Privacy – Law Street

Accidental Data Leak Exposes 198 Million Americans’ Personal Information

Celia Heudebourg — Thu, 22 Jun 2017 20:32:19 +0000

"Data Security Breach" courtesy of Blogtrepreneur/blogtrepreneur.com/tech; License: (CC BY 2.0)

The 2016 presidential election was noteworthy not just because of its outcome, but also for the extent to which both parties used technical data collection behind-the-scenes to secure victories in swing states. Just last week, a cyber risk analyst stumbled onto a trove of that gathered data, collected on 198 million Americans, on an unprotected server.

The analyst, Chris Vickery, an employee of the cyber security startup UpGuard, came across the 1.1 terabytes of data on an Amazon cloud server, which wasn’t password protected and was accessible to anyone with the URL address. According to UpGuard, it took Vickery several days to download the extensive dataset, which may have been left open and exposed for 10 to 14 days.

UpGuard is calling this leak the “largest known data exposure of its kind,” and confirmed that the discovered content includes names, dates of birth, home addresses, phone numbers, and indications of individuals’ ethnicities and religions. Voters’ political views on hot-button campaign issues such as fossil fuels and taxes were also minutely recorded, likely for future micro-targeted campaigns.

Currently downloading what is, basically, the home address of every Trump supporter.

Understand the cloud before you upload to it. pic.twitter.com/nRPb98jwoP

— Chris Vickery (@VickerySec) June 13, 2017

The information was collected by GOP data firm Deep Root Analytics, one of three data firms hired by the RNC to help Donald Trump win the presidential election.

The firm acknowledged that the data was theirs on Friday and released a statement apologizing for the breach.

Deep Root Analytics CEO Brent McGoldrick said the company takes “full responsibility” for the leak. He added that the mistake was likely due to “a recent change in asset access settings since June 1.”

Although much of the data collected by Deep Root Analytics is available online through more innocuous sources, many have been quick to analyze the leak’s potential cyber security ramifications.

“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” UpGuard said on their website.

This leak also comes at a time when the U.S. elections and elections in other western nations have been the targets of increasingly aggressive cyber attacks.

“This is deeply troubling,” Privacy International’s policy officer Frederike Kaltheuner told BBC News. “This is not just sensitive, it’s intimate information, predictions about people’s behavior, opinions, and beliefs that people have never decided to disclose to anyone.”

While this leak could have been much more damaging and revealed more secretive information, experts say this should be a cautionary warning. If companies don’t make cyber security a priority, individuals may have to worry a lot more the next time a leak occurs.

Celia Heudebourg

Celia Heudebourg is an editorial intern for Law Street Media. She is from Paris, France and is entering her senior year at Macalester College in Minnesota where she studies international relations and political science. When she’s not reading or watching the news, she can be found planning a trip abroad or binge-watching a good Netflix show. Contact Celia at Staff@LawStreetMedia.com.

The post Accidental Data Leak Exposes 198 Million Americans’ Personal Information appeared first on Law Street.

Unroll.me Sells Its Data to Uber: Is Your Free App Really Free?

Callum Cleary — Tue, 25 Apr 2017 16:16:13 +0000

"Unsubscribe" Courtesy of eddiedangerous : License (CC BY 2.0)

Last Sunday, The New York Times published an extensive profile of Uber’s CEO, Travis Kalanick, which recounted his and his company’s numerous scandals. A new allegation was nestled among the long list of known controversies. The report claimed Uber bought data from Slice Intelligence to track the brand allegiances of thousands of rideshare customers. Slice Intel owns an email unsubscriber called Unroll.me, which it used to collect Lyft receipts from users’ inboxes before selling them to Uber. While it does not appear any laws were broken, the revelation has reignited a debate around profit-driven data collection.

The report only mentions this scheme in passing, but the fleeting allegation was enough to upset Unroll.me users. Hours after the report was published, Unroll.me’s CEO, Jojo Hedaya, released a tone-deaf statement on the company’s website.

The statement is titled “We Can Do Better,” but by “we” he means “the user.” In the non-apology, Hedaya places blame on the consumer. After describing the public anger as “heartbreaking,” Hedaya immediately notes that each user has to agree to Unroll.me’s terms of use and the “plain-English Privacy Policy,” but that “most don’t take the time to thoroughly review them.”

The statement indicates Unroll.me has no intention of changing its ways because it’s how the company can “monetize [its] free service.” This rationale is misleading. Users may not pay money to use the service but, as long as Unroll.me sells user data, the service isn’t free. Unroll.me profits at the expense of each user’s privacy and third-party buyers, such as Uber, set the price.

Unroll.me claims all the data it sells is anonymized, but it is difficult for any user to know how well their data is protected. The Times report details the way in which Uber uses its app to “fingerprint” iPhones. With a tiny line of code, Uber is able to identify any iPhone regardless of whether the Uber app had been deleted from the phone or the phone had been erased and reset. Increasingly, tech companies that claim to value user data, value it as something to be sold, not as something to protect.

Nothing is free. Consumers cannot demand private companies provide unmonetized free services. However, companies that sell user data cannot claim to provide free services. While users of a service like Unroll.me may not hand over money, a transaction ultimately takes place.

Callum Cleary

Callum is an editorial intern at Law Street. He is from Portland OR by way of the United Kingdom. He is a senior at American University double majoring in International Studies and Philosophy with a focus on social justice in Latin America. Contact Callum at Staff@LawStreetMedia.com.

The post Unroll.me Sells Its Data to Uber: Is Your Free App Really Free? appeared first on Law Street.

Have Uber Employees Been Spying on Beyoncé?

Alec Siegel — Thu, 15 Dec 2016 15:27:06 +0000

Image Courtesy of Nat Ch Villa; License: (CC BY 2.0)

According to a court declaration from Uber’s former forensic investigator, some employees at the ride-sharing service tracked the locations of “high-profile politicians, celebrities and even personal acquaintances of Uber employees, including ex-boyfriends/girlfriends, and ex-spouses.” Samuel Ward Spangenberg, the former investigator suing Uber, said employees also spied on one particularly well-known celebrity: Beyoncé.

Spangenberg, 45, brought his case to a California court in October, and is suing Uber for age discrimination and whistleblower retaliation. He said he was fired 11 months after bringing a number of his concerns to the attention of top Uber executives. Spangenberg questioned more than the company’s illicit spying practices. In his declaration, he said:

As part of Uber’s incident response team, I would be called when governmental agencies raided Uber’s offices due to concerns regarding noncompliance with governmental regulations. In those instances, Uber would lock down the office and immediately cut all connectivity so that law enforcement could not access Uber’s information. I would then be tasked with purchasing all new equipment for the office within the day, which I did when Uber’s Montreal office was raided.

According to Spangenberg, some Uber employees would use a feature known as “God View” to spy on the location of targeted riders. In 2014, BuzzFeed revealed the feature’s existence when one of its reporters fell victim to “God View”–actually used by the general manager of Uber New York. The feature, which has since been rebranded “Heaven View” allows employees to see the location of drivers and customers who request a ride. Drivers do not have access to this feature.

In a statement, Uber said it “continues to increase our security investments and many of these efforts, like our multi-factor authentication checks and bug bounty program, have been widely reported.” And in a memo sent to Uber employees on Monday, the company’s top security executive, John Flynn, said: “Like every fast-growing company, we haven’t always gotten everything perfect. But without the trust of our customers we have no business.” The company has also said that “fewer than 10” employees have been fired for abusing the “God View” tool.

Alec Siegel

Alec Siegel is a staff writer at Law Street Media. When he’s not working at Law Street he’s either cooking a mediocre tofu dish or enjoying a run in the woods. His passions include: gooey chocolate chips, black coffee, mountains, the Animal Kingdom in general, and John Lennon. Baklava is his achilles heel. Contact Alec at ASiegel@LawStreetMedia.com.

The post Have Uber Employees Been Spying on Beyoncé? appeared first on Law Street.

Austrian Teen Sues Parents For Posting Embarrassing Childhood Photos

Anneliese Mahoney — Tue, 20 Sep 2016 13:15:35 +0000

Image courtesy of [Mike Seyfang via Flickr]

It seems like every family has them–a treasure trove of embarrassing childhood photos. But what happens when those family photos leave the albums, household frames, or boxes, and make it on to social media? One 18-year-old woman from Austria is upset that her parents have posted a number of embarrassing photos from her childhood on Facebook, and is now suing them over those postings.

The 18-year-old, whose name isn’t being made public right now, claims that her parents have posted over 500 images of her as a child over the last seven years. Those include photos of her doing things like being potty-trained, bathing, and other normal childhood activities. But, she claims that the constant exposure of her photos have “made her life a misery.” The photos are viewable by her parents’ combined 700+ Facebook friends.

The woman told local press:

They knew no shame and no limit–and didn’t care whether it was a picture of me sitting on the toilet or lying naked in my cot–every stage was photographed and then made public.

Her father claims that he owns the copyright to the photos, but she argues that because the photos are of her she has the right to privacy. According to Fusion writer Charles Pulliam-Moore:

The family has a court date set for this November and if a judge rules in the girl’s favor, her parents could be forced to pay their daughter for damages as well as cover the cost of her legal fees. In addition to paying out monetary restitution, the court’s decision could set a precedent for similar legal complaints submitted by children against their parents.

There are plenty of concerns that parents should take into account when posting photos of their children online–such as those photos falling into the wrong hands–but being sued by their children probably wasn’t a previously well known one. While this case is being played out in an Austrian court, it raises important questions about who owns a photo and what decisions parents should be able to make about their children’s digital footprints.

Anneliese Mahoney

Anneliese Mahoney is Managing Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

The post Austrian Teen Sues Parents For Posting Embarrassing Childhood Photos appeared first on Law Street.

Did WikiLeaks Expose the Private Information of Innocent Saudi Citizens?

Mariam Jaffery — Wed, 24 Aug 2016 18:08:53 +0000

Image courtesy of [thierry ehrmann via Flickr]

Is WikiLeaks sacrificing the personal privacy of innocent people in its mission for transparency? On Tuesday, the Associated Press reported that the organization’s decision to publish the Saudi Cables last year–in which about a half-million documents from the Saudi Foreign Ministry were made public–exposed the sensitive personal information of hundreds of ordinary citizens. Among those exposed are rape victims, the mentally ill, and LGBT individuals who were essentially “outed” by the leaks.

The cables were published last year, but the AP’s report sheds some light on how WikiLeaks often goes beyond its stated mission, harming the privacy of innocent individuals who may themselves be left vulnerable by leaked documents. The organization claims that the transparency it brings about “creates a better society for all people,” but some of the information exposed is not just embarrassing for the citizens involved–it could even put them in danger.

For example, the AP notes that the leaks include the name of a gay Saudi citizen who was arrested for homosexuality. This “outing” could have profound consequences for the individual, considering that the illegality of being gay in the Kingdom “can lead to social ostracism, a prison sentence, or even death.”

Wikileaks fired back on Twitter, denying that it leaked anything that the government did not already know and alleging that the AP was simply bringing back an old story to stir up controversy in an election year:

No, WikiLeaks did not disclose “gays” to the Saudi govt. Data is from govt & not leaked by us. Story from 2015. Re-run now due to election.

— WikiLeaks (@wikileaks) August 23, 2016

The organization also tweeted about the importance of the Saudi cables, noting that it exposed important information about the Kingdom that was not being covered by the media:

WikiLeaks’ #Saudi Cables reveal the Kingdom’s foreign media manipulation strategies https://t.co/e3cx2LIJPA pic.twitter.com/JOUlml7ous

— WikiLeaks (@wikileaks) August 23, 2016

This isn’t the first time that the site has exposed personal information. Last month, when the organization leaked thousands of emails from the Democratic National Committee, it included the credit card and social security numbers of a few dozen people, the report notes.

Julian Assange, the Wikileaks founder, has attempted to be a strong advocate for privacy in the past, penning a New York Times op-ed on the necessity of protecting privacy in a “surveillance society.” However, while he criticizes modern-day companies and the government for eroding the privacy of individuals, his organization has clearly done the same by leaking Saudi citizens’ personal information.

There is no evidence that the exposure of the information was intentional, but it brings to light some interesting dilemmas facing the organization and its mission: is there a way to be completely transparent without making innocent individuals vulnerable? And how much is too much when it comes to leaking sensitive information? The AP report just reinforces the ethical and moral issues surrounding WikiLeaks, resurfacing debates that have been around since the site launched and will undoubtedly continue as the site leaks additional information.

Mariam Jaffery

Mariam was an Executive Assistant at Law Street Media and a native of Northern Virginia. She has a B.A. in International Affairs with a minor in Business Administration from George Washington University. Contact Mariam at mjaffery@lawstreetmedia.com.

The post Did WikiLeaks Expose the Private Information of Innocent Saudi Citizens? appeared first on Law Street.

Hulk Hogan Wins Gawker Lawsuit: How Will this Affect Freedom of the Press?

Anneliese Mahoney — Sat, 19 Mar 2016 12:45:22 +0000

"Hulk Hogan 02" courtesy of [GabboT via Flickr]

The crazy case between Hulk Hogan and Gawker has finally reached a decision–and Hogan has emerged victorious. A jury awarded the famous professional wrestler $115 million after a two week trial, but just six hours of deliberations.

Hulk Hogan sued Gawker after the media company released a sex tape of Hogan and the wife of a former friend of his. Hogan claimed that Gawker violated his privacy by releasing the tape, and that they didn’t reach out to him, or the woman in the tape, Heather Cole, before releasing it publicly on the site in an article entitled: “Even for a Minute, Watching Hulk Hogan Have Sex in a Canopy Bed Is Not Safe for Work but Watch It Anyway.” To read the full details of the case, check out our previous coverage here.

Really, the argument on the part of Hogan’s lawyer came down to privacy, and whether or not the video that Gawker published was actually “newsworthy.” But Gawker’s lawyers argued that this came down to First Amendment rights. Gawker’s attorney, Michael Sullivan, stated his concern that this case would open up a dangerous door for public figures to sue media companies. According to CNN:

Sullivan warned that Hogan’s lawsuit could have a chilling effect on free press if ‘powerful celebrities, politicians and public figures would use our courts to punish people.’ ‘We will all be worse off as a result,’ he said.

Before the ruling came out this evening, Eric Goldman, co-director of Santa Clara University’s High Tech Law Institute spoke to Fusion about the case and stated:

Right now, there’s an ‘anything goes’ mentality when it comes to publishing information about celebrities. If Gawker loses, we might begin to see some rethinking of that mentality. If Gawker wins, I think it will further embolden online publishers that anything related to celebrities is fair game.

Given that the six jurors sided with Hogan, and Gawker did lose, that first consideration may be true. However, it seems like Gawker’s lawyers are going to appeal the case–as Gawker founder Nick Denton read from a written statement:

Given key evidence and the most important witness were both improperly withheld from this jury, we all knew the appeals court will need to resolve the case. … That’s why we feel very positive about the appeal that we have already begun preparing, as we expect to win this case ultimately.

Given the high price tag and high profile nature of this case, the appeal will be one to watch.

Anneliese Mahoney

The post Hulk Hogan Wins Gawker Lawsuit: How Will this Affect Freedom of the Press? appeared first on Law Street.

The “Fappening” Hacker Pleads Guilty

Anneliese Mahoney — Thu, 17 Mar 2016 17:05:24 +0000

Image courtesy of [Marco Manna via Flickr]

Do you all remember back in 2014, when all anyone could talk about was the “Fappening?” It was a massive leak of celebrity nude photos–most of which were stolen from the celebrities in question. No one really knew who was behind the leak for a while, but now at least one of the perpetrators appears to have been caught. Ryan Collins, 36, of Lancaster, Pennsylvania is pleading guilty to “unauthorized access to a protected computer to obtain information.”

Collins gained access to the photos via the (mostly) female celebrities’ iCloud accounts. He got into those accounts by sending out a phishing scheme in which he posed as Apple or Gmail and asked the victims to reset their account information and passwords. He also allegedly managed to get into some of the accounts by guessing passwords. According to court documents he managed to get into 50 iCloud and 72 Gmail accounts, mostly owned by female celebrities. Then, he either downloaded images, or in some cases downloaded victims’ entire iCloud accounts.

Celebrities whose photos appeared online after the hacks included Jennifer Lawrence, Kate Upton, Mary Elizabeth Winstead, Kaley Cuoco, and Kirsten Dunst.

David Bowdich, the assistant director in charge of the FBI’s Los Angeles Field Office, explained in a statement:

By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity.

The charge Collins is pleading guilty to could land him in jail for up to five years, but that’s very unlikely. According to the DOJ, “parties have agreed to recommend a prison term of 18 months,” although that recommendation won’t be binding and it will be up to a judge to decide how to dole out punishment to Collins.

Collins isn’t being charged with actually creating the “Fappening” however–meaning there’s no evidence that he was the one who uploaded the photos or shared them on the Internet. But, Collins is still paying for the gross invasion into privacy that he committed. Laws about the privacy that we’re all entitled to online, as well as the ownership of photos, are evolving as the internet continues to be a larger part of our lives. As revenge porn cases increasingly make it into the mainstream, it’s important that we set some boundaries–stealing someone’s private photos is simply not okay.

Anneliese Mahoney

The post The “Fappening” Hacker Pleads Guilty appeared first on Law Street.

Hulk Hogan and Gawker go to Court Over Leaked Sex Tape

Anneliese Mahoney — Tue, 01 Mar 2016 22:03:19 +0000

A legal feud between Hulk Hogan and the Gawker media empire is finally making its way to court. Hogan filed a $100 million defamation suit against Gawker back in 2012 after the site published a minute and 41-second long chunk of the sex tape. That suit is now making its way to trial–jury selection just began in St. Petersburg, Florida.

The sex tape featured Hogan–whose legal name is actually Terry Bollea–and Heather Cole, who at the time was the wife of radio personality Bubba the Love Sponge Clem. The fact that Clem and Hogan used to be good friends put a whole new twisted spin on the entire thing. The existence of the tape was actually not a secret, given that multiple news sites referenced it and some published stills from it. But Gawker, which received the video anonymously in 2012, was the first to actually publish a segment of it. The article was entitled, with true Gawker panache “Even for a Minute, Watching Hulk Hogan Have Sex in a Canopy Bed Is Not Safe for Work but Watch It Anyway.”

Hogan is claiming that his privacy was violated because of the sex tape leak, is suing the media company for defamation, and accused Gawker’s lawyers of releasing confidential comments from the video to the media. While the idea that the most salacious part of a sex video could be the things said on it sounds kind of insane, it’s not–the comments released were racist remarks about his daughter Brooke Hogan dating a black man. The ensuing backlash eventually led to WWE severing ties with one of its biggest stars. Hogan’s lawyers called Gawker’s actions “outrageous, irresponsible, and despicable.”

Gawker’s response has been mostly focused on First Amendment rights, and the media company says that because Hogan has been open about his sex life in the past, the video was fair game. Gawker founder Nick Denton said last summer: “I care about the readers having the right to know both sides of a story. Readers should also have the right to get the story behind the celebrity story.”

Essentially, this entire case boils down to questions about how much privacy celebrities can expect–especially in the age of the internet and easily-shareable recordings. A jury in St. Petersburg will have to decide the answer to those questions soon.

Anneliese Mahoney

The post Hulk Hogan and Gawker go to Court Over Leaked Sex Tape appeared first on Law Street.

ICYMI: Best of the Week

Anneliese Mahoney — Mon, 29 Feb 2016 15:32:01 +0000

Happy Monday morning, Law Street readers. I know it was a busy week, so anyone who wants to take a look back at our top stories last week should check them out below–ICYMI: here’s Law Street’s best of the week.

1. Boston University School of Law Wants to Help You Step it Up This Summer

Boston University School of Law has an important message for law students: it’s time to get ahead of the pack with some new skills. If you’re a law student wondering how you could possibly add new skills to your already packed resume, busy work schedule, and mounting course load, that’s ok, because BU Law has the answer to that question–an innovative new summer program that makes it easy for law students to gain essential practice experience through two summer course offerings: Contract Drafting and Negotiation. If you’re a student pursuing an MBA, medical degree, or other applicable graduate degree, the Negotiation class is open to you too. Read the full story here.

2. Ohio Governor John Kasich Signs Bill that Will Defund Planned Parenthood

The Republican presidential candidate that many had previously hailed as the most moderate GOP contender signed a bill Sunday to prohibit the Ohio state health department from contracting with entities that perform or promote abortions.

John Kasich, the Governor of Ohio and presidential hopeful, fulfilled his promise to defund Planned Parenthood, even though the healthcare provider is not specifically named in the bill. However slashing funds is one way that lawmakers plan to get rid of the healthcare provider, which just happens to refer patients to and provide abortion services. Check out the full story here.

3. What Does Antonin Scalia’s Death Mean for the Supreme Court?

The world was rocked by the death of 79-year-old Justice Antonin Scalia on Saturday,February 13, 2016. Scalia, the longest-serving justice on the current bench, was appointed by President Ronald Reagan on June 17, 1986 following the resignation of Chief Justice Warren E. Burger. His three decades on the Court have proven to be legendary and exceptionally influential in the interpretation of law and the Constitution. Even his passing has, fittingly, sparked a constitutionally-based showdown of governmental powers and the appointment of a new justice. Click here to learn more about Justice Scalia’s influential and legendary service to the Court and the politically fused debate regarding the appointment of a new Supreme Court Justice.

Anneliese Mahoney

The post ICYMI: Best of the Week appeared first on Law Street.

Why is Apple Refusing to Unlock the San Bernardino Shooter’s IPhone?

Alexis Evans — Thu, 18 Feb 2016 15:07:23 +0000

"Apple Store - Downtown New York" Courtesy of [Jeremy Piehler via Flickr]

An iPhone used by one of the two attackers who killed 14 people in the San Bernardino shooting has become the subject of an intense battle over cell phone privacy after Apple publicly refused to help the FBI hack into it.

U.S. Magistrate Judge Sheri Pym ordered Apple Tuesday to provide “reasonable technical assistance” to the FBI, which has been struggling to unlock Syed Rizwan Farook’s password-protected phone. More specifically, the FBI wants Apple to develop a custom version of the iPhone software that could be loaded onto Farook’s phone in order to unlock the device. Apple, however, has opted to challenge the court order in a stand to protect encryption rights and customers.

In an open letter to Apple customers, CEO Tim Cook explained Apple’s decision, stating:

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

Apple claims the software would essentially create a “back door” or “key” in the system that could potentially be used later by sophisticated hackers and cyber-criminals, which would effectively put tens of millions of Americans at risk. Cook continued writing,

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

But without Apple’s help, there is possibly some important information that the FBI could be missing out on that remains buried inside the encrypted iPhone.

According to CBS, investigators are still trying to uncover what happened during the 18-minute gap in the timeline between the shooting at the Inland Regional Center and the police shootout that ended both shooters’ lives. The FBI is also most likely still looking for information that could connect the shooters to a possible terror network, or reveal evidence of possible co-conspirators in the attack. While the shooting may have been inspired by ISIS, the terrorist group has never taken responsibility for the attack.

Therein lies the catch-22 that Apple faces. If the issue only concerned Farook’s phone, it’s highly doubtful Apple would even be making a stand.

When asked by the New York Times about Apple’s resistance, the Justice Department pointed to a statement by Eileen M. Decker, the United States attorney for the Central District of California that read,

We have made a solemn commitment to the victims and their families that we will leave no stone unturned as we gather as much information and evidence as possible. These victims and families deserve nothing less.

As of yet, it’s unclear what kind of legal repercussions Apple could face in the standoff, but the company has been extremely transparent with its intentions to fight the order and protect encrypted information on its devices.

Alexis Evans

Alexis Evans is an Assistant Editor at Law Street and a Buckeye State native. She has a Bachelor’s Degree in Journalism and a minor in Business from Ohio University. Contact Alexis at aevans@LawStreetMedia.com.

The post Why is Apple Refusing to Unlock the San Bernardino Shooter’s IPhone? appeared first on Law Street.

Arkansas Abortion Law Loses its Last Shot at Legality

Alexandra Simone — Thu, 21 Jan 2016 16:38:35 +0000

Image courtesy of [IIP Photo Archive via Flickr]

In the beginning of 2013, the Arkansas General Assembly introduced a bill titled the “Arkansas Human Heartbeat Protection Act” in an attempt to ban women from aborting a fetus 12 weeks or older. After several years of this law being contested in court, it has finally received the final nail in the coffin. The Supreme Court rejected the pleas to overturn lower court decisions by announcing this Tuesday that it would not be hearing oral arguments for Beck v. Edwards.

The “Arkansas Human Heartbeat Protection Act” became a law on March 6, 2013, even after being vetoed by then Governor Mike Beebe, and has faced controversy ever since. Around a month after the bill became a law, the Center for Reproductive Rights and the ACLU began the fight against the law by filing suit in a district court, claiming that this ban on abortion infringed on patients’ constitutional rights to privacy. The district court ultimately sided with the Plaintiffs, ruling that the ban on abortion after 12 weeks was an unconstitutional violation of a woman’s privacy. Arkansas appealed this case to the United States Court of Appeals for the Eighth Circuit in May of 2014, but didn’t have much luck. The court affirmed the ruling of the previous court in its opinion, stating,

This case underscores the importance of the parties, particularly the state, developing the record in a meaningful way so as to present a real opportunity for the court to examine viability, case by case, as viability steadily moves back towards conception.

In this case, Arkansas legislators are making the claim that a fetus is viable at 12 weeks, so therefore the cutoff for abortion legality needs to be at or before that benchmark. Overall, one of the biggest points of contention in the overall argument about abortion is the question of when a fetus becomes viable. But, what is viability? Justice Harry Blackman defined this term in his opinion on the well-known 1973 Supreme Court case, Roe v. Wade: “potentially able to live outside the mother’s womb, albeit with artificial aid.” Now, people have been bickering for decades over what this actually means; however, most states have stuck to the norm–also laid out in Roe v. Wade–of a fetus becoming viable somewhere around 28 weeks.

Both the District Court and the Court of Appeals cited a lack of scientific evidence on the part of the State when it comes to proving that viability of a fetus starts at 12 weeks. The plaintiffs, on the other hand, provided ample evidence–in the form of doctor testimony– to support the fact that a fetus at 12 weeks cannot survive outside its mother’s womb.

In a final attempt to keep this law in place, the state of Arkansas filed a Petition for Writ of Certiorari to the Supreme Court. Unfortunately for the Arkansas legislature, the Supreme Court only accepts around 0.8% of the cases it receives each year, and it just decided this Tuesday that it will not be hearing Beck v. Edwards, effectively striking down the Arkansas ban on abortions past 12 weeks, for good.

So what does this mean for the future of abortion rights? We can all rest easy knowing that a woman’s constitutional right to privacy won’t be violated by the Arkansas abortion law anytime soon, since the final decision from the Court of Appeals stands, banning the ban for good. In addition, although SCOTUS didn’t want to hear Beck v. Edwards, it does have a new abortion focused case coming up this March. Arguments for Whole Woman’s Health v. Cole are set to begin March 2nd, so a verdict on whether or not the Supreme Court will uphold women’s rights is rapidly approaching.

Alexandra Simone

Alex Simone is an Editorial Senior Fellow at Law Street and a student at The George Washington University, studying Political Science. She is passionate about law and government, but also enjoys the finer things in life like watching crime dramas and enjoying a nice DC brunch. Contact Alex at ASimone@LawStreetmedia.com

The post Arkansas Abortion Law Loses its Last Shot at Legality appeared first on Law Street.

Wife of Man Killed by ISIS Sues Twitter

Anneliese Mahoney — Thu, 14 Jan 2016 21:08:46 +0000

Image courtesy of [Esther Vargas via Flickr]

Lloyd “Carl” Fields Jr. was tragically killed during an ISIS attack in Jordan last November. Fields, a defense contractor from Florida, was at the International Police Training Center in Amman training a policeman who killed him; ISIS later took credit for the attack. Now, Fields’ widow has filed a lawsuit against Twitter, arguing that the social media platform has essentially supported the rise of ISIS by allowing the terrorist group to spread messages and fundraise using its technology.

The lawsuit filed by Tamara Fields alleges that:

Without Twitter, the explosive growth of ISIS over the last few years into the most- feared terrorist group in the world would not have been possible. According to the Brookings Institution, ISIS ‘has exploited social media, most notoriously Twitter, to send its propaganda and messaging out to the world and to draw in people vulnerable to radicalization.’ Using Twitter, ‘ISIS has been able to exert an outsized impact on how the world perceives it, by disseminating images of graphic violence (including the beheading of Western journalists and aid workers) . . . while using social media to attract new recruits and inspire lone actor attacks.’ According to FBI Director James Comey, ISIS has perfected its use of Twitter to inspire small-scale individual attacks, ‘to crowdsource terrorism’ and ‘to sell murder.’

The fact that ISIS has used Twitter to spread messages, raise funds, and entice converts isn’t a secret. But the question that this lawsuit essentially poses is whether or not Twitter should be held responsible for those uses. Twitter’s “Abusive Behavior” policies state that “Users may not make threats of violence or promote violence, including threatening or promoting terrorism.” But exactly what that means is hard to qualify–particularly when ISIS members or sympathizers may used coded words or phrases, and when the difference between an ISIS member and a jokester, or a rabble-rouser, aren’t necessarily easy to glean. Moreover, if Twitter blocks one user, a new account usually pops up in its place. So, for a giant tech platform like Twitter, preventing ISIS from using it may be easier said than done.

Twitter has responded to the lawsuit, stating:

While we believe the lawsuit is without merit, we are deeply saddened to hear of this family’s terrible loss. Like people around the world, we are horrified by the atrocities perpetrated by extremist groups and their ripple effects on the Internet. Violent threats and the promotion of terrorism deserve no place on Twitter and, like other social networks, our rules make that clear. We have teams around the world actively investigating reports of rule violations, identifying violating conduct, partnering with organizations countering extremist content online, and working with law enforcement entities when appropriate

Fields’ lawsuit isn’t just about damages though–she’s asking the court to issue an order that Twitter has violated the Anti-Terrorism Act, which could could require not only Twitter to seriously overhaul its policies to become more responsible for how the network is used, but seriously affect our social media landscape as a whole.

Anneliese Mahoney

The post Wife of Man Killed by ISIS Sues Twitter appeared first on Law Street.

Facebook to Warn Users of Potential State-Sponsored Hackers

Anneliese Mahoney — Tue, 20 Oct 2015 14:31:22 +0000

Image courtesy of [Barney Moss via Flickr]

In light of concerns about state-sponsored hackers going after American technology, Facebook will now warn users it believes are falling victim to these types of attacks.

The warning will take the form of a notification that pops up on Facebook. It doesn’t warn individuals that their Facebook accounts are being hacked, but rather that their computers, smartphones, tablets, or other devices have malware on them that indicate that hackers may be trying to access their accounts.

According to Facebook, the notification will prompt a user to “Please Secure Your Accounts Now” and contain the following message:

We believe your Facebook account and your other online accounts may be the target of attacks from state-sponsored actors. Turning on Login Approvals will help keep others from logging into your Facebook account. Whenever your account is accessed from a new device or browser, we’ll send a security code to your phone so that only you can log in. We recommend you also take steps to secure the accounts you use on other services.

Facebook also recommends that if possible, people who get these notifications should consider replacing or rebuilding their systems, because this type of breach is probably too strong to be wiped out by everyday anti-virus software. Facebook has also made it clear that it won’t be sending out these notifications willy-nilly, but only if there’s strong evidence that a breach is coming from a foreign government hack.

Obviously not all hacks come from state-sponsored entities, but Facebook is clear on why it is focusing on warning its users specifically about these kinds of attacks. Alex Stamos, the Chief Security Officer at Facebook, explained in the announcement about the policy change:

While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored. We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts.

War waged via technological means is certainly a legitimate concern–there have been either allegations or outright evidence that unfriendly actors such as China, Russia, Iran, North Korea, and ISIL have attempted to hack American accounts.

There are some criticisms of the new alert–Tech Crunch pointed out that the phrase “state-sponsored actors” may not be in everyone’s vernacular, and could be confusing. Additionally, Maddy Crowell of Christian Science Monitor points out that we don’t know exactly how Facebook is getting the information to conclude that someone has been the victim of a state-sponsored attack. While that’s not necessarily a criticism, it is a viable inquiry about Facebook’s privacy features.

So, essentially, you don’t want to see this notification pop up on your Facebook–it means that your information is under attack, most likely due to malware that has infected your computer. Facebook is doing right by its users by letting them know–it may be an indication of the kind of security we’ll see moving forward as cyberwar remains a serious concern.

Anneliese Mahoney

The post Facebook to Warn Users of Potential State-Sponsored Hackers appeared first on Law Street.

Peeple: “Yelp for People” App is Coming Whether We Want it To or Not

Anneliese Mahoney — Thu, 01 Oct 2015 16:07:15 +0000

Image courtesy of [Chris Ford via Flickr]

In this day and age, we can rate pretty much anything we want online. Did you get food poisoning from the new takeout place down the street? Take your complaints to Yelp. Did you have a college professor that really changed your life? Leave a glowing review on RateMyProfessor. Did you stay at a hotel recently that was pretty good but could make some improvements? Maybe give it a four-star rating on TripAdvisor. Until now, online reviews have mostly been about services–whether they be food, lodging, or education. But starting in November, a new app, Peeple, will let you rank the people in your life, taking online reviewing to a whole new level.

Peeple, which is marketing itself as the “Yelp for people” is set to launch in November as a mobile app. It will allow individuals to leave ratings for each other both in the form of both comments and numerically–you can give someone between one and five stars. The founders are pushing it as a positive invention that will reward people for their good behavior and character. They’ve also promised that they will attempt to keep bullying and harassment off the site. Anonymous reviews won’t be allowed, as reviewers will be required to have a Facebook account that has been active for at least six months, and verify a cell phone number before posting. Those are all good goals, but there are also some serious possible flaws in this venture that have the potential to make it downright horrible.

First of all, anyone can rate anyone–friends, neighbors, casual acquaintances, whoever. But there’s no way to opt out of Peeple. It doesn’t matter if someone is signed up for the app or not, you can leave a review about him. There’s no way for the recipient to delete the review, unless it violates the Terms and Conditions of the app. According to the site’s founders, only positive reviews will show up for people who are not members. But that’s still concerning, especially because exactly what constitutes a negative rule is unclear. As the Verge puts it:

It’s also not clear whether negative reviews are judged to be so based only on the star rating or whether the actual content is also taken into account. If just the former, it means that users could give people extremely negative reviews but a good star rating, with the targets of these write-ups never knowing about them unless they signed up.

So, essentially, if you’re not signed up for the app, people could leave reviews about you that you never know about, as long as they are considered by the app to be “positive.” That’s concerning on a few different levels, and some worst case scenarios quickly spring to mind. Imagine a woman who has run away from an abusive relationship receiving a “positive” review from a neighbor. Her abuser could be able to find her from that information. Or what if an individual decides to out someone who is still in the closet. That could be a positive review, to be sure, but also incredibly damaging to someone who isn’t ready to come out to their friends and family. While these types of abhorrent behavior are of course possible without the app, Peeple has the potential to make them way easier and more visible.

For people who sign up for the app, negative reviews will be allowed, but submitted to a 48-hour review period, in which the recipient of the negative review will have time to look it over and contest it. The app’s website explains:

It goes into your inbox on the app, you will be notified, and now you have 48 hours timer to work it out with the user. If you cannot turn a negative into a positive the comment will go live and then you can publicly defend yourself.

That’s a horrifying premise as well–the app is basically encouraging users to confront people who don’t like them and convince them to change the review. If someone is going to publicly leave a negative review of an individual on an app dedicated to rating people, I’m going to go out on a limb and guess they’re not going to back down easily. This seems to be fodder for a lot of nasty fights.

The public reaction to Peeple has been relatively negative, with a lot of observers citing privacy and ethics concerns:

In an age where both truth and gossip on the Internet can literally ruin lives, this #peeple app is horrible AND scary #yelpforhumans???

— christine teigen (@chrissyteigen) October 1, 2015

How to download #Peeple: 1. Unlock phone 2. Tap “app store” 3. Throw phone in nearest body of water 4. Reexamine your life choices — Angela Morabito (@Bear2theRight) October 1, 2015

#Peeple: Because everyday life should be a horrifying minefield.

— Mike Drucker (@MikeDrucker) October 1, 2015

“All that matters is what people say about us,” say the #peeple founders. That is literally the opposite of what we try to teach children.

— Robert Perry (Pez) (@pez_sez) October 1, 2015

Given all the negative feedback, we’ll have to wait and see how well it ends up doing in the app marketplace.

Anneliese Mahoney

The post Peeple: “Yelp for People” App is Coming Whether We Want it To or Not appeared first on Law Street.

Window’s New Parental Control Feature Could Accidentally Out LGBTQ Youth

Anneliese Mahoney — Mon, 31 Aug 2015 18:35:23 +0000

Image courtesy of [Chris Beckett via Flickr]

The newest update to Windows is here, complete with a pretty unique feature. The newest version of the system will send weekly “activity updates” on children’s accounts to their parents, allowing the parents to see their browsing histories and usage. But Window’s new parental control feature is a potentially dangerous invasion of privacy for young people.

The feature, according to Business Insider, is automatically turned on for family accounts on a computer running Windows 10. Each week, the parental account will get an email with information about the activity on the child’s account. As Microsoft put it on its website:

When you add a child’s Microsoft account to your family, you’ll get regular activity report emails summarizing how much time they spent on the PC, the websites they visited, the games and apps they used, and the terms they’ve looked up in search engines like Bing, Google, or Yahoo! Search.

But the internet has long been a valuable resource for young people to explore parts of the world on their own. It allows young people to connect with others outside of their immediate area and discover new hobbies or interests.

The internet has also been a particularly important resource for LGBTQ teens who are looking for resources. Some of these teens could be accidentally outed to their parents by Window’s new service. LGBTQ youths are still subject to abuse, harassment, and rejection by their families at heartbreakingly frequent rates. The Center for American Progress reports that roughly half of LGBTQ youth face a negative reaction from their families when they come out. According to the Williams Institute, a non-profit organization that works with LGBTQ young people, roughly 40 percent of homeless youth identify as LGBTQ. For a young person who is not ready to have that conversation with his parents yet, the fact that his internet searches can out him has the potential to become incredibly dangerous and damaging.

Another big flaw in this supposed “safety feature” implemented by Windows is that it doesn’t tell the young people they are being monitored. There’s apparently a small pop up that informs the user that their use could be monitored, but there aren’t any details about what extent, or the very active way in which Microsoft informs parents.

It’s understandable that some parents would want to know what their child is looking at on the internet, but this new Windows feature could end up doing more damage than good.

Anneliese Mahoney

The post Window’s New Parental Control Feature Could Accidentally Out LGBTQ Youth appeared first on Law Street.

Protecting Email Communication: Is it Possible?

Southwestern Law School — Tue, 28 Jul 2015 14:25:26 +0000

Image courtesy of [Darwin Bell via Flickr]

Protecting Online Communication: A History

In order to explore the discussion about online privacy that the Southwestern Law panel undertook, it’s important to understand the context of protected communication. Even before Snowden’s leak, no one liked to imagine that their private communications were easily readable. More importantly, so many of us now store our most important information online–whether that is bank accounts, identification information, or medical records. Pieces of our personal information that used to be kept under lock and key in paper form are now stored in electronic, intangible ways. So it makes sense that ever since this kind of online storage has existed, some have sought to protect their information from prying eyes.

But after Snowden’s leak the urge to protect information became particularly focused on one set of prying eyes: the U.S. government. During the Southwestern Law panel, Tien introduced the complicated conversation about protected communication as follows:

That issue has come back in the post-Snowden world. Because one of the things that became really, really clear from his revelations is that the government spends a lot of time and energy thinking about how it can subvert and undermine the technology we use to protect our privacy.

Email Encryption

This brings us to the concept of encrypted email–one of the most basic building blocks of protected communication. There are multiple ways to encrypt email, but at its most simplistic form, encryption means that a message cannot be read by anyone who is not authorized to do so–whether it’s a government agency, employer, or a hacker looking for vulnerable personal information to exploit.

Encrypted email usually involves public and private “keys.” As the names indicate, public keys are available to the public–essentially anyone with whom you want to trade emails–and private keys are kept by the owner of the email account. Imagine Person A wants to exchange emails with Person B. Person A gives Person B her public key, and Person B writes an email, then uses the public key to encrypt it. When Person A receives the email, she needs to use her private key to unlock the email that has been encrypted with the public key–and because she’s the only one who has the private key, she’s the only one who is able to do so.

Of course, that is just encryption at a very basic level and it can be significantly more nuanced than that. The encryption described above requires some people to have keys–usually an account provider such as Gmail, for example. The next level of encryption that is said to be on the horizon will place the encryption process on the computer rather than on servers, so even the company providing the service won’t have the key. But that’s also where the legal concerns the Southwestern Law panel discussed start to come into play.

The Legality of Encrypted Email

There’s nothing inherently illegal about encrypting emails, but that hasn’t stopped those who create the programs and services from running into legal trouble here and there, particularly with the United States government. One case discussed by the Southwestern Law panel surrounded an email service called Lavabit, founded by entrepreneur Ledar Levison. Snowden used Lavabit, and when he fled the country after revealing information about the NSA’s surveillance program, the FBI wanted to access his account. However, the government requested the private encryption key for Lavabit generally in its attempt to access Snowden’s key. Lavabit provides encrypted email to nearly half a million people. Levison at first was unwilling to give that information, and chose to shut down the company after a very long legal back and forth in which he was served multiple times. The dominant narrative about what happened to Lavabit focuses on the complicated nature of what the FBI was asking for. During the panel, Tien explained the sheer difficulty of what the government was asking Levison to do:

After Lavabit shut down, some similar companies followed in its wake. SilentCircle, also offering encrypted email services, shut down in anticipation of similar issues with the government at some point in the future. Callas, a co-founder of SilentCircle, explained the decision to shut down while at the Southwestern panel, citing fear of a reputation hit, and saying that “when the house next door gets raided, you wonder if you’re next, and that’s when you make sure that your shredder is working.”

Despite Lavabit’s abrupt closure, companies haven’t stopped their quests to create truly private, encrypted email–they’ve just had to become more careful. One of the new companies that sprung up in the wake of the Snowden revelations and the subsequent focus on encrypted email is called ProtonMail. It promises that new frontier of encryption: a company that doesn’t have the keys to encrypted email. If a company doesn’t have the keys itself–the way Lavabit did–it can’t provide them when the government comes to call. Andy Yen, one of the founders of Proton Mail, explained:

We encrypt the data on the browser before it comes to the server. By the time the data comes to the server it’s already encrypted, so if someone comes to us and says we’d like to read the emails of this person, all we can say is we have the encrypted data but we’re sorry we don’t have the encryption key and we can’t give you the encryption key.

ProtonMail isn’t the only new service that’s attempting to make encrypted email even more private. Levison, along with a number of like-minded partners, created the Dark Mail Project, which is working on a new set of email protocols called Dime. Dime is specifically focused on metadata in addition to the actual messages being sent. Metadata includes things like location and time when a message was sent. That kind of information has also been highly coveted by the government. Again, like with ProtonMail, the logic is that if the provider doesn’t have the information the government is looking for, the government can’t go after the company.

Whether or not that’s strictly legal, however, does appear to be a gray area. Since some of these features are so cutting edge, it’s hard for American law to keep up with it. As Dailydot explains it:

As the law currently stands, people aren’t required to build online services that are accessible by a government request; but, if your service is in any way penetrable, the operators of those services can be compelled to turn over what information the government could theoretically access.

This lack of clear guidelines has sparked frustration from both email encryption companies and the government, which has led to the government asking for something called a “backdoor.”

Backdoors

A backdoor to encrypted email is pretty much exactly what it sounds like: a special entrance for the U.S. government–normally the FBI–to use in order to access data in case it needs to do so. But whether or not they should be instituted is a contentious point of debate. While the Southwestern Law panelists tended to argue against backdoors, in order to understand their points, it’s important to acknowledge the arguments for backdoors purported mainly by the government.

Arguments in Favor of Backdoors

The FBI’s argument for a backdoor is multi-faceted, but it all essentially boils down to a single idea: national security and safety. The most compelling argument is that if these types of software are used to arrange terror plots or other nefarious acts, the FBI, or any other relevant agency, needs to be able to gain access to that information. As President Barack Obama put it in January 2015: “If we find evidence of a terrorist plot…and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem.”

Those who espouse the necessity of backdoors also point out that it has nearly always been possible for the government–particularly the American government–to listen in on or read private correspondence between citizens if there is a national security issue at risk. While there are rules about reading citizens’ mail or wiretapping conversations, those options have almost always been open to government officials if the proper channels and rules were followed. The idea that a type of communication could be created in which the government simply could not access the messages is not consistent with American security practices to date.

Arguments Against Backdoors

One of the strongest arguments on this side is that creating a backdoor for the government weakens the system as a whole. There’s really no way to create a backdoor that only the U.S. government can use–it creates vulnerabilities that enterprising hackers, terrorist groups, or foreign governments can also exploit, albeit with a bit more difficulty. So, allowing the government to have access to encrypted emails in order to fight terrorism could backfire and weaken national security.

There’s also a counter-argument to the idea that the U.S. government has traditionally had access to our private communication. This argument posits that the government’s ability to search private citizens doesn’t entitle it to whatever it wants, but rather gives it permission to try to gain access. As Edgar put it during the Southwestern Law panel:

The FBI director has been making the government’s traditional argument, which is the government has a right to monitor communications as long as they get a lawful order for it, under whatever that legal standard is. And I’ve always thought, even since law school, that just gets it completely backwards. The government’s warrant isn’t a right, it’s a permission. It’s a judge saying you are permitted under the law to do something that if you were a private citizen would be illegal because we think it’s important for law enforcement or national security.

There’s also the concern that the U.S. government would use backdoors to continue one-size-fits-all surveillance on American citizens. According to a poll conducted by the Pew Research Center, 73 percent of Americans think it is acceptable for the U.S. government to monitor suspected terrorists, yet only 37 percent of Americans think it’s acceptable for the government to spy on American citizens. Given the significant evidence that that type of monitoring was exactly what was happening, it makes sense that many would be hesitant to allow the American government in to monitor “terrorists” if that means giving it access to non-suspects as well.

So is it actually possible to have entirely private email?

It’s not an easy question to answer. Instead, it’s a matter of weighing priorities and sacrifices, and those aren’t consistent from person to person, let alone the American government as a whole. Southwestern Law, as well as other legal and academic institutions, is working to answer these questions, but it’s important to keep in mind that there may never be a cut-and-dry answer.

In order for communication to be completely and fully protected, we have to realize that we may get to the point where companies and developers are building systems so protected that no one can break them, not even their creators. That is viewed by some as deeply problematic, because there really will be no ability for surveillance or access for the government at that point.

While we aren’t yet at that point, it’s indubitable that Snowden changed the way that we look at privacy, national security, and communication, and his releases sparked a larger national debate about how to protect email. But the reality is that there may never really be an answer to the question of how to protect our online communications.

Resources

Primary

Southwestern Law: Biederman Institute: Online Privacy Conference

Additional

Lifehacker: How to Encrypt Your Email and Keep Your Conversations Private

Forbes: The Only Email System the NSA Can’t Access

Guardian: Secrets, Lies, and Snowden’s Email: Why I Was Forced to Shut Down Lavabit

Time: Hackers Unveil Their Plan to Change Email Forever

Center for Democracy and Technology: A “Backdoor” to Encryption For Government Surveillance

Wall Street Journal: Obama Sides With Cameron in Encryption Fight

Slate: Obama Wants Tech Companies to Install Backdoors for Government Spying

Economist: Going Dark

Pew Research Center: Global Opinions of U.S. Surveillance

Southwestern Law School

Southwestern Law School, home of the #1 Entertainment Law program in the country, offers more than 60 courses, seminars, externships and clinics in entertainment and media law through its J.D. curriculum and LL.M. program in Entertainment and Media Law. Southwestern Law School is a partner of Law Street Creative. The opinions expressed in this author’s articles do not necessarily reflect the views of Law Street.

http://www.swlaw.edu/

The post Protecting Email Communication: Is it Possible? appeared first on Law Street.

Ashley Madison May Have Cheated Cheaters

Taelor Bentley — Wed, 22 Jul 2015 13:30:32 +0000

Image Courtesy of [Ferran Jordà via Flickr]

Dating websites are nothing new to our generation. Singles go online, make a profile, and meet people similar to them with hopes of finding their soulmate and happily ever after–or so we thought. A different kind of dating website with some taboo clientele is changing the matchmaking game, and hackers don’t like it.

AshleyMadison.com is a dating website for people who are not so single…in fact, they’re usually married. Millions (yes millions) of married people have gone to the site to have secret affairs. Although Ashley Madison claims to be discreet, users of the site are now nervously watching for news updates after hackers calling themselves the “Impact Team” stole their personal information from the site late Sunday, and are now threatening to expose it.

AshleyMadison, a website for people seeking affairs, boasts 37 million users. It was hacked. http://t.co/lisUnFg839 pic.twitter.com/UIKaxIa0nC

— WSJD (@WSJD) July 20, 2015

The site, which has over 37 million users, prides itself on being the “world’s leading married dating service for discreet encounters.” It even offers users who want to erase their sneaky past a “full delete” feature (for a $19 fee) that promises to delete all of the user’s personal data from the server. However, the hackers are claiming that this feature is a complete scam and the data of those who paid for it was never deleted.

According to Brian Krebs, the blogger behind Krebs on Security, the hackers have warned that if Ashley Madison and its sister site, EstablishedMen.com, are not taken down for good they will “release customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.” Impact Team went on to mock the site and its users writing,

Too bad for those men, they’re cheating dirtbags and deserve no such discretion. Too bad for ALM [Avid Media Life, the parent company], you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

Unfortunately for Ashley Madison hack victims, sympathizers are few. Some people are even glad the site was hacked, and think the information being released would be a good thing.

I see the ‘Ashley Madison’ website has been hacked and they’re threatening to expose everyone on it. GOOD, cheating should not be condoned.

— Ashley (@Ashleyybrewer) July 20, 2015

In a statement responding to the hack Avid Media Life said,

We were recently made aware of an attempt by an unauthorized party to gain access to our systems…At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act.

CEO of Ashley Madison, Noel Biderman, believes that the attack was an inside job by someone who has worked with the company’s technical services before and that he is getting close to confirming who the culprit is. But was Ashley Madison cheating cheaters? If the company’s “full delete” feature is in fact a scam, it cheated users out of an estimated $1.7 million during 2014, and could be cause for some serious lawsuits against the company.

For now Ashley Madison is still up and running. The excerpts from the site that have been leaked by the hackers were taken down; however, this doesn’t get the cheaters off the hook. The Impact Team still reportedly has a copy of the full database so users might want to think twice before continuing their “discreet” affairs.

Taelor Bentley

Taelor is a member of the Hampton University Class of 2017 and was a Law Street Media Fellow for the Summer of 2015. Contact Taelor at staff@LawStreetMedia.com.

The post Ashley Madison May Have Cheated Cheaters appeared first on Law Street.

Uber Users: Beware of Tracking Software

Toni Keddell — Mon, 29 Jun 2015 13:00:02 +0000

Image courtesy of [Paul Goddin via Flickr]

Does privacy even exist in the digital world these days? Many argue no, as more and more companies use elaborate software to track their customers’ precise locations, spending habits, facial features, and shopping preferences. Uber is just the latest company to come under fire for going “big brother” on its customers.

Uber recently announced a plan to track customers through the app, even if the user shuts it off, deletes it, and even turns off the GPS function. Last Monday, a formal complaint was filed against Uber by the nonprofit research group Electronic Privacy Information Center (EPIC) at the Federal Trade Commission (FTC) in Washington, DC. This was done in an effort to get the agency to prohibit the taxi-service company from instituting these new changes.

Uber will soon be able to track your location even if you exit the app and have GPS turned off http://t.co/RZUN2EaMej pic.twitter.com/StttNhjVqr

— Business Insider (@businessinsider) June 23, 2015

These new updates are expected to take effect around July 15th, a decision that Uber announced on May 28th, although not without some serious uproar.

If you are an Uber user, your every move will soon be able to be tracked; this revelation has left many customers on edge. What’s most appalling about this update is that it will let the company trace not only the whereabouts of its customers, but also everywhere that they’ve ever traveled while they’ve had the app on their phones. This is a major issue that people have with this update since the company will retain all the past location data of its consumers, with no indication when this information will be deleted, if ever.

Despite the backlash over this new policy, Uber stated that there is no support for these allegations made by EPIC. It claims that these changes in data collection are being done solely to help Uber optimize its services so that it can improve customer satisfaction. The company believes that it is completely necessary to track its customers’ every move in order to provide optimal services with shorter wait times. Uber does not see any problems with this new update, nor any truth in the many complaints against it. It also claims that its customers’ privacy is of its utmost concern.

Uber has a reputation for breaching the privacy of its customers, as this is not the first time that the app has been criticized by the public. It has encountered numerous lawsuits lately, such as when it was accused of tracking a customer without first receiving consent, cheating customers, and failing to meet local regulations in the United States.

Despite there being some extreme opposition to this change in the privacy policy of the app, there are some people who see the benefits of it. Some state that since this update has the potential to drastically change a customer’s experience so it is worth the hassle. This update would likely help Uber to figure out where most of its customers are so it can concentrate drivers in the most popular areas.

Uber remains one of the growing giants of the tech industry, it has been valued at $40 billion even though it was created only six years ago, and it continues to grow at absurd rates. For a company that is still so new, it is imperative for it to maintain its following and to keep the public’s interest. It currently provides millions of trips a day for users across the globe, and so the last thing Uber wants to do is upset its loyal customers.

Infringing on people’s privacy can be quite daunting, especially for those who have secrets to hide. Americans today are very conscious of their security, and so the thought of a company having access to your exact location at all times can seem frightening. Uber claims that it will give all customers the option of whether or not to report their location data back to the company, however, this choice will not be possible to disable on all phones.

Not only will this new update track customers’ locations, but it will also access users’ contact lists upon approval. Uber is doing this so that it can send promotions to riders’ friends and family, and to also implement its improved “split fare” feature. Communicating with a person’s contacts in such a manner might even be breaking a federal law, which states that a company can’t call or text people without first getting written permission.

It seems that Uber tried to keep the implications of this new update under the radar, although EPIC is not about to let it slide for violating its customers’ fundamental rights to privacy. The group is outraged at this new policy change, as it stated that it finds it to be a threat to people’s overall safety and privacy rights, it could create a substantial risk of harm for customers, and that it would “constitute an unfair and deceptive trade practice.”

Don’t people have the right to feel secure within their own devices? In an age where virtually anything can be found or performed online, people want to feel like their privacy is always being protected. There is currently no word as to whether the FTC will investigate the claims made by EPIC, although it might have to as this story continues to develop and gain publicity.

Toni Keddell

Toni Keddell is a member of the University of Maryland Class of 2017 and a Law Street Media Fellow for the Summer of 2015. Contact Toni at staff@LawStreetMedia.com.

The post Uber Users: Beware of Tracking Software appeared first on Law Street.

Idaho Murder Case Raises Concerns Over Crime-Solving Technique

Alexis Evans — Wed, 06 May 2015 21:28:20 +0000

Image courtesy of [thierry ehrmann via Flickr]

A 20-year-old Idaho murder case is currently stirring up concerns about police use of private genetic databases and the limitations of controversial familial DNA searches. The controversy is coming to light after a man named Michael Usry was accused of murder after police linked him to DNA found at the crime scene. The catch was that the officers got their lead from the world’s largest and most popular for-profit genealogical website.

According to the New Orleans Advocate, gory New Orleans filmmaker Michael Usry became implicated in the gruesome rape and murder of an Idaho woman named Angie Dodge after a genome database owned by Ancestry.com released private DNA information to the Idaho Falls Police Department. The information indicated that Usry’s DNA could be a match to semen found on Dodge’s corpse.

On June 13, 1996, 18-year-old Dodge was found stabbed in her Idaho Falls apartment. The violent nature of the crime and desecration of Dodge’s body led the Idaho Falls Police Department to believe that it was a crime of passion and that she knew her attacker. An investigation and confession led police to charge a man named Christopher Tapp for the murder, but his conviction has has been widely criticized and there have been claims that he was wrongly convicted.

That’s where Usry comes in. Decades later police were still concerned that they were never able to match Tapp’s DNA to the semen found on Dodge’s stomach. Last year investigators turned to the controversial technique of familial DNA testing, which involves identifying potential suspects by analyzing the DNA’s Y chromosome and trying to find a family member of the perpetrator. According to the Advocate,

A promising “partial match” emerged between the semen sample and the genetic profile of Usry’s father, Michael Usry Sr. — a finding that excluded the father but strongly suggested one of his relatives had a hand in the young woman’s murder.

The Sorenson Molecular Genealogy Foundation, a nonprofit purchased by Ancestry.com, had the elder Usry’s DNA samples from years ago when he submitted them through a project sponsored by the Mormon Church. What’s concerning is that according to the Electronic Frontier Foundation, the DNA samples collected by the nonprofit were only meant to be accessed and analyzed by the “principal investigator and the others specifically authorized by the Principal Investigator, including the SMGF research staff.” Despite this, the company shared the samples with the police without a warrant or court order.

This DNA sample obtained by the police reportedly partially matched Usry Sr., but it also partially matched with 41 other samples in the database. However, police followed the lead from Usry Sr.’s DNA. Despite police being sure they’d finally found Dodge’s real killer, when they eventually compared Usry Jr.’s DNA to the sample from the crime scene, they discovered that he was not a match.

The reason why this man’s case is so important is because police use of private DNA databases without authorization from the courts threatens all Americans’ privacy and civil liberties. The people who submitted their DNA to this company did so under the guise that their information would be protected, but this controversy is proof that that was simply not the case.

This case also adds further scrutiny to the controversial method of familial testing. Fans of familial testing see it as a way to crack unsolvable cases, but the potential discrepancies and large pools of related DNA hardly make it a perfect science. Just a few weeks ago the FBI found itself in similar deep water after it was uncovered that its experts gave flawed forensic testimony in many trials in recent decades. That revelation scrutinized the accuracy of microscopic hair analysis, also said to be an imperfect science.

These cases make it clear that the forensic world could use more advancements to generate greater certainty when it comes to DNA analysis. It also makes you wonder how many innocent people weren’t as lucky as Usry and are behind bars because of less than perfect DNA matches.

Alexis Evans

The post Idaho Murder Case Raises Concerns Over Crime-Solving Technique appeared first on Law Street.

Healthcare Digitization: Balancing Public Health and Privacy

Ashley Bell — Thu, 23 Apr 2015 20:51:39 +0000

Image courtesy of [NEC Corporation of America via Flickr]

Many aspects of our lives have escaped the shackles of the real world and gone digital. Most of our music, movies, work files, and even financial data exist in digital and cloud-based worlds with no tangible counterparts. But the transition to the digital realm has been slow and laborious for the largest and possibly most important data set of all: health data. The health care system in the United States has proceeded towards digitization with prudent caution; a glitch in a digital health system means more than a corrupted music file, it could mean the difference between life and death.

It’s easy to get caught up in the vision of a completely digitized healthcare system. Faster and more effective treatments? Fewer forms to fill out? Massive data sets that could vastly improve public health? Who wouldn’t be excited? Most people believe in the benefits, but the digitization of health data involves much more than just desire and ability. Laws, protocols, and privacy concerns slow digitization efforts like well-placed speed bumps.

Here’s an overview of laws affecting health digitization, how some people innovate around them, and what’s coming up next for digital health.

Health Data Laws: Well-placed Speed Bumps

Your own personal health information isn’t always just about you. A doctor can use your health data in two basic ways:

1. To treat you and only you. This is called primary use.

2. To inform broader public health decisions, including things like disease prevention. This is called secondary use. For example, a University of Pittsburgh project called Project Tycho collected 88 million disease reports from the CDC’s Morbidity and Mortality weekly report and incorporated them into an open-access database. They use it to study the long term implications of interventions, like the polio vaccine, over long periods of time. In this video, the Dean of Pitt Public Health explains that the project is named after Tycho Brahe, a Danish astronomer who mapped stars and planets–data that Johannes Kepler eventually used to derive the laws of planetary motion. He hopes researchers can build on existing work to make groundbreaking discoveries in disease prevention.

Health data gets complicated in secondary use. Laws protect individual privacy and ensure doctors don’t compromise personal health data for the sake of public health or research goals. As the technology for sharing and collecting health data has improved, legal applications have become more complicated.

Overall, different federal and state laws layer on top of each other to create a legal framework that protects health data privacy. The centerpiece of this framework is the Health Information Portability and Accountability Act of 1996 (HIPAA).

The Health Information Portability and Accountability Act of 1996 (HIPAA) and its Privacy Rule

This rule limits the use of protected health information (PHI), which is health information that might be used to figure out your identity. Basically, no one can use your info without your permission. It oversees the gambit of entities that might touch your info in the entire healthcare system.

The rule isn’t a nail in the coffin for the use of data in public health. Entities can use PHI without authorization for the prevention and control of disease, disability, or injury. The law also allows unauthorized use of PHI for matters of national security and for law enforcement activities. Working with these exemptions, public health entities can make brilliant use of PHI. For example, the University of Maryland Center for Substance Abuse Research’s National Drug Early Warning System supplements traditional health data with data found on social media tools to find patterns that indicate emerging drug trends and launches interventions to fight drug use.

The system is just one example of innovation in spite of laws that restrict health data use. But when it comes to innovation, the unregulated types of health data hold the most promise. Current laws do not cover information that is patient generated. Therefore, private companies and organizations have latched onto the idea of patient generated data and what it could mean for overall health.

Innovations in Patient-Generated Data

People share a lot of other things online, why not something as important as health data? That’s the simple philosophy behind many new, and perfectly legal, tools that count on people to opt into sharing their health information for the greater good. With no regulations on the use of patient generated data, the research and preventative implications could be revolutionary.

Here are just a few examples of tools using patient-generated data:

Apple’s ResearchKit

Apple’s new initiative harnesses the research potential of the iPhone, which has sophisticated abilities to track actions and record information. It allows individuals to participate in studies through self-reports using their iPhones instead of traveling to research centers. It’s a goldmine of quantitative data possibilities for researchers trying to understand certain diseases as the ResearchKit framework opens up endless possibilities for accessing patients. Researchers simply build an app that suits their study and launch it.

Mount Sinai, Weill Cornell Medical College, and LifeMap already used ResearchKit to develop the Asthma Help app that allows them to understand what might be aggravating asthma symptoms. It incorporates GPS data from the phones with city air quality data to advise asthma patients of locations where their symptoms could be the worst.

The Robert Wood Johnson Foundation Data for Health Initiative

This initiative doesn’t focus on collecting data, but dives into all of the data already being collected to determine what information has the potential to do the most good. According to the foundation, 40,000 health apps and wearable health devices already exist and produce a lot of useable data. They’re encouraging health professionals to look at data they already have in new ways.

University of Michigan’s Genes for Good Project

This project prospects Facebook as a potential recruiting ground for genetic research participants. The project aims to have people send spit samples to a laboratory and then fill out periodic follow up questions via a Facebook app. The participants’ personal information would still be protected. The researchers chose Facebook because it grants the ability to potentially recruit a more massive amount of participants than usual. As the researchers try to understand how the interplay of genes and the environment influence disease, more data helps make more robust conclusions.

How the Government Encourages Health Information Sharing

The government sees no reason for laws to limit innovation in the digitization of health care and has pushed out new programs that prove its commitment to digital efforts and information sharing.

In April, the HHS announced it would grant a million dollars to support community initiatives that promote the flow and sharing of health information. The money will support projects under what’s called the Community Interoperability Health Information Exchange (HIE) Program. The funds and the program will help the awardees use health information in effective, appropriate, and secure ways.

Additionally, the HHS also announced a new Federal Health IT Strategic Plan for 2015-2020. The plan tackles how to move forward in the collection, sharing, and use of health data in appropriate ways. The Nationwide Interoperability Roadmap came out in draft form this past January.

HHS Secretary Sylvia M. Burwell summarized the key purpose of the roadmap nicely:

A successful learning system relies on an interoperable health IT system where information can be collected, shared, and used to improve health, facilitate research, and inform clinical outcomes. This Roadmap explains what we can do over the next three years to get there.

What can we learn about health on social media?

Some people choose to take health matters into their own hands and social media empowers them to do so. As data and information becomes more readily available through social tools, previously unknown advantages and disadvantages could emerge.

Most recently in Belgium, a man became frustrated with the long wait times necessary to find a kidney donor in the traditional fashion. He took to Facebook to tell his story and recruit his own donors. He found eight volunteers but ultimately doctors refused to perform the surgery because it would be unfair to other patients waiting for traditional donors. This case provides a glimpse into issues of equality that might arise if more people use social tools to their advantage. Can someone use social media tools to find themselves organ donors when others can’t access the tools or even computers?

Social media has also taught us that more data isn’t always better. Not too long ago, Mark Cuban, the Dallas Mavericks owner, tweeted that people should get quarterly blood-work so they can better track their own health.

Doctors responded by saying that doing just that could have dangerous consequences. More testing produces more false or incorrect results and reveals other fluke abnormalities. The abnormalities might lead to unnecessary treatment that comes with potentially harmful side effects. Some did admit that Cuban’s vision might be one for the future–where tests have improved and the average person is well versed in analyzing his or her own medical data.

Prepare for Information Overload

The digitization of health care, whether done under HIPAA regulations or through open-source patient generated data, promises to usher in a new era of big data in health care that brings infinite possibilities for the health field. But more data does comes along with more complications. Will we be able to balance privacy with equality while actually using the data to our advantage? So far, we’re on the right track.

Resources

Primary

Centers for Disease Control and Prevention: Federal Public Health Laws Supporting Data Use and Sharing

U.S. Department of Health and Human Services: HHS Announces $1 Million in New Grant Programs to Help Improve Sharing of Health Information

U.S. Department of Health and Human Services: New Federal Health IT Strategic Plan Sets Stage for Better Sharing Through Interoperability

National Institute of Drug Abuse: NIH System to Monitor Emerging Drug Trends

Additional

Public Health Reports: Big Data and Public Health: Navigating Privacy Laws to Maximize Potential

Robert Wood Johnson Foundation: Using Data to Build a Culture of Health

Robert Wood Johnson Foundation: Robert Wood Johnson Foundation Launches Initiative to Assess How Data Can Be Used to Improve Health

NPR: Tracking Your Own Health Data Too Closely Can Make You Sick

The Atlantic: Should Patients Be Able to Find Organ Donors on Facebook?

Apple: ResearchKit

Buzzfeed: A New Facebook App Wants To Test Your DNA

Ashley Bell

Ashley Bell communicates about health and wellness every day as a non-profit Program Manager. She has a Bachelor’s degree in Business and Economics from the College of William and Mary, and loves to investigate what changes in healthy policy and research might mean for the future. Contact Ashley at staff@LawStreetMedia.com.

The post Healthcare Digitization: Balancing Public Health and Privacy appeared first on Law Street.

Tribeca Film Festival Storyscapes Examine Big Data & Confidentiality

Corinne Fitamant — Fri, 17 Apr 2015 12:30:23 +0000

Image courtesy of [Clementine Gallot via Flickr]

The 2015 Tribeca Film Festival kicks off its 14^th year of programming this week. Since its inception, the Festival has enabled directors and filmmakers from all over the world to showcase their independent movies and new projects.

Some of those projects include interactive elements. The Tribeca Film Festival’s Storyscapes program features five immersive projects vying for the 2015 Storyscapes Award. Two of the projects are particularly concerned with one overarching theme—access to personal data.

Is privacy a luxury in the age of the Internet? Corporations such as Google and Facebook often track consumers’ online behavior without their express consent. The data is collected and used to create specifically targeted advertisements under the guise of “personalization.” Businesses aggregate millions of dollars worth of information for free; they never compensate consumers for the info they provide.

Here’s a very mild example: Teen girl posts online status about coffee. Teen girl gets Facebook ads exclusively for Starbucks. Teen girl looks at ad, is reminded of the company, and gets her afternoon Frappucino. (Starbucks +1, Teen girl -$3.95)

The average Joe and/or suburban coffee addict can’t sue big companies for using their data because, usually, people sign contracts that they never read. (Case in point: when’s the last time you updated Flash? Did you read all the licensing copy before you clicked “I Agree” and continued? Didn’t think so.) In the fine print of many software or program updates, in extremely bombastic and verbose legalese, is a section that states that you allow the program to use any and all of your information free of charge if you sign on the dotted line.

Let’s take a look at the two Tribeca Storyscapes projects that address the commodification of personal information.

DO NOT TRACK

“Do Not Track” is a personalized documentary program that discusses the dangers of having an increasingly personalized online experience. If users are only shown ads that are relevant to them, will that make them intolerant of other advertising…or even other people?

Consumers have become accustomed to serving up their information online—it’s become a nasty little modern habit rather than a cultural annoyance. People have embraced the companies that use data mining to sell products…where’s the outrage? Perhaps you’ll find it at the live installation.

Check out dates/times to visit the installation here.

KAREN

The considerably less political (but just as provocative) project “Karen,” has been brought to Tribeca by Blast Theory, developed in partnership with National Theatre Wales. Karen is a life coach app who asks the user questions to determine his psychological profile. Blast Theory’s website claims that Karen “starts to identify things she shouldn’t know.” In trying to create a thrilling and personal experience, the creators of Karen looked into different methods of information aggregation.

We became fascinated with big data, and particularly how governments and large companies such as Facebook are collecting data on us secretly and using it without our consent.

Karen’s evaluation of your personality may reveal unsettling details about your cyber security. Want to hear Karen for yourself? Schedule your appointment here. (Bonus points if you recognize the performer who plays Karen, actress Claire Cage, from the British TV series Coronation Street.)

Wonder how much public information you can find about yourself online? Try conducting a search in a brand new window. Open Google Chrome, click File, and then select New Incognito Window. If you use this option, your new search won’t be tainted by your past search history. Happy Googling!

Corinne Fitamant

Corinne Fitamant is a graduate of Fordham College at Lincoln Center where she received a Bachelors degree in Communications and a minor in Theatre Arts. When she isn’t pondering issues of social justice and/or celebrity culture, she can be found playing the guitar and eating chocolate. Contact Corinne at staff@LawStreetMedia.com.

The post Tribeca Film Festival Storyscapes Examine Big Data & Confidentiality appeared first on Law Street.

Yale Law School Deletes Admissions Records After Student Requests

Brittany Alzfan — Wed, 25 Mar 2015 14:41:59 +0000

Image courtesy of [Anne via Flickr]

Recently, some Stanford Law students realized that they could request access to their admissions records in accordance with the 1974 Family Education Rights and Privacy Act. Students around the country, including some at Yale Law, caught wind of this and requested to see their records as well. So, how did Yale respond? By deleting all of its admissions data, of course.

Now Yale Law School will continue to delete all of its admissions evaluation data after each annual admissions cycle. Included in this data are numerical evaluations made by Yale Law School officials and faculty and the identities of the deciding individuals. This decision was made by law school administrators without any sort of announcement, and the school had already received multiple FERPA requests before the records were deleted.

This practice is not completely new for Yale–before they had electronic applications starting in 2001, applications were submitted on paper and were discarded after each year. In an email, Yale Law School Associate Dean Asha Rangappa said: “recent FERPA requests prompted us to look at our record-keeping practices, and the decision was made to revert to our previous practice, which was to discard evaluation records after they had fulfilled their intended purpose.”

According to Rangappa, this decision was made to protect the professors at the school. Giving students access to their admissions records would mean giving them access to the notes and numerical evaluations made by the professors throughout the admissions process. These professors are the ones that go on to ultimately decide who get accepted into the prestigious law school, and allowing students to see those decisions may lead to tensions between students and faculty.

Rangappa also stressed that, “candid evaluations provided by faculty members and others are a critical part of the law school admissions process, and if faculty reviewers knew that this information could be shared with admitted students, they might be reluctant to participate in the process.”

Professors like Akhil Amar, who is also faculty chair of Yale Law School, understands this decision despite that fact that it was made without the law professors’ knowledge or input. He acknowledges that the maintenance of school records is the responsibility of the administration, and does not necessarily involve the faculty.

In fact, Amar not only understands, but also agrees with the decision. He told the Yale Daily News that it’s important to preserve the unique quality of the admissions process, and deleting these records will help do just that. If every student has access to their admissions records, then it wouldn’t be long before information about the admissions process were to spread. According to Amar, the faculty who have participated in the admissions process were doing so assuming confidentiality and protection.

Additionally, Amar argues that FERPA does not actually allow students to examine their admissions records. According to Amar, the purpose of FERPA is to ensure that future employers or other schools receive the correct student record. Students are allowed to see their academic records to ensure that all of the information contained in them is correct. However, no one else will ever need to see the students’ admissions records. Amar stated:

As I understand the basic purpose of the law, it is to allow students to have access to files that perhaps might be visible to various outsiders — employers and judges and the like — to correct their records. When it comes to admissions decisions, that is not part of their academic record; that is not shared with anyone. FERPA is about giving the student privacy and a certain control of the information so that the student can correct any mistakes, and none of that applies to admissions information.

Students, however, had mixed reviews of the decision. Some students, like a 3L named Matt Kemp, understood it. According to Kemp, he understands the desire of the faculty to maintain privacy and protection throughout the admissions process, but also believes that the purpose of FERPA is to allow students to see their admissions records.

Others, like 3L Dennis Owrutsky, considered the decision to be “irresponsible.” He believes that in deleting the records, the school lost valuable insight into the admissions process. He said that “[The law school] now lacks the resources to evaluate itself objectively.”

While there were a range of responses to the decision, most students do agree that Yale Law School did not have a legal obligation to preserve the data. It will be interesting to see the response to increased awareness about FERPA. Will more students across the country start asking to see their admissions records? And if so, will other schools follow in Yale’s footsteps and take action in order to preserve the integrity of their admission processes?

Brittany Alzfan

Brittany Alzfan is a student at the George Washington University majoring in Criminal Justice. She was a member of Law Street’s founding Law School Rankings team during the summer of 2014. Contact Brittany at staff@LawStreetMedia.com.

The post Yale Law School Deletes Admissions Records After Student Requests appeared first on Law Street.

Personal Records Online: Who’s Protecting Your Information?

Valeriya Metla — Thu, 19 Mar 2015 13:00:52 +0000

Image courtesy of [DARPA via Wikimedia Commons]

As we live in the New Media Age, the internet has become an omnipotent tool that millions of us use every day for a variety of reasons. The internet changed the way we go about our daily lives, providing a myriad of possibilities to meet people, organize tasks, buy products, and even search for people’s public records with the click of a mouse.

What are public records?

Public records are documents that can be openly accessed for inspection by any person. Often, personal information becomes a part of a public record when a person interacts with government agencies on the local, state, or federal level. Public records can include quite a collection of data: birth, marriage, death, arrest, tax, property ownership, driver’s license, occupational licenses, and voter registration information. Most of the time, providing personal information to government agencies is mandatory, leaving individuals no choice but to disclose their addresses, social security numbers (SSNs), and medical or employment histories. For example, if one donates over $200 to a political campaign, he has to provide his name, address, and employment information. All of the provided data automatically becomes a matter of an individual’s public record, and can be accessed through countless information broker websites. Court files are also public records, and all information contained within the files, with few exceptions, can be accessed without legal restrictions as well.

How do you access public records?

Historically, public records could be obtained only in paper form by physically going to the government agency or court house that collected and stored the applicable information. Starting in the mid-1990s, courts and government agencies began to provide online access to their public records directories, and to sell public files to information brokers and data compilers. Now, government or information broker websites can provide easy access with just the click of a mouse. The data broker industry is booming with thousands of companies selling all sorts of public records online.

What are information brokers?

Information brokers are companies that collect all sorts of data, including internet browsing information like consumer survey data and social media profiles, analyze an individual’s information, package it, and sell it to advertising and marketing companies. Some of the information brokers also obtain public records from local, state, and federal government agencies, and re-sell them online, adding appropriate packaging and a more sophisticated design to the reports. Many of these companies provide access to public records on a subscription basis, when a member pays a monthly fee for unlimited access to millions of public records. As there are virtually no laws that directly pertain to the information broker industry, public records can be accessed by anyone, regardless of their purpose and intentions. There are also no licensing requirements, no central registration system of any sort, and no mechanism through which it would be possible to request a copy of a personal public record that has been circulating online. Even though the information broker industry has been operating for decades, its volume and scope is much greater now, with thousands of companies mining and compiling individuals’ public records, ready to reveal our most sensitive personal data to anyone at any time.

Watch the video below to learn more about information brokers.

What are the laws that govern the information broker industry in the U.S?

The information broker industry is governed by various data protection and freedom of information laws. While the United States strongly adheres to freedom of information practices codified in the Freedom of Information Act (FOIA), there is no comprehensive data protection legislation, except for narrowly applicable laws that are subject-specific and limited in scope.

Freedom of Information Laws

Freedom of information is a fundamental human right recognized in international law and in many national laws around the globe. As of 2012, there were 93 countries that adopted comprehensive freedom of information laws or similar administrative regulations. In the United Sates, the right to access information from the federal government is outlined in the Freedom of Information Act (FOIA), a comprehensive law that provides government accountability and safeguards the freedom to access public records. In addition to this federal legislation, each state has some sort of FOI laws, with different degrees of accessibility and restrictions. As the information broker industry provides services in relation to availability of information contained in public records, it operates within the FOI legal framework.

Data Protection Laws

Data protection laws are centered on safeguarding personal information from unauthorized usage. Worldwide, more than 80 countries have adopted comprehensive laws to uphold the privacy of their citizenry. In 1970s there were only eight countries that had data privacy laws on the books; in 2010 the number skyrocketed to 89. The United States is one of only a few developed countries that doesn’t have a comprehensive law that protects online privacy, but instead relies on sectorial laws that provide limited amounts of regulation and have many loopholes. Most of these laws pertain to personal information held by the federal government, while legislation that regulates personal information in public records systems is essentially limited to the Fair Credit Reporting Act (FCRA).

The Fair Credit Reporting Act

The Fair Credit Reporting Act (FCRA) is guided by the fair information practices that were developed by the Department for Health, Education, and Welfare in the 1970s. On the whole, FCRA regulates the practices of credit reporting agencies. It promotes agencies’ accountability and safeguards security of personal data. The law requires information to be accurate, purpose specific, and accessible. It also outlines limitations on collection and usage of personal data as pertaining to credit reporting.

California’s Data Privacy Laws

California is one of the few states that protects the personal privacy of its residents as it pertains to online access to public records. In 2003, it enacted the Online Privacy Protection Act (OPPA) that requires websites that collect personal information on California residents to post and comply with the privacy policy of the state. In 2013, California enacted so-called “Don’t Track” legislation (AB 370) that requires certain websites to disclose information on how they collect data and track users. During the same year, the Right to Know Act was introduced in the State Assembly, but it failed to pass due to strong opposition from the trade groups representing the information technology industry. If enacted, it would require data brokers to provide a copy of an individual’s stored information upon request.

Case Study: Instant Checkmate

Instant Checkmate is a California-based people search engine that operates by compiling and selling instant access to criminal background checks. Originally, Instant Checkmate was a small internet startup, but it recently gained popularity due to its appealing packaging and additional features, such as its public criminal records directory, crime wire blog, and reverse phone look up.

Notably in 2014, Instant Checkmate paid $525,000 in a settlement for allegedly violating the Fair Credit Reporting Act. The lawsuit, filed by the Federal Trade Commission (FTC), claimed that the company was operating as a consumer reporting agency, but wasn’t complying with FCRA regulations, including accuracy of provided information and verification of the identity of those who were requesting consumer reports through its website.

Now, the company markets itself as a tool to locate childhood friends and check out online dates. When you enter the website, the first thing you see is a notice that states:

You may not use our service or the information it provides to make decisions about consumer credit, employers, insurance, tenant screening, or any other purposes that would require FCRA compliance.

As the FCRA is limited to regulating credit reporting agencies only, it’s not applicable to the rest of the information broker industry. In order to avoid FCRA regulations many information broker companies simply run a disclaimer stating that they are not a credit reporting agency, and continue to operate outside any legal framework that pertains to personal privacy. Instant Checkmate is one of many information broker companies that has used this tactic to escape FCRA compliance.

Watch the video below to learn more about Instant Checkmate, how it operates, and how the information obtained through its platform can be used by the third parties.

What are the advantages of online access to public records?

Online access to public records further upholds freedom of information as a fundamental right, and provides certain benefits to consumers and employers.

Benefits for the Citizenry

Access to public records is a mechanism to monitor the government as it allows its citizenry to review official actions and keep government agencies accountable. Online access to public records is an additional and more powerful tool to safeguard liberties and to ensure transparency of governmental practices. In this regard, the internet provides a platform to oversee and track government actions in relation to various matters, including decisions in individual cases.

Benefits for Consumers

Access to public records is an important consumer tool that is widely used in spheres such as employment, child support, retirement, and identity theft prevention, just to name a few. Online access to public records can highly benefit consumers and those who directly interact with government agencies and courts, if public records are accurate and up-to-date.

Benefits for Employers

In addition, access to public records can help employers screen applicants to decrease liability implications in the future. If using appropriate channels of inquiry, online background checks can assist employers in choosing the right candidate for the position.

What are the disadvantages of online access to public records?

Online access to public records increases privacy concerns, especially when the information broker industry lacks government oversight and is poorly regulated.

Discrimination and the Rise of the “Dossier Society”

Due to the fact that everybody can access public records online, individuals’ pasts become a matter of the present, including any transgressions, law violations, or simply embarrassing moments. In turn, it leads to discrimination and disenfranchisement of individuals whose records are not squeaky clean, denying them employment opportunities, normal relationships, and, simply, privacy. Some experts predict that in the future we could become a “dossier society,” meaning a society where everybody has an electronic profile that provides a detailed account of the individual’s life. In this view, a dossier society won’t allow social forgiveness and will force those who have blemishes on their records to work low-paying jobs without any possibilities for professional growth and development.

Economic Crimes

Most public records, including divorce decrees, child custody cases, and bankruptcy filings, contain sensitive information such as SSNs, financial account numbers, and dates of birth. Allowing online access to those records increases the risk of economic crimes, particularly identity theft. Online access to public records exacerbates the problem of financial fraud as it’s relatively easy to obtain personal information on the web as there are hundreds of websites that provide detailed records for a small fee. Identity theft has devastating consequences for victims as they cannot obtain credit, home loans, employment, or rent apartments.

Data in the Courtroom

Details of court cases, including the personal information of plaintiffs, defendants, and witnesses, becomes a part of the court record, and, therefore, public records. Not only can revealing personal data discourage plaintiffs from proceeding with cases, but can undermine the safety of those who are involved in the proceedings, including witnesses who testify against one of the parties. In addition, defendants often use personal medical or sexual history to promulgate damaging allegations against plaintiffs in medical bill payment or sexual harassment cases. Online access to public records facilitates the process of obtaining court files, making it relatively easy to mine personal data that can be used to alter court proceedings.

Inaccurate Information

Many times allegations that are made during court proceedings turn out to be false, particularly in disputes between business partners, former lovers, or neighbors. As a result, inaccurate information becomes a matter of an individual’s pubic record. As public records can be widely accessed online, inaccuracies in connecting information to specific individuals also frequently occur. In addition, some information brokers’ files can be outdated, creating additional errors in background reports. Mismatches and inaccuracies in personal data reports can link individuals to crimes they didn’t commit, deny them opportunities for employment, and destroy their reputations. In 2002, a New York resident was awarded $450,000 in damages as his profile contained a false criminal conviction.

Personal Safety

As many information broker companies claim that their services can ensure personal safety by revealing criminal histories of online dates, neighbors, and other acquaintances, online background checks can also do exactly the opposite and jeopardize safety for some people. As personal information of witnesses and victims is a matter of a public record, if their identities and addresses are revealed, they can be targeted by criminals for retribution, stalked, or even re-victimized by their domestic partner.

Targeting Consumers

Information broker companies are clearly making money from compiling and selling public records online. Not only do they amass information from different government websites, but re-package and sort it, creating a brand new product in order to earn additional profit. Information from online public records is extensively used by commercial profilers for marketing and advertising purposes. Business owners also often use information from online public records to target specific groups, including those with credit or bankruptcy problems, for advertising.

Watch the video below to learn more about information brokers and how they are mining, compiling, and selling personal data to third parties.

Conclusion

Without a doubt, citizens of any democratic society should have a right to access public records in order to hold their government accountable and keep its practices transparent. At the same time, personal information of individuals should be protected, and, for that reason, the information broker industry should be regulated to make sure that unauthorized users don’t have access to sensitive and often private matters. As this technology progresses, these questions will all need to be considered.

Resources

Primary

California Legislative Information: AB-1291 Privacy: Right to Know Act of 2013

California Constitution: Article 1 Declaration of Rights

California Legislative Information: AB-370 Consumers: Internet Privacy

U.S. Department of Justice: The Freedom of Information Act

Additional

Social Science Research Network: Global Data Privacy Laws: 89 Countries, and Accelerating

Privacy Rights Clearinghouse: Public Records on the Internet: The Privacy Dilemma

Electronic Privacy Information Center: Privacy and Public Records

Top Ten Reviews: Instant Checkmate

Yahoo Finance: Free Public Criminal Records Directory Offered on Instant Checkmate Website

New Media Institute: What is New Media?

International Association for Social Science Information Services and Technology: Data Protection and Privacy in the United States and Europe

FreedomInfo: 93 Countries Have FOI Regimes, Most Tallies Agree

CNN Money: Data Brokers Settle Charges Over Background Checks

Crime Wire: An In-Depth Look at Instant Checkmate

Crime Wire: What Kind of Background Check Does Instant Checkmate Perform?

National Consumer Law Center: Broken Records: How Errors by Criminal Background Checking Companies Harm Workers and Businesses

Valeriya Metla

Valeriya Metla is a young professional, passionate about international relations, immigration issues, and social and criminal justice. She holds two Bachelor Degrees in regional studies and international criminal justice. Contact Valeriya at staff@LawStreetMedia.com.

The post Personal Records Online: Who’s Protecting Your Information? appeared first on Law Street.

D.C. Cop Accused of Stealing Nude Photos After Woman Pulled Over

Anneliese Mahoney — Fri, 06 Mar 2015 13:30:55 +0000

Image courtesy of [Joe Flood via Flickr]

A few months back I wrote a story about “California Police Officers Found Stealing Suspects’ Nude Photos.” It centered around a few cops in Contra Costa County, California who were stealing nude photos off of female suspects’ cellphones while those cellphones were in police custody. They would share the pictures among themselves, and then discuss and rank the women, rendering it a kind of perverted “game.” Well, when I wrote that piece, I kind of expected that this wouldn’t be the only example we heard of such disgusting behavior. I expected a similar story to pop up in another city or state. I was right–although it happened a little closer to home than I anticipated. Similar allegations are now being waged against a police officer in my city of Washington, D.C.

An Alexandria woman named Natalia Argote has filed a lawsuit against the Washington D.C. Police Department (MPD) and the cop in question, Terrence Richardson. According to Washington City Paper Richardson no longer works for MPD.

The suit claims that Argote was stopped by Richardson and another officer on March 3, 2012 on suspicions of driving under the influence. Her phone and drivers license were taken from her, which seems like a normal enough procedure. One of the officers administered a sobriety tested, while the officer went through her phone. She claims that he saw a nude photo she had taken for her boyfriend, and without her consent sent it to himself.

Argote’s suit doesn’t just claim that it was Richardson who violated her rights. She claims that this is a pervasive problem in the ranks of the MPD. The suit states:

On information and belief, MPD officers regularly rifle through the phones of female citizens without their permission or a warrant, searching for salacious photos.

On information and belief, MPD officers regularly share the salacious photos with each other and individuals outside the MPD.

On information and belief, on March 3, 2012, MPD was aware that its officers were conducting warrantless searches of female citizens’ phones and sharing the photos they stole; yet, it took no action to stop and correct its officers.

Whether or not Argote and her lawyer, Latif Doman, will be able to prove those claims remains to be seen. It will also be interesting to see why Richardson doesn’t work with the MPD anymore–whether it has anything to do with these allegations, or other misconduct, or whether he left voluntarily. As of yet, the MPD does not appear to have commented on the lawsuit.

When I first heard about the admittedly very similar California case, I was outraged, and I reacted similarly when I heard about this one. If what Argote alleges is true, she has every right to sue for an unfair search and violation of privacy. Being pulled over doesn’t mean that you lose all rights. Hopefully, MPD is about to learn that first hand.

Anneliese Mahoney

The post D.C. Cop Accused of Stealing Nude Photos After Woman Pulled Over appeared first on Law Street.

Oklahoma Wants to Test Marrying Couples for STDs

Anneliese Mahoney — Sun, 22 Feb 2015 15:38:02 +0000

Image courtesy of [Rodrigo Suarez via Flickr]

Oklahoma really is coming up with some interesting bills this legislative session. Last week I wrote about a bill that would outlaw Advanced Placement United States History classes from being taught in the state. Now, they’ve come up with another odd and awkwardly invasive issue–a legislator wants to ban couples from getting married if one of them has a sexually transmitted disease.

Oklahoma Senator Anthony Sykes introduced Senate Bill 733, which would create a new requirement for any couples seeking marriage licenses. The couple must each submit to a blood test within 30 days of submitting their application for the license. According to the bill, it appears that in order to receive the license they either both need to be STD-free, or if one of them has an STD, it can’t be at a stage where it would be able to be transmitted to another. It’s unclear what would happen if they both tested for an STD.

The bill reads:

The State Board of Health shall require a blood test for the discovery of syphilis and other communicable or infectious diseases prior to the issuance of a marriage license.

The bill is lauded as a way to provide people with information of their STD status, which is always a good idea, but legal experts don’t necessarily think that it will help prevent STD transmission. STDs tend to be more prevalent among younger, unmarried people. It also seems to imply that someone with an STD and someone without an STD can’t safely have sex with someone who isn’t infected. That’s untrue, and irresponsible to imply.

Furthermore, there are some clear privacy issues with this bill. This may require that those couples who apply for marriage licenses and then get STD tested then have their statuses made publicly available. That’s based on how the bill is worded now, which requires couples to file the results with the clerk after being tested. That not only invades the privacy of those couples, but also violates the Health Insurance Portability and Accountability Act (HIPAA).

If Oklahoma were to enact this bill, it would be a sort of throwback to laws that used to be on the books in many states; however, every other state has repealed its premarital testing laws, with the exception of Montana. A 2009 study at Notre Dame explained why these laws no longer make much sense, saying blood test laws:

were enacted in the first half of the twentieth century as part of public health campaigns to reduce the spread of communicable diseases and prevent birth defects. The laws required couples applying for a marriage license to be screened for certain conditions, commonly rubella or syphilis. However, after penicillin proved to be a cheap and effective treatment for syphilis and vaccines were developed for rubella, these screenings were no longer considered cost-effective.

While this law probably comes from a good place, it’s antiquated and overreaching. Providing better sex education and resources for young people would go much further to prevent STD transmission than unnecessarily delving into the lives of engaged couples.

Anneliese Mahoney

The post Oklahoma Wants to Test Marrying Couples for STDs appeared first on Law Street.

Alibi: New App Aims to Record Everything, Including the Police

Anneliese Mahoney — Mon, 09 Feb 2015 20:34:11 +0000

Image courtesy of [Alan Wolf via Flickr]

Almost six months after Michael Brown was killed in Ferguson, Missouri, we’re still having a conversation about the potential of police officers wearing body cameras to ensure accountability and answer the questions that naturally spring up after a police shooting. But will body cameras be enough? A new app called “Alibi” doesn’t think so–and it wants to be the “body camera” of the private citizen, as well as so much more.

Right now, Alibi is only available on Android devices; it’s a $0.99 download. Alibi essentially serves as a mobile witness–depending on how you set it, it can record video, audio, still images, and GPS locations. It doesn’t store this data forever; unless you tell it otherwise, it dumps everything after an hour, or else the storage on a phone would be filled up way too quickly. One of the biggest challenges in developing the app came from making sure that it wouldn’t immediately drain a phone battery. But because the video being recorded is so low-caliber, they’ve managed to make it so even running video all day, it only takes up 1.2 times the battery consumed during normal usage.

So why would a normal person want a device that, to be completely honest, seems a bit paranoid? There are plenty of reasons. The reasoning that inspired the app itself is pretty simple–many people in the U.S. are worried about the increase in police brutality and profiling. Alibi founder Ryan Saleh explained his inspiration for the app in an interview, saying:

The way that Alibi came to be was that I was pulled over for a traffic ticket in New York City. Two cops came up to my windshield and knocked on the windshield, and one of them’s just talking, totally normal, and the other one takes the liberty of asking me to roll down the window and sticks his head in the car and pokes a flashlight around. I’m a straight-laced person, I have nothing to hide, and it didn’t bother me that much at the time, but I was thinking about it, and was like, ‘You know, that probably wasn’t legal.’

I never would have thought to pull out a camera and record the guy, and that probably would have caused more pain than it was worth in the situation, but the number of times in my life that I wish I was recording something — you don’t think to do it at the time, but you go back and you wish you were recording something — is outrageous. I said to myself, ‘You know, we all walk around with a device in our pocket that has a GPS in it, a microphone and a camera.’

Obviously, interactions with police aren’t the only thing that Alibi would be used to record. It could actually be used in reverse–as a tool for the police. Obviously, a 99-cent app is cheaper than a body camera; Alibi could be required by police departments in lieu of body cameras.

Other things that Alibi could be used for are plentiful. It could be used to prove a literal alibi with the GPS and pictures function. It could be used to record something you saw as a passerby. But it could also be used in really creepy, negative ways as well. Imagine if everything you did or said could be recorded by someone who had a smartphone. It could easily be used for nefarious purposes. There are also legal issues here–there are certain laws that restrict photographing people in private places, or places where they have a reasonable expectation of privacy. Having a constantly recording device could break those laws.

Alibi definitely has its practical uses, and it’s an intriguing solution to the issue of American concerns about our police force. That being said, it’s also a little creepy, and may not be something that will worm its way into daily life too quickly. Privacy is still an important right, and while Alibi may protect other rights, privacy can’t be forgotten.

Anneliese Mahoney

The post Alibi: New App Aims to Record Everything, Including the Police appeared first on Law Street.

ICYMI: Best of the Week

Chelsey D. Goff — Mon, 12 Jan 2015 16:09:47 +0000

Hello, Monday, we meet again. As you trudge into a new work week, we’ve got you covered with stories you might have missed last week. Anneliese Mahoney topped the list with all three of the week’s top stories. Number one implores you to stop posting the useless copyright status to your Facebook account — seriously, it’s a waste of your time. Number two recounts Sarah Palin’s latest controversy, this time with PETA over a picture she sent out to her social media followers; and number three is a look at the bumpy legal road ahead for Uber. ICYMI, check out the best of the week from Law Street.

#1 Please Stop Posting the Facebook Copyright Status

Every now and then Facebook updates its policies. And immediately after that, I notice a series of statuses from my “friends” on Facebook. It’s a sort of notice alerting readers to the fact that the poster believes they have copyright over their own content. There are sometimes slight variations in wording, but that’s pretty much what these statuses look like every time. I’ve seen so many in my news feed over the last week that I thought it was time for an important PSA. This status means nothing. Read full article here.

#2 Sarah Palin vs. PETA: Welcome to the Overreaction Olympics

Sarah Palin has a unique place in my heart–after all, there are very few people who I can count on to continually surprise me with the weird scandals they manage to get themselves involved in. But she may have just outdone herself. The most recent Palin scandal started with a photo she posted to Facebook on New Years Day. Read full article here.

#3 Uber Will Have a Rough Ride in 2015

Uber is a great way to get from point A to point B, but the company may have a rocky road ahead of it in 2015. There are a lot of lawsuits pending against the ridesharing company, and while none of them seem that damaging, it does raise a question: why is Uber so prone to lawsuits? Read full article here.

Chelsey D. Goff

Chelsey D. Goff was formerly Chief People Officer at Law Street. She is a Granite State Native who holds a Master of Public Policy in Urban Policy from the George Washington University. She’s passionate about social justice issues, politics — especially those in First in the Nation New Hampshire — and all things Bravo. Contact Chelsey at staff@LawStreetMedia.com.

The post ICYMI: Best of the Week appeared first on Law Street.

Disturbing New Developments in the Continuing Sony Hacking Scandal

Anneliese Mahoney — Tue, 16 Dec 2014 21:56:34 +0000

Image courtesy of [The City Project via Flickr]

Another day, another leak. It seems like the leaking of some information to do with Hollywood–whether it be nude photos, salaries, or emails–happens on pretty much a weekly basis now. However, this leak from entertainment super-company Sony is probably going to go down in history to top all others. And I don’t think it’s quite done spitting out Hollywood gossip and insider information.

A few weeks ago, hackers got into Sony’s computer system and freed all sorts information. Some of it was sort of run-of-the mill hacker leaks–personal information about who worked for or were affiliated with Sony. This includes information that could very easily lead to identity theft–things like Social Security numbers, credit card numbers, and usernames and passwords. Sony has promised a year of identity theft prevention services to its employees in the wake of this particular realization.

But then there were also some things released that were much more about show biz. For example, Sony is now getting flack after it was leaked that the female stars of American Hustle–Jennifer Lawrence and Amy Adams–were compensated less than their male counterparts. Other emails revealed Sony’s courting (or lack thereof) of particular stars such as Leonardo DiCaprio and Ryan Gosling.

On a lighter note, probably the most adorable email ever written by Channing Tatum was released. As Gawker so aptly put it: “He writes email like a dog with a stick wags its tail.”

There were also many conversations about various kinds of liability that Sony now has to deal with. For example, there’s an all-female Ghostbusters project in the works, and members of the studio had conversations about whether or not to sue Bill Murray to get him into the movie. There was also a discussion about how angry Kim Jong-Un was going to be after the release of the movie The Interview, which happens to be about assassinating the North Korean leader.

There’s more, but just take my word for it that Sony has had to do a lot of apologizing, back-tracking, and the like in the last few weeks. Its entire Public Relations department probably deserves a raise.

The hackers probably aren’t going to stop releasing information anytime soon. The group is called the Guardians of Peace and they’re kind of holding the studio hostage. They’ve promised a “Christmas Gift,” but not a particularly nice one. In fact, it’s going to be more like coal in Sony’s stockings, in the form of even more private information and correspondences leaked. The message from the Guardians of Peace says:

We have a plan to release emails and privacy of the Sony Pictures employees. If you don’t want your privacy to be released, tell us your name and business title to take off your data.

They are threatening that the information is even more interesting than what’s already been released–and that’s been pretty juicy. The hackers have said that they would not release certain people’s information if they responded with their names and business titles. It all seems like it could be a ploy, but given the amount of seemingly private information that has already been released, Sony has every reason to be freaked out.

And it’s not just Sony that has reason to be freaked out. Seth Rogen, who stars in The Interview–a particular target of the Guardians of Peace hackers–has announced he will be canceling many of his appearances. His co-star James Franco is taking similar steps. The Guardians of Peace have hinted at a violent attack on the theaters showing The Interview–even referencing the terrorist attacks of 9/11. The message specifically reads:

The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you’d better leave.) Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.

The trend of hackers with higher technical abilities messing with celebrities or others in the public eye doesn’t seem like it’s going to be left behind in 2014. This seems like an entirely new situation though–the Guardians of Peace don’t appear to just be after celebrity nudes or gossip. This controversy has taken the entertainment world by storm, and people are rightly concerned.

Anneliese Mahoney

The post Disturbing New Developments in the Continuing Sony Hacking Scandal appeared first on Law Street.

Please Stop Posting the Facebook Copyright Status

Anneliese Mahoney — Thu, 04 Dec 2014 12:30:04 +0000

Image courtesy of [Sebastien Wiertz via Flickr]

Today, November 30, 2014 in response to the Facebook guidelines and under articles L.111, 112 and 113 of the code of intellectual property, I declare that my rights are attached to all my personal data, drawings, paintings, photos, texts etc… published on my profile. For commercial use of the foregoing my written consent is required at all times. Those reading this text can copy it and paste it on their Facebook wall. This will allow them to place themselves under the protection of copyright.

By this release, I tell Facebook that it is strictly forbidden to disclose, copy, distribute, broadcast, or to take any other action against me on the basis of this profile and/or its contents. The actions mentioned above apply equally to employees, students, agents and/or other staff under the direction of Facebook. The contents of my profile includes private information. The violation of my privacy is punished by the law (UCC 1 1-308 – 308 1 – 103 and the Rome Statute). Facebook is now an open capital entity. All members are invited to post a notice of this kind, or if you prefer, you can copy and paste this version. If you have not published this statement at least once, you will tacitly allow the use of elements such as your photos as well as the information contained in your profile.

There are sometimes slight variations in wording, but that’s pretty much what these statuses look like every time. I’ve seen so many in my news feed over the last week that I thought it was time for an important PSA. This status means nothing.

Seriously, it’s the equivalent of typing gibberish into your status. First of all, when you sign up for a website like Facebook, you have to agree to all sorts of terms of use. I know most of us click through those kinds of things without thinking–and understandably so. If we actually read the policies of everything we encountered on the internet in a year, it would take the average American 76 work days. Seventy-six probably very boring work days.

So obviously, most of us don’t read the terms and conditions and privacy policies, and that’s fine. But they do still exist, and they serve to protect both the company–in this case Facebook–as well as the users who implicitly agree to them when they create an account.

Essentially what the BS status says is that even though you post things on Facebook, you still own any intellectual property you post. For example, the copyright to a picture. That’s how the law currently works; however, because you are a member of Facebook.com you agree that Facebook can use your content. As Facebook’s legal terms read:

For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License).

Lots of legal mumbo-jumbo, I know–but here’s what that means. All sorts of different licenses exist on the internet with regard to content that you can use. Here at Law Street, for example, we need to make sure that images you see at the top of our posts are able to be used–we don’t go out and take pictures ourselves most of the time, same as other news organizations. So we use photo-sharing sites like Flickr to find a picture with a license that allows us to use it, as long as we credit the creator. Essentially what Facebook is saying is that all of the content you post can be used by them because they now have a license that allows it. In order to sign up for Facebook, you agree to this. That’s a concession you make to use their product.

So, essentially the status means nothing because both laws and the policies created by Facebook already spell out what can and cannot be done with your photos. Let’s move on to address the fact that what the status does is try to retroactively amend a contract without negotiating. Think of it this way: imagine that you move into a new apartment and sign a lease with your landlord. The lease includes a provision that allows your landlord to show your apartment to prospective new tenants. But after signing that contract, you put up a sign on your door saying your landlord can’t do that. Such an action would absolutely not stand up in court–and that’s pretty much what this Facebook status is.

Listen, I get it. We don’t want anyone else to have ownership or the ability to use our pictures. But that’s how Facebook’s policies are written, and we have agreed to them by creating Facebook accounts. So please, stop posting the status. It really doesn’t do anything, I promise.

Anneliese Mahoney

The post Please Stop Posting the Facebook Copyright Status appeared first on Law Street.

Facebook Copyright Myth Debunked

Wed, 03 Dec 2014 11:30:33 +0000

Image courtesy of [Maria Elena via Flikr]

In today’s world of multiple social media platforms and just too much to do, you may not remember the June 2012 and November 2012 Facebook copyright panics. In case you missed them, here’s how they went: Status updates surfaced from users who unnecessarily “formally declared” their posted material as off limits to Facebook. The hype threw photographers and artists on the social media platform into a frenzy, and those not employed by their intellectual property still worried about the protections over their personal pictures and videos.

This week, another wave of frantic Facebook users fell for the same hoax and hurried to their computers to copy and paste declarations against potential infringement. Among the most recent status updates was the following:

Due to the fact that Facebook has chosen to involve software that will allow the theft of my personal information, I do declare the following: on this day, November 29, 2014, in response to the new Facebook guidelines and under articles L.111, 112 and 113 of the code of intellectual property, We declare that our rights are attached to all our personal data, drawings, paintings, photos, texts, etc. published on our profile.

For commercial use of the foregoing my written consent is required at all times.

The problem lies in the fact that this simply doesn’t work. It’s useless. It’s a waste of time (and finger dexterity). According to Facebook’s Terms of Service, the minute you upload content to the site you grant the company “license to use and display” that content. But it’s irreversible, despite a status update.

The recent flare up in concern stems from Facebook’s plan to largely update its privacy controls over the coming weeks. The plan, scheduled to take effect January 1, 2015, is titled “Privacy Basics” and attempts to make clearer who can see what on your profile. To explain, Facebook is sending this email out to all of its users:

We wanted to let you know we’re updating our terms and policies on January 1, 2015 and introducing Privacy Basics. You can check out the details below or on Facebook.

Over the past year, we’ve introduced new features and controls to help you get more out of Facebook, and listened to people who have asked us to better explain how we get and use information.

Now, with Privacy Basics, you’ll get tips and a how-to guide for taking charge of your experience on Facebook. We’re also updating our terms, data policy and cookies policy to reflect new features we’ve been working on and to make them easy to understand. And we’re continuing to improve ads based on the apps and sites you use off Facebook and expanding your control over the ads you see.

We hope these updates improve your experience. Protecting people’s information and providing meaningful privacy controls are at the core of everything we do, and we believe today’s announcement is an important step.

Sincerely,

Erin Egan Global Chief Privacy Officer

So, to debunk the current myth…

Here’s the Facebook IP Breakdown

“For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License).

This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.”

Here’s the Translation

You essentially license to Facebook any photo or video that you upload the minute you upload it. Facebook can use it and owe you nothing. In fact, you agreed to that the minute you set up your account, according to the Statement of Rights and Responsibilities. You still own the copyright but it’s not exclusive. Facebook doesn’t need your written consent to use the content.

The only way to avoid this is to delete whatever you uploaded, assuming nobody shared it. When you upload something with no privacy settings (visible to the Public via Facebook settings), everyone–even people without a Facebook account–can access it, use it, and link it back to you.

My apologies if that’s not what you wanted to hear, but a stern letter to Facebook via your status update will do nothing. It’s like those chain letters that threaten you to repost or die in three days—a garbage byproduct of the Internet. Lesson of the day: Be careful what you post or don’t maintain a Facebook Account.

The post Facebook Copyright Myth Debunked appeared first on Law Street.

Eighteen Months After Snowden Leak, What’s Next for PRISM?

Salome Vakharia — Fri, 14 Nov 2014 01:00:46 +0000

Image courtesy of [EFF Photos via Flickr]

In June 2013, Edward Snowden changed the course of American history when he released thousands of classified documents to the media. He has since fled the country, and remains on the run. His choice to disclose those documents fundamentally altered the perceptions that Americans have about the ways in which the government monitors them. It sparked national conversations about the role that the Patriot Act and other legislation have played in our national security landscape. A year and a half after these revelations, the United States is still collectively reeling from the information that Snowden provided. And a year and a half later, it’s easy to wonder where all of that info is today.

What exactly did Snowden leak?

Leaked by Edward Snowden, PRISM is the code name for a data-mining program operated by the National Security Agency (NSA) since 2007. It accesses user audio and video chats, photographs, e-mails, documents, and connection logs from nine internet companies: Microsoft, Yahoo, Google, Apple, Facebook, Skype, YouTube, AOL, and Paltalk. Government officials involved with the program claim that PRISM is only used to focus on foreign communications that are potentially dangerous to the security of the United States. Foreign communication often flows through American servers even when sent from one overseas location to another overseas location; however, experts who analyzed the most recently leaked slides of the operation claim that PRISM guidelines require NSA analysts to be only 51 percent confident to reasonably believe that a potential “target” is a foreigner. A 51 percent confidence level can leave ample room for Americans to inadvertently become targets of this operation.

PRISM is still in operation, although there are pending legal cases against the Obama Administration over it. Since the first disclosure of information by Edward Snowden, more revelations have come to light that show very specific targeting. In addition, PRISM, has raised criticism from our international allies. President Obama has, in many cases, had to go on the defensive, and explain that PRISM is intended for legitimate intelligence collection, not Big-Brother style spying.

Courtesy of BackgroundChecks.org

Prism – Everything you need to know. [Infographic]

What is the argument against PRISM?

Opponents of the PRISM program claim that it is unconstitutional under the Fourth Amendment of the Constitution.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

They argue that the collection and surveillance of data by the NSA is too broad and “akin to snatching every American’s address book.” Yahoo initially fought the order to participate in PRISM in 2008. It argued that even if PRISM’s main goal is to focus on foreign communication, the incidental collection and gathering of American data is unconstitutional because such surveillance violates the “warrant clause” and “unreasonable searches clause” of the Fourth Amendment. Yahoo lost the case.

What is the argument in favor of PRISM?

Proponents of the PRISM program claim that cases in which the goal is to gain foreign intelligence are exempt from being subject to the Fourth Amendment’s “warrant” and “unreasonable searches” clauses. For the warrant clause, the Supreme Court has recognized a general “special needs” exception in cases like Vernonia School District v. Acton, where insisting upon a warrant would interfere with the accomplishment of that purpose. Proponents argue that there is a high degree of probability that requiring a warrant would hinder the NSA’s ability to collect time-sensitive information, and therefore would impede national security interests.

For the unreasonable searches clause, the Foreign Intelligence Surveillance Act (FISA) Court, in Yahoo’s case, held that PRISM’s operations were not unreasonable in light of the extremely important goal of national security. It found that PRISM’s procedures for targeting, minimization, and ensuring existence of a surveillance purpose to obtain foreign intelligence information serve to mitigate potential abuse of this power and risk of error to a reasonable level. Proponents also point to United States v. Miller to argue that people have no Fourth Amendment rights after they have already divulged their personal information to third parties, such as the internet companies participating in PRISM.

Conclusion

PRISM’s depth and extensiveness were a huge revelation for the American public after the secret documents were leaked by Edward Snowden. It raises a few important questions, first and foremost: is it constitutional? That will have to be decided by the courts, but it also raised interesting questions about the tradeoff between privacy and protection. As our technological abilities continue to increase, it will be fascinating to see the steps that this administration and any future administrations take to stem or expand PRISM.

Resources

Primary

ProPublica: NSA Surveillance Lawsuit Tracker

Additional

The New York Times: Secret, Court Vastly Broadens Powers of NSA

Huffington Post: America’s Take on the Fourth Amendment and the NSA

Concurring Opinions: Does the Fourth Amendment Regulate the NSA’s Analysis of Call Records? The FISC Might Have Ruled it Does

Assasination Archives: The National Security Agency and Fourth Amendment Rights

The Peoples’ View: A Crash Course in the NSA and the Fourth Amendment

Reason: Why the NSA’s Snooping Supposedly Complies With the Fourth Amendment

Washington Post: U.S., British Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program

Washington Post: NSA Slides Explain the PRISM Data-Collection Program

Brennan Center for Justice: Are They Allowed to Do That? A Breakdown of Selected Government Surveillance Programs

Cato Institute: NSA Spying, NSA Lying, and Where the Fourth Amendment Is Going

Washington Post: The Foreign Intelligence Surveillance Court

POLITICO: NSA Memo Pushed to ‘Rethink’ 4th Amendment

Salome Vakharia

Salome Vakharia is a Mumbai native who now calls New York and New Jersey her home. She attended New York School of Law, and she is a founding member of Law Street Media. Contact Salome at staff@LawStreetMedia.com.

The post Eighteen Months After Snowden Leak, What’s Next for PRISM? appeared first on Law Street.

Be Careful What You Share to Social Media During a Lawsuit

Melissa Klafter — Thu, 13 Nov 2014 17:43:51 +0000

Image courtesy of [Maria Elena via Flickr]

Imagine this: you’re in a car accident and as a result, break your arm. (Ouch.) You sue the individual who was driving the other car. The next month, you’re at a Jets game rooting for your team and post some pictures on Facebook, making one of them your new profile picture. A month later, your attorney calls you up, questioning if you posted pictures from the Jets game. As it turns out, the defendant’s demanding full access to your Facebook account to disprove your injuries. The big question is, are they entitled to access your Facebook account?

Discovery is an absolutely essential part of litigation. In basic terms, discovery fuels the arguments that each side of the lawsuit makes, by providing relevant information about the opponent. In the past, discovery typically consisted of documents, but as time and technology has progressed, electronic discovery has become more prevalent. This has raised some very interesting questions in Personal Injury Law, like the above situation.

Courts have a tough issue to handle. On the one hand, social media could be extremely relevant to a Personal Injury action. It could disprove a plaintiff’s injuries, or at the very least, make those injuries questionable. On the other hand, that is a plaintiff’s personal Facebook page. Why should the defendant have access to that personal account information?

The Balancing Act and Current Law: New York

New York courts have grappled with this issue and come up with a fairly reasonable standard in order to balance these competing interests. They have established a two-prong test for determining whether social media accounts are discoverable. First, courts must determine whether the content in the account is material and necessary. Second, courts must balance whether the production of the content would result in a violation of the account holder’s privacy rights.

For a defendant to successfully maintain access to discovery under this two-prong test, he must “establish a factual predicate for their request by identifying relevant information in plaintiff’s [social media] account-that is, information that contradicts or conflicts with plaintiff’s alleged restrictions, disabilities, and losses, and other claims.” In other words, the defendant must show that there is content on the plaintiff’s social media account that is not only relevant to the personal injury action, but also contradicts or conflicts with the plaintiff’s claims. If the defendant can establish that, then discovery of social media accounts should be permitted.

The courts have been fairly strict with applying this standard, however. The court will not allow a defendant to simply demand disclosure of social media accounts on the basis that access may reveal information that contradicts or conflicts with a plaintiff’s claim of disability. The court has labeled such a request as a “fishing expedition” and will not allow it.

The Car Accident Revisted

So, is the defendant entitled to access your Facebook account? The answer lies within the specific facts. In the original car accident example, the content of the photograph is key. If the defendant is simply asking for access to the Facebook account because it might reveal activities that contradict with the your claim, that probably will not be sufficient for the court to demand disclosure of your account information. If your profile picture portrays you fist pumping your broken arm in the air, however, it is more likely that the court will grant access to your Facebook account, since the pictures contradict the complaint regarding your broken arm.

The interesting part about Social Media discovery is that it is an evolving area of law. As social media websites continue to develop, so too must the law. It seems that New York courts have fairly balanced these competing interests thus far, but it will certainly be interesting to see what issues arise in the future.

Melissa Klafter

Melissa Klafter has a JD from St. John’s University School of Law and plans to pursue a career in Personal Injury Law. You can find her binge-watching her favorite TV shows, rooting for the Wisconsin Badgers, and playing with her kitty, Phoebe. Contact Melissa at staff@LawStreetMedia.com.

The post Be Careful What You Share to Social Media During a Lawsuit appeared first on Law Street.

Social Media Oversharing: Why Do We Do It?

Noel Diem — Wed, 05 Nov 2014 16:11:54 +0000

Image courtesy of [Eduardo Woo via Flickr]

Signing onto your Facebook or Twitter account has become a social media oversharing gram of Russian Roulette with engagements, weddings, pregnancies, stomach viruses, break ups, make ups, Taylor Swift lyrics, celebrations, political opinions, moves, and that weird ingrown hair in that girl who lived down the hall from you freshman year that she’s pretty sure is infected but she’s going to ask her “Nurse Friends” just in case.

No matter where we post — Facebook, Twitter, Tumblr, Instagram, SnapChat — it’s all the same: we are sharing some of our private thoughts and feelings that at best will embarrass us later in life, and at worst can cost us jobs and relationships.

Everything we post on social media from pictures to snippets of lyrics gives us a glimpse into our inner person and our outer person, including where we are physically at any time. In fact, many people have actually been arrested because they posted where they were on Facebook or Twitter right after committing a crime or because they filmed themselves doing something illegal and then posted it. What makes these people think they can post something so stupid on social media? It’s quite simple.

Social media promotes oversharing and under-thinking.

No, I didn’t just knock the Scentsy wax all over the bathroom wall because I was dancing to “Shake it Off.” #thatwouldbestupid #TS1989

— Noel Diem (@NoelDiem) November 2, 2014

Who is Oversharing?

Pamela Paul at The New York Times seems to sum up most feelings about social media:

“UNLESS you are my best friend or my husband, I don’t need to know the macabre symptoms of your gastrointestinal virus. I don’t need to know about how much candy anyone, other than me, has eaten. As for my ex-boyfriend, I don’t need to hear about his wife’s ability to Zumba.”

Walking through the park, grocery shopping, or grabbing your coffee at Starbucks can undoubtedly include social interactions; however, there is rarely a time when waiting for your laundry to finish up in the dryer in the laundry room you start spouting unsolicited updates to someone else in the room, no matter how close you may be. Certainly there are people who are oversharers in real life, but they don’t comprise a large portion of the population.

On social media, however, oversharing seems to be the norm. It’s difficult to figure out why we share everything on social media — is there something about those white boxes that we think won’t judge us? Is there a cleansing feeling when you share something somewhat embarrassing? Do we think someone will find us alluring when we share something completely private about our lives? Just recently we discussed the legal implications of social media when criminals reveal themselves to law enforcement — but is there a rhyme or reason to why we share completely strange information about our daily lives on social media but wouldn’t dare utter it at the dinner table?

Law Street Media|Hours Spent on Social Media | Info courtesy of Marketing Charts

Psychology Behind Oversharing

Sharing our private thoughts, feelings, and opinions with others in a non-threatening way actually activates the neurochemical reward system in our brains, according to a Harvard University study. In essence, sharing something simple on social media makes us feel good, much like buying a new pair or shoes, taking a long run, or going on a really great first date.

But more interesting is the report of Elizabeth Bernstein in the Wall Street Journal when she declared that our desire for more people to know about our private lives is actually because of reality TV and our own social anxieties.

“This effort is known as ‘self-regulation’ and here is how it works … When having a conversation, we can use up a lot of mental energy trying to manage the other person’s impression of us. We try to look smart, witty, and interesting, but the effort required to do this leaves less brain power to filter what we say and to whom.”

While our brains reward us for oversharing on Facebook, that still doesn’t necessarily explain why we expose sometimes embarrassing or harmful information about ourselves on social media.

Why Do We Overshare?

Professor Russell W. Belk from York University in Toronto took on this topic in his paper “Extended Self in a Digital World.” He suggests that we are not truly ourselves on social media, but rather trying to portray ourselves as more “perfect” forms of ourselves by filtering what we allow people to see. We do this to impress one person, a group of people, or even confuse ourselves about who we truly are.

“When we’re looking at the screen we’re not face-to-face with someone who can immediately respond to us, so it’s easier to let it all out—it’s almost like we’re invisible,” says Belk of the “disinhibition effect” that online sharing helps promote. “The irony is that rather than just one person, there’s potentially thousands or hundreds of thousands of people receiving what we put out there.”

Belk’s observations are confirmed in another study by Gwendolyn Seidman of Albright College and published in Computers in Human Behavior. She examines how people use Facebook to express their “true selves” in a way they normally wouldn’t be able to in real life.

But re-pinning something about a workout we will never do, altering our selfies with four or five different filters, or rating a book on Goodreads that we didn’t actually read isn’t harming anyone, right? Not so fast, Belk asserts that there are potential harms:

“The resulting disinhibition leads many to conclude that they are able to express their “true self” better online than they ever could in face-to-face contexts. This does not mean that there is a fixed ‘true self’ or that the self is anything other than a work in progress, but apparently self-revelation can be therapeutic, at least with the aid of self-reflexive applications.”

Oversharing Can Be Good

Many argue that social media can take the place of a Confessional in our lives — we can truly figure out who we are by revealing our innermost secrets to the general public. Belk believes that through this we may be expressing our true selves because we are creating ourselves as we post, like, and share:

“It appears that we now do a large amount of our identity work online. For the Internet constantly asks us “Who are You?” “What do you have to share?” Coupled with new self-revealing proclivities, this incites more open self-extension than in a pre-digital world.”

Many view social media as a way to collaborate and receive confirmation of our feelings. Getting likes on a photo on Instagram affirms our skills as a photographer but also of the thing photographed — typically ourselves. A like on Facebook has taken the place of a “ditto” in real life. We are no longer working alone to create our reality, but are forming it from our relationships with people on social media — those we know, and those we don’t know, as is the case with some social media websites like Tumblr.

We also have to take into consideration that perhaps people aren’t oversharing at all — maybe we have just grown sensitive to knowing all of that information all of the time. We share an awful lot as a society, and maybe it is just how accessible that information is.

In fact, as Jen Doll notes at the Wire, “[N]o one gets criticized specifically for undersharing. No one says that word. People just say ‘boring.’”

Conclusion

You can’t just say that people are oversharing without setting a limit for what is the right amount of sharing. We have more capabilities at our fingertips to understand the people in our lives. That same website that allows you to “meet” your roommate’s girlfriend without ever seeing in her person and make a snap judgment on whether or not she’s worthy is the same website where you will have to read details of someone’s food poisoning.

Belk summed it up — we are creating our identities through our oversharing. Maybe not just our identity as singular people, but our identities as a generation.

Resources

Primary

Computers in Human Behavior: Expressing the “True Self” on Facebook

Bankrate: Oversharing on Social Media Can Cost You

Additional

Huffington Post: Oversharing: Why We Do It and How Do We Stop?

Bankrate: Oversharing on Social Media Can Cost You

The New York Times: Don’t Tell Me, I Don’t Want to Know

Atlantic: The Selfish Meme

CNN: When Oversharing Online Can Get You Arrested

Law Street Media: Social Media in the Courtroom: What is Admissible?

The New York Times: Social Media, a Trove of Clues and Confessions

Wire: In Defense of Oversharing a Little Too Much Information

Huffington Post: Are You Oversharing on Social Media?

Noel Diem

Law Street contributor Noel Diem is an editor and aspiring author based in Reading, Pennsylvania. She is an alum of Albright College where she studied English and Secondary Education. In her spare time she enjoys traveling, theater, fashion, and literature. Contact Noel at staff@LawStreetMedia.com.

The post Social Media Oversharing: Why Do We Do It? appeared first on Law Street.

The Case of Hannah Graham and the Myth of Stranger Danger

Hannah Kaye — Fri, 17 Oct 2014 18:18:05 +0000

Image courtesy of [Victor via Flickr]

On September 13 2014, 18-year-old University of Virginia student Hannah Graham went missing, and recently authorities arrested and charged 32-year-old Jesse L. Matthew Jr. in relation to the incident. His current charge is described as abduction with intent to defile in the case of Graham. (Intent to defile meaning he intended to sexually assault the victim.) Matthew is currently being held without bond and is scheduled for a hearing in early December. Unfortunately, after two weeks of searching, Graham has still not been found, but authorities are doing all they can to locate her.

This case is a tragedy and my heart goes out to Graham’s family and friends. One of the hardest things to understand in this case is recently surfaced reports alleging that Matthew has a history of sexual assault accusations, none of which ended in conviction. According to The Washington Post,

The alleged assaults occurred within an 11-month span from 2002 to 2003 as Jesse L. “LJ” Matthew Jr. moved from Liberty University in Lynchburg to Christopher Newport University in Newport News. Police investigated each report, but neither resulted in a criminal case, according to the Lynchburg prosecutor and a review of online court records in Newport News.

If the allegations of these cases from over a decade ago are true, and with minimal knowledge of the reasoning surrounding the dropped charges, it is hard not to wonder why Matthew got away with such crimes not once, but twice before harming another innocent young girl? These alleged incidents occurred while Matthew was a student attending university, and although legislation and public discourse surrounding campus sexual assault has been under the miscroscope in recent months, I cannot help but wonder how we can act to prevent this loophole?

This case is reminiscent of another sexual assault case with similar characteristics. In 1996 Amie Zyla, an 8-year-old girl, was sexually molested and victimized by family friend Joshua Wade who was 14 years old at the time. Wade was adjudicated for a misdemeanor in juvenile court. Nine years later, Wade was convicted and sentenced to 25 years in prison for a series of sexual molestation cases involving the abuse of young children. This case caused huge controversy, and was the driving force behind expansions in the definition of sexual assault.

These two cases indicate the importance of people’s histories and backgrounds. We all make mistakes, and sometimes it is wrong for our privacy to be intruded upon, but with something like sexual assault cases — regardless of whether there has been a conviction — something about this needs to be mentioned. It doesn’t take a lot of common sense to understand how hard it can be to convict a perpetrator of sexual assault. There is often a lack of witnesses on top of fear and upset from the victim; with a case dependent on DNA testing, the odds are very slim. Just because cases may not be tried in court — like Matthew’s two alleged college incidents — it does not mean that they didn’t happen and are not warning signs for things to come.

The media has spent its energy publicizing Matthew’s past. This runs a risk of setting off stricter registration laws for sexual offenders, which have proven to do more harm than good. By broadcasting the background of a perpetrator who was in society seemingly living normally until his arrest for the disappearance of a young girl, I question whether the media is supporting the need to find Graham and bring her home safely, or whether it is striking the ‘stranger danger’ rape myth back into society?

Hannah Kaye

Hannah Kaye is originally from London, now living in New York. Recently graduated with an MA in criminal justice from John Jay College. Strong contenders for things she is most passionate about are bagels and cupcakes. Contact Hannah at staff@LawStreetMedia.com.

The post The Case of Hannah Graham and the Myth of Stranger Danger appeared first on Law Street.

Has Your Voiceprint Been Collected and Stored Without Your Knowledge?

Anneliese Mahoney — Wed, 15 Oct 2014 10:31:41 +0000

For a long time fingerprints have been the ubiquitous identifier. They allow us to solve crimes, track people, and as of recently, even unlock our iPhones. But what if there was something even more dependable than fingerprints? New developments in technology indicate that that’s the case — we’re now seeing the development of voiceprints.

Voiceprints — more scientifically known as voice biometrics — are as distinctive as fingerprints. Companies have begun taking advantage of voiceprints to provide an extra layer of security for their customers — after all, it’s possible to get someone’s password, but you can’t duplicate someone’s voice. Basically, there are two ways that voiceprints can be used — either you have a particular phrase that you say, like a password, or you give a long sample of your speech involving many different sounds, and then the computer program can recognize you. There are many different possible combinations for how this technology can be used.

John Buhl of Vanguard, a company that has really started making moves on voiceprint technology, stated:

We’ve done a lot of testing, and looked at siblings, even twins. Even people with colds, like I have today, we looked at that.

In addition to using voiceprints as possible password protection, banks and other companies that deal with secure information are taking voiceprints to help weed out fraud. They’re hoping to prevent criminals from making false calls authorizing payments.

Finally, law enforcement officials are also using voiceprints and other biometric data. In the United States, the police are able to use voiceprints to track people who are on parole. In other countries, the use of voiceprints has gotten even more extensive. The New Zealand government alone has amassed over one million voiceprints at this point.

This is yet another intersection of technology and privacy that is both fascinating and concerning. The databases that both private companies and the government are currently compiling of people’s voices are not regulated, and they’re growing fast. The Associated Press estimates that roughly 65 million voiceprints are being stored in some combination of private and government databases.

There are a lot of privacy concerns inherent in this issue. One is that it could rob people of anonymity in cases where they so desperately need it, such as anonymous tips or counseling services. People may be pushed away from calling say, a suicide hotline, because they are worried that their voice would be tracked back to them.

There’s also a concern over the fact that in general, corporations and governments are collecting way too much information on us. A privacy expert at the University of Pennsylvania, Professor Joseph Turow, stated:

Companies are using data drawn from our internet and purchasing [behavior] – and now our voices – and connecting it to the identities that they’ve created for us. Then they can lead us in a variety of different directions, based on their stereotype of us.

Because we often see technology progress more quickly than our laws governing it, the use and collection of voiceprints are essentially unsupervised. That right there is an important lesson to keep in mind — we have this great technology, but at some point we may need to question the uses for it. While I don’t think that voiceprints are going away anytime soon, activists’ concern may slow the progression of collection until we figure out exactly how we want to use this new resource.

—

Anneliese Mahoney (@AMahoney8672) is Lead Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.

Featured image courtesy of [plantronicsgermany via Flickr]

Anneliese Mahoney

The post Has Your Voiceprint Been Collected and Stored Without Your Knowledge? appeared first on Law Street.

Arizona’s Well Intentioned Revenge Porn Law Totally Misses the Point

Anneliese Mahoney — Wed, 24 Sep 2014 17:41:48 +0000

Image courtesy of [MorBCN via Flickr]

You can’t make everyone happy all the time. That’s an old principle that Arizona is learning this week as its new revenge porn law draws ire, outrage, and even a few lawsuits. Most critics are claiming that the law is way too broad and will criminalize people for things that probably don’t qualify as revenge porn.

Revenge porn is absolutely a real problem. There are countless stories of women whose jilted exes, or men they rejected, submit nude photos of them to be ridiculed by the denizens of the internet. Or the women whose faces are flawlessly photoshopped onto naked bodies. Or the women who have their emails hacked, and their nude photos stolen for no apparent reason other than that the hacker wanted to shame, ridicule, or ogle them.

Revenge porn has made headlines recently because its victims have gotten notably more high profile. Two releases of nude photos in the past month have targeted celebrities such as Jennifer Lawrence, Gabrielle Union, and Ariana Grande. Sometimes a threat of revenge porn is enough to make headlines. After Emma Watson’s inspirational speech on feminism earlier this week, internet trolls have been threatening to release nude photos of her…because speaking out about inequality is clearly a crime punishable by public humiliation and degradation.

It’s within this context that Arizona passed a new revenge porn bill this week. The idea behind the bill is good, truly. But the execution is a little rough. As Wired summed it up:

The law makes it criminal to disclose, display, publish, or advertise any images of a person who is ‘in a state of nudity or engaged in specific sexual activities’ if the person who shares or publishes the images ‘knows or should have known’ that the person depicted in the image did not consent to ‘the disclosure.’

The worry is that this could criminalize a whole bunch of stuff — for example a picture of a woman whose breast is partially exposed while breast feeding, or a historical book that includes a nude photo, or that iconic image of the “Napalm girl” from the Vietnam War, or hundreds of other things that certainly aren’t revenge porn. It also will cause problems for book stores and libraries, as they’ll have to make sure that everything they receive, including magazines, have pictures with specific consent. While they probably do, the off chance that this law could be accidentally broken will probably make book sellers air on the side of caution.

The American Civil Liberties Union (ACLU) has now filed a suit against the Arizona law. The organization claims that the law violates the First Amendment. Legal Director of the Arizona ACLU Dan Pochoda, stated,

On its face it will affect a goodly amount of protected speech that has nothing to do with the prototypical revenge porn scenario. There’s a reason why so many media folks, bookseller folks, have joined (the lawsuit,) because a number of things they do in a normal course would be criminalized by this law.

On Arizona’s part, it really does get an A for effort. In an environment where many people are not only accepting but encouraging the release of the nude photos of those young female celebrities, it’s important that states take serious action against revenge porn. But the issue with this law is that it seems to fundamentally misunderstand what revenge porn is.

Revenge porn isn’t just about the sharing of nude photos without explicit consent — that seems to be more of a copyright issue. Revenge porn is about the intent behind it, and that’s usually revenge. It’s used to put a woman in her place, or shame her for being sexual, or put her in a compromising position with family and friends and work. It’s not necessarily about the nakedness, it’s about the vulnerability and helplessness that comes with it. So while Arizona’s law is a really, really great start, it fails to focus the criminalization, and instead criminalizes everything. Some narrowing could fix these problems; let’s hope that Arizona gets that and focuses on what really matters: making sure those who legitimately distribute revenge porn are punished.

Anneliese Mahoney

The post Arizona’s Well Intentioned Revenge Porn Law Totally Misses the Point appeared first on Law Street.

Apple is Now a Step Ahead of the Government to Protect Your Privacy

Teerah Goodrum — Fri, 19 Sep 2014 17:21:55 +0000

Apple has done it again! No I’m not talking about their new ‘phablet’ {sidebar: how ridiculous is that word} as I’m sure everyone has heard plenty about it. However, the tech giant just announced new consumer protections from both government entities and the company itself, with its latest iOS 8 mobile operating system. Apple has created an encrypted operating system with passcodes inaccessible to the company. This means that if a government entity requests data concerning an iPhone user running the new operating system, Apple would be unable to provide the requested information. Although privacy concerns and requests for individual data by government entities is a huge point of contention for companies and individuals alike, we should expect the government to work slowly and incrementally to address these concerns. Although change will take considerable time, we should look at proposed legislation that will bring us a step closer to securing the privacy of our electronic communications with legislation like the Email Privacy Act.

Several tech companies, businesses, and civil liberties organizations have come together in support of the Email Privacy Act. It’s rare that a policy is accepted by such a broad group, especially when those groups are normally on opposite sides of policy issues. It seems unlikely that any government would relinquish power over invasions of privacy, but the Email Privacy Act, which would reform the Electronic Communications Privacy Act (ECPA), aims to do just that. The ECPA, passed in 1986, allowed law enforcement and government entities the freedom to request electronic communications without a warrant from third-party service providers after the communication was more than 180 days old. The Email Privacy Act aims to eliminate this 180-day rule and increase electronic communication confidentiality.

Before explaining the reforms of the Email Privacy Act, I first want to provide context for the ECPA. As I stated, the ECPA was passed in 1986, before the invention of Internet or email. Based on the language of the law, it’s apparent that legislators couldn’t discern the immense popularity electronic communications would eventually have, let alone envision the various social media platforms we would become accustomed to. After realizing how outdated the ECPA is, Congress has put forth efforts to reform the law with H.R.1852 and a similar Senate bill S.607. Each bill intends to eliminate the 180-day clause (Title 18, section 2703 of the U.S. Code). In addition to this change, the bills would set standards for requesting warrants, set deadlines for notifying subscribers whose electronic communications are requested, and set guidelines for delaying notification to subscribers.

If passed, the Email Privacy Act will stop remote computing services and electronic communication services from divulging the contents of any communications to a government entity without a warrant. Government entities may still submit requests to service providers for information, only after approval of warrant. If a warrant is granted to law enforcement, they must notify the subscriber in no more than 10 days that their communications have been surrendered. If a government entity other than law enforcement produces a warrant for an individual’s electronic communications, they must notify the subscriber in no more than three days. The only time a subscriber will not be informed of their surrendered communications is in response to an administrative subpoena.

Although notification of surrendered electronic communications must take place in all cases where a warrant is granted, both government entities and law enforcement may be granted a delay. In the case of law enforcement, they may be granted one or more delays of 180 days and for a government entity a delay of 90 days. There are five instances where a delay of notification to subscribers will be granted:

If notification may endanger the life or physical safety of the individual;
if flight from prosecution is a concern;
if intimidation of potential witnesses is a concern;
if destruction of or tampering with evidence is a concern; and,
if jeopardizing investigation or unduly delaying trial is a concern.

Even if there is a delay, subscribers must eventually be notified. Each subscriber who has their communications surrendered will be sent a copy of the warrant; notice concerning why and how the information was obtained; notice of delay; information on the court authorizing the delay; and provision for why the delay was granted.

Privacy concerns dealing with technology, and especially electronic communications, will continue until policies are reformed and in some instances, new policies created. We can’t be discouraged by the inability of a slow-moving government to address our concerns as quickly as we would like, but we can support new legislation, whenever presented, to address the concerns we have.

Teerah Goodrum (@AisleNotes), is a recent Graduate of Howard University with a Masters degree in Public Administration and Public Policy. Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community. In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football.

Featured image courtesy of [Ottox via Flickr]

Teerah Goodrum

Teerah Goodrum is a Graduate of Howard University with a Masters degree in Public Administration and Public Policy. Her time on Capitol Hill as a Science and Technology Legislative Assistant has given her insight into the tech community. In her spare time she enjoys visiting her favorite city, Seattle, and playing fantasy football. Contact Teerah at staff@LawStreetMedia.com.

The post Apple is Now a Step Ahead of the Government to Protect Your Privacy appeared first on Law Street.

Massive Celebrity Nude Photo Leak is Major Privacy Breach

Anneliese Mahoney — Tue, 02 Sep 2014 16:44:17 +0000

Image courtesy of [MingleMediaTv via Flickr]

If you’ve been on the internet in the last few days, you’ve probably seen news stories about a massive leak of celebrity nude photos. In a rather uncouth display, the mass release has been dubbed “The Fappening” by the internet. It’s a mix of “The Happening,” and…I’ll let you figure out the other part on your own. Celebrities included on the steadily growing list include Jennifer Lawrence, Rihanna, Mary Elizabeth Winstead, Kirsten Dunst, Kaley Cuoco, Ariana Grande, Kate Upton, Victoria Justice, and more. Some, like Mary Elizabeth Winstead, have acknowledged that the photos were real, while others like Victoria Justice claim they are fakes.

The pictures mostly surfaced on reddit and 4chan beginning on August 31. The photos then made their way to Twitter and other more mainstream sites. Most of the photos seem to have been obtained through hacking iCloud accounts. Put extremely simply, that means that the photos had been stored by the celebrity users to their personal accounts that included storage in the iCloud network. Benefits of the iCloud include the ability to access it from multiple accounts and locations, as well as freeing up space on a hard drive or other storage device.

How exactly the hackers obtained the nude photos is uncertain — they could have exploited a security flaw that Apple was unaware of, or they could have obtained the celebrities’ emails and then managed to gain access to their passwords by guessing security questions or some other method. Since celebrities seem to have been specifically targeted, the average user probably shouldn’t be too worried about sensitive material being stolen off their clouds right now — but the whole controversy does raise questions about cloud-type storage. The FBI has now gotten involved in the scandal and it appears to be searching for the hacker(s) who managed to get into the iCloud accounts and released the photos.

The whole fact that the photos got out in the first place is concerning. Celebrity pictures are leaked frequently, but usually just one or two. These leaks encompass hundreds, perhaps thousands, of photographs of young women whose privacy was seriously invaded for no other reason than the fact that they are both attractive and good at their jobs. And not only have their private accounts been hacked, the omnipresent internet trolls are more than willing to make fun of them for their concerns. Many have said that because the women took the pictures and uploaded them to the cloud at all, they deserve to have them released en masse.

Seriously? These women took pictures in the privacy of their own homes, with no intention of releasing them to the public. True, uploading them to a possibly hackable network was their own choice, but it was far from a damnable one. Imagine that these women had nude pictures taken of them by a peeping tom or a stalker. I have to think the public outcry would be greater — at least I hope it would be — but I don’t really see a huge difference. Either way, privacy is being ignored. The photos that have been leaked were stolen, plain and simple. And now that they’re out there, they’re going to be almost impossible to get down.

There’s a reason that one of the classic nightmare archetypes is realizing that you’re naked somewhere. I have a feeling that even if you’re a famous celebrity, that holds true. To all the people who are looking at the photos right now, please remember that those are real people who did not consent to have these pictures released to the public. Remember that before you look, and think about how you’d feel to have the entire world see your naked photos. I have a feeling it’s eerily similar to a nightmare.

Anneliese Mahoney

The post Massive Celebrity Nude Photo Leak is Major Privacy Breach appeared first on Law Street.

Big Data, Little Privacy

Teerah Goodrum — Fri, 29 Aug 2014 15:47:07 +0000

Image courtesy of [BarcelonaDigital via Flickr]

You’re being tracked.

Surprise!

Well maybe that’s not a surprise since Americans are pretty cynical on issues of spying. It may surprise people, however, that the things they enjoy, such as digital news articles, videos, wearable technologies, and wireless appliances are all tracking their behavior. Depending on the technology used, data detailing frequency of maintenance, a person’s interests or vital signs, and metadata like location and time is also collected. This information analyzes everything from potential consumer needs, to uncovering relationships and patterns that weren’t previously known. The benefits of big data are enormous but we must consider how else this information could be used? At what point could this become a privacy concern? Also, what steps are being taken to prevent possible manipulation?

Click here to find out everything you need to know about the big business of Big Data.

The increased use of technology to record defense capabilities, healthcare needs, government practices, as well as maintenance and safety needs are all positive ways big data has affected society. One positive effect translates into saving lives of premature babies after sensors record an uptick in body temperature, which could be a sign of an impending infection. Watching the Centers of Medicare and Medicaid Services prevent and stop more than $100 million worth of fraud after implementing the Fraud Prevention System, is another example of the advantages of Big Data. These two incredible examples of how Big Data is used as a positive resource don’t even begin to highlight the many significant contributions it makes to society.

From a business perspective, companies can use the information from data profiling to identify similar or related products, social issues, and events of interest to consumers. How products and events are marketed to consumers is directly related to an advertiser’s ability to collect data and complete a practice known as behavioral targeting. An example of online use that constantly collects data is the social media platform, Facebook. Most people are unaware that on top of the information provided by their profile, something as simple as posting a picture on Facebook provides more data and other related metadata, such as time and location, to the platform. This information as outlined in the company’s Data Use Policy can be used as stated below.

Sometimes we get data from our affiliates or our advertising partners, customers and other .third parties that helps us (or them) deliver ads, understand online activity, and generally make Facebook better. For example, an advertiser may tell us information about you (like how you responded to an ad on Facebook or on another site) in order to measure the effectiveness of – and improve the quality of – ads.

I want to note the first line of the data use policy section provided above, which says, “sometimes we get data from our affiliates or our advertising partners.” Now wait a second, how do their ad partners and affiliates have data that can be linked to specific people and why are they able to pass it on to others? The data use policy explicitly tells us that those affiliates and partners have collected data through responses consumers have provided for other ads on other sites, which is then used to create a behaviorally targeted ad for Facebook and vice versa. In addition, cookies, web beacons, and IP addresses are all used to create an online profile able to frame our digital identities. At that point there’s no real need to have a name that identifies individuals. So when companies like Google, Facebook, Yahoo and others declare that the information they share is passed anonymously, they’re technically telling the truth.

But these capabilities, most of which are not visible or available to the average consumer, also create an asymmetry of power between those who hold the data and those who intentionally or inadvertently supply it. – May 2014 Big Data Report

The outlined intent as stated by the terms above is to improve the Facebook experience by making sure Facebook knows what is important to its users. By identifying what’s important to each individual, Facebook can ensure that users see more of the same information they’re most likely to be interested in on either their newsfeeds or in advertisements. This sounds great right? Modifications made to the information seen on the newsfeed and in advertisements are based on:

Interests
Location
How often you use Facebook
Books you like and/or have read
Movies you like and/or have seen
TV shows you like and/or watch
Gender
Online purchasing habits
Other information provided by Facebook affiliates/partners/third parties
Topics you post about
Your friends list
Clubs/social groups/schools you’re associated with

WAIT ONE MINUTE!

Oh my goodness, they know you in a way that has just gotten uncomfortably scary right?

Not only can your timeline be manipulated, but so can your perception of what is going on around you. Facebook received criticism after admitting that for one week, it intentionally tried to make 155,000 of its users sad for no other reason than just to see if they could do it. Another example can be seen in how conversations concerning the social upheaval in Ferguson, Missouri was somehow missing from many Facebook newsfeeds while Ice Bucket Challenges were commonly seen. People wanted to know how life on this social media outlet could seem so out of the loop. That was until techies realized that a Facebook algorithm used to filter out posts Facebook feels users wouldn’t be interested in, figured its users were much more interested in Ice Bucket Challenges than discussions on social inequities, policing, race relations, civil liberties and so forth.

For all we know, Facebook may have gotten it right. After being bombarded by 24-hour news cycles and other social media outlets like Twitter, which were jammed with Ferguson discussions, it may have been nice for users to escape to a place where Ferguson wasn’t the only thing discussed.

Make no mistake, Facebook is not the only outlet that uses, collects, and has the ability to manipulate Big Data. Beyond Facebook is the general use of the internet and digital technology, all of which can collect big data. What must be done now, is to determine the proper use for this information and identify ways to protect the privacy of users. Several government agencies, departments, and branches of government are interested in discussing these topics. This can be noted by the FTC’s call to identify how data is categorized, used, and the applicable laws to protect consumers. Additionally, organizations like the Open Internet Institute, Common Cause, Free Press, and Public Knowledge have submitted comments to the National Telecommunications and Information Administration (NTIA) on the importance of protecting telecommunications metadata.

With more people, governments, and organizations identifying concerns, changes can be made and applicable laws can be clarified to protect consumers and avoid impositions of privacy.

Teerah Goodrum

The post Big Data, Little Privacy appeared first on Law Street.

Teen Driving Laws Aim to Curb High Accident Rates

Law Street Media Staff — Thu, 28 Aug 2014 10:32:28 +0000

Image courtesy of [State Farm via Flickr]

Young people all across the United States wait anxiously for their sixteenth birthdays — for many, it’s their first taste of independence. Yet we also have a problem in this country: the younger the driver, the more they are a danger to themselves and others. In response, many states have passed laws that restrict what exactly teens can do as behind the wheel. Read on to learn about the dangers that teen drivers face, the legislation that states have implemented in an attempt to protect teen drivers, and how that legislation has paid off.

Teens Driving

Statistically speaking, teens have high rates of accidents when driving. Here’s a helpful infographic to breakdown the statistics.

Courtesy of PhillipMiller.com.

Dangers for Teen Drivers

Distracted Driving

Distracted driving is a huge problem for teenagers, especially with the influx of modern technology to which young people now have access. In addition to traditional driver distractions, such as eating or drinking in the car, adjusting the radio, or external distractions, teen drivers now have access to cell phones and navigation systems that take their attention away from operating the vehicle.

Texting and driving has become especially problematic, with approximately 41 percent of teen drivers reporting that they had texted or emailed while at the wheel. For the general public, text messaging makes getting into an accident almost 23 times more likely than driving without distractions. Teen-aged drivers spend 10 percent of the time out of their own lane when texting. Those statistics are concerning, and pose real risks to teen drivers.

Inexperience

Another obstacle that teen drivers have to overcome is inexperience. There are plenty of hazards that can crop up for drivers, such as animals running into the road, ice, or problems caused by other drivers. Often, older drivers will have spent more time behind the wheel and will have a better ability to react to the unexpected hazards.

Types of Teen Driving Laws

In many states, driving laws enacted in recent years split teen drivers into a few different categories. Each state has a different name for them, but in essence, they categorize drivers as beginner, intermediate, and fully licensed. Beginner drivers are usually those who have learner permits. There are laws that specify when exactly a young person can apply for a permit — usually age 16, although occasionally a little earlier. There are also laws that designate how long a driver must remain at beginner status, and the steps that the beginner driver must take in order to get a license and become an intermediate driver.

Intermediate drivers are those who have received their licenses but still are subject to certain restrictions. Intermediate drivers often remain designated as such until a certain period of time after receiving their licenses, generally six months to a year.

Once each state designates who fits into each category, there are laws that create requirements for drivers within those categories. Some of these types of laws include:

Passenger Restrictions

Some states have created laws that restrict how many passengers young drivers can have, and who those passengers can be. Passengers can be potential distractions to new drivers. Forty-seven states and the District of Columbia place some sort of passenger restrictions on intermediate drivers. The only states that do not are Florida, Mississippi, and South Dakota.

Nighttime Driving Restrictions

States also place driving restrictions on when young drivers can operate vehicles. Most of them surround “late night” hours, such as not allowing young drivers out between 11:00pm and 6:00am. Forty-nine states and the District of Columbia have some sort of nighttime driving rules. The only state that does not restrict when intermediate drivers can drive for at least some time period is Vermont.

Fully Licensed Ages

The point at which a driver “graduates” from intermediate to fully licensed also varies. For some states, it is a flat date of 18 years old, regardless of when the driver received a license. For others, it is a set period of time after receiving a license. This is one of the most varied driver restriction laws from state to state.

Case Study

Kyleigh’s Law

New Jersey was the first state to pass a Graduated Drivers License (GDL) decal law, also known as Kyleigh’s Law, in May 2010. Under this law, New Jersey drivers under the age of twenty-one must stick a pair of four-dollar red decals on their license plates, or be subject to a $100 fine. Kyleigh’s Law was passed after the death of Kyleigh D’Alessio, who was killed in car crash containing three teenagers, one of whom drove the car into a tree.

The purpose of the decals is to help the police identify GDL drivers who must adhere to curfews and restrictions about how many teenagers can be in the vehicle as passengers. GDL drivers cannot drive between 11:00pm and 5:00am, must be accompanied in the front seat by an adult who is above twenty-one years of age, possess a valid New Jersey driver’s license, and can have only one additional passenger unless accompanied by a parent or guardian.

According to a report published by the National Safety Council, more than five thousand people die each year in crashes involving teen drivers. Novice drivers are three times as likely to crash compared to those with more experience. Each week for five weeks after Kyleigh’s death, there was at least one fatal crash in New Jersey involving teen drivers with multiple passengers. Proponents claim that Kyleigh’s Law has proven to be effective in its first year of regulation. A study conducted by the American Journal of Preventive Medicine revealed a nine percent reduction in crashes involving teenage drivers within the first year of the law’s implementation. This amounts to the prevention of approximately 1,600 crashes. Challenged in the New Jersey Supreme Court for reasons stated below, the law was upheld in a unanimous ruling on the grounds that it constitutes a legitimate state interest of ensuring vehicular safety.

Opponents are primarily concerned about the privacy issues that arise out of the public indication of one’s age group as a result of the decal. They claim that creating a tag for sixteen to twenty-one year olds makes youths particularly vulnerable to pedophiles and predators. One columnist analogizes the situation created by Kyleigh’s Law to that of murders and robberies arising from Florida’s rental car plate identification. It was challenged in the New Jersey Supreme Court for violating the federal government’s Drivers Privacy Protection Act because it released personal information and also constituted an unreasonable search and seizure. The court ruled in favor of the law but the plaintiffs plan to appeal its decision in federal court.

The law also raises some tactical issues. In situations where a car is shared by two or more individuals, decals remain on the car regardless of who is driving and can lead to non-GDL drivers being stopped by the police. Furthermore, teenagers who feel discriminated against or find the law pointless simply remove the decals from their cars once they obtain their license.

Conclusion

The ability to drive is a big step toward adulthood for many young people, but it can come with some risks. Legislatures in many states are working toward creating laws that protect young drivers. Some experimental laws, such as those enacted in New Jersey, may spread to other states, creating even more regulations on young drivers.

Resources

Primary

New Jersey: Graduated Driver License Program

Missouri Department of Transportation: Safety Tips for Young Drivers

NJ Division of Criminal Justice: Kyleigh’s Law Interim Report

Additional

Science Daily: New Jersey’s Decal for Young Drivers Reduced Crashes, Study Suggest

CBS: Data: New Jersey’s Graduated License Laws Impacting Teen Driving Fatalities

GHSA: Graduated Driver Licensing Laws

NewJersey.com: Senator Doubts Kyleigh’s Law Decals Prevented 1,600 Crashes

New Jersey.com: N.J. Senate Approves 6-Month Review of Kyleigh’s Law Decal Requirement

North Jersey: Kyleigh’s Law Decals Drive Controversy

AAA South Jersey: Kyleigh’s Law Update

Law Street Media Staff

Law Street Media Staff posts are written by the team at Fastcase and Law Street Media

The post Teen Driving Laws Aim to Curb High Accident Rates appeared first on Law Street.

Crime of Power: Treating the Problem in Ferguson and Ignoring the Cause

Hannah Kaye — Mon, 25 Aug 2014 10:31:57 +0000

In the aftermath of the shooting in Ferguson, Missouri and the controversy over the way in which the police department has dealt with the backlash, accusations of officials on a ‘power trip’ are incredibly poignant. According to Ferguson residents interviewed by CNN, “there’s been friction for years with the overwhelmingly white police department.” This statement is made by both African-American and white members of the community.

Courtesy of Light Brigading via Flickr

In the predominantly African-American town, these individuals are highly over-represented in crime statistics. ‘They accounted for 93 percent of arrests after traffic stops, 92 percent of searches and 86 percent of traffic stops.’ Although it is frankly impossible to hide from the racially discriminatory acts that are taking place, I ask why it has taken such a tragic event to acknowledge such wrongdoing? This idea that power can influence the way people act is not uncommon. Social experiments like the infamous Stanford Prison Experiment, the soldiers involved in the leaking of the Abu Ghraib photos, and the recent controversies surrounding the invisible war of sexual assault in the military, are just some examples of how power has an effect on producing and allowing crime to occur.

It is time we stop allowing justifications and rationalizations as reasons why individuals feel they can abuse their power. We blame the police officers for abusing their power with excessive force, but what about those in the riots who took advantage of a tragic situation by looting businesses? What about the thousands of individuals who took to Twitter to verbally abuse and criticize individuals because of their race, or because of their involvement in the incident? To say the issue is the hypocrisy of a country built upon equality and democracy is treating the problem, but ignoring those actions that make us revert back to the Civil Rights era, and back to an age when segregation was mandatory, which is the cause.

In the 21st century we have produced a generation so involved in the use of social media to express their opinions, and so involved in the right to voice our opinions, that we are in a sense our own worst enemies. Instead of working alongside law enforcement to protect our country, we are rebelling; instead of fighting the war against racial discrimination, we are fueling it; instead of maintaining the right to have privacy, we are highlighting more reasons to invade it. One of the first pictures of the fatally shot Michael Brown was posted to Twitter by a bystander before any official evidence was given to the police.

In the aftermath of Ferguson, it was announced that “police departments and their equipment suppliers are outfitting their officers with on-body cameras that promise to eliminate the photographic void we saw in Ferguson.” These cameras will be worn by officers during their shifts and will record all of their encounters with any member of the public they interact with. These videos at the end of each shift are then placed in a vault online, where they will only be examined during legal proceedings.

I don’t know about you, but I interact with police officers daily during my lunch break. I am 90 percent sure it is to do with my British accent and their boredom, but I still don’t know how comfortable I would feel knowing they may have a camera turned on recording me buying my lunch. What about those days that I decide it’s a good idea to buy bars of chocolate and bags of chips, if anything they are uncovering my unhealthy habits!

Courtesy of Mark Kirchner via Flickr

As expected with any new regulation, there are no national regulations on how the cameras will be used, or when they will be turned on and off. This is precisely one of the main problems with treating the problem and ignoring the cause. How to you trust an officer is going to keep the camera on for the duration of his shift? How do you rely on technology to take away the ‘power trip’ mentality? The answer: you cannot.

What makes this whole argument over the abuse of power even more valid is the corruption of relationships within the police force. There needs to be some kind of a change to monitor the performance of corrupt officials to ensure that the public can trust in those who are meant to protect them. The backlash from the community in Ferguson has come about from years of distrust in their law enforcement as protectors, and adding video cameras to police officers’ chests is not going to change that.

—

Hannah Kaye (@HannahSKaye) is originally from London, now living in New York. Recently graduated with an MA in criminal justice from John Jay College. Strong contenders for things she is most passionate about are bagels and cupcakes.

Featured image courtesy of [Matt Katzenberger via Flickr]

Hannah Kaye

The post Crime of Power: Treating the Problem in Ferguson and Ignoring the Cause appeared first on Law Street.

Dating Naked Contestant Sues for Being Shown Naked While Dating

Chelsey D. Goff — Fri, 22 Aug 2014 16:03:51 +0000

In today’s installment of completely cringe-worthy legal news, a contestant on VH1 reality show “Dating Naked” is suing the company for…being shown naked while dating.

Jessie Nizewitz, a 28-year-old model from New York, filed suit for $10 million this week against VH1, parent company Viacom, and two production companies for failing to blur out her crotch during a beach wrestling scene. (Yes, you read that correctly: naked beach wrestling on a first date being filmed for a reality TV show. That’s some serious other-level confidence.) Take a look at the Today Show’s clip below if you’re unfamiliar with the show, though I’m betting it’s exactly what you’re imagining in your head already.

Visit NBCNews.com for breaking news, world news, and news about the economy

Now in all honesty, I kind of love this show. My friend and I discovered it a few weeks ago while watching The Soup, and subsequently binge watched all the episodes available On Demand (sadly there were only three at the time). If you haven’t seen it, or are sticking to the story that you would never watch such base programming, let me fill you in: contestants are flown to a private island where they bare their souls and birthday suits to strangers while participating in decidedly unromantic activities (naked four wheeling, anyone?) all in the hope that they will find that special someone.

According to Nizewitz, the show’s producers verbally promised that only contestants’ butts would be shown, with all other good stuff blurred out. There’s no mention of this assurance in a written contract, but that of course wouldn’t negate its validity depending on location. In an interview with the New York Post, Nizewitz expressed disappointment that a man she’d been seeing for a month disappeared after the episode aired: “He was employed, Jewish, in his 30s and that’s pretty much ideal.”

Setting aside the obvious here that Nizewitz was participating in a television show built entirely around being naked, it does seem that she had a reasonable expectation that her body would be blurred for broadcast. A $10 million expectation? We’ll find out soon enough. Until then, I’m still tuning in to this bizarre and uncomfortable social experiment. Because honestly, who doesn’t enjoy watching nascent relationships bud over naked tumbling, basket weaving, and Zumba classes?

—

Chelsey Goff (@cddg) is Chief People Officer at Law Street. She is a Granite State native who holds a Master of Public Policy in Urban Policy from the George Washington University in DC. She’s passionate about social justice issues, politics — especially those in First in the Nation New Hampshire — and all things Bravo. Contact Chelsey at cgoff@LawStreetMedia.com.

Featured imaged courtesy of [Joe Shlabotnik via Flickr]

Chelsey D. Goff

The post Dating Naked Contestant Sues for Being Shown Naked While Dating appeared first on Law Street.

SCOTUS Rules Warrantless Cellphone Searches Unconstitutional

Brittany Alzfan — Mon, 30 Jun 2014 17:17:42 +0000

In a unanimous decision, the Supreme Court ruled last Wednesday that law enforcement officials must obtain warrants in order to search the cell phones of those under arrest. Chief Justice John Roberts wrote in the majority opinion, “the fact that an arrestee has diminished privacy interests does not mean that the Fourth Amendment falls out of the picture entirely.” This is a definite departure from previous policies, which allowed police officers to collect evidence through warrantless cellphone searches.

The Chief Justice stated:

The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the Founders fought, our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple — get a warrant.

In this decision, Roberts dismissed law enforcement officials’ claims that searching a cell phone is no different than searching a suspect’s pockets, which has never required a warrant. Roberts addressed this by saying, “that is like saying a ride on horseback is materially indistinguishable from a flight to the moon.” Modern cell phones, with their vast capabilities, bring about entirely new privacy concerns that transcend a simple pocket search.

Warrantless searches have been justified, and sometimes are necessary. They are often conducted in order to protect police officers from hidden weapons, and to prevent suspects from destroying evidence. However, the court found that neither of those rationales applied to searching through the data on someone’s cell phone.

Understandably, police officers are concerned with the impact that this ruling will have on fighting crime. If a police officer must take the time to obtain a warrant before they can search someone’s phone, then that person will have the opportunity to erase any incriminating data. Roberts wrote:

We cannot deny that our decision today will have an impact on the ability of law enforcement to combat crime. Cell phones have become important tools in facilitating coordination and communication among members of criminal enterprises, and can provide valuable incriminating information about dangerous criminals. Privacy comes at a cost.

However, according to Roberts, “remote wiping can be fully prevented by disconnecting a phone from the network.” He says that police officers can also remove a phone’s battery or simply turn the phone off.

This ruling was built on several privacy rulings in recent years, particularly the cases of United States v. Wurie and Riley v. California.

Police in Boston arrested Birma Wurie on drug trafficking charges in 2007. Police went through the call log on Wurie’s flip phone without first obtaining a warrant, and found several calls from a number labeled as “my house”. They then used reverse trajectory to trace the address, obtained a warrant, and found illegal drugs and firearms. While they did have a warrant to search the home, they never obtained one to search the phone that led them there.

In 2009, San Diego police detained David Riley for driving with expired tags. In their search of his car, police discovered two concealed firearms and seized Riley’s smartphone without a warrant. Stored text messages, photos, and videos on the phone led the police to believe that Riley had gang connections and was involved in several prior gang-related crimes.

In both of these cases, the defendants sought to suppress the evidence that was obtained without a warrant, and neither succeeded. The evidence was let in and they were both convicted, leading to a series of appeals that eventually reached the Supreme Court. The court addressed the privacy issues in both cases, but seemed less worried about police officers searching limited-capacity flip phones than smart phones that can hold large quantities of personal data. Justice Elena Kagan commented that, “most people now do carry their lives on cell phones,” so it is important that peoples’ Fourth Amendment rights are protected when it comes to personal information on smartphones.

In the age of constantly changing technology, the protections set out by the Fourth Amendment are unwavering. These technological advances raise many questions about one’s right to privacy when information is becoming more accessible. This Supreme Court decision is an important step in assuring that peoples’ rights are protected, despite these rapid changes in technology.

—

Brittany Alzfan (@BrittanyAlzfan) is a student at the George Washington University majoring in Criminal Justice. She was a member of Law Street’s founding Law School Rankings team during the summer of 2014. Contact Brittany at staff@LawStreetMedia.com.

Featured image courtesy of [dalioPhoto via Flickr]

Brittany Alzfan

The post SCOTUS Rules Warrantless Cellphone Searches Unconstitutional appeared first on Law Street.

The Dark Side of Snapchat Lands the Company in Hot Water

Ashley Powell — Fri, 16 May 2014 20:31:59 +0000

Law Street writer Anneliese Mahoney brought us the ‘Dark Side of Snapchat’ recently, explaining its less-than-savory methods of use by the consumers. Now it looks like all of those dark sides have landed the company, for lack better words, in deep shit. Snapchat is facing scrutiny of its practices and policies.

On May 8, 2014, Snapchat was slapped with complaints by the Federal Trade Commission that the popular mobile messaging app deceived consumers about the ephemeral nature of snaps, among other things. Furthermore, the FTC alleged that the company misrepresented the platform’s privacy and security. The FTC’s complaints allege the following:

Snapchat misrepresented its privacy and security actions in its marketing to consumers.
Snapchat misrepresented the ephemeral nature of snaps when it is known to the company that there are several ways to store the ‘disappearing messages,’ such as third party software available for download.
Snapchat stored video snaps unencrypted on recipients’ devices outside of its ‘sandbox’ (in layman’s terms this means that they were stored externally from the app). Furthermore, the recipient could retrieve the ‘disappearing videos’ if he or she connected the mobile device to a computer.
Snapchat mislead consumers regarding the notification functionality. If a recipient of a snap took a screenshot, the sender would receive a notification, but the FTC noted multiple ways in which the notification system could be avoided.
Snapchat misrepresented its data collection practices to Android app users because the app transmits geolocation information, which is in direct contrast to the company’s privacy policies. (Clearly, marketing privacy does not mean actual privacy.)
Snapchat misrepresented the security of the ‘Find Friends’ feature. Snapchat received complaints that the feature did not verify the phone numbers, therefore, consumers potentially were communicating with someone other than the designated recipient.

While Snapchat settled the FTC charges and has not incurred monetary penalties, the company was placed on probation and will be subjected to independent privacy monitoring for the next 20 years. If the company is found misrepresenting its practices again, it could face up to $16,000 per infringement. However, this is relatively minor punishment for the company in my opinion.

Do I think that consumers truly believe that all their messages are private? No, not at all. However, if your business platform is based on some degree of privacy and security, you should really make an effort to deliver on those promises — not have one security breach after another. The company was rated with one out of six stars on the ‘Who Has Your Back’ 2014 report released by Electronic Frontier Foundation last week. Snapchat is truly innovative and I hope it moves faster on the learning curve because it is a great app. But, in the words of Dottie People, “get your house in order.”

Click here to read the original post by Anneliese Mahoney: “The Dark Side of Snapchat.”

—

Ashley Powell (@danceAPdance)

Featured image courtesy of [Jose A. Perez via Flickr]

Ashley Powell

Ashley Powell is a founding member of Law Street Media, and its original Lead Editor. She is a graduate of The George Washington University. Contact Ashley at staff@LawStreetMedia.com.

The post The Dark Side of Snapchat Lands the Company in Hot Water appeared first on Law Street.

A New Method to Keep the Government Accountable?

Sarah Helden — Mon, 28 Apr 2014 16:22:35 +0000

Image courtesy of [Mike Mozart via Flickr]

Until recently, everyone thought the Obama administration got away with targeting and killing an American citizen without any disclosure of the legal means that allowed this action to unfold. Now, a court ruling could change this, which draws attention to a very important question: How can we keep the President accountable?

In 2011, Anwar al-Awlaki, an American citizen declared a terrorist by US intelligence, was targeted and killed by a drone strike in Yemen. After committing this action, the government declined to reveal any documents detailing the decision and even their legal reasoning that explained why the President was able to authorize the killing of an American without a trial or due process of the law.

A suit was filed against the government by the ACLU and reporters from the New York Times. The case was brought to a US district court and was decided in January 2013. The decision came out in the government’s favor: the court ruled that the government did not have to release any of the requested information. District court judge Colleen McMahon, commenting on the court’s decision, stated that while she personally criticized Obama for failing to disclose the information, she felt that the court had no authority to force the administration to release any documents relevant to the situation.

However, the case was appealed, and on Monday April 21, 2014, the court of appeals for the 2nd circuit issued a ruling that overturned the lower court’s decision. The three judge panel on the bench of the court ruled that the government must release documents created by the Justice Deparment that describe the administration’s legal reasoning behind the authorization to commit the killing of al-Awlaki.

In the wake of the appeals’ court decision, two important question must be answered: How did the court justify this decision, and will this court ruling change the legal nature of presidential action?

The Court’s Reasoning

The appeals court’s main justification for its ruling was that since the Obama administration had publicly commented on the legal justification for killing al-Awlaki, the government can no longer refuse to disclose the official documents. Judge Jon Newman‘s opinion, joined by the other two appellate judges, explained that if the government makes public claims to convince the public that lawful actions were taken, the government has an obligation to prove those statements are true. The judge stated, “whatever protection the legal analysis might once have had has been lost by virtue of public statements of public officials at the highest levels and official disclosure of the DOJ White Paper.”

The decision also addressed the arguments against releasing the information. The government claimed that by being forced to reveal the documents and other information detailing the legal justification for al-Awlaki’s killing, other agencies will be more hesitant to seek the assistance of the Department of Justice, since they may fear the eventual release of private information used to consult with the DOJ. Refuting this argument, the court’s opinion highlighted the fact that smart officials representing agencies should be fully aware of publicly discussing the advice of the DOJ could result in the mandated disclosure of the legal information. Furthermore, as long as the agency makes no public statements about the assurance of the legality of actions taken with help from the DOJ’s legal advice, the information need not be revealed.

What implications will the ruling have on the operations of the President and the US government?

Keeping in mind the court’s rationale for ruling, the effect this decision could have on the future operations of the President and the government must be explored.

The good news is that the case showcases a way for the public to hold the President and the government accountable for his secret decisions. In a matter of killing an American citizen without due process of the law, the American people deserve to understand the reasoning behind the action. By declaring that the government loses its right to secrecy after publicly commenting on the supposed legality of its actions, the public has gained some recourse for finding transparency within government’s decisions.

But while the appellate court decision marks progress in keeping the President and government accountable, the ruling does not mean that the government must now release information on their reasoning behind every decision. It is important to remember that the court came to its decision after the President made public remarks on the legality of al-Awlaki’s killing. Therefore, while we can celebrate the appellate court’s decision, remember that this ruling is only a step in the right direction in providing more ways to keep the government accountable.

[The Atlantic] [POLITICO] [The Guardian]

—

Sarah Helden

Sarah Helden is a graduate of The George Washington University and a student at the London School of Economics. She was formerly an intern at Law Street Media. Contact Sarah at staff@LawStreetmedia.com.

The post A New Method to Keep the Government Accountable? appeared first on Law Street.

Facebook Controls Your Privacy Settings Even After You Die

Imran Ahmed — Wed, 26 Mar 2014 19:56:54 +0000

“A friend who dies, it’s something of you who dies.” – Gustave Flaubert

Death is serious, and in contemporary times, social media companies must choose how to incorporate the major life event into their platforms. A sense exists that death, so heavy a subject, must be treated differently; normal commercial interests should subside and companies should develop their policies appropriate for its gravity. The choice of how to deal with death is not self-evident. Social media sites have many options: they can abolish deceased person’s site; leave the site in the state it existed just before the deceased person died; or create some alternative site format for those who have passed away. The choice requires a near-philosophical inquiry into how the platform can best deal with the gravity of death.

Facebook recently decided to change their policy regarding deceased users, and some feel it was done in a duplicitous and covert fashion.

The policy change weakened the privacy settings applied to those who pass away. For deceased Facebook users who had open privacy settings prior to their death, Facebook now allows their pages to remain accessible to the public at large. This is a departure from their previous policy, which restricted access to friends only following a user’s death.

This decision has important privacy considerations. For example, the average Facebook user changes his or her privacy settings throughout the his or her time on the site. Why should the privacy settings utilized right before a user’s death be immortalized for all time? Couldn’t Facebook have allowed users to make the decision of their privacy settings in the case of death? What gives Facebook the right to make that decision?

Instead of addressing this policy change head on, Facebook decided to write about it in a post entitled, “Remembering our Loved Ones.” The title appears too sentimental to merely apply to the shift in privacy rights. Instead, the post also deals with a new feature that Facebook now makes available to family members of a deceased Facebook user: the “Look Back” life montage video.

But was Facebook really being sincere? Two separate issues are being conflated. In Facebook’s post, the company seemingly couched a significant privacy policy change under an appealing and overwhelmingly correct decision to create a “Look Back” video. While these both relate with death, I wonder if they necessarily needed to be mentioned in the same post? Did Facebook exploit the tear-jerker YouTube video to obfuscate any potential backlash movement against the softening of user privacy?

An analysis of the Facebook post illuminates a potential calculating craftiness regarding how they reveal their information about the diminishing privacy rights.

1. The post begins by writing about the company’s commitment to improving user experience and how users contact Facebook to memorialize the accounts of deceased loved ones.

As members of Facebook’s Community Operations team, we talk to people who use Facebook every day and we’re committed to making their experience better. Some of the people who reach out to us are grieving the death of a friend or family member, and they usually ask for their loved one’s timeline to be memorialized.

2. The post then delves into the fact that the company seriously contemplates the issue of how to deal with the death of a Facebook user. They acknowledge that such questions have “no easy answer” and they wonder if they are “honoring the wishes” of the deceased.

3. Then, they finally introduce their discussion about the change in privacy policy.

We’ve decided to make an important change to how we preserve legacies on Facebook. Up to now, when a person’s account was memorialized, we restricted its visibility to friends-only… Starting today, we will maintain the visibility of a person’s content as-is. This will allow people to see memorialized profiles in a manner consistent with the deceased person’s expectations of privacy. We are respecting the choices a person made in life while giving their extended community of family and friends ongoing visibility to the same content they could always see.

Notably, the “important change” referenced was not described as an important change in privacy rights, but as an important change in how the company “preserves legacies on Facebook.” The company uses softer word choice to distract from what is actually happening.

Death deserves frank speech, but Facebook seems to evade the discussion. Facebook states that the policy change will respect the deceased person’s “expectations of privacy,” but does not substantiate why. Rather, the company merely announces that they are respecting the choices a person made in life. This is spurious reasoning. When a Facebook user makes a privacy change while alive, the user does not contemplate their death and the fact that such a setting might still apply at that time. They do not connect why a person’s decisions while alive reflect what he or she would want when deceased.

Instead of probing deeper into the issue, the rest of the post introduces the agreeable, supportable “Look Back” video policy. The new feature has little connection with the change in privacy settings and takes the reader away from the issue. The universally appealing feature is sandwiched between privacy changes with suspect reasoning and artful dodging of the issue.

I do not necessarily disagree with the change in policy, but I find it disconcerting that Facebook employs skilled writing techniques to avoid a frank discussion on the issue. Humans generally drop all guises in the midst of death. Social media sites should do the same. Facebook argues that their new policy is consistent with a user’s “expectation of privacy,” but they present the change in a manner inconsistent with a user’s “expectation” of honesty.

—

Imran Ahmed is a writer living in New York City whose blog explores the legal implications of social media and the internet. Contact him via email here.

Featured image courtesy of [Tim Wayne via Flickr]

Imran Ahmed

Imran Ahmed is a writer living in New York. Contact Imran at staff@LawStreetMedia.com.

The post Facebook Controls Your Privacy Settings Even After You Die appeared first on Law Street.

Feeling Extorted by Yelp’s Business Practices? Help May be on the Way

Imran Ahmed — Thu, 20 Feb 2014 11:30:37 +0000

Yelp suffered a crucial loss in a recent Virginia Court decision.

Hadeed Carpet Cleaning, a small business in Virginia, noticed a few negative Yelp reviews and did some investigation. The business claims that after studying their records, the Yelp complaints did not match any actual customer experiences in their books. Hadeed Carpet sent a subpoena to Yelp requesting the identities of the Yelp users who wrote the allegedly unfounded posts, but Yelp refused to comply with the subpoena and the case went to trial.

The Virginia Court of Appeals has sided with the small business and ordered Yelp to reveal the identities of the users. The court reasons that if the users who wrote the unfavorable comments were never actually customers of Hadeed Carpet Cleaning, then those negative reviews amount to defamation not worthy of any First Amendment protection.

Most commentators deride the decision for curtailing freedom of speech; yet, a longer look at Yelp’s litigation history illuminates why this ruling may help those harmed by Yelp.

Yelp has long heard the complaints of small-business owners who claim the company effectively extorts them for money. The common story often begins with a small business noticing a particularly negative comment on their Yelp page. Then the business discovers Yelp’s algorithm filtering out positive comments and thus making negative comments more prominent. Finally comes a sales pitch from a Yelp employee suggesting that the small business advertise on Yelp. Often, the sales pitch includes statements that advertising with Yelp will result in a better filtration process and the removal of negative reviews. Since an alluring Yelp page has a weighty impact on a business’ bottom, many business owners feel threatened by these solicitations.

Yelp has had to squash legal attempts to expose this allegedly coercive practice. In 2011, a class-action lawsuit was filed on behalf of all businesses who declined to advertise with Yelp or who advertised with Yelp in the last four years. The lawsuit claimed that Yelp “unlawfully manipulated the content” of a business’ Yelp page in order to push the business to pay for advertising. In that case, the Plaintiff, Levitt, alleges this story in their Brief:

Two days after Levitt’s conversation with Yelp’s employees – during which he declined to purchase advertising — six out of the seven 5-star reviews were removed from his business page leaving Levitt with an overall star rating of 3.5 stars. As a result, during the month of August, Levitt’s business Yelp page received only 158 page views as opposed to the 261 page views Levitt’s business experienced in July of 2009. Since then, Levitt’s business revenues experienced a decline that corresponded almost directly to the decline in page views.

The Brief outlines other stories with other businesses voicing a narrative that echoed Levitt’s tale about Yelp’s knavish advertising schemes. While Yelp managed to dismiss the lawsuit, that cessation did not help distance Yelp from their alleged aggressive sales practices. Their victory was more technical than substantive. In the lawsuit, the Plaintiffs recounted two exploitative tactics they claim Yelp engaged in: 1.) fabricating negative reviews; and 2.) manipulating a business’ Yelp page to highlight negative reviews and filter positive reviews.

On the first practice, the court dismissed the charge due to lack of proof, not lack of guilt. The court reasoned that businesses could not prove beyond speculation that Yelp actually authored any of the negative reviews that businesses claimed Yelp fabricated. This conclusion had undoubted truth because, up until recently, courts had not allowed businesses to subpoena Yelp about the actual sources behind reviews. Yelp had successfully been able to argue that anonymous users had privacy and freedom of speech rights that prevented access to their identity. If the allegations alleged against Yelp had any merit, Yelp crookedly used freedom of speech and privacy rights as a shield preventing any discovery about their practice of self-composing negative reviews.

The recent ruling in favor of Hadeed Carpet Cleaning has special importance for marking a change in this tolerance. Instead of bending to freedom of speech concerns, the court focused more on the right to protect one’s reputation. Thus, this ruling in Hadeed Carpet might facilitate a proper exploration of the complaints of small-business owners since the court has finally allowed a Plaintiff to learn the identity of dubious anonymous users – and, perhaps, that these users were Yelp employees. While businesses previously had no method to prove their allegations that Yelp penned negative reviews, the court’s ruling in Hadeed Carpet might finally give businesses some recourse.

This seems all the more important, since the second complaint against Yelp – that they filter their messages in a duplicitous manner – has little prospect of victory. In the 2011 class action lawsuit, this claim failed due to the Communications Decency Act (CDA), a Congressional statute that lets “interactive computer services” – like Yelp – edit and manipulate content posted on their website without any risk of liability.

The CDA emerged out of a desire to promote internet freedom and growth. Congress wanted to facilitate the success of websites like Twitter, Facebook, and Yelp by immunizing these sites from lawsuits brought because of the actions of a user on the website. Basically, if a Twitter user says something defamatory on Twitter – like when Courtney Love tweeted that her fashion designer was a former prostitute — the CDA posits that the defamed party can sue the Twitter user, but not Twitter. This allows websites like Twitter, Facebook, and Yelp to function without having the legal burden of monitoring everything that’s said.

Even if these websites have no legal burden to monitor, the CDA still wants to encourage some sort of filtration process to monitor and remove hate speech. Courts have interpreted the CDA to let websites like Yelp filter messages without any risk of liability if they fail to succeed in catching and removing any invective prose. Websites like Facebook have an incredible volume of information, and the CDA hopes to encourage some editing and filtering process even if it sometimes inevitably fails. Consequently, a website faces no liability for their choices to edit or filter content. If the allegations against Yelp have any merit, Yelp again contorts the intention of this policy for its own economic self-interest. Instead of merely filtering hate speech, the allegations contend that Yelp filters innocent, positive messages to induce companies to buy Yelp advertisements.

Importantly, the CDA immunizes Yelp from this practice and courts have said as much. For example, in the Dismissal of the 2011 Class Action, the Judge wrote: “Yelp’s alleged manipulation of their review pages – by removing certain reviews and publishing others or changing their order of appearance – falls within the conduct immunized by § 230(c)(1)” of the CDA. The court even says that the statute currently allows filtering and deleting of comments done with a “wrongful motive.” Even if businesses can prove Yelp filters comments with a wrongful motive, courts have held that the CDA allows websites like Yelp that privilege.

Thus, the ruling in Hadeed Carpet Cleaning has importance to businesses hoping to prove their allegations against Yelp. The CDA literally allows Yelp to manipulate a business’ Yelp page without any risk of liability. The only recourse available to businesses hoping to expose that Yelp extorted them is to prove that Yelp fabricates negative reviews. Such a practice would be a crime, and the best – and perhaps only — way to prove that is through learning the identities of users who post dubious negative reviews.

Importantly, Yelp has officially and repeatedly denied that they engage in this practice. It could just be that these businesses had the misfortune of encountering rogue Yelp sales associates who employ overzealous tactics to earn their commissions. Or, the story could have no truth at all. For now, the CDA and freedom of speech rights have prevented us from knowing.

The main takeaway, however, focuses on how we balance rights. In Hadeed Carpet the court determined that Hadeed’s right to protect its reputation trumped a Yelp user’s right to remain anonymous. These allegations against Yelp highlight how rights always have tradeoffs: if you allow absolute freedom of speech and privacy rights, you disallow any discovery about whether Yelp effectively blackmails businesses. Additionally, sometimes rights tradeoffs occur due to external factors. Might the court in Hadeed have known about the intractable immunity granted to Yelp by the CDA and consequently softened the freedom of speech and privacy rights its users enjoy?

No one actually knows if Yelp engaged in the practice of extorting businesses into buying advertisements. We do know, however, that the law would have allowed them to legally do it…at least before the recent ruling in Hadeed Carpet Cleaners.

—

Imran Ahmed is a writer living in New York City whose blog explores the legal implications of social media and the internet. Contact him via email here.

Featured image courtesy of [Steven & Courtney Johnson & Horowitz via Flickr]

Imran Ahmed

Imran Ahmed is a writer living in New York. Contact Imran at staff@LawStreetMedia.com.

The post Feeling Extorted by Yelp’s Business Practices? Help May be on the Way appeared first on Law Street.

Privacy Board Calls NSA Eavesdropping Illegal

Taylor Garre — Thu, 23 Jan 2014 18:37:01 +0000

One name has been making headlines around the country since June 2013. There have been many terms used to describe him, whether you see him as a traitor or a patriot, Edward Snowden has become a well known character within the United States. His name continues to circulate the news press this week, as the government privacy board is set to release a report on Thursday January 23rd, saying that the National Security Agency’s wide spread collection of phone records, violates the law and should be shut down.

Let us go back to the beginning, where this controversy first ignited. In June 2013, Snowden released the operations of the United State’s global surveillance program including the monitoring of both Internet and phone use of US citizens to The Washington Post and The Guardian. Rather than staying in the shadows and remaining anonymous, this whistleblower chose to take responsibility for his actions, saying, “my sole motive is to inform the public, as to which is done in their name.”

This leak of secret NSA documents spurred debate across the country. Just as Snowden had hoped, citizens have become more informed about governmental actions. American’s are now questioning the link between national security and privacy as well as wondering what else the government is going to great lengths to hide.

The NSA claims that they have the right to obtain phone records under section 215 of the Patriot Act, which states that it is within the power of the government to collect records that are relevant to terrorist investigations. However, pressure from the privacy board has caused key governing figures to question the constitutionality of this surveillance program, specifically in regards to phone monitoring.

Last Friday, President Obama announced his plan to change the system of the mass collection of phone records, shifting it from the hands of the government to a private company such as AT&T or Verizon. Along with a possible shift in power, Obama suggested a requirement of approval from the courts in order to obtain records. While the President did explain these future reforms, he maintained the idea that the government should have access to phone records if needed. Not everyone is satisfied with these changes and some would like to see an end put to the phone surveillance program completely.

The New York Times and the Washington Post have obtained the 238 page report by the Privacy and Civil Liberties Oversight Board, which has not yet been released. The report calls to shut down the mass collection of phone records previously exposed by Edward Snowden. The Privacy and Liber ties board in charge of protecting the privacy rights of the citizenry, admits that the program has not prevented any terrorist attacks and instead, has infringed upon the privacy of American citizens. The board further opposes the protection of the program under Section 215 of the Patriot Act, which grants the government the power to use phone records in order to obtain relevant information. The privacy board argues that it is not possible to obtain only relevant information when using a tool that allows unlimited access to phone content.

The board further states that the NSA phone program is questionable in regards to both the first and fourth amendments. They turned to the 1979 ruling of the Supreme Court, stating that the police do not need a warrant to search through phone numbers or call durations. However, the board points to the fact that the surveillance being done today is on a mass scale, and is not comparable to the specific cases investigated by police.

Whether the NSA phone program will come to a complete end in the near future is not known at this time. It can be seen that there is current pressure being put on the government, in order, to make the program less intrusive on private citizens. I agree that the program must be altered, as it can be considered harmful to freedom of speech. The conversations that we have over the phone are of our own choice, which should be respected by the government. On the other hand, I do agree that if the security of our nation is being threatened based on a phone call, it is within the best interest of the public for the government to intervene. It seems that the best solution would be for the government to focus on the threatening situations at hand rather than eavesdropping on where my friends and I are meeting for lunch.

[Time] [Nationaljournal] [Theguardian] [Politico]

—

Taylor Garre (@TaylorLynn13)

Featured image courtesy of [EFF via Wikipedia]

Taylor Garre

Taylor Garre is a student at Fordham University and formerly an intern at Law Street Media. Contact Taylor at staff@LawStreetMedia.com.

The post Privacy Board Calls NSA Eavesdropping Illegal appeared first on Law Street.

Facebook Suit Alleges Privacy Violations

Anneliese Mahoney — Mon, 06 Jan 2014 17:10:38 +0000

On December 30, 2013, a class action suit was filed against Facebook for its use of members’ private data. The lawsuit is led by two Facebook users named Michael Hurley and Matthew Campbell, though it purports to represent all Facebook users within the United States.

In 2010, Facebook unveiled a feature that allowed members to send private messages controlled completely by the users. They stressed the privacy features that this new messaging feature allowed. Hypothetically, those messages were just supposed to be viewable by the sender and recipient(s) of the message. Neither Facebook nor any third-party were supposed to have access to the messages.

The suit alleges that this was false. According to an inspection by “independent security researchers” last year, Facebook has been scanning the contents of those messages to use for marketing and other purposes. The suit alleges two main ways in which Facebook has been doing so. The first is when a user sends a private message with a link. For example, suppose someone sent you an article on lawstreetmedia.com, The link will register with Facebook, and the site will follow it to see to where it leads. If it is a site that has a Facebook page, as many do, Facebook registers that as a “like” on that company’s public page. That has a number of troubling implications. For example, I know I’ve definitely sent an article link to a friend before because I disagreed with the article. I definitely wouldn’t want a like to register on that site’s Facebook page as a result. It also means that it would be possible to fabricate likes–a company could make sure its page got linked in messages a lot, and likes would register as a result.

The suit also alleges that Facebook mines that sort of data sent in privates messages for use by either Facebook itself or third parties. It is then used for marketing or advertising purposes.

The suit states that Facebook’s use of private messages in such a way violates the Electronic Communications Privacy Act–an electronic version of the law preventing someone from opening another person’s mail. The argument that Facebook is expected to utilize is that Facebook isn’t reading the messages–just grabbing data from them.

This isn’t the first time that Facebook has been accused of such practices. In 2012, the Wall Street Journal pointed out that Facebook does scan its messages for keywords related to criminal behavior. Google has been the focus of similar allegations. There is a silver lining to Facebook’s use of private messages, however, as they also can sometimes filter out spam or malware before an unsuspecting user opens it. An internet security expert named Graham Cluley added, “[i]f you didn’t properly scan and check links, there’s a very real risk that spam, scams, phishing attacks, and malicious URLs designed to infect recipients’ computers with malware could run rife.”

The suit is demanding an injunction for Facebook to stop its behavior. The two plaintiffs also want Facebook to pay the members of the suit $100 a day for each violation, or $10,000. Given that the suit claims to include all American Facebook users who have had their private messages used in such a way, I would assume that’s a lot of people and could equal a pretty hefty sum.

Honestly, I wasn’t too surprised that Facebook used data in such a way. I pretty much assume that sites track activity always–but maybe I’m just a cynic. One of the best indicators for how this lawsuit will go for Facebook may come from the similar pending lawsuit involving Google. This September it was ruled that the suit would go forward–potentially becoming a big problem for Google. I’m sure we’ll see suits from other social media and communication sites in the months and years to come. Google and Facebook are just the beginning.

—

Featured image courtesy of [Sean MacEntee via Flickr]

Anneliese Mahoney

The post Facebook Suit Alleges Privacy Violations appeared first on Law Street.

“Sister Wives” Win Big Case

Anneliese Mahoney — Mon, 16 Dec 2013 21:00:36 +0000

The Learning Channel, or TLC, has made a name for itself in recent years for creating shows that showcase a variety of family arrangements. From the infamous “Jon & Kate plus Eight” to “Little People, Big World,” TLC stars are probably used to seeing themselves in headlines. But one of TLC’s shows, “Sister Wives,” is making headlines this week for a different reason–they were on the winning side of a lawsuit against Utah’s polygamy laws that was ruled on Friday.

“Sister Wives” stars consists of Kody Brown, his four wives, and their 17 children. They are Fundamentalist Mormons and members of a church called Apostolic United Brethren, a specific sect within the greater Latter Day Saints church. Most Mormons don’t practice polygamy now, but some do, and AUB is one of them. According to Principle Voices, a polygamy lobby and advocacy group, there are about 38,000 Mormons in the United States who practice, or at least believe in the practice of, polygamy.

“Sister Wives” began airing in 2010 and the fourth season started last summer. Brown is legally speaking only married to his first wife–Meri. The other three, Janelle, Christine, and Robyn are all married to Brown in a spiritual and religious, but not legal, sense. Since the show began, a bigamy investigation was opened by the state. The Browns have since fled from their home in Utah, to Las Vegas, NV. They were scared of persecution due to their polygamist family arrangement.

Until last Friday, Utah had some of the strictest anti-bigamy and anti-polygamy laws in the country. It was illegal to even claim you were married to multiple people, or to live with multiple partners. Most other states have made it so that it is illegal to obtain multiple marriage licenses, or try to obtain a marriage license to someone who is already married.

Under the former Utah definition, the living arrangement of the Browns would have been illegal. In Utah, it would have been classified as up to a third-degree felony, warranting a fine of up to $5000 or up to 5 years in prison. State attorneys have used the law to prosecute polygamous families successfully in the past.

The Browns brought the lawsuit against Utah about two years ago, claiming that their constitutional right to privacy was being violated by the Utah law, as well as their right of religious freedom. US District Court Judge Clark Waddoups agreed with the Browns in a 91-page ruling he released on Friday. The ruling struck down only the cohabitation portion of the Utah polygamy law, and rendered it similar to polygamy laws in most other states. Now, it is only illegal to attempt to legally marry someone, or attempt to seek a marriage license if you are already married. In his decision, Judge Waddoups pointed out that the law is “too broad because it bars consenting adults from living together and criminalizes their intimate sexual relationships”.

This is seen as a huge win for both fundamentalist Mormons, as well as privacy-rights advocates. Given the national debate about marriage rights, whether this will move in a wave of changes could be interesting. But my prediction is that it will not, and that Judge Waddoups’ ruling was just a move to catch up an antiquated law in a conservative state to the rest of the United States.

—

Featured image courtesy of [Kyle Pearce via Flickr]

Anneliese Mahoney

The post “Sister Wives” Win Big Case appeared first on Law Street.

Secure Email, a Myth?

Jimmy Hoover — Fri, 22 Nov 2013 20:21:19 +0000

It’s been a week since the last Lavabit court documents were filed and here I am, still trying to make sense of the whole charade. When I first heard of the case, I wondered how it is possible that law enforcement agents can rummage around unchecked, even when their investigations bring them past the proverbial doorsteps of regular people.

Such was the case this past June when the FBI demanded the “master keys” to secure-email provider Lavabit’s servers. The order was part of an investigation into the Internet correspondence of Edward Snowden: one of Lavabit’s customers.

“But wait,” you say, “doesn’t a ‘master key’ mean that they could then monitor data on all of Lavabit’s customers? Even the ones that hadn’t done anything wrong?” To which I respond, “Elementary, dear Watson.”

So in light of this fact, the obvious question is then: does secure email even exist?

End-to-end security: the key is having more than one.

In a conversation with Johns Hopkins University cryptography professor Matthew Green, Green said that the answer is yes. It does exist. But according to him, the name of the game is “end-to-end” security. In short, end-to-end security is a type of program where data is encrypted locally on a user’s device before it’s sent through the server to a recipient. The recipient then uses his or her own password to decrypt the message. This bars even the provider from being able to untangle the data in a way that’s readable.

Green, who has written about the subject in The New Yorker, says that the way the company’s servers revolved around SSL decryption, or essentially one set of master keys, was “the real problem with Lavabit.”

“The mail that came in was not encrypted using your password,” he said. “It was encrypted using SSL. And so anyone who got that SSL could be able to read all the data. And so it wasn’t a very good design from that perspective.”

But end-to-end security is not exactly a perfect science either. More geared toward text messaging and phone communications, there are only a few programs that use end-to end security technology with email. They usually come in the form of add-ons such as Pretty Good Privacy or Privacy Guard, where senders and recipients must use the same service.

However, Green says that at encryption software company Silent Circle, programmers are working to change that. In late Oct., the company announced that, with the help of Lavabit founder Ladar Levison, they would develop a new product called Dark Mail that integrates end-to-end protection with their email service.

Wait on technology. Not on Washington.

In a blizzard of political headway that some are now calling “the Snowden effect,” many lawmakers have announced their efforts to rally behind surveillance reform. One such effort is the USA FREEDOM ACT, a bill that has, since its introduction in late Oct., picked up 102 cosponsors from both parties. The bill calls for heightened regulation on surveillance activities, such as pen/trap procedures like the one that spelled doom for Lavabit’s a few months ago.

But Green says that it’s not enough, “forget about the government. Just imagine that the only people after you are criminals. You’re not going to be able to rely on laws to protect you from that kind of person.”

Furthermore, where the bill now sits in a congressional committee might just be its final resting place.

“I would love to see some kind of legal solution to all of this surveillance but I’m not sure that we [will] get something that we can really rely on. Ways that you can protect yourself and add privacy is to do it yourself and to do it through technology rather than hoping that the laws are going to be changed.”

However, that’s not to say that Green opposes the bill.

“I haven’t really looked at the legislation… but it sounds like a good idea,” he said.

—

Featured image courtesy of [twitter.com/mattwi1s0n via Flickr]

Jimmy Hoover

Jimmy Hoover is a graduate of the University of Maryland College Park and formerly an intern at Law Street Media. Contact Jimmy at staff@LawStreetMedia.com.

The post Secure Email, a Myth? appeared first on Law Street.

DOJ to Lavabit’s Levison: ‘Too Bad, So Sad’

Jimmy Hoover — Mon, 18 Nov 2013 22:02:39 +0000

In a highly anticipated statement, the United States Department of Justice (DOJ) pilloried claims by secure email provider, Lavabit LLC, that the FBI violated the law when it ordered the surveillance tool known as a pen/trap device to be placed on the latter’s servers.

Lavabit came under pressure in July of this year to hand over the keys to their security system after the FBI began investigating one of their customers; that customer was Edward Snowden.

When Lavabit refused, claiming that to do so would enable government agents to monitor the communication “metadata” of not just Snowden but all of their customers, the presiding District Court of Eastern Virginia served the company with a court order once again requiring the company to furnish the keys.

The company’s Texas-based founder, Ladar Levison, moved to quash the order. The court denied that motion.

From there, Levison only began to lose more footing. On Aug. 2nd, he finally delivered the keys to the FBI– the only problem being that the paper’s 4-point font rendered them illegible.

Levison was charged with civil contempt days later. The sanctions for the charge were $5,000 for each day he failed to deliver them. Then, in a move that garnered much media attention, Levison disobeyed a court gag-order and shut down his business. The message on the homepage url that is still live reads, “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.”

On Oct. 10th, he filed an appeal brief with the Fourth Circuit Court of Appeals of the United States. The justice department’s latest brief is a reply to that appeal. In the brief, they state that an electronic business, like other businesses, cannot defy lawful warrants by simply “locking its front gate.” Moreover, “marketing a business as “secure” does not give one license to ignore a district court of the United States.”

But if the Appeals Court should feel otherwise, the DOJ hedged their bets. Because Lavabit did not move to quash the initial grand jury subpoena, but only the court warrant. They argued that Lavabit has forfeited any arguments to contest the contempt charge.

In light of the global surveillance disclosures of 2013, the case mirrors what many today feel is a battle between privacy and the far reaches of the government.

The court has not yet set a date for oral argument.

—

Featured image courtesy of [Gage Skidmore via Flickr]

Featured Image Courtesy of [Flickr]

Jimmy Hoover

Jimmy Hoover is a graduate of the University of Maryland College Park and formerly an intern at Law Street Media. Contact Jimmy at staff@LawStreetMedia.com.

The post DOJ to Lavabit’s Levison: ‘Too Bad, So Sad’ appeared first on Law Street.

Would a Nationally Imposed E-Verify System Infringe on Your Constitutional Rights?

Jimmy Hoover — Fri, 15 Nov 2013 20:01:51 +0000

Let’s assume that you, our beloved reader, are of a common variety these days—you’re in the market for a new job. You’ve followed the posts of some of my colleagues at Law Street who have written extensively about The Search, and now you’re faced with a most enticing proposition, say… an interview! And more enticing still is the letter of intent now sitting on your table after having passed that interview (with flying colors, no less). You quickly sign your LOI and all the other forms handed to you as part of the initiation process. But, in your haste to ascend into the promised land of full-time employment, you’ve accidentally just ceded one of your constitutional rights. At least, that’s what say the opponents of E-Verify, the online protocol used by employers to determine worker eligibility.

Originally created for federal employers under the Illegal Immigration Reform and Immigrant Responsibility Act of 1996, there are now 5 states that have mandated the use of E-Verify across both public and private sectors. They are Alabama, Arizona, Mississippi, South Carolina and Utah. In addition to information on I-9 forms, the system also asks for an applicant’s social security number and photo ID. The information is then run through a Department of Homeland Security database to make sure it checks out.

Like most states, Arizona legislators implemented mandatory E-Verify as part of an effort to curb illegal immigrants in the work place. But their efforts did not go unchallenged. Shortly thereafter, myriad plaintiffs across the business and civil rights sectors sued the state officials responsible for Legal Arizona Workers Act, alleging that the law should be preempted by the federal Immigration Reform and Control Act (IRCA) of 1986, and, as a result, null. The case eventually made its way up to the Supreme Court in 2011 in The Chamber of Commerce of The United States of America vs Whiting. However, in a 5-3 decision, the Court upheld the decision of the lower courts. They affirmed that, in this case, the Supremacy Clause did not apply. According to the court opinion, states are allowed to mandate the use of the electronic verification system as they see fit.

But as Congress duels over how to reform our national immigration system, the role of government enforcement in the workplace has once again come under review. The most successful piece of legislation thus far, the Border Security and Responsibility Act of 2013, now awaits House approval. If it becomes law (an unlikely feat given current political clout), it would bump from 5 to 50, the number of states that currently use the system.

Jim Harper, writing in response to a New York Times op-ed for the CATO institute, calls the questions raised by opponents of E-verify, “the natural consequence of dragooning the productive into enforcing maladjusted laws against free movement of people from a particular ethnic category to where their labor is most productive.”

Harper has come out against the program in the past; he famously referred to it as “Frank Kafka’s solution to illegal immigration.” Mind you, long before the 2013 global surveillance disclosures, Harper said that the expansion of the system “would cause law-abiding American citizens to lose more of their privacy as government records about them grew and were converted to untold new purposes.”

Furthermore, some say that instituting mandatory electronic verification would eschew the presumption of innocence which is so fundamental to 5th, 6th, and 14th amendments. By asking all prospective employees, who are mostly US citizens, to provide evidence to the effect that they are not guilty of illegal immigration is to incriminate a swath of people never before accused of wrongdoing.

If we are to allow DHS security checks in the workplace, where will it stop? And perhaps more alarming: where will it lead? The supermarket? The movies? Your home?

But alas, to the newly employed, and, more importantly, eligible US worker, these concerns are irrelevant. So congratulations on the new job! But don’t forget, next week are mandatory drug tests… hope you don’t mind.

[Oyez]

—

Featured image courtesy of [Bram Cymet via Flickr]

Jimmy Hoover

Jimmy Hoover is a graduate of the University of Maryland College Park and formerly an intern at Law Street Media. Contact Jimmy at staff@LawStreetMedia.com.

The post Would a Nationally Imposed E-Verify System Infringe on Your Constitutional Rights? appeared first on Law Street.

Peeping Toms, Cellphones, and Skirts

Anneliese Mahoney — Thu, 07 Nov 2013 17:59:03 +0000

With the widespread use of cell phones, it has become easier and easier to capture pictures of everyday life. Unfortunately, that also means that it has become easier to take photos of unsuspecting and unwilling subjects for fetishistic purposes. Doing so is called “voyeur photography”, and one popular use is referred to as “upskirting.” Upskirting is pretty much exactly what it sounds like, taking a photo up a woman’s skirt, usually while she is walking up a set of stairs or on an escalator. Over the past few years, there have been a handful of men found committing such behavior, such as Christopher Hunt Cleveland, who was arrested this September for taking approximately 4,500 upskirt photos on the steps of the Lincoln Memorial. Convictions can result in jail time and registration as a sex-offender.

In 2010, a Massachusetts man by the name of Michael Robertson was arrested for trying to take upskirt pictures on the T (the subway system in Boston). He was charged with two counts of photographing a nude or partially nude person without her knowledge. Mr. Robertson’s case is now in front of the Massachusetts Supreme Court, and he and his lawyer, Michelle Menken, are arguing that it his constitutional right as protected by the First Amendment to take these pictures. Furthermore, they are arguing that there is no reasonable expectation of privacy afforded to women who are in public dressed in such as a manner that would allow upskirting to be possible.

Upskirting is a behavior that is made possible by camera phone technology, and therefore is relatively new. Just nine years ago, in 2004, Congress passed the Video Voyeurism Prevention Act. A summary of the law provided by the Library of Congress states:

Amends the Federal criminal code to prohibit knowingly videotaping, photographing, filming, recording by any means, or broadcasting an image of a private area of an individual, without that individual’s consent, under circumstances in which that individual has a reasonable expectation of privacy. (Defines a “private area” as the naked or undergarment clad genitals, pubic area, buttocks, or female breast of an individual.) Makes such prohibition inapplicable to lawful law enforcement, correctional, or intelligence activity.

Various states also have instituted their own voyeurism laws. For example, in the state of Massachusetts, a law enacted in 2004 states essentially the same thing as the Video Voyeurism Prevention Act, but also outlines appropriate punishments. Any laws along this line are usually referred to colloquially as “Peeping Tom Laws.” Menken has argued that regardless of what these laws state, they simply do not apply in this case, pointing out that, “Peeping Tom laws protect women and men from being photographed in dressing rooms and bathrooms who are nude or partially nude. However, the way the law is written right now, it does not protect clothed people in public areas.” She has also taken issue with the characterization of these women as “partially nude”, stating that every picture that Robertson took showed private parts that were covered by underwear. She said, “women in the photographs can not be considered partially nude because their underwear covered everything and no private parts could be seen in the pictures taken.”

It is pretty clear that both the state in which Robertson resides as well as the United States have created laws that attempt to prevent behavior such as upskirting. But whether or not these laws violate Robertson’s First Amendment rights will be decided by the Massachusetts Supreme Court. I would like to imagine that women who wear skirts and climb stairs do not have a reasonable expectation that their private parts may be photographed, but it is important to remember that similar arguments have been up held before—in 2008, charges were dropped under Oklahoma Peeping Tom laws against a man who upskirted a 16-year-old girl in a Super Target. It was determined that she did not have a reasonable expectation of privacy in that public location. How Robertson’s case fares may have an important effect on similar laws across many states, and at the federal level.

—

Featured image courtesy of [Corey Seeman via Flickr]

Anneliese Mahoney

The post Peeping Toms, Cellphones, and Skirts appeared first on Law Street.

Privacy or the Internet: Choose One

Zachary Schneider — Mon, 21 Oct 2013 20:50:46 +0000

The double standard of a generation. The ultimate oxymoron.

Each year major companies including Facebook, Instagram, Snapchat, and Google, constantly revise their terms and conditions—making it even harder for users to monitor and control who is able to view their content.

It may come as a surprise to many, but these companies OWN everything you post. That’s right, what is yours, is theirs. Just recently, Google announced a change in privacy, allowing them to access Google+ profile pictures and comments as a mean of advertising. Likewise, Facebook announced this Wednesday that content posted by teenagers, individuals ages 13-17, are now not only accessible to people who know their friends, but anyone who types in the right keywords.

This forbidding future allots cyber bullying, moreover the increased accessibility to child pornography, elicit content, and internet stalking.

The Internet is evolving. Privacy used to have some standards. Now it’s a savage free for all, even children are subject to.

All of this brings up a pressing question: If random people on the Internet have access to private user generate content, can the government?

Yes. No question. In fact, this has been happening prior to the current revisions in dot-com privacy policies.

In Policy Mic’s article, PRISM: The 8 Tech Companies Who Gave Your Data to the Government Have This to Say About the Scandal, Google states, “Google cares deeply about the security of our users’ data. We disclose user data to governments in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a backdoor for the government to access user data.”

To break this quote down, Google basically said, “We do not hand your content to the government on a golden platter. They have to ask nicely, and then, only then, will give it to them what they want in a paper lunch bag—not gold”.

Different phrasing, same idea. This brings up the much-needed talk about legislation to protect the user. Congress needs to look into these corporations’ exploitation of user content.

This is unlike anything we have seen before, and there are relatively no laws protecting the users. Should there be? Absolutely. But that may result in a much different Internet, an Internet where you pay to use websites. One way or another you are paying, it just depends if you want to pay with your identity.

[NewYorkTimes] [PolicyMic]

—

Featured image courtesy of [g4II4is via Flickr]

Zachary Schneider

Zach Schneider is a student at American University and formerly an intern at Law Street Media. Contact Zach at staff@LawStreetMedia.com.

The post Privacy or the Internet: Choose One appeared first on Law Street.

“Do-Not-Track” Battle Rages On

Kevin Rizzo — Thu, 25 Jul 2013 14:04:33 +0000

The fight over how websites respond to the “do-not-track” signal continues as the Tracking Protection Working Group rejected the most recent proposal made by the ad industry on July 15. The end-of-July deadline for President Obama’s goal to create a self-regulating system is approaching and little progress has been made. The main purpose of such a system is to determine how to deal with web users’ requests to stop companies from tracking their online activity.

There is no established standard for how websites respond to such requests, which has caused many sites to simply ignore the signal altogether. Many people argue against the self-regulation because they believe the only way to ensure compliance is for congress to legislate specific standards. However, such laws seem to be far away, and with a recent surge in “do-not-track” requests, something needs to be done.

Online advertising is a very large business with revenue estimates around $37 billion last year alone, marking a 15 percent increase. This issue is particularly important to the industry as some estimates claim that online growth could slow down by as much as 15 percent in the next five years. The debate between advertising companies and web browser makers continues, but a standard seems far away.

—

Kevin Rizzo (@kevinrizzo10) is editor of Crime in America. An Ohio Native, the George Washington University senior was a founding member of Law Street. Contact Kevin at krizzo@LawStreetMedia.com.

Featured image courtesy of [FutUndBeidl via Flickr]

Kevin Rizzo

Kevin Rizzo is the Crime in America Editor at Law Street Media. An Ohio Native, the George Washington University graduate is a founding member of the company. Contact Kevin at krizzo@LawStreetMedia.com.

The post “Do-Not-Track” Battle Rages On appeared first on Law Street.

Privacy – Law Street

Accidental Data Leak Exposes 198 Million Americans’ Personal Information

Unroll.me Sells Its Data to Uber: Is Your Free App Really Free?

Have Uber Employees Been Spying on Beyoncé?

Austrian Teen Sues Parents For Posting Embarrassing Childhood Photos

Did WikiLeaks Expose the Private Information of Innocent Saudi Citizens?

Hulk Hogan Wins Gawker Lawsuit: How Will this Affect Freedom of the Press?

The “Fappening” Hacker Pleads Guilty

Hulk Hogan and Gawker go to Court Over Leaked Sex Tape

ICYMI: Best of the Week

1. Boston University School of Law Wants to Help You Step it Up This Summer

2. Ohio Governor John Kasich Signs Bill that Will Defund Planned Parenthood

3. What Does Antonin Scalia’s Death Mean for the Supreme Court?

Why is Apple Refusing to Unlock the San Bernardino Shooter’s IPhone?

Arkansas Abortion Law Loses its Last Shot at Legality

Wife of Man Killed by ISIS Sues Twitter

Facebook to Warn Users of Potential State-Sponsored Hackers

Peeple: “Yelp for People” App is Coming Whether We Want it To or Not

Window’s New Parental Control Feature Could Accidentally Out LGBTQ Youth

Protecting Email Communication: Is it Possible?

Sponsored Content

Protecting Online Communication: A History

The Legality of Encrypted Email

Backdoors

So is it actually possible to have entirely private email?

Resources

Ashley Madison May Have Cheated Cheaters

Uber Users: Beware of Tracking Software

Idaho Murder Case Raises Concerns Over Crime-Solving Technique

Healthcare Digitization: Balancing Public Health and Privacy

Health Data Laws: Well-placed Speed Bumps

Innovations in Patient-Generated Data

How the Government Encourages Health Information Sharing

What can we learn about health on social media?

Prepare for Information Overload

Resources

Tribeca Film Festival Storyscapes Examine Big Data & Confidentiality

DO NOT TRACK

KAREN

Yale Law School Deletes Admissions Records After Student Requests

Personal Records Online: Who’s Protecting Your Information?

Read More: The Big Business of Big Data

What are public records?

What are information brokers?

What are the laws that govern the information broker industry in the U.S?

Case Study: Instant Checkmate

What are the advantages of online access to public records?

What are the disadvantages of online access to public records?

Conclusion

Resources

D.C. Cop Accused of Stealing Nude Photos After Woman Pulled Over

Oklahoma Wants to Test Marrying Couples for STDs

Alibi: New App Aims to Record Everything, Including the Police

ICYMI: Best of the Week

#1 Please Stop Posting the Facebook Copyright Status

#2 Sarah Palin vs. PETA: Welcome to the Overreaction Olympics

#3 Uber Will Have a Rough Ride in 2015

Disturbing New Developments in the Continuing Sony Hacking Scandal

Please Stop Posting the Facebook Copyright Status

Facebook Copyright Myth Debunked

Eighteen Months After Snowden Leak, What’s Next for PRISM?

What exactly did Snowden leak?

What is the argument against PRISM?

What is the argument in favor of PRISM?

Conclusion

Resources

Be Careful What You Share to Social Media During a Lawsuit

Social Media Oversharing: Why Do We Do It?

Who is Oversharing?

Psychology Behind Oversharing

Why Do We Overshare?

Oversharing Can Be Good

Conclusion

Resources

The Case of Hannah Graham and the Myth of Stranger Danger

Has Your Voiceprint Been Collected and Stored Without Your Knowledge?

Arizona’s Well Intentioned Revenge Porn Law Totally Misses the Point

Apple is Now a Step Ahead of the Government to Protect Your Privacy

Massive Celebrity Nude Photo Leak is Major Privacy Breach

Big Data, Little Privacy