Microsoft Takes A Stand Against Online Violence and Hate Speech

According to Business Insider, Microsoft is making it easier to report online threats and abuse. The company has created a new form to report content posted on its consumer services that may constitute online violence or hate speech.

Some of the content that may constitute violations against Microsoft's new policy includes: postings that advocate violence based upon age, disability, gender, national or ethnic origin, race, religion, sexual orientation or gender identity. The policy specifically states, "[p]lease note that not all content that you find offensive is considered hate speech and, in reviewing your report, Microsoft may choose to take no action."

For years, the Internet has been the Wild Wild West when it comes to speech. Sometimes this a good thing while in other instances this atmosphere has created some very troubling situations. Microsoft's new policy is a positive development that is worth trying.

Copyright 2016 by Bradley S. Shear, Esq. All rights reserved.   

Feds To Protect Social Media Reputation of Nursing Home Residents

On Friday, the Center for Medicare and Medicaid Services announced that it would crack down on nursing home operators whose employees record and post on social media demeaning audio, images, and video of their residents.  

ProPublica recently documented almost fifty incidents during the past several years where nursing home and assisted living facility employees took unauthorized abusive photos of their patients and posted them online without permission.  ProPublica's investigation prompted Sen. Charles Grassley to contact the U.S. Department of Justice and the Office of Civil Rights to work on a solution to this increasingly troubling problem.  

Posting photos of others in vulnerable positions is not just a problem in nursing homes, assisted living facilities, and in hospitals, it is also a problem in other areas where people may unclothe. For example, earlier this year, 2015 Playboy Playmate of the Year Dani Mathers took a naked photo of a fellow gym member of LA Fitness getting out of the shower and posted it on Snapchat for "sh#ts and giggles". 

Social media abuse is increasing faster than the law can keep up. Therefore, it is imperative for companies to ensure that their employees are properly trained about these issues by legal experts to avoid easily preventable multi-million dollar social media privacy lawsuits.  

Copyright 2016 by Bradley S. Shear, Esq. All rights reserved.    

Microsoft Wins Major Data Privacy Decision For Users

Microsoft won a major privacy legal victory for users today when the 2nd U.S. Circuit Court of Appeals ruled that the Department of Justice (DOJ) can't use a U.S. search warrant to access customer data stored overseas.  The unanimous 3-0 ruling is a victory for the rule of law, privacy, and the usage of new technologies such as the cloud.

The case started in 2013 when a New York federal judge issued a warrant for the emails of a drug trafficking suspect.  Some of the requested content was stored in Microsoft's computers in Ireland so the company refused to turn the data over unless the U.S. government followed well established international rules on obtaining evidence in a foreign country. 

In 2014, the U.S. Southern District of New York ruled that search warrants issued under the Stored Communications Act (SCA) enable the government to access data stored anywhere in the world. This ruling had affirmed a magistrate judge's decision that focused on who controls the data and not the location of the data.  The 2nd U.S. Circuit Court of Appeals unanimous ruling clearly demonstrates that the lower courts misinterpreted the SCA and Congress' intent on digital privacy.

During the past several years, I have attended numerous conferences and congressional hearings on the issues surrounding this case.  I have listened to many of the legal and public policy arguments as to why the lower courts' rulings must stand or be reversed. Today's ruling is a victory for privacy rights in the Digital Age, democracy, and technology public policy.  In short, the general legal protections that apply to the physical world have been extended to the digital world.

My hope is that other courts focused on similar privacy issues take notice of this decision and that Congress sooner rather than later enacts common sense data privacy laws for the Digital Age. The U.S. must be a leader in technology public policy and the 2nd U.S. Circuit Court of Appeals has taken our country a step in the right direction.  

Copyright 2016 by Bradley S. Shear, Esq. All rights reserved.     

FTC Fines Advertising Network For Illegal Mobile Tracking

The Federal Trade Commission has announced that mobile advertising company InMobi will pay a $950,000 civil penalty and implement a comprehensive privacy program to settle FTC charges it deceptively tracked the locations of hundreds of millions of consumers, including children, without their knowledge or consent to serve them geo-targeted advertising.

According to the FTC, InMobi misrepresented that its advertising software would only track user locations when they opted in. However, InMobi was tracking user locations whether users opted in or refused to provide permission. InMobi's advertising network has a reach of more than one billion devices via thousands of apps so there is a staggering amount of data that the company has illegally obtained. 

Under the terms of its settlement with the FTC, InMobi is subject to a $4 million civil penalty, which is suspended to $950,000 due to the company's financial position. The company will be required to delete all information it collected from users and it is prohibited from collecting consumers’ location information without their affirmative express consent. InMobi must also institute a comprehensive privacy program that will be independently audited every two years for the next 20 years.

How much money did InMobi make by intentionally deceiving consumers?  This deception demonstrates why there needs to be stronger laws and greater enforcement mechanisms in place to deter and stop illegal behavior. 

Copyright 2016 by Bradley S. Shear, Esq. All rights reserved. 

Teenager Sues Virginia Prosecutor Over Erect Penis Photo Demand

According to The Washington Post, a teenager who was caught up in a sexting investigation has sued a Virginia prosecutor for civil rights violations.  While the police were investigating sexting between two teenagers in 2014 they obtained a warrant to force the teenager to enable law enforcement to take photos of his genitalia. Fortunately, the public was notified of this ridiculous situation and the teenager was not required to take a photo of his erect penis for evidence.

This request created a major public uproar.  It sounded like those requesting the photos had been fans of the the 1980's movie Porky's when physical education teacher Ms. Balbricker asked the high school principal if he would sanction a penis (tallywacker) lineup of several students so she could identify which student stuck his penis through a peep hole in the girl's bathroom. Ms. Balbricker claimed that she could identify the offending student's penis because it contained a distinctive mole. In the movie, the request for the penis line up was denied. 

The detective who handled the case killed himself last year after being accused of molesting two young boys so this raises further doubts regarding the motive for photos of the teenager's erect penis.I initially wrote about the case in 2014 and stated, "My hope is that prosecutors and judges across the country realize that this is the wrong way to deal with sexting by teenagers."

The bottom line is that teenagers should be provided more education about these issues instead of outright punishment for these types of situations.

Copyright 2016 by Bradley S. Shear, Esq.  All rights reserved.

Apple vs. the FBI: We Can Have Both Privacy And Security

Can we have both privacy and security?  That is a question that has been popular since 9/11/2001.  I believe we can have both.  As someone who personally witnessed the terrorist attacks on The World Trade Center from a couple of blocks away (and became homeless because of them and eventually moved), I am fully well versed on these issues from the security side.  As an attorney who focuses on technology and privacy issues and who has advocated for stronger personal privacy laws on the state and federal level, I also understand the inherent privacy issues.

To recap the latest privacy vs. security debate: the U.S. Justice Department is demanding that Apple help unlock an iPhone that was utilized by the San Bernardino terrorists who killed 14 people and injured 22 in 2015.  Without getting too technical, the FBI has requested (there has been multiple requests/back and forth between the parties) that Apple create software or disable some security protections on an iPhone that would weaken its encryption to allow the FBI to ensure that it may access the contents on the device.  According to The New York Times, the FBI has also requested that Apple assist it with unlocking at least 9 other iPhones.

Weakening encryption or creating back doors into our technology may sound like a good idea for this one case; however, there are and will be other cases where similar requests will be made to access information stored on electronic devices.  If the FBI is provided a back door for this one case, security services from others countries will also demand one for their cases (there could be demands for access to phones belonging to government political opponents or to whistle blowers) as well. In addition, hackers may also utilize back doors which would harm the privacy and personal security of all of us.

I am in favor of law enforcement being able to access digital content when a valid warrant has been obtained.  However, the legal process needs to be followed before content requested is turned over. In general, a major problem with our current legal process is that our digital laws are outdated. For example, the 1986 Electronic Communications Privacy Act which governs email access was created before we had smart phones and the Internet as we know it.  The judiciary is stuck trying to interpret laws that are woefully out of date.

Congress must step up to fix this process.  Bills such as the Email Privacy Act, and the Law Enforcement Access To Data Stored Abroad Act-LEADS need to be enacted because these bills demonstrate that government is willing to update our laws to better reflect how we utilize technology. Absent a legislative fix, private industry has a challenge when law enforcement makes certain demands which are more than just data requests. Should they comply absent trying to block these demands through the courts or should they fight law enforcement demands via a flawed legal process?

This case and others like it demonstrate the need for more dialogue on these issues and the enactment of legislation that provides clearer guidance on how to handle these issues. Technology is moving too fast to leave it solely up to the judiciary to try to interpret how laws enacted decades ago for a different time should apply in the Digital Age.  Our personal privacy and national security demand that Congress and the White House work on a long term solution to these important privacy and security issues.

Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.  

US-EU Safe Harbor Deadline Passes Without A New Data Transfer Deal

According to The New York Times, United States (US) and European Union (EU) officials were unable to reach an agreement on an updated International Safe Harbor agreement before the January 31st deadline. The agreement covered how digital data (i.e. social media content, financial data, etc..) could be transferred between the continents.

The Safe Harbor Agreement that was implemented in 2000 between the US and EU contained principles that allowed companies (i.e. tech companies and other multi-national companies) to comply with EU data protection laws when moving data from Europe to the United States.  US companies that process and/or store individuals' data may self certify that they adhere to 7 principles that comply with the EU's data protection laws.

The 7 principles include:  notice, choice, onward transfer, security, data integrity, access, and enforcement.  The initial Safe Harbor agreement was meant to be an interim agreement; however, it lasted approximately 15 years.  A couple of years ago, EU and US regulators began negotiating an updated agreement to take into account how technology has changed over the years. Last October, before a new agreement was finalized, the current one was invalidated by the European Court of Justice via a compliant from Austrian privacy advocate Max Schrems.  Mr. Schrems gained publicity several years ago for his privacy advocacy that was highlighted in the documentary Terms and Conditions May Apply when he demonstrated how much data Facebook was collecting about each of its EU users.  

Now that the deadline has passed, what comes next?  According to The New York Times, the sides still have a lot of details to work out. Therefore, until a formal announcement is made it is premature to speculate on the next step.  As I told LAW360 the other day, businesses need certainty regarding transatlantic data transfers and if an agreement is not forthcoming companies will need a Plan B. 

If consumer groups file complaints as The New York Times indicated may occur, these issues may need to be adjudicated via the courts. At this point, uncertainty is the status quo and this may create unintended service disruptions for companies that transfer digital data between the continents. My hope is that an agreement is reached sooner rather than later that is flexible enough to account for future technology changes.  

Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.

The EU's Push For Stronger Privacy Laws and Safe Harbor

Last week, the European Union took a step closer to enacting stronger digital privacy laws that will make it more challenging for companies to re-purpose the data they are collecting from their customers.  These new data protections would harmonize the privacy laws across the 28 members of the EU and stiffen the potential fines for violators up to 4% of a violator's global revenue.

The European Parliament and individual member governments still must pass the new proposals so it not certain that this is a done deal.  After all of the approvals have been obtained, the law may become effective within two years.

In general, I am in favor of strong industry self-regulation.  Unfortunately, this has not worked as hoped in the digital space.  Some companies are collecting massive amounts of personal information about their users and then utilizing the data for opaque secondary uses (i.e. selling the content to data brokers, psychological experiments, etc...).  Because of these non-transparent abuses, EU lawmakers felt it was time to act to reign in these practices.

Some positive aspects of these reforms provide users the right to know why they are being profiled, how they are being labeled, who is using their personal data, etc... This type of transparency will lead to greater accountability and hopefully lead to some companies changing their troubling privacy policies and data usage practices.  While it may be wishful thinking, I am optimistic that these new laws will convince U.S. law makers and regulators to push for some of these much needed reforms because there is little transparency in the data collection and usage industry.  

This latest push for stronger EU privacy laws coincides with the negotiation for an updated Safe Harbor data transfer agreement which may soon replace the previous one that was invalidated earlier this year.  In our digital dependent economy, participants need to be able to transfer data between continents in a timely fashion. Therefore, I am cautiously optimistic that an updated Safe Harbor Agreement will be finalized early in the new year because in our interconnected world it is imperative for businesses to have legal certainty.  

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved. 

Canadian Cable Company Facebook Shames Late Paying Customers

There is a valid reason why people are "cutting the cord" and getting rid of their cable subscriptions.  Some cable companies don't have a clue about customer service.  In a very troubling report, Canadian cable company Senga Services has been publicly shaming on Facebook its customers who are in arrears.

Senga Services' behavior was deemed so troubling that Canada's Office of the Privacy Commissioner asked the company to delete its customer shaming Facebook posts.  Do any of the publicly shamed customers have potential legal claims under Canadian law?  What if some of the customers that Senga publicly shamed had a bona fide billing dispute that Senga refused to addressed?  What if some customers were not properly notified of the billing issue due to a move?

Earlier this year, I switched my cable company because I had a major billing dispute.  My now former cable company had lied to me for years and over charged me hundreds of dollars.  Only after I wrote multiple letters to the company and threatened to file FTC and state attorney general complaints was I finally refunded several hundred dollars.

My matter was most likely only settled by the cable company because I am an attorney who has the knowledge and means to easily utilize the proper judicial or regulatory process to obtain the money I was owed.  Most people don't have this luxury.

Companies should tread very carefully when utilizing social media to reach their goals.  Too often organizations empower employees and/or agents to act on their behalf online who don't understand that their digital actions may have legal repercussions.  The bottom line is that its imperative to think before you post.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Mattel, Cybersecurity, Privacy, and Hackable Barbie

Barbie has been an All-American favorite since its introduction in 1959.  She has played a starring role in our popular culture for years; so much so that some girls have gone to great lengths to try to look like her.  The bottom line is that Barbie has become a mainstay in many homes.

For this holiday season, Mattel, the maker of Barbie created a version called "Hello Barbie" that is going to be able to be connected to the Internet.  Some privacy advocates such as the Campaign for a Commercial Free Childhood are very troubled by this new Barbie and have created a social media campaign called #HellNoBarbie because they have some major concerns about how the data being collected will be utilized.

A major problem with Hello Barbie is that parents may not always know when a particular conversation is being recorded by the doll and sent to Mattel's third party technology vendor. Pam Dixon of the World Privacy Forum pointed out to NBC News that the recordings could be utilized in divorce cases and custody battles.

Another issue is cybersecurity. Earlier today, it was reported that Hello Barbie has major privacy and security flaws that could expose the personal privacy and safety of our children. This is a very troubling report. Why didn't Mattel bake privacy and cybersecurity into the design of this toy?  Mattel isn't the only toy maker to have overlooked privacy and cybersecurity issues. VTech, a provider of electronic toys for children was recently hacked and exposed the personal information of millions of children.

The bottom line is that we are entering the era of the "Internet of Toys" where manufacturers may soon start trying to one up each other with how their products are connected online.  The problem is that is appears that many of the privacy and cybersecurity issues that are paramount to protecting the safety our of kids have not been made a priority in this rush for greater profits.

As a parent, I don't want or need my kids toys connected to the Internet. iPhones and Xboxes are meant to be connected online but Barbie, Ken, and GI Joe are not.  Parents must be able to easily control what is recorded about their family in the privacy of their home.  What happened to just being able to play with your kids and having a personal moment that is not shared with the whole world for eternity?

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

UK Police May Soon Have Power To View All Users Web History

Privacy is something you don't know you have until you lose it.  Unfortunately, the Internet has gone from the world's greatest communication and knowledge spreading platform to the best surveillance tool ever invented.

According to The Independent, UK police may soon be granted the power to view the web browsing history of everyone in the country.   The alleged bill would require communication companies to retain all web browsing history of its customers for 12 months in case the police or spy agencies want access.  The article claims that the police will still need to go through some type of judicial process to obtain the data.

A user's Internet search history may be very useful for law enforcement.  For example, in the United States, it appears that in the infamous disappearance of Caylee Anthony the police may have forgotten to check all of the Internet browsing history of a computer that was searched.  If all of the browsing history of the computer that was checked was readily accessible in one dashboard would it have changed the outcome of the case?

This potential new UK law is very troubling.  Will phone companies soon be required to tape record every phone call that is made?  Will people soon be required to tape record every personal voice conversation and keep a physical copy of every pen and paper interaction they have?  Will librarians soon be required to track every request by every user and keep it on file for 12 months?

The potential for abuse is tremendous.  Will one be prosecuted for just doing an Internet search about a topic?  Who will have access to it?  Will the proper cyber security and privacy safeguards be implemented to protect the data?  What happens when multiple people utilize a device?  Will everyone eventually be forced to have their own Internet ID # to track everything they do online? How much compensation will one be able to obtain after their browsing history is illegally leaked to the media?   These are just some of the many questions that need to be answered.    

Unfortunately, it sounds as though George Orwell's Nineteen Eighty-Four surveillance society is coming true in the U.K.  Which country will be next?  

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.   

U.S. Must Pass Judicial Redress Act To Demonstrate International Privacy Leadership

The recent invalidation of the U.S.-E.U. Safe Harbor Agreement by the European Union Court of Justice has demonstrated that the U.S. must enact privacy laws that protect non-U.S. citizens from law enforcement over reach.  The Snowden NSA revelations that were first revealed in 2013 not only angered many American citizens and civil rights advocates, but they also created a schism with Europe regarding government surveillance and digital privacy.

   

For the past 15 years, companies that do business across the Atlantic have relied on the U.S.-E.U.Safe Harbor Agreement to transfer personal data from the E.U. to the U.S. While this agreement was not perfect, it created a mechanism that was consistent with E.U. data protection directives that enabled companies to process and utilize personal digital data without running afoul of E.U. privacy laws.

Austrian privacy advocate Max Schrems' challenge against Facebook regarding how it handles the data it collects from E.U. users was the catalyst behind the demise of Safe Harbor.  E.U.data protection authorities have given lawmakers in the U.S. and the E.U. three months to negotiate a new treaty to replace the Safe Harbor’s data privacy protocols.  Under E.U. law, personal information may be exported if it is provided the same protections that are offered in the E.U. 

U.S. digital privacy protections are generally stuck in the 1980’s and many of our laws did not anticipate how technology would change over time.  While privacy has been a fundamental human right in the E.U. since 1950, U.S. digital privacy rights have been slow to evolve to catch up with how we are utilizing the many life changing services and devices that are now being deployed. 

Congress is working on strengthening our digital privacy rights but the process has been slow and arduous.  Fortunately, yesterday’s passage of the Judicial Redress Act in the U.S. House of Representatives which will enable foreign citizens to have the same legal rights as U.S. citizens if law enforcement violates their personal privacy rights is a step in the right direction.  While the bill still must be passed in the Senate and signed by the President to become law, this development demonstrates that we are on the right track and hopefully this will help lead to a new U.S.-E.U. Safe Harbor data agreement.  

This legislation and others such as ECPA reform, and the Law Enforcement Access To Data Stored Abroad Act (LEADS) are much needed bills that must be enacted to demonstrate that we will be a beacon for digital privacy rights.  We can have both privacy and security while respecting fundamental human rights.  However, we must showcase this leadership by enacting digital privacy laws that equally protect both U.S. and foreign citizens.  

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.   

Hulk Hogan Tries To Pre-Empt the Wrath of Social Media Via An Apology

Reacting appropriately during a crisis in the Social Media Age is extremely important.  In fact, its a must for corporate executives, small and large companies/organizations, politicians, celebrities, professional athletes, amateur athletes, etc...  Its imperative to understand the importance of properly reacting to a situation that has not just public relations implications but also major legal ramifications as well.

In the Social Media Age, the right reaction may determine whether your brand is permanently damaged like Paula Deen's or Anthony Weiner's or if you can  make a comeback like Charlie Sheen (a little contrition mixed in with talent, luck, and a "wining attitude").  Americans have always loved great comebacks.  The biggest in recent memory (the last 20 years) was Bill Clinton's come back from impeachment proceedings. 

The latest high profile person to incur a major negative personal/professional event (actually multiple matters) is former pro-wrestler Hulk Hogan.  The National Enquirer recently published a private racist rant Hogan made years ago.  The leaking of this information to the media may be connected to a $100 million dollar lawsuit Hogan commenced against the digital platform Gawker for publicizing a private sex tape that he may have unknowingly participated in.   

It appears that right before Hogan's behavior became public knowledge the WWE (Hogan's employer) scrubbed him from their website and cut ties with him. Within hours of the world learning about his racist rant, Hogan issued to People Magazine a full apology and took full responsibility for his actions.

Will Social Media, the WWE, his fans, etc... forgive Hogan for his behavior?  As long as Hogan's team doesn't follow the missteps of of others, he has an opportunity for redemption.  A good first step was a quick apology.  Will Hogan's next step on his road to redemption be an appearance on The Today Show or other media outlets?

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Google Forced to Change Its Privacy Policy in the Netherlands

According to Telecompaper, Google has changed its privacy policy in the Netherlands to comply with its data protection laws.  The Dutch privacy regulator (the "CBP") determined last year that Google combines and uses the personal data of internet users without first obtaining permission according to its laws.  Google acquires personal information about its users when they are logged into Google and from other data sources, such as Internet searches, location data, videos, and emails.

While this is a welcome development, why did the CBP have to threaten Google with a multi-million dollar fine before it agreed to change its privacy policy?  Will Google soon change its U.S. privacy policy to actually protect the personal privacy of its users?  Since Google led the charge to gut Maryland's student privacy law earlier this year, I doubt it will do so.

The bottom line is that the U.S. FTC and state attorney generals should follow the E.U.'s lead when it comes to protecting our digital privacy.  The more data that companies such as Google, Facebook, data brokers, etc... are allowed to collect and utilize the less safe we become since privacy and security are bedrocks of a democratic society.

Troubling practices and antiquated thoughts about data privacy continue to be a national security threat.  My hope is that our regulators and elected leaders will soon take the appropriate actions necessary to enforce and update our data privacy laws to better protect us and our children.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Facial Recognition Privacy Talks Collapse Due to Inadequate Consumer Safeguards

According to The New York Times, nine civil rights and other advocacy organizations announced today that they are withdrawing from "talks with trade associations over how to write guidelines for the fair commercial use of face recognition technology for consumers."

Why are these talks so important?  Because every time you walk into a fast food restaurant instead of a health food store you will be tracked and this information will be sent to data brokers who will insert it into your digital dossier.  You will be penalized for who you talk to in public (whether its a friend, business associate, or a stranger on the street) and this data will be tied to you forever.  What stores you visit and when you visit them will be collected and available to interested parties.

Should private companies have the right to know if you attend weekly religious functions and what faith you practice based upon your comings and goings?  What about whether you are seen visiting a bar or other gathering known for particular social or political characteristics?  Do you want others to know whether you frequent casinos, liquor stores, cigar shops, or certain specialty retailers?  Visiting these places and making purchases are perfectly legal.  However, when each of these individual activities are taken together it can paint a picture of our lives.  This is why John Hancock has created a new life insurance product that tracks your every move.  These are just a few examples of why stronger privacy protections are needed for biometrics.

Privacy is a civil right.  The potential for discrimination is high.  The more data that is being collected about us the greater the risk of the information falling into the wrong hands.  For example, the recent cyber attack on federal databases by Chinese hackers is a serious threat to national security and personal safety.  The systems compromised housed information on federal workers, their families, and those who interact with them.  The type of data contained in these files may be utilized for strategic national and economic security, blackmail, and who knows what else.

Absent participation by civil rights groups and privacy advocates, the facial recognition talks are worthless.  Its time for more technology companies to take a public stand for greater privacy protections.  The 4th amendment has protected us against unreasonable government searches and seizures for more than 200 years.  Its time for us to demand that our government extend this principle to protect us against unreasonable data collection and usage by private companies.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Apple CEO Blasts Facebook and Google For Privacy and Security Practices

Earlier this week, I attended the Electronic Privacy Information Center's (EPIC) annual Champions of Freedom Awards Dinner.  According to its website, "EPIC is an independent non-profit research center in Washington, DC. EPIC works to protect privacy, freedom of expression, democratic values, and to promote the Public Voice in decisions concerning the future of the Internet."  The event honored those who have made a significant contribution to protecting our personal digital privacy and cyber security.

This year, Richard Clarke, Tim Cook, Kamala Harris, and Susan Linn were honored.  Each of these honorees have performed excellent work in furtherance of protecting our personal privacy and safety from online and offline threats.  Richard Clarke and Susan Linn were in attendance while Tim Cook and Kamala Harris who both live in California spoke to the audience remotely.

The most passionate remarks of the evening came from Apple CEO Tim Cook. He discussed the importance of strong privacy protections in digital products and services and blasted those companies (i.e. Facebook and Google) that provide free services in exchange for selling their customers' personal information to data brokers.     

I do not utilize Facebook or Google products/services for any private communications and I do not recommend anyone who values their digital privacy and safety to do so either because the practices of these companies enable very troubling data mining that may lead to discrimination when applying to college, applying for credit, and when applying for a new job.  For several years, it has been known that Facebook sells its users' personal information to data brokers; however, Google's troubling data broker agreements were not as well known until The Wall Street Journal recently reported that Google is combining users' offline purchases with their digital activity.

Privacy is a civil rights issue and in order to stay a free society we must ensure that no private or public entity is allowed to destroy it.  The bottom line is that digital privacy and cyber safety go hand and hand and organizations such as EPIC work to better protect us from companies such as Facebook and Google that have troubling privacy policies and practices.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.         

Facebook Threatens European Regulators Over Stronger Privacy Laws

In a very troubling development that shows Facebook's true colors, one of its corporate executives stated that if European regulators continue to scrutinize Facebook's data collection and utilization practices its citizens will not be provided certain features in a timely manner.  This veiled threat to European regulators demonstrates that the EU is on the right track in questioning the data privacy policies and practices of Facebook and other Internet companies.  

Manufacturers of cars and heavy machinery, pharmaceutical companies, banks, chemical companies, etc.. are required to follow appropriate safety regulations in Europe and around the world.  Data collection and usage laws are nothing more than safety regulations and it is time for Facebook and the entire digital ecosystem to get on board with regulations that will enhance user trust of their platforms. 

An Austrian class action lawsuit about Facebook's data usage practices, the ongoing Netherlands privacy regulator investigation into Facebook's activities, and the possibility that Europe will enact stronger data protection laws that will provide greater regulatory tools to protect citizens from some of Facebook's troubling data collection and usage practices appears to worry the company.  These developments demonstrate the importance of baking privacy into your platform's design and the need for Facebook to change its data collection and usage practices and its policies.   

The bottom line is that data privacy is a safety issue.  My hope is that U.S. lawmakers and regulators soon follow Europe's lead in understanding that unfettered data collection and usage is a clear and present danger to its citizens and that more robust privacy laws are a must in the Big Data Age.

 Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Twitter Quietly Updates Its Terms of Service

According to Mashable, Twitter quietly updated its Terms of Service on Friday in anticipation of new European Data Protection (privacy) laws.  Unfortunately for U.S. users, Twitter's new terms apply to international and not U.S. based users.

An Irish subsidiary was chosen as the location for international user data because it has a reputation for less Internet related regulations.  In other words, other European countries have different beliefs in how data should be protected.  In my opinion, many of Ireland's Internet related regulatory positions are based purely upon economic reasons.

Less regulations may mean more economic development.  For example, I live and work in Montgomery County, Maryland and it has an unfavorable regulatory reputation compared to multiple Northern Virginia counties. Therefore, Fortune 500 companies are more willing to relocate and open subsidiaries in the "business friendly" climate of Virginia.

In general, social media companies are not platforms that are built with privacy by design in mind.  The services provided by Twitter, Facebook, Google, etc... were created to data mine users for behavioral advertising purposes (don't believe any co-founder who states they wanted to make the world a better place, etc....).  Therefore, I do not trust these platforms to handle any sensitive or confidential information/communication.

The European Union is working on stronger data protection regulations because it understands the dangers inherent when companies engage in unfettered collection and data mining of personal information.  It is expected that  Europe will enact stronger data protection laws sometime later this year.  My hope is that the U.S. will follow the EU's lead in trying to create a more private, less discriminatory, and non-monopolistic digital data future.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

New York Times Facebook Content Deal Is A Threat To Personal Privacy

The New York Times is one of the world's most respected news organizations and one of the most popular destinations for news on the Internet.  However, I was dismayed to read in The New York Times that it may strike a deal to house some of its content inside Facebook.

This is a very troubling development for not just the media landscape but also for the freedom of thought and expression.  The ramifications of this potential deal will erode the privacy of The New York Times' readers and it will enable data brokers and their clients to create richer profiles of those who read the paper via Facebook due to Facebook's troubling deal with multiple data brokers.

When a New York Times reader utilizes Facebook to access articles, this information will be sent to Facebook's data broker partners who will insert this content into a user's digital dossier.  This data may be utilized by banks, insurance companies, employers, etc... to discriminate against people for reading about certain topics.  For example, when someone reads a lot of articles about their race, sexual orientation, health issue, religion, etc.. this data will be tracked and a data broker may provide it to one of their clients who may utilize it to decide on whether a reader is a good fit for a job. 

While ad networks and other digital tracking platforms already combine every digital morsel about users they can find, being able to track users from their personal Facebook account creates a new level of data purity that from a privacy standpoint is very troubling.  I don't want data brokers to be able to track everything that I read on The New York Times and combine that information with other personal characteristics about myself.

Due to Facebook's troubling privacy policy and practices, I do not utilize it for personal communications and I have no plans on doing so in the future.  I urge The New York Times and others who may be thinking about hosting their content on Facebook to think about these important privacy issues before finalizing any deal that may harm their users' in unanticipated ways.

Copyright 2015 by The Law Office of Bradley S. Shear, LLC All rights reserved.

Warrants Should Be Required For Email Access

Last week, I attended the International Association of Privacy Professional’s Washington DC conference and I was impressed with the topics that were discussed.  The keynotes by journalist Glenn Greenwald and Harvard Professor Michael Sandel were top notch and so were all of the sessions that I attended. 

One panel that I found interesting was titled, “Search Warrants vs. Privacy Laws: Can They Live Together”.  The session was moderated by Professor Peter Swire of Georgia Tech and included Bruce Brown, the Executive Director of the Reporter’s Committee for Freedom of the Press; Nuala O’Connor, President of the Center for Democracy and Technology; and Andrew Pincus a partner at the international law firm of Mayer Brown. 

At first glance, this topic sounds boring and highly legalistic.  However, the issues that were discussed affects everyone who utilizes email, has a cloud based storage account, or other digital based service.  One of the questions discussed during the panel was should a warrant be required for an Internet Service Provider (ISP) to turn over an email or other digital content to law enforcement?  The answer to this question is important because under the Electronic Communications Privacy Act (ECPA) which was enacted in 1986, the government may read any email without a warrant that is more than 180 days old.     

ECPA was written approximately 8 years before The Today Show and other national media outlets started to cover the Internet or the “Information Superhighway”.  The way we communicate has drastically changed in the past 30 years.  For example, instead of sending traditional U.S. postal service mail many people send emails and utilize messaging apps and other digital technologies because these platforms are generally less expensive and faster.  Since our old school traditional paper correspondence is protected from the government absent a warrant shouldn’t our digital communications have the same protections?

Last year, in Riley v. U.S. the Supreme Court ruled 9-0 that we have an expectation of privacy in the Digital Age and that the police are generally required to obtain a warrant to search a personal digital device.  This case built upon the 2012 U.S. v. Jones case that ruled a warrant was required to place a GPS tracker onto a car.  Following the reasoning in both of these Supreme Court cases, a California federal district court ruled last week that police need a warrant to obtain access to one’s cell phone location or GPS data. 

These recent cases have signaled that we still have an expectation of privacy despite new forms of digital communications and surveillance techniques. Unfortunately, an ongoing matter that has major privacy and public policy implications has not followed the Supreme Court’s lead in recognizing the importance of establishing clear digital privacy rights. 

In Microsoft v. U.S., the company is arguing that the government must obtain a warrant or other court order in the host country of where a digital communication is located even though the company may have the capability of providing access to the document from the United States.  On page 36 of 73 in the U.S. response [that was filed on 3/9/15] to Microsoft's argument that the government must obtain a warrant to obtain access to an email it states, [b]ecause the emails sought in this investigation are now more than 180 days old the plain language of the SCA [Stored Communications Act of ECPA] would authorize the government to use a subpoena to compel disclosure of everything it sought pursuant to the Warrant."  

The government's argument is disconcerting; however, so far the courts have ruled that a warrant is not needed for emails older than 180 days.  The government's interpretation of the SCA that emails older than 180 days do not need a warrant to be turned over demonstrates that more education is needed about these issues. 

In general, the government is required to obtain a warrant or have exigent circumstances (i.e. occurs when people are in imminent danger, when evidence may be destroyed, or when a suspect is on the run) to be able to gain entrance into your tangible property (i.e. your home, or car, etc..) so it should be required to obtain a warrant to gain access to your digital property (i.e. your email account, cloud storage, etc...).   

As a hedge against the courts continuing to follow an outdated and unconstitutional law (the SCA), its time to support a long overdue legislative fix to the situation.  The bipartisan Law Enforcement Access to Data Stored Abroad  Act (LEADS Act) follows a common sense philosophy that by properly balancing law enforcement’s need to obtain access to digital data with our privacy.  The Act would update the SCA of ECPA to account for the changes in technology that have occurred during the past 30 years and how we communicate with each other. 

In general, it takes time before the law catches up with the capabilities of technology.  This is true across many industries.  However, we must not forget that we still have an expectation of privacy in the Digital Age and now is the time to stand up for that right.  If it becomes law, the LEADS Act will signal to the rest of the world that the U.S. is serious about taking a leadership role in protecting the privacy rights of Internet users not just here but also around the globe.

Copyright 2015 by Shear Law, LLC All rights reserved.