News

NBC, The Olympics, and Breaking the Rules on Twitter

Twitter has rules which define the terms of use for their service.  Among the listed restrictions is one related to privacy which states that “you may not publish or post other people’s private and confidential information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission.”

This is merely background information for what happen to Twitter user Guy Adams,The Independent‘s Los Angeles bureau chief.  According to a post by Deadspin, the Twitter account used by Guy Adams was suspended for posting the email address of an NBC executive as part of his criticism of NBC Olympic coverage and as a call to action for where to send complaints.

A quick check of Guy Adams’ account right now shows that his account is active again within the last hour or two.  He claims to have received an email from Twitter stating: “we have just received an update from the complainant retracting their original request… Therefore your account has been unsuspended.

During his temporary suspension, Guy Adams claimed that Twitter had misapplied it’s rules because he tweeted the work email address and not the personal email address of the NBC executive so the tweet did not contain private and confidential information.

There are interesting issues that can be debated after the fact such as:

  • Whether a corporate email address is “private information”? or
  • How should we balance privacy protection and free speech in this situation?

Perhaps the more interesting observation is how poor a tool suspension is at stopping the spread of access to the NBC executive’s corporate email address.  In what is often referred to as the Streisand effect, the attempt to hide information can have the unintended consequence of publicizing the information more widely. A simple search for the NBC executive’s name now brings up his email address within the first page of results. It’s clear that by Twitter enforcing it’s terms of use that what might be considered “private information” was more broadly distributed.

NTIA: Mobile Application Transparency

On July 12, 2012 the National Telecommunications & Information Administration (NTIA) will hold its first multistakeholder privacy discussion.  The objective of the first meeting is to:

“(1) Promote discussion among stakeholders concerning mobile app transparency by employing a structured, open process; and (2) provide a venue for stakeholders to agree on the schedule and format of future meetings.” (NTIA)

The objective of the first multi-stakeholder process is:

“[T]o develop a code of conduct to provide transparency in how companies providing applications and interactive services for mobile devices handle personal data.” (Federal Register)

This is a topic with broad impact and a code of conduct for application development could go a long way towards improving mobile privacy conditions.  For background information review the White House privacy blueprint “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.”  Those that are interested should check the NTIA site on Thursday to view the planned web stream.

Personalization Without Notice

The Wall Street Journal recently publicized a personalization strategy being used by Orbitz.  Because Orbitz discovered that Apple computer users spend more per night on hotels, the service now offers Apple computer users more expensive travel choices.  It is important to note that the same rooms are not being offered for different prices.  Orbitz is merely changing the offers that are suggested based on the type of computer that visits the site.

Image By Accretion Disc

These actions taken by Orbitz resulted in a privacy outcry.  The difference between this service being “creepy” or helpful is determined by user expectation.  People that perceive Orbitz as harming their privacy feel manipulated.  Had Orbitz announced to Apple computer users that it was displaying premium options based on its assumption that this would be preferred by the website visitor, this likely would not have been a noteworthy change and many of the privacy concerns being raised would be mitigated.

The Lesson: Notice is important for privacy.  Unexpected uses of data will cause concern.

Twitter Transparency Report

Have you ever wondered about the number of government information requests that Twitter receives?  Wonder no more.  Twitter just posted its first Transparency Report  which breaks down this information by the country requesting the information.  What’s the general trend?  Twitter “received more government requests in the first half of 2012, as outlined in this initial dataset, than in the entirety of 2011.”  For more information see Twitter’s post here.

Limits to the Scope of the Border Search Exception?

Recently the Ninth Circuit reviewed a forensic search of a computer seized at the U.S./Mexico border (United States v. Cotterman).  The previous decision of the Ninth Circuit in United States v. Cotterman held that the seizure and search were permitted (that opinion is available here).  The court returned to the case in an en banc argument held in June.

Image By DeclanTM

The focus of the discussion is the application of the Fourth Amendment at a border.  The case looks to an incident where agents seized a computer at the Mexico-Arizona border and sought to search the contents of the computer.  The computer had password protection and no agents at the boarder had the ability to get past this password-protection.  The computer was transported miles away and 2 days later an agent with the necessary skills investigated the computer.

At first, the question was whether the search would be subject to the ‘extended’ border search doctrine which requires a higher standard of reasonable suspicion unlike border searches conducted at the border.  The District Court held that the ‘extended’ border search doctrine was required.  On appeal, this issue was left untouched and the focus shifted to the Fourth Amendment and reasonable suspicion.  The Ninth Circuit concluded that under the 4th amendment seizure and search were permitted without cause.  Now on appeal to the en banc Ninth Circuit, the court considered whether the agents taking the computer away from the border and analyzing it 2 days after the border crossing complied with the 4th amendment.

As Orin Kerr points out in his excellent post about the en banc argument,  “the really interesting question is (3): How much time can the government take to search the computer?”  A reasonable amount of time for a computer search can be very difficult to determine given the many variables that could affect the length of an investigation.  It will be interesting to see how the court will address this question and whether they will attempt to define the outer bounds of what would be reasonable for a border search of a computer.

Cybersecurity Legislation: Whatâs Next?

Legislators are afraid of the damage that computers attackers can cause but they disagree what the government should do about this threat.  The current approach, which has limited support, is that the government should oversee cybersecurity standards.

Option 1:  The Cyber Intelligence Sharing and Protect Act (CISPA)

  1. This was passed by the House in April.
  2. The act encourages companies to share information about cyberthreats
  3. Link to more information: http://www.govtrack.us/congress/bills/112/hr3523

Option 2: The Cybersecurity Act (Lieberman-Collins)

  1. This is supported by the Whitehouse and some members of the Senate.
  2. The act encourages companies to share information about cyberthreats
  3. The act requires the extra step that a reasonable effort is made to strip out personally-identifiable information from the shared data
  4. Critical infrastructure would need to meet minimum cybersecurity standards.
  5. Link to more information: http://www.govtrack.us/congress/bills/112/s2105

Option 3: Secure IT Act

  1. This is supported by some members of the Senate.
  2. The act encourages companies to share information about cyberthreats
  3. Link to more information: http://www.govtrack.us/congress/bills/112/hr4263

With all of these choices the good news is that these proposals are beginning to compete on privacy.  The bad news is that it’s not clear whether the proposed legislation would solve the problems they seek to address and many privacy advocates assert that stronger privacy safeguards are still needed.

eBook Data Collection

Photo by Andrew Mason

Publishers are collecting data about how we read eBooks. The first question about this activity is whether the privacy of readers is being sufficiently protected. The second question is, will eBook data make books better? The Wall Street Journal recently published a story on this topic titled “Your E-Book Is Reading You” and it is worth reading.

It turns out that the shift from paper to digital has made reading a book more like surfing the web. Just like web surfing, which allows the collection of information about page views viewers activity on the site, eBooks have the ability to send back data about a readers interaction with the eBook. Also just like websites, e-book readers share information about their data collection and usage in privacy policies. Back in 2010, the EFF put together a e-book privacy comparison which is a good, but now out-dated, guide for interested readers.

Despite the exciting article titles like “Is Your E-Book Reading Up On You?” the data collection and usage appear to be much more tame upon further inspection. Apple’s iBooks, for example, only collect functional data which is “unidentifiable.” If the privacy implications of this data collection are skillfully dealt with then the potential for improving books could be enormous. Information about how people engage with an eBook could help authors create more engaging books.

“If you can find out that a book is too long and you’ve got to be more rigorous in cutting, personally I’d love to get the information.” Scott Turow, president of the Authors Guild

As with many privacy discussions, eBook data collection is about trading some convenience for some privacy. Consumers need to be put on notice that this data is being collected but the value of this data to publishers, authors, and ultimately readers cannot be denied.

right body border
© Copyright 2014 Center for Law and Innovation | 246 Deering Avenue, Portland, ME 04102
Telephone: 207.228.8430 | E.mail: lawandinnovation@maine.edu