In a party line vote, the Republican-controlled House dealt a blow to internet privacy advocates on Wednesday, passing a bill that would roll back Obama-era protections on consumer data. President Donald Trump is expected to sign the bill, according to the White House. Undoing the rules, which were set to take effect at the end of the year, might signal a new path for the Federal Communications Commission, favoring unfettered industry growth over consumer-friendly protections.

Last October, the FCC enacted a new set of rules against internet service providers (ISPs) like AT&T, Verizon, and Comcast, barring them from collecting consumer data such as browsing habits, app history, and location data. Personal information, like a customer’s social security number, was also safeguarded. Though internet companies like Google and Facebook use customers’ data as currency in selling targeted advertisements, the FCC decided ISPs should not be granted the same unregulated access.

Those protections will vanish with the new law, as would the ability for the FCC to draft similar rules in the future. “Today’s vote means that Americans will never be safe online from having their most personal details stealthily scrutinized and sold to the highest bidder,” Jeffrey Chester, executive director of the Center for Digital Democracy told The Washington Post.

Privacy advocates argue repealing the protections will grant ISPs access to customer data in a bid to boost profits. Instead of simply providing a channel for internet access, ISPs are now wading into territory dominated by billion-dollar mammoths like Google and Facebook: targeted advertising.

So while the protections would not have barred those companies from accessing user data to sell to advertising agencies and marketers, privacy advocates argue ISPs have access to a wider range of data than search engines and other websites, and thus should be more restricted. Some also worry that net neutrality–the policy that internet providers treat the web as a level playing field–could be next on the chopping block.

But opponents of the rules, and champions of the new path the FCC seems to be following, say that the rules would have stifled innovation. Industry advocates say the rules defined privacy too broadly (browsing and app history should not be private, they argue), and provided an unfair advantage to other data-collectors like Google, as the rules only targeted ISPs.

“There is no lawful, factual or sound policy basis to justify a discriminatory approach that treats ISPs differently from some of the largest companies in the Internet ecosystem that engage in similar practices,” The Internet & Television Association, an industry trade group, said last October when the rules were passed.

Ajit Pai, the newly-appointed FCC chairman, said the Federal Trade Commission, a consumer protection agency, will work together with the FCC to “ensure that consumers’ online privacy is protected through a consistent and comprehensive framework.” He said “jurisdiction over broadband providers’ privacy practices” would be returned to the FTC. But Pai added the FCC could still bring privacy-related lawsuits against ISPs.

Rep. Mike Doyle (D-PA), who voted against the bill, said in a House committee hearing on Monday that he worries that in the absence of regulations, ISPs will abuse their data-collecting power. “One would hope — because consumers want their privacy protected — that they would be good actors, and they would ask permission and do these nice things,” said Doyle. “But there’s no law now that says they have to, and there’s no cop on the beat saying, ‘Hey, we caught you doing something.’”

Alec Siegel

Alec Siegel is a staff writer at Law Street Media. When he’s not working at Law Street he’s either cooking a mediocre tofu dish or enjoying a run in the woods. His passions include: gooey chocolate chips, black coffee, mountains, the Animal Kingdom in general, and John Lennon. Baklava is his achilles heel. Contact Alec at ASiegel@LawStreetMedia.com.

The post Congress Passes Bill to Roll Back Internet Privacy Protections appeared first on Law Street.

Does privacy even exist in the digital world these days? Many argue no, as more and more companies use elaborate software to track their customers’ precise locations, spending habits, facial features, and shopping preferences. Uber is just the latest company to come under fire for going “big brother” on its customers.

Uber recently announced a plan to track customers through the app, even if the user shuts it off, deletes it, and even turns off the GPS function. Last Monday, a formal complaint was filed against Uber by the nonprofit research group Electronic Privacy Information Center (EPIC) at the Federal Trade Commission (FTC) in Washington, DC. This was done in an effort to get the agency to prohibit the taxi-service company from instituting these new changes.

Uber will soon be able to track your location even if you exit the app and have GPS turned off http://t.co/RZUN2EaMej pic.twitter.com/StttNhjVqr

— Business Insider (@businessinsider) June 23, 2015

These new updates are expected to take effect around July 15th, a decision that Uber announced on May 28th, although not without some serious uproar.

If you are an Uber user, your every move will soon be able to be tracked; this revelation has left many customers on edge. What’s most appalling about this update is that it will let the company trace not only the whereabouts of its customers, but also everywhere that they’ve ever traveled while they’ve had the app on their phones. This is a major issue that people have with this update since the company will retain all the past location data of its consumers, with no indication when this information will be deleted, if ever.

Despite the backlash over this new policy, Uber stated that there is no support for these allegations made by EPIC. It claims that these changes in data collection are being done solely to help Uber optimize its services so that it can improve customer satisfaction. The company believes that it is completely necessary to track its customers’ every move in order to provide optimal services with shorter wait times. Uber does not see any problems with this new update, nor any truth in the many complaints against it. It also claims that its customers’ privacy is of its utmost concern.

Uber has a reputation for breaching the privacy of its customers, as this is not the first time that the app has been criticized by the public. It has encountered numerous lawsuits lately, such as when it was accused of tracking a customer without first receiving consent, cheating customers, and failing to meet local regulations in the United States.

Despite there being some extreme opposition to this change in the privacy policy of the app, there are some people who see the benefits of it. Some state that since this update has the potential to drastically change a customer’s experience so it is worth the hassle. This update would likely help Uber to figure out where most of its customers are so it can concentrate drivers in the most popular areas.

Uber remains one of the growing giants of the tech industry, it has been valued at $40 billion even though it was created only six years ago, and it continues to grow at absurd rates. For a company that is still so new, it is imperative for it to maintain its following and to keep the public’s interest. It currently provides millions of trips a day for users across the globe, and so the last thing Uber wants to do is upset its loyal customers.

Infringing on people’s privacy can be quite daunting, especially for those who have secrets to hide. Americans today are very conscious of their security, and so the thought of a company having access to your exact location at all times can seem frightening. Uber claims that it will give all customers the option of whether or not to report their location data back to the company, however, this choice will not be possible to disable on all phones.

Not only will this new update track customers’ locations, but it will also access users’ contact lists upon approval. Uber is doing this so that it can send promotions to riders’ friends and family, and to also implement its improved “split fare” feature. Communicating with a person’s contacts in such a manner might even be breaking a federal law, which states that a company can’t call or text people without first getting written permission.

It seems that Uber tried to keep the implications of this new update under the radar, although EPIC is not about to let it slide for violating its customers’ fundamental rights to privacy. The group is outraged at this new policy change, as it stated that it finds it to be a threat to people’s overall safety and privacy rights, it could create a substantial risk of harm for customers, and that it would “constitute an unfair and deceptive trade practice.”

Don’t people have the right to feel secure within their own devices? In an age where virtually anything can be found or performed online, people want to feel like their privacy is always being protected. There is currently no word as to whether the FTC will investigate the claims made by EPIC, although it might have to as this story continues to develop and gain publicity.

Toni Keddell

Toni Keddell is a member of the University of Maryland Class of 2017 and a Law Street Media Fellow for the Summer of 2015. Contact Toni at staff@LawStreetMedia.com.

The post Uber Users: Beware of Tracking Software appeared first on Law Street.

The latest development in the saga over the National Security Administration’s (NSA) bulk data collection just occurred, as an appeals court ruled that the NSA’s actions were illegal. This is big, as this ruling may pave the way for changes in the surveillance programs conducted on the American people by the NSA.

The American Civil Liberty Union (ACLU) led a case against the NSA’s bulk data collecting procedures that developed in the wake of Edward Snowden’s revelations. As soon as this information was brought to light, many Americans reacted with outrage, demanding an explanation and justification from the government. Immediately, the NSA and the Obama Administration cited the Patriot Act as a defense–the broad piece of legislation passed in the immediate aftermath of the 9/11 terrorist attacks. The intention of the Patriot Act is to combat terrorism and prevent an attack like 9/11 from ever occurring again on American soil. While the Patriot Act originally passed with incredibly strong support–only Senator Russ Feingold (D-WI) voted against it–it has since come under intense criticism for its breadth and implications.

One particularly broad section of the Patriot Act was used to justify the NSA bulk collection of phone records. There’s a provision in it that permits the collection of “business records deemed relevant to a counterterrorism investigation.” However, the Appeals Court ruled that this provision simply does not allow a bulk collection of any and all phone records, which is pretty much what the NSA was doing.

Interestingly enough, the appeals court did not rule on the actual constitutionality of the NSA’s data collection. Rather the court stated that the provision of the Patriot Act being used to defend it simply did not apply. As the Wall Street Journal explains:

The court declined to address the issue of whether the program violates Americans’ rights, because, they found, it was never properly authorized by existing law.

The case was also sent back to a lower court for review in light of this decision; however, this ruling, no matter how specific and limited, does create an interesting conundrum in the halls of Congress. The much-maligned Patriot Act is currently up for debate. The provision that the government was relying upon to justify NSA spying will actually expire on June 1 if no action to reauthorize or extend it is taken by Congress. By stating that the provision of the Patriot Act used to justify this spying is not applicable, the judges have put another task on Congress’ to do list if they want the NSA data collection program to continue. The move to shift the responsibility to Congress’ lap wasn’t particularly subtle either. The three judge panel even stated:

We do so comfortably in the full understanding that if Congress chooses to authorize such a far‐reaching and unprecedented program, it has every opportunity to do so, and to do so unambiguously.

While this ruling by no means ensures any sort of end to the NSA’s heavily criticized phone data collection program, it certainly is a blow to the administrations that touted its legality under the Patriot Act, and a blow to the Patriot Act itself. Given the Congress’ lack of productivity and rampant disagreement there’s no way to tell what ramifications this ruling will have.

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post NSA’s Surveillance of Americans’ Phone Conversations Ruled Illegal appeared first on Law Street.

As we live in the New Media Age, the internet has become an omnipotent tool that millions of us use every day for a variety of reasons. The internet changed the way we go about our daily lives, providing a myriad of possibilities to meet people, organize tasks, buy products, and even search for people’s public records with the click of a mouse.

Read More: The Big Business of Big Data

As the information broker industry is rapidly growing, the United States is struggling to catch up and adopt comprehensive data protection laws to regulate it. This prompts a discussion on how to balance online access to public records and personal privacy. Read on to learn more about data protection and freedom of information laws, the data broker industry, and the consequences of easy access to online public records.

What are public records?

Public records are documents that can be openly accessed for inspection by any person. Often, personal information becomes a part of a public record when a person interacts with government agencies on the local, state, or federal level. Public records can include quite a collection of data: birth, marriage, death, arrest, tax, property ownership, driver’s license, occupational licenses, and voter registration information. Most of the time, providing personal information to government agencies is mandatory, leaving individuals no choice but to disclose their addresses, social security numbers (SSNs), and medical or employment histories. For example, if one donates over $200 to a political campaign, he has to provide his name, address, and employment information. All of the provided data automatically becomes a matter of an individual’s public record, and can be accessed through countless information broker websites. Court files are also public records, and all information contained within the files, with few exceptions, can be accessed without legal restrictions as well.

How do you access public records?

Historically, public records could be obtained only in paper form by physically going to the government agency or court house that collected and stored the applicable information. Starting in the mid-1990s, courts and government agencies began to provide online access to their public records directories, and to sell public files to information brokers and data compilers. Now, government or information broker websites can provide easy access with just the click of a mouse. The data broker industry is booming with thousands of companies selling all sorts of public records online.

What are information brokers?

Information brokers are companies that collect all sorts of data, including internet browsing information like consumer survey data and social media profiles, analyze an individual’s information, package it, and sell it to advertising and marketing companies. Some of the information brokers also obtain public records from local, state, and federal government agencies, and re-sell them online, adding appropriate packaging and a more sophisticated design to the reports. Many of these companies provide access to public records on a subscription basis, when a member pays a monthly fee for unlimited access to millions of public records. As there are virtually no laws that directly pertain to the information broker industry, public records can be accessed by anyone, regardless of their purpose and intentions. There are also no licensing requirements, no central registration system of any sort, and no mechanism through which it would be possible to request a copy of a personal public record that has been circulating online. Even though the information broker industry has been operating for decades, its volume and scope is much greater now, with thousands of companies mining and compiling individuals’ public records, ready to reveal our most sensitive personal data to anyone at any time.

Watch the video below to learn more about information brokers.

What are the laws that govern the information broker industry in the U.S?

The information broker industry is governed by various data protection and freedom of information laws. While the United States strongly adheres to freedom of information practices codified in the Freedom of Information Act (FOIA), there is no comprehensive data protection legislation, except for narrowly applicable laws that are subject-specific and limited in scope.

Freedom of Information Laws 

Freedom of information is a fundamental human right recognized in international law and in many national laws around the globe. As of 2012, there were 93 countries that adopted comprehensive freedom of information laws or similar administrative regulations. In the United Sates, the right to access information from the federal government is outlined in the Freedom of Information Act (FOIA), a comprehensive law that provides government accountability and safeguards the freedom to access public records. In addition to this federal legislation, each state has some sort of FOI laws, with different degrees of accessibility and restrictions. As the information broker industry provides services in relation to availability of information contained in public records, it operates within the FOI legal framework.

Data Protection Laws

Data protection laws are centered on safeguarding personal information from unauthorized usage. Worldwide, more than 80 countries have adopted comprehensive laws to uphold the privacy of their citizenry. In 1970s there were only eight countries that had data privacy laws on the books; in 2010 the number skyrocketed to 89. The United States is one of only a few developed countries that doesn’t have a comprehensive law that protects online privacy, but instead relies on sectorial laws that provide limited amounts of regulation and have many loopholes. Most of these laws pertain to personal information held by the federal government, while legislation that regulates personal information in public records systems is essentially limited to the Fair Credit Reporting Act (FCRA).

The Fair Credit Reporting Act

The Fair Credit Reporting Act (FCRA) is guided by the fair information practices that were developed by the Department for Health, Education, and Welfare in the 1970s. On the whole, FCRA regulates the practices of credit reporting agencies. It promotes agencies’ accountability and safeguards security of personal data. The law requires information to be accurate, purpose specific, and accessible. It also outlines limitations on collection and usage of personal data as pertaining to credit reporting.

California’s Data Privacy Laws

California is one of the few states that protects the personal privacy of its residents as it pertains to online access to public records. In 2003, it enacted the Online Privacy Protection Act (OPPA) that requires websites that collect personal information on California residents to post and comply with the privacy policy of the state. In 2013, California enacted so-called “Don’t Track” legislation (AB 370) that requires certain websites to disclose information on how they collect data and track users. During the same year, the Right to Know Act was introduced in the State Assembly, but it failed to pass due to strong opposition from the trade groups representing the information technology industry. If enacted, it would require data brokers to provide a copy of an individual’s stored information upon request.

Case Study: Instant Checkmate

Instant Checkmate is a California-based people search engine that operates by compiling and selling instant access to criminal background checks. Originally, Instant Checkmate was a small internet startup, but it recently gained popularity due to its appealing packaging and additional features, such as its public criminal records directory, crime wire blog, and reverse phone look up.

Notably in 2014, Instant Checkmate paid $525,000 in a settlement for allegedly violating the Fair Credit Reporting Act. The lawsuit, filed by the Federal Trade Commission (FTC), claimed that the company was operating as a consumer reporting agency, but wasn’t complying with FCRA regulations, including accuracy of provided information and verification of the identity of those who were requesting consumer reports through its website.

Now, the company markets itself as a tool to locate childhood friends and check out online dates. When you enter the website, the first thing you see is a notice that states:

You may not use our service or the information it provides to make decisions about consumer credit, employers, insurance, tenant screening, or any other purposes that would require FCRA compliance.

As the FCRA is limited to regulating credit reporting agencies only, it’s not applicable to the rest of the information broker industry. In order to avoid FCRA regulations many information broker companies simply run a disclaimer stating that they are not a credit reporting agency, and continue to operate outside any legal framework that pertains to  personal privacy. Instant Checkmate is one of many information broker companies that has used this tactic to escape FCRA compliance.

Watch the video below to learn more about Instant Checkmate, how it operates, and how the information obtained through its platform can be used by the third parties.

What are the advantages of online access to public records?

Online access to public records further upholds freedom of information as a fundamental right, and provides certain benefits to consumers and employers.

Benefits for the Citizenry

Access to public records is a mechanism to monitor the government as it allows its citizenry to review official actions and keep government agencies accountable. Online access to public records is an additional and more powerful tool to safeguard liberties and to ensure transparency of governmental practices. In this regard, the internet provides a platform to oversee and track government actions in relation to various matters, including decisions in individual cases.

Benefits for Consumers

Access to public records is an important consumer tool that is widely used in spheres such as employment, child support, retirement, and identity theft prevention, just to name a few. Online access to public records can highly benefit consumers and those who directly interact with government agencies and courts, if public records are accurate and up-to-date.

Benefits for Employers

In addition, access to public records can help employers screen applicants to decrease liability implications in the future. If using appropriate channels of inquiry, online background checks can assist employers in choosing the right candidate for the position.

What are the disadvantages of online access to public records?

Online access to public records increases privacy concerns, especially when the information broker industry lacks government oversight and is poorly regulated.

Discrimination and the Rise of the “Dossier Society”

Due to the fact that everybody can access public records online, individuals’ pasts become a matter of the present, including any transgressions, law violations, or simply embarrassing moments. In turn, it leads to discrimination and disenfranchisement of individuals whose records are not squeaky clean, denying them employment opportunities, normal relationships, and, simply, privacy. Some experts predict that in the future we could become a “dossier society,” meaning a society where everybody has an electronic profile that provides a detailed account of the individual’s life. In this view, a dossier society won’t allow social forgiveness and will force those who have blemishes on their records to work low-paying jobs without any possibilities for professional growth and development.

Economic Crimes

Most public records, including divorce decrees, child custody cases, and bankruptcy filings, contain sensitive information such as SSNs, financial account numbers, and dates of birth. Allowing online access to those records increases the risk of economic crimes, particularly identity theft. Online access to public records exacerbates the problem of financial fraud as it’s relatively easy to obtain personal information on the web as there are hundreds of websites that provide detailed records for a small fee. Identity theft has devastating consequences for victims as they cannot obtain credit, home loans, employment, or rent apartments.

Data in the Courtroom

Details of court cases, including the personal information of plaintiffs, defendants, and witnesses, becomes a part of the court record, and, therefore, public records. Not only can revealing personal data discourage plaintiffs from proceeding with cases, but can undermine the safety of those who are involved in the proceedings, including witnesses who testify against one of the parties. In addition, defendants often use personal medical or sexual history to promulgate damaging allegations against plaintiffs in medical bill payment or sexual harassment cases. Online access to public records facilitates the process of obtaining court files, making it relatively easy to mine personal data that can be used to alter court proceedings.

Inaccurate Information

Many times allegations that are made during court proceedings turn out to be false, particularly in disputes between business partners, former lovers, or neighbors. As a result, inaccurate information becomes a matter of an individual’s pubic record. As public records can be widely accessed online, inaccuracies in connecting information to specific individuals also frequently occur. In addition, some information brokers’ files can be outdated, creating additional errors in background reports. Mismatches and inaccuracies in personal data reports can link individuals to crimes they didn’t commit, deny them opportunities for employment, and destroy their reputations. In 2002, a New York resident was awarded $450,000 in damages as his profile contained a false criminal conviction.

Personal Safety

As many information broker companies claim that their services can ensure personal safety by revealing criminal histories of online dates, neighbors, and other acquaintances, online background checks can also do exactly the opposite and jeopardize safety for some people. As personal information of witnesses and victims is a matter of a public record, if their identities and addresses are revealed, they can be targeted by criminals for retribution, stalked, or even re-victimized by their domestic partner.

Targeting Consumers

Information broker companies are clearly making money from compiling and selling public records online. Not only do they amass information from different government websites, but re-package and sort it, creating a brand new product in order to earn additional profit. Information from online public records is extensively used by commercial profilers for marketing and advertising purposes. Business owners also often use information from online public records to target specific groups, including those with credit or bankruptcy problems, for advertising.

Watch the video below to learn more about information brokers and how they are mining, compiling, and selling personal data to third parties.

Conclusion

Without a doubt, citizens of any democratic society should have a right to access public records in order to hold their government accountable and keep its practices transparent. At the same time, personal information of individuals should be protected, and, for that reason, the information broker industry should be regulated to make sure that unauthorized users don’t have access to sensitive and often private matters. As this technology progresses, these questions will all need to be considered.

 Resources

Primary

California Legislative Information: AB-1291 Privacy: Right to Know Act of 2013

California Constitution: Article 1 Declaration of Rights

California Legislative Information: AB-370 Consumers: Internet Privacy

U.S. Department of Justice: The Freedom of Information Act

Additional

Social Science Research Network: Global Data Privacy Laws: 89 Countries, and Accelerating

Privacy Rights Clearinghouse: Public Records on the Internet: The Privacy Dilemma

Electronic Privacy Information Center: Privacy and Public Records

Top Ten Reviews: Instant Checkmate

Yahoo Finance: Free Public Criminal Records Directory Offered on Instant Checkmate Website

New Media Institute: What is New Media?

International Association for Social Science Information Services and Technology: Data Protection and Privacy in the United States and Europe

FreedomInfo: 93 Countries Have FOI Regimes, Most Tallies Agree

CNN Money: Data Brokers Settle Charges Over Background Checks

Crime Wire: An In-Depth Look at Instant Checkmate

Crime Wire: What Kind of Background Check Does Instant Checkmate Perform?

National Consumer Law Center: Broken Records: How Errors by Criminal Background Checking Companies Harm Workers and Businesses

Valeriya Metla

Valeriya Metla is a young professional, passionate about international relations, immigration issues, and social and criminal justice. She holds two Bachelor Degrees in regional studies and international criminal justice. Contact Valeriya at staff@LawStreetMedia.com.

The post Personal Records Online: Who’s Protecting Your Information? appeared first on Law Street.

In June 2013, Edward Snowden changed the course of American history when he released thousands of classified documents to the media. He has since fled the country, and remains on the run. His choice to disclose those documents fundamentally altered the perceptions that Americans have about the ways in which the government monitors them. It sparked national conversations about the role that the Patriot Act and other legislation have played in our national security landscape. A year and a half after these revelations, the United States is still collectively reeling from the information that Snowden provided. And a year and a half later, it’s easy to wonder where all of that info is today.

What exactly did Snowden leak?

Leaked by Edward Snowden, PRISM is the code name for a data-mining program operated by the National Security Agency (NSA) since 2007. It accesses user audio and video chats, photographs, e-mails, documents, and connection logs from nine internet companies: Microsoft, Yahoo, Google, Apple, Facebook, Skype, YouTube, AOL, and Paltalk. Government officials involved with the program claim that PRISM is only used to focus on foreign communications that are potentially dangerous to the security of the United States. Foreign communication often flows through American servers even when sent from one overseas location to another overseas location; however, experts who analyzed the most recently leaked slides of the operation claim that PRISM guidelines require NSA analysts to be only 51 percent confident to reasonably believe that a potential “target” is a foreigner. A 51 percent confidence level can leave ample room for Americans to inadvertently become targets of this operation.

PRISM is still in operation, although there are pending legal cases against the Obama Administration over it. Since the first disclosure of information by Edward Snowden, more revelations have come to light that show very specific targeting. In addition, PRISM, has raised criticism from our international allies. President Obama has, in many cases, had to go on the defensive, and explain that PRISM is intended for legitimate intelligence collection, not Big-Brother style spying.

Courtesy of BackgroundChecks.org

Prism – Everything you need to know. [Infographic]

What is the argument against PRISM?

Opponents of the PRISM program claim that it is unconstitutional under the Fourth Amendment of the Constitution.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

They argue  that the collection and surveillance of data by the NSA is too broad and “akin to snatching every American’s address book.” Yahoo initially fought the order to participate in PRISM in 2008. It argued that even if PRISM’s main goal is to focus on foreign communication, the incidental collection and gathering of American data is unconstitutional because such surveillance violates the “warrant clause” and “unreasonable searches clause” of the Fourth Amendment. Yahoo lost the case.

What is the argument in favor of PRISM?

Proponents of the PRISM program claim that cases in which the goal is to gain foreign intelligence are exempt from being subject to the Fourth Amendment’s “warrant” and “unreasonable searches” clauses. For the warrant clause, the Supreme Court has recognized a general “special needs” exception in cases like Vernonia School District v. Acton, where insisting upon a warrant would interfere with the accomplishment of that purpose. Proponents argue that there is a high degree of probability that requiring a warrant would hinder the NSA’s ability to collect time-sensitive information, and therefore would impede national security interests.

For the unreasonable searches clause, the Foreign Intelligence Surveillance Act (FISA) Court, in Yahoo’s case, held that PRISM’s operations were not unreasonable in light of the extremely important goal of national security. It found that PRISM’s procedures for targeting, minimization, and ensuring existence of a surveillance purpose to obtain foreign intelligence information serve to mitigate potential abuse of this power and risk of error to a reasonable level. Proponents also point to United States v. Miller to argue that people have no Fourth Amendment rights after they have already divulged their personal information to third parties, such as the internet companies participating in PRISM.

Conclusion

PRISM’s depth and extensiveness were a huge revelation for the American public after the secret documents were leaked by Edward Snowden. It raises a few important questions, first and foremost: is it constitutional? That will have to be decided by the courts, but it also raised interesting questions about the tradeoff between privacy and protection. As our technological abilities continue to increase, it will be fascinating to see the steps that this administration and any future administrations take to stem or expand PRISM.

Resources

Primary

ProPublica: NSA Surveillance Lawsuit Tracker

Additional

The New York Times: Secret, Court Vastly Broadens Powers of NSA

Huffington Post: America’s Take on the Fourth Amendment and the NSA

Concurring Opinions: Does the Fourth Amendment Regulate the NSA’s Analysis of Call Records? The FISC Might Have Ruled it Does

Assasination Archives: The National Security Agency and Fourth Amendment Rights

The Peoples’ View: A Crash Course in the NSA and the Fourth Amendment

Reason: Why the NSA’s Snooping Supposedly Complies With the Fourth Amendment

Washington Post: U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program

Washington Post: NSA Slides Explain the PRISM Data-Collection Program

Brennan Center for Justice: Are They Allowed to Do That? A Breakdown of Selected Government Surveillance Programs

Cato Institute: NSA Spying, NSA Lying, and Where the Fourth Amendment Is Going

Washington Post: The Foreign Intelligence Surveillance Court

POLITICO: NSA Memo Pushed to ‘Rethink’ 4th Amendment

Salome Vakharia

Salome Vakharia is a Mumbai native who now calls New York and New Jersey her home. She attended New York School of Law, and she is a founding member of Law Street Media. Contact Salome at staff@LawStreetMedia.com.

The post Eighteen Months After Snowden Leak, What’s Next for PRISM? appeared first on Law Street.

For a long time fingerprints have been  the ubiquitous identifier. They allow us to solve crimes, track people, and as of recently, even unlock our iPhones. But what if there was something even more dependable than fingerprints? New developments in technology indicate that that’s the case — we’re now seeing the development of voiceprints.

Voiceprints — more scientifically known as voice biometrics — are as distinctive as fingerprints. Companies have begun taking advantage of voiceprints to provide an extra layer of security for their customers — after all, it’s possible to get someone’s password, but you can’t duplicate someone’s voice. Basically, there are two ways that voiceprints can be used — either you have a particular phrase that you say, like a password, or you give a long sample of your speech involving many different sounds, and then the computer program can recognize you. There are many different possible combinations for how this technology can be used.

John Buhl of Vanguard, a company that has really started making moves on voiceprint technology, stated:

We’ve done a lot of testing, and looked at siblings, even twins. Even people with colds, like I have today, we looked at that.

In addition to using voiceprints as possible password protection, banks and other companies that deal with secure information are taking voiceprints to help weed out fraud. They’re hoping to prevent criminals from making false calls authorizing payments.

Finally, law enforcement officials are also using voiceprints and other biometric data. In the United States, the police are able to use voiceprints to track people who are on parole. In other countries, the use of voiceprints has gotten even more extensive. The New Zealand government alone has amassed over one million voiceprints at this point.

This is yet another intersection of technology and privacy that is both fascinating and concerning. The databases that both private companies and the government are currently compiling of people’s voices are not regulated, and they’re growing fast. The Associated Press estimates that roughly 65 million voiceprints are being stored in some combination of private and government databases.

There are a lot of privacy concerns inherent in this issue. One is that it could rob people of anonymity in cases where they so desperately need it, such as anonymous tips or counseling services. People may be pushed away from calling say, a suicide hotline, because they are worried that their voice would be tracked back to them.

There’s also a concern over the fact that in general, corporations and governments are collecting way too much information on us. A privacy expert at the University of Pennsylvania, Professor Joseph Turow, stated:

Companies are using data drawn from our internet and purchasing [behavior] – and now our voices – and connecting it to the identities that they’ve created for us. Then they can lead us in a variety of different directions, based on their stereotype of us.

Because we often see technology progress more quickly than our laws governing it, the use and collection of voiceprints are essentially unsupervised. That right there is an important lesson to keep in mind — we have this great technology, but at some point we may need to question the uses for it. While I don’t think that voiceprints are going away anytime soon, activists’ concern may slow the progression of collection until we figure out exactly how we want to use this new resource.

—

Anneliese Mahoney (@AMahoney8672) is Lead Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

Featured image courtesy of [plantronicsgermany via Flickr]

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Has Your Voiceprint Been Collected and Stored Without Your Knowledge? appeared first on Law Street.

“You may not know them, but data brokers know you,” Federal Trade Commission (FTC) chairwoman Edith Ramirez said at the release of an FTC report about the data broker industry. Data brokers know where you live, what you buy, what medical conditions you have, your background, interests, and even the names of your kids. It sounds like something out of a sci-fi movie, so it is no wonder most Americans have no idea the thriving market for their personal information even exists. Here’s everything you need to know about how data brokers collect your information, what it is used for, and what protection you have.

What are data brokers?

Data brokers are companies that compile and resell or share the personal data of consumers. The FTC released a report on May 27, 2014 examining nine companies in the industry: Acxiom, CoreLogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf and Recorded Future. These companies derive a whopping $426 million in annual revenue from their products.

The information set held by these companies is massive. Acxiom estimates it holds roughly 1,500 pieces of data per consumer. Another broker dwarfs Acxiom with 3,000 data points for nearly every U.S. consumer. One broker is said to maintain about 700 billion aggregated data elements and adds more than 3 billion pieces of data each month. Another database has information on 1.4 billion consumer transactions alone, such as credit card purchases. Watch an in-depth look at data brokers by 60 Minutes below.

Where do data brokers find their information?

Contentions with the data broker industry arise from the fact that information gleaned does not come directly from consumers. Data brokers garner a lot of information from publicly available sites. A site relaying U.S. Census data can provide information regarding local demographics and real estate value. These firms get additional information from voter records, tax records, court records, mortgages and property information, driving records, and numerous other avenues. Companies can scour social media sites, such as LinkedIn, for any publicly-available information. Data brokers also gain a lot of information from card loyalty programs, credit cards, and advertising agencies that may follow a user’s online activities. If you recently bought a subscription to Forbes Magazine or purchased a new dress from a catalog sent to your home, these data brokers will know. By compiling all this information, brokers begin to paint a profile of you, including your age, race, income, social security number, religion, political affiliation, criminal history, movie preferences, gun-ownership, gym membership, and hobbies.

What is this data used for?

Individual data points are compiled to form a profile of potential consumers who can then be targeted for specific products. The information allows companies to more accurately target consumers for advertising campaigns and gain information about consumer preferences. The FTC report shows that data brokers usually package data into two forms:

1. Data elements: Age, family, and interests.
2. Data segments: Compilation of interests used to to create a list of people with similar characteristics. Here are some examples of these list segments: “African-American Professional;” “Allergy Sufferer;” “Bible Lifestyle;” “Biker/Hell’s Angels;” “Plus-Size Apparel;” “Twitter User with 250+ friends.” Other categories include people with high cholesterol or those interested in novelty Elvis items.

Data brokers then use this information to create various products in three different categories:

1. Marketing: This includes mail, email, telemarketing, mobile, and TV campaigns. To target consumers, marketers use a process called “onboarding.” Onboarding allows marketers to load offline information, such as magazine subscriptions or store loyalty cards, into cookies that digital advertisers use to target consumers. Cookies are stored in a computer’s browser and allow advertisers to promote their products on numerous Internet services.
2. Risk Mitigation: This includes identity verification. These products use analytics to help banks comply with “know your customer” identity verification requirements under the USA Patriot Act. Products also include fraud detection to track patterns of attempted fraud. For instance, these products can track how long an email address has been used or whether a delivery address matches a listed consumer.
3. People Search: This includes products generally intended for use by individuals. Products can search for someone’s criminal record, ancestry, phone number, telephone history, or social media information. Most come in the form of fee-based search products.

Does the data make our lives easier?

Many people would agree that products that help to verify one’s identity are a good thing. Companies that can link consumer purchases to personal information like an address, phone number, and email drastically reduce chances of fraud. Some also see personalized advertising as a good thing. Say you are a senior citizen. Rather than scrolling through the Internet and seeing ads for baby strollers or discounted student loans, you might see ads for healthcare services. Targeted advertising means you receive information and discounts for things you actually use instead of products with no relevance to your life. Ideally the more information data brokers have about you, the more they can target your individual tastes. While each individual piece of data has little benefit, the aggregation of this data by data brokers is immensely beneficial to companies doing market research to improve and tailor their products.

How are data brokers changing political campaigns?

The use of personal data is not limited to what you buy. In the 2012 elections, campaigns contracted with political data brokers to match voting records with cookies on computers. Voter registration lists have long been used to target voters. Combined with more information, these lists now take a powerful form in the digital arena. Political microtargeting allows campaigns to utilize information from data brokers to deliver a specific message to a target demographic. Data can help campaigns decide which voters are most likely to respond to a specific ad or which groups need to be targeted with a specific message. Candidates can target registered Democrat or Republican voters with online ads and can even target based on how much the individual has donated to campaigns before.

President Obama’s 2012 re-election campaign was among the first to use big data to its advantage. The 2012 team assembled an analytics department five times the size of that in its 2008 campaign. Some insights into the use of data in Obama’s 2012 campaign:

• As TIME describes, the team discovered that East Coast women between 40 and 50 were not donating as much as hoped. This demographic was the most likely to hand over cash for the chance to dine with a gravitational celebrity. The campaign’s solution? A fundraising drive with the prize being a dinner with Sarah Jessica Parker.
• The campaign used data to predict how much money they would get from each fundraising email. They also used demographics to determine which groups would be most responsive to an email signed by either Barack Obama, Michelle Obama, or Joe Biden.
• The campaign bought data from brokers regarding the television-viewing habits of Ohioans. The campaign was able to combine lists of voters with lists of cable subscribers and then coordinate the information of watching habits. Using this information, they targeted campaign ads to specific demographics at the exact time these niche voters were watching TV. This led to the campaign buying airtime in shows like Sons of Anarchy and the Walking Dead rather than traditional news programming. Watch for more on the use of big data during Obama’s reelection campaign below.

Little information is disclosed on just how much data campaigns can access. Inevitably the collection and effective use of data will play a huge role in the 2016 presidential election, but not all consumers are happy with that. The regulation of the use of data for political purposes raises questions of free speech and privacy. Others claim microtargeting actually offers more privacy, since the data does not include names or physical mailing addresses. It may be hard, however, for consumers to opt out of political advertising. Even lists like the National Do Not Call registry have exceptions for political campaign calls. According to a study by the University of Pennsylvania, 86 percent of Americans said they did not want political advertising tailored to their interests.

What are the problems with data brokers?

There is a certain “creepiness” factor to data collection without consumer consent. Target tried to market products to new parents by identifying them even before the baby was born. Data showed that pregnant women purchased products like cocoa butter and calcium tablets. Target began sending targeted mail to these women. But instead of finding it helpful, the women found the fact that Target knew they were pregnant to be unnerving.

Others worry about the effects of outdated data. Consumers have little access to immediately change what information that brokers have on them, such as an address change or marriage. This means people could potentially be prevented from making a purchase solely based on outdated information. Outdated information becomes more offensive when the deceased remain on data broker lists and continue to receive offers in the mail. Some women revealed stories of experiencing a miscarriage yet continuing to receive insensitive mailings from Gerber and American Baby Magazine.

Companies that have such specific information about segments of consumers may take advantage from the data. An example from the FTC looks at the case of a consumer labeled to be a biker enthusiast. This person might get more coupons for motorcycles and gear, but they could also see higher insurance rates if companies use this information to conclude this individual engages in risky behavior. Watch a Congressional hearing on the industry’s issues below.

An Acxiom presentation to the Consumer Marketing Organization in 2013 indicates further issues with potential discrimination. Acxiom placed customers into “customer value segments.” Data showed that while the top 30 percent of customers add 500 percent of value, the bottom 20 percent actually cost 400 percent of value. The bottom 20 percent call customer service numerous times and cost the company in returns. The company would be better off ignoring these customers altogether, and data brokers can help companies to identify these costly customers. These high-cost customers could then face higher prices or poor service without even being aware they are discriminated against.

Do people have any protection?

The problem most people have with the collection of data is that they have no say in it. They are not aware when information is being collected, nor are they in control of what it is used for or if it is correct. The resale and illegal use of the data is prohibited. Data brokers also suppress protected lists such as phone numbers on the Do Not Call Registry.

Some data brokers do try to protect consumers. Some voluntarily remove information regarding children and teens from their data. Others provide ways to edit and review what data the broker has on you. Acxiom uses aboutthedata.com for this very purpose. Epsilon allows consumers to review information, but reviewing the information costs $5 and requests can only be made by postal mail. Trying to review information collected by every broker is extremely time consuming. Watch for more on how to protect yourself below.

No laws require brokers to maintain the privacy of consumer data unless it is used for prohibited purposes. Federal law protects the confidentiality of medical records. The Fair Credit Reporting Act (FCRA) restricts the search of information when determining eligibility for employment, credit, or housing; however, most data does not fall under the scope of FCRA.

What is the FTC pushing for?

The FTC report recognizes the immense value of data brokers to both companies and consumers; however, the FTC has offered the following recommendations to improve the industry and bolster consumer protection:

• Create a central database where consumers can see what information about them was collected. The database should also allow consumers to opt out from the data collection.
• Require brokers to list their data sources.
• Increase industry visibility and consumer awareness.
• Comprehensive legislation to prevent the discriminatory use of data. For instance, some categories infer sensitive statistics. “Metro Parents” are single parents primarily high school-educated handling the stresses of urban life on a small budget. “Timeless Traditions” are immigrants who speak some English but generally prefer Spanish.
• Adopt a series of best practices, including better protection for minors, improving data security, preventing unlawful discrimination, and restricting collection to only needed data.

The Direct Marketing Association (DMA) and other groups attacked the FTC report. In an interview with the Washington Post, Stuart Ingis of the DMA said, “You’d think if there was a real problem, they’d be able to talk about something other than potential” abuses.

The data broker lobby is very powerful. Senators John D. Rockefeller (D-WV) and Edward Markey (D-MA) led the regulatory push by proposing the DATA bill on February 12, 2014, requiring data brokers to be transparent about the information they collect. But considering the fact that political campaigns benefit from data broker information when targeting voters, it is unlikely there will be new legislation on data brokers in the near future. In the meantime, expect data brokers to know much more about you than you know about them.

Resources

Primary

FTC: Data Brokers: A Call for Transparency and Accountability

Ed Markey: Markey, Rockefeller Introduce Data Broker Bill

White House: Big Data: Seizing Opportunities, Preserving Values

Senate: A Review of the Data Broker Industry

Additional

Yahoo: FTC Wants More Transparency for Data Brokers

Data Privacy Minitor: FTC Report Seeks Congressional Review

Privacy and Security Law Blog: “Getting to Know You, Getting to Know All About You”

Washington Post: Brokers Use Billions of Data Points to Profile Americans

ProPublica: Everything We Know About What Data Brokers Know About You

Slate: What Do Data Brokers Know About Me?

CNN: Why Big Companies Buy, Sell Your Data

New York Books: How Your Data are Being Deeply Mined

Pulitzer Center: Consumer Data Privacy in Politics

Time: Inside the Secret World of the Data Crunchers Who Helped Obama Win

ProPublica: Everything We Know So Far About Obama’s Big Data Operation

AdWeek: Confessions of a Data Broker

Alexandra Stembaugh

Alexandra Stembaugh graduated from the University of Notre Dame studying Economics and English. She plans to go on to law school in the future. Her interests include economic policy, criminal justice, and political dramas. Contact Alexandra at staff@LawStreetMedia.com.

The post The Big Business of Big Data appeared first on Law Street.