A core issue in U.S. v. Jones has noting to do with connecting “trivial” bits of data to see a mosaic; it is about the simple ability to have a perfect map of everywhere we go, with whom we meet, what we read, and more. It is about the ability to look backward and see all that information with little to no oversight and in a way forever. That is why calls to shift the vast information grabs to a third party are useless. The move changes little given the way the government already demands information from private data hoards. Yes, not having immediate access to the information is a start. That might mitigate mischief. But clear procedures are needed before that separation can be meaningful. That is why telecom and tech giants should be wary of “The central pillar of Obama’s plan to overhaul the surveillance programs [which] calls for shifting storage of Americans’ phone data from the government to telecom companies or an independent third party.” It does not solve the problem of data hoards.
As I argue in my new article Constitutional Limits on Surveillance: Associational Freedom in the Age of Data Hoarding:
Put differently, the tremendous power of the state to compel action combined with what the state can do with technology and data creates a moral hazard. It is too easy to harvest, analyze, and hoard data and then step far beyond law enforcement goals into acts that threaten civil liberties. The amount of data available to law enforcement creates a type of honey pot—a trap that lures and tempts government to use data without limits. Once the government has obtained data, it is easy and inexpensive to store and search when compared to storing the same data in an analog format. The data is not deleted or destroyed; it is hoarded. That vat of temptation never goes away. The lack of rules on law enforcement’s use of the data explains why it has an incentive to gather data, keep it, and increase its stores. After government has its data hoard, the barriers to dragnet and general searches—ordinarily unconstitutional—are gone. If someone wishes to dive into the data and see whether embarrassing, or even blackmail worthy, data is available, they can do so at its discretion; and in some cases law enforcement has said they should pursue such tactics. These temptations are precisely why we must rethink how we protect associational freedom in the age of data hoarding. By understanding what associational freedom is, what threatens it, and how we have protected it in the past, we will find that there is a way to protect it now and in the future.
At the recent Drone Conference, I attended a working group on “license plates for drones.” It was a great discussion, focusing on the pro’s and con’s of a proposal Joseph Lorenzo Hall has advanced. If you’d like to hear some rationales for and against, I speak at about 17 minutes in here, in the context of a broader discussion of the relationship between privacy and First Amendment law.
You won’t find out from this New York Times front-page story from yesterday, which is disappointingly long on alarmism but scarce on details, a phenomenon all too frequent in privacy reporting. In the third sentence — immediately after anthropomorphizing smartphones — the story tells us that “advertisers, and tech companies like Google and Facebook, are finding new, sophisticated ways to track people on their phones and reach them with individualized, hypertargeted ads.” Boy, that sounds bad — exactly what horrible new thing have they come up with now?
The third paragraph tells us only what privacy advocates fear. The fourth mentions the National Security Agency. The fifth quotes privacy scholar Jennifer King saying that consumers don’t understand ad tracking.
The sixth paragraph finally gives us a specific example of the “new, sophisticated ways” advertisers and tech companies are “track[ing] people on their phones”: Drawbridge. What does Drawbridge do? It’s “figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected.” But this doesn’t tell us much. There are more and less innocuous ways to accomplish the goal of tracking users across devices. On the innocent end of the scale, a website could make you sign into an account, which would allow it to tell who you are, no matter what computer you use. On the malevolent end of the scale, it could hack into your devices and access personal information that is then linked to your activity. The key question is, how is Drawbridge getting the data it is using to track users, and what is in that data? Continue reading
I do intend to get back to my four-part series on whether Google’s collection of information from residential Wi-Fi networks violated the Wiretap Act. That issue is being litigated in the Northern District of California in a consolidated class action of home wireless network users, and the earlier posts in my series examined the plaintiffs’, Google’s, and the district court’s arguments on this issue. See Part I; Part II. Since I wrote the first two posts, the Ninth Circuit weighed in, affirming the district court’s denial of Google’s motion to dismiss, allowing the plaintiffs to proceed with their complaint.
Since that post, there’s been another development: Google has filed a petition for rehearing and rehearing en banc. And they’ve brought in a bigger gun to do so — noted Supreme Court advocate Seth Waxman — indicating perhaps how far they intend to take this. Google has two basic arguments for why a rehearing should be granted. First, Google attacks what I called the panel’s “radio means radio” interpretation of the term “radio communications” — “radio communications” means “stuff you listen to on a radio” — is unworkable. Second, Google argues that the panel should never have reached the issue of whether wi-fi communications are “readily accessible to the general public” under an ordinary-language approach to that term, because that question involves disputed issues of fact. In the rest of this post I’ll review these two arguments. Continue reading
Time, and the Ninth Circuit, wait for no man. You may recall that I was halfway through my four-part series on the arguments in Joffe v. Google, the “Wi-Spy” case in which Google’s Street View cars intercepted and stored data captured from residential wireless networks. Google argued that that activity did not violate the Wiretap Act, because the Wiretap Act does not apply at all to Wi-Fi. There’s an exception in the Wiretap Act for “electronic communications readily accessible to the general public,” and the Act defines “readily accessible” for “radio communications” to mean that the communications must be encrypted or otherwise protected. Wi-Fi is broadcast over radio, and the plaintiffs did not set up encryption. Here’s Part I and Part II if you want to read more.
Earlier today, the Ninth Circuit issued its decision: the district court’s denial of Google’s motion to dismiss is affirmed; the exception does not apply. The Ninth Circuit essentially signed on to the district court’s “radio means radio” approach: Continue reading