According to an NBC News report, there are documents from 2009 and 2011 that allege that the NSA had "compliance problems" with their digital databases. This information was declassified today due to the growing calls for transparency about the type of information that the U.S. government is collecting about users of electronic devices.
When I first wrote about the NSA's collection of electronic information in early June, I didn't want to speculate on where these allegations would lead. I have long suspected that the United States and other countries were collecting and analyzing vast amounts of digital information; however, until this information became public knowledge it sounded as though this was something that came out of George Orwell's book Nineteen Eighty-Four.
Should the U.S. be collecting and analyzing electronic data? Of course. However, are the government programs involved adhering to the law? The declassification of documents related to these matters may help shed some light on these issues.
I am concerned by the internal government documents that allege there are "compliance problems" with these programs. "Compliance problems" may indicate that there are some legal issues regarding how the program is administered. If there are "compliance problems", an investigation may be needed to determine if any laws were/are being broken.
UPDATE:
According to The Guardian, an NSA tool called XKeyscore "allows analysts to search with no prior authorization through
vast databases containing emails, online chats and the browsing
histories of millions of individuals". According to former NSA contract employee Edward Snowden, he "could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". If these allegations are true, they are very troubling and may demonstrate the need for an independent commission to review the NSA's digital data collection programs.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, July 31, 2013
Friday, July 19, 2013
New Jersey Supreme Court: Police Need A Search Warrant To Track Cell Phones
New Jersey's Supreme Court has taken the Fourth Amendment and applied it to the Digital Age. In a win for personal privacy, the police are now required to obtain a search warrant before receiving from cellphone service provides user tracking information.
This decision bolsters the position that we still have an expectation of privacy in the Digital Age. Last year, Bob Sullivan of NBC News wrote about an in-depth investigation of how law enforcement officials were obtaining cell phone tracking information without a warrant all over the country. This story was eye-opening and discussed some very troubling practices.
New Jersey's decision appears to be inspired by the Supreme Court's U.S. v. Jones case from last year. In a 9-0 decision, the court basically ruled that we still have an expectation of privacy from the government digitally tracking us without a warrant.
While law enforcement officials need to be able to utilize modern tools to track criminals, they still need to adhere to the principles our founding fathers put in place more than 200 years ago. While more of our information is being put into electronic form, it is imperative that the laws to protect our personal privacy keep up with technology.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
This decision bolsters the position that we still have an expectation of privacy in the Digital Age. Last year, Bob Sullivan of NBC News wrote about an in-depth investigation of how law enforcement officials were obtaining cell phone tracking information without a warrant all over the country. This story was eye-opening and discussed some very troubling practices.
New Jersey's decision appears to be inspired by the Supreme Court's U.S. v. Jones case from last year. In a 9-0 decision, the court basically ruled that we still have an expectation of privacy from the government digitally tracking us without a warrant.
While law enforcement officials need to be able to utilize modern tools to track criminals, they still need to adhere to the principles our founding fathers put in place more than 200 years ago. While more of our information is being put into electronic form, it is imperative that the laws to protect our personal privacy keep up with technology.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, July 18, 2013
O'Bannon Lawsuit against NCAA Adds Current Student-Athletes
The image and likeness rights to current and former student-athletes are valuable assets. For years, the basic deal has been that a school offers a prospective student a one year renewable (by the school) scholarship to students and in return a student becomes a student-athlete, receives an education, and hopefully a valuable degree that may be utilized to obtain gainful employment. As part of the deal, a school and/or conference, and/or the NCAA may monetize the name and likeness of their student-athletes in perpetuity.
Is this a fair deal? This is a question that
is currently being litigated by what is known as the O'Bannon lawsuit.
According to a press release by the law firm representing the O'Bannon
class representatives, there is "a conspiracy by the NCAA and its business
partners, such as videogame manufacturer EA and licensing agent CLC, to license
and sell the names, images, and likeness of current and former student-athletes
without compensation to those student-athletes, under the guise of
amateurism."
The former student-athlete class
representatives Ed O’Bannon, Oscar Robertson, William Russell, Harry Flournoy,
Alex Gilbert, Sam Jacobson, Thad Jaracz, David Lattin, Patrick Maynor, Tyrone
Prothro, Damien Rhodes, Eric Riley, Bob Tallent, Danny Wimprine, Ray Ellis, and
Tate George have now been joined by current student-athletes, Jake Fischer, Jake
Smith,Darius Robinson, Moses Alipate, Chase Garnham, and Victor Keise.
If the court certifies the lawsuit as a class action, the case has the potential to change the financial structure of college athletics. If the lawsuit moves forward, the court may have to determine if the current financial structure of college sports is equitable to all parties. If this occurs, it is possible that the court may determine that a redistribution of college athletic revenues may be in order.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, July 16, 2013
Google's Privacy Policy Violates EU Law According To UK, German, And Italian Data Protection Authorities
On
July 4th, 2013, European data protection authorities continued to take a stand
to protect the digital privacy and personal safety of its citizens. Regulators in the United Kingdom, Germany, and Italy each
announced that they are in the process of taking legal action against Google
because its March 1, 2012 privacy policy change violates European data
protection laws. According to The Guardian, multiple
European data protection authorities have notified Google that it must revise
its privacy policy or it will face sanctions.
These
new announcements follow the June 20, 2013 statement by France and Spain's data protection
authorities that ordered Google to comply with European data privacy laws or
face sanctions for non-compliance. The CNIL's October
16, 2012, common findings regarding Google's March 1, 2012 privacy policy
change stated "Google provides insufficient information to its users on
its personal data processing operations," and Google "should
therefore modify its practices when combining data across services for these purposes".
In
response to allegations by data protection authorities that its
privacy policy violates European law, Google stated, "[o]ur
privacy policy respects European law and allows us to create simpler, more
effective services. We have engaged fully with the authorities involved
throughout this process, and we'll continue to do so going forward." If regulators in at least five European
countries have determined that Google's privacy policy is not in compliance
with European data protection laws why does Google continue to claim that its
privacy policy respects European law?
Is
Google practicing a technique known as "The Big Lie" when it
continues to state that its privacy policy respects European data protection laws? According to Merriam-Webster's
online dictionary,
a "big lie" is defined as "a deliberate gross
distortion of the truth used especially as a propaganda tactic." Is Google's consistent position that its
privacy policy does not violate European data protection laws despite the
findings of non-compliance by multiple European regulators part of a strategy to
deny non-compliance so it can continue to utilize the data that it is
collecting from users until regulators impose fines and/or take other measures
that would require compliance?
Delay,
hinder, and deny appears to be Google's modus operandi when confronted with a
privacy investigation. Google has been fined multiple times by regulators
around the world for its data collection practices. For example, the FCC fined Google
$25,000
in 2012 because during its Street View project in the United States it collected
data from U.S. citizens such as personal emails and texts and then
refused to fully cooperate with the FCC's investigation. According to an FCC's Notice of
Apparent Liability Forfeiture report, "Google deliberately impeded and
delayed the Bureau’s investigation by failing to respond to requests for
material information and to provide certifications and verifications of its responses".... and "Google
apparently willfully and repeatedly violated Commission orders to produce
certain information and documents that
the Commission required for its investigation."
The
personal privacy of Europeans was also violated by Google's Street View
project. Earlier this year, Google was
fined $189,230 by German
data protection authorities because of its Street View project's data
collection practices and it was also fined $142,000 by French data
protection authorities in 2011 for similar issues. Does this indicate a troubling pattern where
Google violates the personal privacy of Internet users for corporate financial
gain because the potential fines are less than the worth of the data it is obtaining and monetizing? Since regulators across the world have fined
Google multiple times for violating data protection/privacy laws and these
penalties have not pushed Google to reform its behavior, an update to these laws that include
much harsher penalties may be needed.
The
European Union's continued march towards requiring Google to change its privacy
policy and become more transparent about how it is utilizing user data not only
will better protect the digital privacy and safety of consumers, but it will also
protect students who utilize Google's official school offerings, along with businesses
and governments and their employees who are Google Enterprise customers.
Google's
Apps For Business
Enterprise Privacy Center clearly links to Google's standard privacy policy which allows it
to merge data from paid professional services with free consumer services. For example, while a Gmail user is logged in as a Google Apps
professional user, he is covered by the Google Apps Agreement. However, if a Gmail user performs a Google Search, while still logged into his professional Google Apps account, the Gmail user is then bound to a different set
of terms which appear to provide Google the right to all the data uploaded.
Google's Privacy Policy states, "[w]e may combine personal information from one service with information, including personal information, from other Google services." This appears to mean that Google is combining data from all of its services (both consumer and professional) while a user is logged into a business account. The YouTube videos being watched, ads being clicked on, search terms utilized, business emails sent/received, etc... are all being mined and the results combined to build a profile which is used “to offer [Google users] tailored content – like giving you more relevant search results and ads.”
Google's Privacy Policy states, "[w]e may combine personal information from one service with information, including personal information, from other Google services." This appears to mean that Google is combining data from all of its services (both consumer and professional) while a user is logged into a business account. The YouTube videos being watched, ads being clicked on, search terms utilized, business emails sent/received, etc... are all being mined and the results combined to build a profile which is used “to offer [Google users] tailored content – like giving you more relevant search results and ads.”
Should
content gleaned from business or official government accounts also be intermixed
with data from personal consumer accounts? Why isn't there a clear notice such as a large pop up screen or some other type of conspicuous warning when a user moves from one Google service to another that their data may be combined? Should Google or any company be able to use private business data for
purposes such as providing “more relevant search results and ads?”
Allowing any company, whether Google or a competitor to collect and combine large amounts of information about a person may create unintended and unforeseen legal consequences for Google's users and society. What will happen when a government agency and/or lawyers request access to all of the data that Google is collecting about someone? These practices appear to not only put the personal privacy and safety of Google's users at risk but they also raise significant legal issues about the intermingling of personal and/or corporate or government data.
Allowing any company, whether Google or a competitor to collect and combine large amounts of information about a person may create unintended and unforeseen legal consequences for Google's users and society. What will happen when a government agency and/or lawyers request access to all of the data that Google is collecting about someone? These practices appear to not only put the personal privacy and safety of Google's users at risk but they also raise significant legal issues about the intermingling of personal and/or corporate or government data.
The
time is now for Google to change its privacy policy not just for users in the European
countries that are moving forward with enforcement actions but for all users
throughout the world. Since Google's
official corporate code of conduct includes the phrases, "don't be evil," "doing the right thing," and "following the law", I
would like to see Google prove they practice what they preach by changing its privacy policy to not only better protect
the personal privacy and safety of all of its users but to also follow European data protection laws.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, July 11, 2013
U.S. Rep. Duncan Introduces The FACE Act To Protect Children Online
U.S. Congressman John J. Duncan, Jr. (R-Tenn.) introduced legislation
yesterday to help protect the personal privacy of children and teens. The legislation is called, "The Forbidding Advertisement Through Child Exploitation (FACE) Act.
According to a press release by Rep. Duncan's office, the Act would ban social media sites from using the faces of underage users for advertisements or commercial purposes. Protecting our children in the Social Media Age is paramount and it is imperative that the digital business community work with state and federal regulators and lawmakers to better protect our children.
While it is too soon to speculate on the chances the legislation has to become law, it is important that our legislators and regulators work closely with the digital industry to better protect the personal privacy and digital safety of our children.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
According to a press release by Rep. Duncan's office, the Act would ban social media sites from using the faces of underage users for advertisements or commercial purposes. Protecting our children in the Social Media Age is paramount and it is imperative that the digital business community work with state and federal regulators and lawmakers to better protect our children.
While it is too soon to speculate on the chances the legislation has to become law, it is important that our legislators and regulators work closely with the digital industry to better protect the personal privacy and digital safety of our children.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, July 3, 2013
Saudi Arabia Imprisons 7 For Facebook Protest Posts
According to NBC News, Saudi Arabia has sentenced seven people to jail for posting on Facebook messages encouraging anti-government protests. The prison sentences ranged from five to ten years. The men involved were not charged with participating in the actual protests but with "inciting "protests, illegal gathering, and breaking allegiance with the king".
This is not the first time that a country has sent people to jail for protesting online. Last year, Oman sentenced two people to jail for their alleged anti-government Facebook posts. One of those sent to prison was accused of posting a poem on Facebook which allegedly criticized the ruler of Oman, Sultan Qaboos.
While social media may be utilized to express personal opinions for the entire world to see, it is imperative to be mindful of not only the law but also the political environment to ensure that the content uploaded does not lead to a prison sentence.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
This is not the first time that a country has sent people to jail for protesting online. Last year, Oman sentenced two people to jail for their alleged anti-government Facebook posts. One of those sent to prison was accused of posting a poem on Facebook which allegedly criticized the ruler of Oman, Sultan Qaboos.
While social media may be utilized to express personal opinions for the entire world to see, it is imperative to be mindful of not only the law but also the political environment to ensure that the content uploaded does not lead to a prison sentence.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, July 2, 2013
George Zimmerman Prosecution Asks For Instagram Photo Inquiry
According to CBS News, prosecutors in the George Zimmerman trial have asked the court to open an inquiry into a photo that the daughter of defense attorney Don West posted on Instagram. The Instagram photo shows West and his daughter holding up ice cream cones with the caption, "We beat stupidity celebration cones." along with the hashtags "#zimmerman, #defense, and #dadkilledit".
While the timing of the photo may have been in poor taste, it does not appear that there is a need to investigate the issues surrounding its posting. Kids say and do things they regret regularly so this post should be a non-issue since it does not appear to affect the integrity of the court proceeding. Is the prosecution making a bigger deal out of this matter because it believes the case is not going their way?
The prosecution's actions have made the story go viral which I believe was the exact opposite of their intent. The bottom line is that the prosecution should focus on what is going on inside the court room and not what the teenage daughter of a defense attorney posts online.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
While the timing of the photo may have been in poor taste, it does not appear that there is a need to investigate the issues surrounding its posting. Kids say and do things they regret regularly so this post should be a non-issue since it does not appear to affect the integrity of the court proceeding. Is the prosecution making a bigger deal out of this matter because it believes the case is not going their way?
The prosecution's actions have made the story go viral which I believe was the exact opposite of their intent. The bottom line is that the prosecution should focus on what is going on inside the court room and not what the teenage daughter of a defense attorney posts online.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Monday, July 1, 2013
EU Data Protection Authorities Lead The Fight To Protect Digital Privacy
The
CNIL, France's independent administrative authority that ensures that data protection
law is adhered to by companies doing business in France recently ordered Google to comply with
the French Data Protection Act within three months or face sanctions for
non-compliance. According to Reuters, the CNIL
stated that Google has broken French law and that it has until the end of the
three months to change its privacy policies or it may be fined up to 150,000
euros. Reuters also reported
that Spain's Data Protection Agency (AEPD) may fine Google between 40,000 and
300,000 euros for each of its five violations of the Spanish Data Protection
Law.
The
allegations that Google has violated data protection laws throughout Europe is
extremely serious and unfortunately not surprising. Google's January
24, 2012,
announcement that as of March 1, 2012, it would change its web sites' privacy
policies to enable it to combine all of the information that it collects about
its users to enhance its data mining capabilities created so many questions
about its legality that before it even went into effect, France's
data protection authority, the CNIL, notified Google on February 27, 2012
that it would lead a coordinated European investigation into the matter.
In
October 2012, the European
Union Data Protection Agency issued a report alleging that Google's
new privacy policies failed to comply with its data protection laws. This
report was endorsed by privacy regulators in 27 EU member states along with
Australia, Mexico, New Zealand and Canada.
Since this report was issued, the EU has provided Google the opportunity to either prove that its privacy policy change complies with EU data
protection laws, revert to its old privacy policies, or propose another
solution that would adhere to EU data protection laws.
Unfortunately
for Google's users, it has continued to claim that its March 1,
2012 privacy policy change does not violate EU data protection laws even though
regulators across the continent have concluded otherwise. Since Google announced that it would change its privacy policies, Internet users have begun to demand that legislators along with regulators better protect personal digital privacy.
Privacy
legislation, regulation, and enforcement is on the rise. For example, since May 2012, at
least 36 states along with Congress have either introduced and/or enacted
privacy laws that generally ban employers and/or schools from being able to require
access to their employees' and/or students' personal digital data stored in the
cloud. Late last year, U.S. Senator
David Rockefeller
opened an investigation into the practices of nine data brokers which may have led the FTC to study this issue. The recent NSA digital
surveillance disclosures have proven that Internet users deeply care how
their personal information is being utilized by the companies that are entrusted with their digital thoughts, correspondence, and information.
With
access comes responsibility. Google has
demonstrated time and time again that it and/or its employees may abuse its
position as a gatekeeper of personal information. For example, several years ago, PC Magazine reported that a Google engineer was fired for accessing the Gmail and Google Voice
accounts of minors and taunting children with the personal information he found. Last year, Google paid
a record $22.5 million
civil penalty
to settle FTC charges that it misrepresented to users of Apple's Safari
Internet browser that it would not place tracking “cookies” or serve targeted
ads to those users, violating an earlier privacy settlement with the FTC. Several months ago, Google was fined 145,000
euros in Germany for what Hamburg data
regulator Johannes Caspar stated was "one of the biggest data protection
rules violations known" when it collected the personal e-mails, passwords, and photos of Internet users during its Google Street View
project.
Why
isn't breaching data protection laws not considered as serious or troubling
as breaking anti-trust laws? Violating
the privacy of a digital user, whether a minor child or an adult, creates significant personal safety issues. For
example, if an employee of a company that accumulates vast amounts of personal data
about its account holders utilizes his position to harass and/or blackmail its users there are tremendous personal privacy, safety, and legal issues that need to be properly addressed.
While
anti-trust violations may be detrimental to individuals, businesses, and
society; in general, the greatest harm that may occur is that someone may pay
more for a good or service than they otherwise would have and/or potential
competition may be stifled. Therefore,
since privacy violations may create greater personal safety and security issues
and may do more harm to members of society than anti-trust violations, why isn't the punishment for privacy violations at least equal if not greater than the punishment for anti-trust violations? Why are anti-trust violations generally punished much more harshly than privacy
violations?
Will
EU regulators investigate
whether Google's privacy policies affect how it presents its Internet search
results? What if Google's data mining capabilities
that appear to have been greatly increased because of its privacy policy changes
is a major factor in its alleged monopolistic behavior in the European Internet
search market? Have the potential interconnection of these issues been thoroughly investigated by European regulators?
Data
protection authorities across Europe appear ready, willing, and able to take action
against Google in three months. If
Google hardens its position and continues to refuse to acknowledge that its privacy policy change puts the personal privacy of its users at risk and violates EU data protection laws, this
stance may lead to not only sanctions against Google, but also to increased scrutiny of the privacy policies of other U.S.
based companies.
Copyright 2013 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Subscribe to:
Posts (Atom)