Harbert too was convicted.
   
more at http://news.cnet.com/8301-13578_3-10143275-38.html


Case of Wendi Mae Davidson
Police found her husband's body in a pond at the ranch where Davidson boarded her horse. Police found the ranch itself by attaching a GPS recorder to her car. Davidson also used an online search engine to search for the phrase "decomposition of a body in water".

More at http://news.cnet.com/Police-Blotter-Murderer-nabbed-via-tracking,-Web-search/2100-7348_3-6234678.html

Case of Neil Entwistle

Entwistle's wife Rachel and daughter Lillian were found shot to death in January 2006. Neil had departed for England. Besides the flight, there was other physical evidence linking him to the murders. However, there was also the google searches:

A search of Entwistle's computer also revealed that days before the murders, Entwistle looked at a website that described "how to kill people" ....

More at http://en.wikipedia.org/wiki/Neil_Entwistle

How do such cases relate to the AOL search-data leak, and Thelma Arnold?
While none of the AOL individuals was charged with anything, some of their searches (particularly those related to violent pornography) are rather disturbing.


Where is google-search-history stored on your computer? Is it stored anywhere, anymore? Does this make you more interested in duckduckgo.com (and donttrack.us)?


Theories of Privacy

Is it obsolete?

See Baase, p 92. Is it true that "young people of today" are not as concerned about privacy?

WHY?

Warren and Brandeis, 1890

(Louis Brandeis later became a supreme-court justice.) They argue for the principle of "inviolate personality" that gives everyone specific rights regarding their personal information. Their primary concern was apparently newspaper gossip columns. Their argument was that repeating "private" information about someone violated a fundamental right. Baase, p 106.

Problems arise here because Warren and Brandeis were not able to formulate precisely what was meant by an "inviolate personality", or to explain at what point your rights to your inviolate personality give way to the Public's Right To Know. For government officials, for example, the right of the voters to know what they are really like might be very important.

Another issue is that WB seemed most concerned with publication of data that violated our privacy. What if it is just made available to a selected few? Employers? People on some committee at our church? Car-rental agencies? People with some self-defined Need To Know, such as our annoying neighbors? This is not normally understood to be publication.

Thomson, 1975

Judith Jarvis Thomson argued against the WB position, claiming that every time a privacy right is violated, there is in fact some other, more concrete, right being violated. Hence, we do not need special privacy rules. One of her examples is the Magazine Scenario: if you don't want people to read it, you can keep it private. If they break into your house, they have broken the law. If someone interrogates you violently and thus obtains private information, the real issue is the violence and not the privacy invasion. If a company reveals information about you in a way that is contrary to their own privacy policy that you accepted, they are violating your contractual rights. A less-clear example is the Shower Scenario: she argues that if someone peeps at you while you shower, they have violated your "right to your person". Is this just a WB-style privacy right, or is the "right to your person" more concrete and limited?

Others have tried to find examples where your right to privacy was violated, but no other rights were. What if someone reads your email? Are there other rights involved besides your right to privacy?

Transactions

On pp 108-109, Baase describes a scenario involving Joe, Maria, and some potatoes. Joe buys the potatoes from Maria; Maria sells the potatoes to Joe. Who owns the information about the transaction? Either party might want the information kept private; does the other party then have an obligation to keep it so? Or does the privacy-concerned party have to add that into the contract up-front, so that if Joe wants it private then he might have to pay more, or if Maria wants it private then she might have to charge less?

Who is the transaction about?

Another example is the making of "connections" visible to Everyone on Facebook: which party is in charge here?

In the real world, sellers are often large corporations. When we as individuals buy things, the balance of power is skewed in favor of the larger seller. Does this change things?

Property Rights to Personal Information

Do we have such rights? What about "negative" information, such as
One immediate issue is the transactions one: is a tenant's late-payment history their property, or the landlord's? Judge Richard Posner (Seventh Circuit appellate judge who has written several opinions involving economic arguments) has said that personal information that is not "expensive" in the economic sense should receive more protection.


Theories of Privacy 2

Free-market privacy

[Baase 114] The argument here is that our information is something we have a right to sell. We are informed consumers, and if we want to sign up for a Dominick's Preferred Card, we have a right to. Similarly, we have the ability not to share our personal information with websites that do not have good privacy policies, and Baase has argued that many websites have as a result of this become very interested in their privacy policies [Baase p 77, p 104]. Or is it just that companies don't want the bad publicity that comes with a bad privacy policy plus an incident?

This approach to privacy means that we just accept that we can't get the lowest prices and privacy, or we can't get certain websites without advertising, or certain jobs without waiving our rights to certain private information, or use certain social-networking sites without sharing some of our private information with the world.

In terms of protection of our personal data in the hands of corporations, this approach suggests that businesses will protect our data because they don't want the liability that comes with accidental release. Specific regulations are not necessary.

Our right to privacy here is the negative right, or liberty, not to share our personal information.

Question: is it wrong to offer poor people the option of selling away their fundamental rights? We do not, for example, allow poor people to sell their kidneys, and we do not allow them to let their children go to work at age 14. W e do not allow workers covered by Social Security to take the money and invest it privately.

But we do allow better-off consumers to "sell" some of thethoseir privacy in exchange for lower grocery prices; why should worse-off consumers be denied this? Or should everyone be denied this?

Consumer protection and privacy

[Baase 115] The alternative approach is that we need lots of government regulations to protect ourselves, because we just can't keep track of all the implications of revealing each data item about us. There should be rules against keeping certain data, even with our consent, because society can't be sure such consent is freely given.

A central idea of regulations is that we are denied the right to do certain things (eg sell some of our private information), on the theory that most people will not understand the full scope of the transaction, and there is nothose practical way of separating those who don't from those who do.

Large corporations with our data have an unequal share of the power. We need fundamental positive rights that say others have an obligation to us not to do certain things with our data (like share it).

This approach is likely to lead to an "opt-in" requirement for use of private data, rather than an "opt-out".

Are we hiding something?

Well, are we? If we do not consent to surveillance of everything we're doing, are we hiding something? The obvious answer is "yes", but are we hiding something that our neighbors or the government have a right to know?

Workplace privacy of email

One fairly basic principle the courts have used is whether or not one has a "reasonable expectation of privacy". However, this doesn't always mean quite what it seems.

Smyth v Pillsbury, 1996

Summary: Michael Smyth worked for Pillsbury, which had a privacy policy governing emails that said Pillsbury would NOT use emails against employees, and that emails "would remain confidential and privileged". Specifically, Pillsbury promised that e-mail communications could not be use against its employees as grounds for termination or reprimand.

Smyth and his boss exchanged emails in which marketing employees were discussed in an unflattering light. The phrase "kill the backstabbing bastards" appeared.

Smyth and his boss got fired, based on the contents of their emails to each other.

Smyth sued for wrongful termination. He lost.

Bourke v. Nissan:

California similar case: Bourke worked for Nissan; email was reviewed, it was highly personal, she got low evaluation. The email probably but not definitively contributed.

Shoars v. Epson: California

Alana Shoars was involved in email training at Epson. She found supervisor Hillseth had been printing and reading employee emails. She objected, and removed some of the printouts from Hillseth's office. She also reported the incident to Epson's general manager. Hillseth then had Shoars fired, allegedly because she had asked for a private email account that was not accessible by Hillseth. Epson had informed employees that email was "private and confidential". California had a law prohibiting tapping of telephone lines. The law may have covered other communications, but that part was dismissed on a technicality: tapping alone didn't constitute eavesdropping, and the eavesdropping issue was never brought up.



Smyth v Pillsbury, 1996

Summary: Michael Smyth worked for Pillsbury, which had a privacy policy governing emails that said Pillsbury would NOT use emails against employees, and that emails "would remain confidential and privileged". Specifically, Pillsbury promised that e-mail communications could not be use against its employees as grounds for termination or reprimand. Smyth was, however, fired for the contents of his email. He sued for wrongful discharge, and lost.

Federal District Court within Pennsylvania, 1996. Case was dismissed after a preliminary hearing (not a trial).
The District Court opinion is at http://cs.luc.edu/pld/ethics/smyth_v_pillsbury.html.

Judge: Charles Weiner

Whatever happened to the contractual issue? Hint: there is a long history of cases upholding "employment at will" doctrine. Still, there is also a long list of situations where at-will employment is protected:

Ownership of the email system does not matter. Consider the following:

Do any of these ownership categories give the owner the right to listen to phone calls / read letters / snoop in apartments?

How would the case have been different if:

Discussion of Smyth v Pillsbury:

Contract v Tort: Judge Weiner held that corporate eavesdropping is not offensive.  (Could it be offensive because the company had promised not to??)

Judge says Smyth lost because email was "utilized by entire company" and Smyth's emails were "voluntary".

Were they? What does this have to do with anything? The use of the word "voluntary" is in contrast to mandatory urinalysis cases.

From the decision:

we do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurances that such communications would not be intercepted by management.

...
even if we found that an employee had a reasonable expectation of privacy in the contents of his e-mail communications over the company e-mail system, we do not find that a reasonable person would consider the defendant's interception of these communications to be a substantial and highly offensive invasion of his privacy.

"Reasonable expectation of privacy" does not mean the search is "offensive". Only searches that are "offensive" would allow legal action regarding firing of an "at-will" employee. Weiner is arguing here that the search did not even violate a REoP, let alone rise to the level of being offensive.

Judge: Pillsbury's actions did not "tortiously" (that is, in violation of some tort, or general non-contractual duty) invade privacy.

unstated by judge: prevention of sexual harassment as justification. This provides a legitimate "motive" for corporations to read all employee email. The judge did state

Moreover, the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments.

Arguably, though, the Smyth kind of talk between "buddies", with the self-image projected to fit that context, is exactly what some interpretations of privacy are about. Not all context is "professional".

What if Pillsbury recorded spoken water-cooler or bathroom conversation?

What the heck is a "reasonable expectation of privacy"??? "In the absence of a reasonable expectation of privacy, there can be no violation of the right to privacy."

Could Smyth have sued for DAMAGES, instead of reinstatement? Could Smyth have sued for contractual obligations?

The judge essentially ignored Smyth's complaint that Pillsbury had promised not to use the contents of emails in disciplinary actions. Here is a footnote to his ruling: ["estoppel" is eh-STOP-uhl]

FN2. Although plaintiff does not affirmatively allege so in his Complaint ... the allegations in the Complaint might suggest that plaintiff is alleging an exception to the at-will employment rule based on estoppel, i.e. that defendant repeatedly assured plaintiff and others that it would not intercept e-mail communications and reprimand or terminate based on the contents thereof and plaintiff relied on these assurances to his detriment when he made the "inappropriate and unprofessional" e-mail communications in October 1994. The law of Pennsylvania is clear, however, that an employer may not be estopped from firing an employee based upon a promise, even when reliance is demonstrated. [emphasis by pld] Paul v. Lankenau Hospital, 524 Pa. 90, 569 A.2d 346 (1990).

[Generally, estoppel means prohibiting ("estopping") a party to a lawsuit from doing something they had promised not to do; in this case, firing Smyth.]

In other words, this footnote states there is legal precedent for rejecting a lawsuit for reinstatement that hinged on the fact that Pillsbury had promised not to examine employee email. Smyth was careful to phrase his argument in terms of invasion of privacy, but perhaps the judge thought that was really just trying an end run around this estoppel rule.

Jurisdiction problems: what if one party to an email lives in a state that grants statutory privacy protections? This problem comes up all the time with phone calls:

Worldcom case: Plaintiffs were Kelly Kearney and Mark Levy; they worked for a company acquired by Worldcom. Their calls were recorded in Georgia, but plaintiffs were calling from California, which forbids recording without notification of ALL parties. They sued the Georgia company that made the recordings, in California. They lost at the trial-court and appellate-court levels, but the California Supreme Court found in their favor, in principle. The court found that recording of calls involving Californians that violated California law could be prosecuted in California no matter where the recording took place, but also declared that, because this was a close issue, it would only apply to future cases.

Illinois law similarly makes it illegal to record a phone conversation (or any conversation) without the consent of all parties.

Massachusetts case: jurisdiction depends on where wiretapping physically took place, not where the speakers were. How does telephony relate to email? What is our expectation of privacy? 

What about use of, say, a personal gmail account while at work? If employer monitors transactions with gmail.com? If employer obtains email from google directly?

Loyola policy: luc.edu/its/policy_email_general.shtml (discussed below)

Persistence: email sticks around, although people traditionally use it as if it were like the phone.

The bottom line of Judge Weiner's ruling is that there is "no reasonable expectation of privacy for work email" and they can read it even if they promise not to. Alternatively, such a privacy invasion is not offensive enough to warrant interference with the employment-at-will doctrine.

That "even if they promised not to" part fits in with longstanding law regarding employment-at-will.

Judge Weiner spelled out that exceptions to the employment-at-will doctrine may only be made for compelling public-policy reasons. Smyth had claimed that preventing violations of privacy would be a sufficient public-policy reason. Pennsylvania law defined a tort of "intrusion upon seclusion" (not exactly the form of privacy Smyth was concerned with, but close enough), but defined it to mean "intrusion [that] would be highly offensive to a reasonable person".

The judge then felt that Smyth's situation simply did not rise to this level. In fact, the judge did not feel that Smyth even had a "reasonable expectation of privacy".

Judge Weiner did make two somewhat unusual points. First, that "once [Smyth] communicated the alleged unprofessional comments to a second person (his supervisor),... any reasonable expectation of privacy was lost." In other words, something is private only if you keep it entirely to yourself; no transaction or communication with another person can ever be private. That theory would appear to strip all phone conversations of privacy protection. The second point was that the email was voluntary: "we find no privacy interests in such communications." Again, that would seem to strip email and telephone conversations of privacy rights.

Do you think this is an example of a case where the judge did not "get it"? Or was Judge Weiner onto something?

Who decides when we have a "reasonable expectation of privacy"? If most people think email privacy is easy to breach, does it lose protection? Is this case about the judge not "getting it" that email privacy is not about "whoever owns the equipment can do what they want"? Is email any easier to spy on than the phone?


 So do we have a reasonable expectation of privacy in email, at least for home use if not in the workplace? Arguably more people do now than in 1996. Did a lack of understanding of email privacy back then saddle us with the permanent idea that we had no reasonable expectation of privacy in workplace email?


Paul v Lankenau Hospital
    524 Pa. 90, 93, 569 A.2d 346,348 (1990) 
    (PA court Atlantic Reporter reference 2nd Series, vol 569 Starts page 346, actual reference on page 348)

Dr Parle Paul, MD, would take home discarded hospital equipment. He would sell it or send it to clinics in Yugoslavia, his homeland. He got permission to take five discarded refrigerators. Unfortunately, he apparently did not have the RIGHT permission.

Oops.

He was fired, and filed suit in state court for reinstatement and for defamation.

A jury trial resulted in a verdict in Paul's favor, both for damages and reinstatement. Superior court affirmed. The appellate court reversed the reinstatement order.

From the appellate decision:

Equitable estoppel is not an exception to employment at-will. The law does not prohibit firing of an employee for relying on an employer's promise.

Exceptions to the [at-will firing] rule have been recognized in only the most limited circumstances, where discharges of at-will employees would threaten clear mandates of public policy. [some such: racial/ethnic discrimination, whistleblowing, refusal to commit illegal acts, unionizing, ...]

Look at this another way. Smyth and his lawyers knew that he could be fired for any reason, regardless of Pillsbury's promises to the contrary. Pillsbury cannot be estopped from firing him just because they promised not to.

Smyth was asking for application of the tort of invasion of privacy to be applied. A "tort" is essentially a common-law right that has been breached, as opposed to a contractual right. Tortious invasion of privacy exists, but the standards are high and privacy must be a reasonable expectation.

In court cases, you can't add 30% of an argument for equitable estoppel ("hey, they promised!") and 70% of an argument for tortious invasion of privacy ("they listened in!") to get 100% of a case. ONE argument must be 100% sound.