The Privacy Law Site

Supreme Court Limits Search Incident to Arrest to Area Within Reaching Distance

2009-05-23T13:44:00.000-07:00

The U.S. Supreme Court has clarified Belton, holding that police may condict a search incident to arrest only the area within reaching distance. The court rejected a bright-line rule permitting searches of a vehicle when arresting a driver or passenger. To read more, go to Privacy & Information May 2009.

****************************************

Bounty Hunters and the Fourth Amendment

2009-04-25T12:57:00.000-07:00

Are bounty hunters covered by the Fourth Amendment?

See Privacy & Information - April 2009

Employee Bonus Information Not Private

2009-04-14T20:32:00.000-07:00

A New York State trial court has rejected claims by Bank of America
and Merrill Lynch to keep employee bonus information confidential, related to an investigation by Attorney General Andrew Cuomo.

For a detailed discussion of the case, see Privacy and Information.

FISA Court of Review Approves Warrantless Wiretapping

2009-02-09T02:44:00.000-08:00

The Foreign Intelligence Surveillance Court of Review, in one
of its rarely published but still redacted decisions, declined to find wiretapping on foreign intelligence targets conducted without a warrant, purusant to the Protect America Act. The court found the
searches fell under the special needs exception to the need obtain a warrant under the Fourth Amendment.

For a full discussion of the decision, go here, and choose Privacy
and Information - February

District Court Issues Protective Order Preventing Disclosure of Satellite Company’s Customer List

2008-11-23T16:54:00.000-08:00

In a suit brought by Echostar Satellite LLC against satellite receiver manufacturer Freetech Inc. under the Digital Millennium Copyright Act the U.S. District Court for the Northern District of California granted Freetech’s motion for an order protecting the identities of its customers from discovery by Echostar.

District Court Refuses to Grant Summary Judgment on FCRA
and State Law Claims Brought against Credit Reporting Agencies,
Dismisses Claims against Furnishers of Allegedly Incorrect
Credit Information

The District Court for the Eastern District of California declined to dismiss claims against Equifax and Trans Union under FCRA, as well as claims for negligent misrepresentation, negligence, tortious interference with prospective economic advantage, defamation, and false light invasion of privacy related to an alleged failure to correct errors in a credit report.

For more information, click here for the Bloomberg Privacy and Information Law Report

Do Federal Courts have Jurisdiction in Suits involving the Telephone Consumer Protection Act?

2008-11-12T07:26:00.001-08:00

It's an interesting question. One District Court in Ohio says yes, another says no. The TCPA permits suits to be brought in state court, but does not prohibit cases to be heard in federal court.

To read more about the two recent decisions, click on Bloomberg Privacy and Information Law Report, and choose Privacy and Information Law "November 2008."

Will Obama Administration Reveal Extent of Wiretapping?

2008-11-11T06:10:00.000-08:00

Bush Spy Revelations Anticipated When Obama Is Sworn In

Privacy Advocates Expect Whistleblowers to Share Warrantless Wiretap Info After Inauguration Day
By RYAN SINGEL
ABC News
Nov. 11, 2008

When Barack Obama takes the oath of office on January 20, Americans won't just get a new president; they might finally learn the full extent of George W. Bush's warrantless domestic wiretapping. Since The New York Times first revealed in 2005 that the NSA was eavesdropping on citizens' overseas phone calls and e-mail, few additional details about the massive "Terrorist Surveillance Program" have emerged. That's because the Bush administration has stonewalled, misled and denied documents to Congress, and subpoenaed the phone records of the investigative reporters.

Now privacy advocates are hopeful that President Obama will be more forthcoming with information. But for the quickest and most honest account of Bush's illegal policies, they say don't look to the incoming president. Watch instead for the hidden army of would-be whistle-blowers who've been waiting for Inauguration Day to open the spigot on the truth.

"I'd bet there are a lot of career employees in the intelligence agencies who'll be glad to see Obama take the oath so they can finally speak out against all this illegal spying and get back to their real mission," says Caroline Fredrickson, the ACLU's Washington D.C. legislative director.

New Yorker investigative reporter Seymour Hersh already has a slew of sources waiting to spill the Bush administration's administration's darkest secrets, he said in an interview last month. "You cannot believe how many people have told me to call them on January 20. [They say,] 'You wanna know about abuses and violations? Call me then.'"

Virginia Strikes Down Anti-Spam Law

2008-10-23T15:14:00.000-07:00

Virginia Supreme Court Finds State Anti-Spam Law Unconstitutionally Overbroad in Violation of First Amendment (Back to Top)

In a rehearing of an earlier decision, the Virginia Supreme Court struck down as unconstitutional the anti-spam e-mail provisions of the Virginia Computer Crimes Act. The court held that the law was unconstitutionally overbroad on its face because it prohibited the anonymous transmission of all unsolicited bulk e-mails, including those that contained anonymous political, religious, or other expressive speech.

A North Carolina resident who was convicted under Virginia’s anti-spam law after sending batches consisting of more than 10,000 unsolicited commercial e-mails on multiple occasions to customers of America Online, Inc....

To read more, click HERE, and select Privacy & Information, October 2008.

Privacy News - October 2008

2008-10-14T06:22:00.000-07:00

TELECOM IMMUNITY BILL PASSES SENATE

2008-02-12T11:46:00.000-08:00

New York Times:

The Senate rejected a series of amendments that would have restricted the government’s surveillance powers and eliminated immunity for the phone carriers, and it voted in convincing fashion — 69 to 29 — to end debate and bring the issue to a final vote. That vote is expected later this afternoon, with the result all but assured.

...supporters of the plan said the phone carriers acted out of patriotism after the Sept. 11 attacks in complying with what they believed in good faith was a legally binding order from the president.

The House has already rejected the idea of immunity for the phone companies, and Democratic leaders reacted angrily to the Senate vote. But Congressional officials said it appeared that the House would ultimately be forced to accept some sort of legal protection for the phone carriers in negotiations between the two chambers this week.

Beyond the immunity provision, the Senate measure would also widen the executive branch’s surveillance powers by allowing the National Security Agency and intelligence agencies to use broad orders — without getting court orders in advance — to eavesdrop on groups of overseas targets, rather than using individualized warrants.
FULL STORY

WACHOVIA EMPLOYEES KNEW OF FRAUD

2008-02-06T18:38:00.000-08:00

Recently released documents strongly suggest employees at Wachovia Bank not only knew that marketers were stealing from accounts at the bank, but that they bank solicited business from those companies. Executives at Wachovia have denied knowledge of the thefts.

From the New York Times:

Papers Show Wachovia Knew of Thefts

By Charles Duhigg

Last spring, Wachovia bank was accused in a lawsuit of allowing fraudulent telemarketers to use the bank’s accounts to steal millions of dollars from unsuspecting victims. When asked about the suit, bank executives said they had been unaware of the thefts.

But newly released documents from that lawsuit now show that Wachovia had long known about allegations of fraud and that the bank, in fact, solicited business from companies it knew had been accused of telemarketing crimes.

Internal Wachovia e-mail, for example, show that high-ranking employees at the nation’s fourth-largest bank frequently warned colleagues about telemarketing frauds routed through its accounts.

Link to the Full Story

Is Privacy Still Privacy?

2007-11-12T13:37:00.000-08:00

Donald Kerr, the U.S. deputy director of national intelligence, is being reported as calling into question the tradition definition of information privacy. In this age of terrorism, Kerr said that individual privacy can no longer can mean anonymity, but should instead mean that government and businesses will properly safeguard people's private communications and financial information.

This redefinition, if one can call it that, has been a long time in the making. Both businesses and governments often seen no difference between privacy their holding close their customer's or citizen's personal information. Of course, the corporate circle has a tendency to expand, to include affiliates, third party affiliates, third parties who are also customers, third parties who really, really need the information, to third parties who promise to keep the information private. Until, of course, someone else needs it.

In the case of HIPAA, sharing medical information with other doctors, within a hospital, with laboratories and even family members and friends makes sense. Sharing financial information, or buying habits with advertisers, less so.

In the business world, it is easy to convince one's self that sharing information is always in the customer's interest, (as is easy access one's credit report). The government, too, no doubt, views itself as having only benign motives. This is the dilemma of privacy. Possession, and even use of, information can often be nearly harmless.

But it is surely a stretch to redefine privacy as every organization merely safeguarding personal information from every other organization, or at least make them promise to safeguard it - until they need to share it.

Congressmen Blasts Yahoo Executives in Chinese Dissident Case

2007-11-06T14:03:00.000-08:00

Yahoo CEO Jerry Yang and Yahoo's General Counsel, Michael Callahan, were harshly criticized today by Congressmen who accused Yahoo of deceiving Congress and of complicity with efforts by the government of China to suppress human rights.

Yahoo initially received an official demand (citing "illegal provision of state secrets") for information they had about a pro-democracy dissident named Shi Tao over to the Chinese government. Yahoo turned the information over to the government. Shi Tao was sentenced to 10 years in prison.

Callahan defended Yahoo’s actions. "I cannot ask our local employees to resist lawful demands and put their own freedom at risk, even if, in my personal view, the local laws are overbroad," he said.

Congressman Tom Lantos said, "I do not believe that America's best and brightest companies should be playing integral roles in China's notorious and brutal political repression apparatus," he said.

He also said, "While technologically and financially you are giants, morally you are pygmies.”

Rep. Chris Smith compared Yahoo's cooperation with the Chinese government to cooperating with Nazi Germany during World War II.

Members also criticized Callahan for not informing Congress of the demand when if occurred. Callahan has issued a statement saying that he learned about it after he testified in February 2006 testimony, and that he regretted not alerting the committee to it once he knew about it.

It is unclear what Yahoo’s policy is now with regard to turning customer information over to host governments.

USING GPS TO TRACK YOUR FRIENDS AND LOVED ONES

2007-10-25T07:47:00.000-07:00

Clearly, one of the next developments in technology and privacy are GPS enabled and other small devices. We've heard about how useful it can be for prisoners, children, and the elderly (not to lump them all together).

Laura M. Holson of CNET address it here.

Holson writes about Loopt, a service by Sprint Nextel. For $2.99 a month, a use can she can see the location of friends who also have the service, represented by dots on a map on the user's phone, with labels identifying their names.

She writes:
"And for teenagers and twentysomethings, who are fond of sharing their comings and goings on the Internet, youth-oriented services like Loopt and Buddy Beacon are a natural next step.

Sam Altman, the 22-year-old co-founder of Loopt, said he came up with the idea in early 2005 when he walked out of a lecture hall at Stanford.

"Two hundred students all pulled out their cell phones, called someone and said, 'Where are you?'" he said. "People want to connect."

"There are massive changes going on in society, particularly among young people who feel comfortable sharing information in a digital society," said Kevin Bankston, a staff lawyer at the Electronic Frontier Foundation based in San Francisco.

"We seem to be getting into a period where people are closely watching each other," he said. "There are privacy risks we haven't begun to grapple with."

For a segment of the younger generation, this may be somewhat compelling.

As the author correctly points out, though, the interesting questions arise when the service is involuntary, or semi-voluntary (Employer-Employee). Who would feel comfortable with anyone, including an employee, knowing where you are at all times?

MICROSOFT BUYS STAKE IN FACEBOOK

2007-10-25T07:43:00.000-07:00

Microsoft has finalized plans to take a $240 million equity stake in Facebook during its next round of financing. Thel deal will give Microsoft a 1.6 percent stake in the Facebook, giving the social networking website a highly theoretical, paper value of somewhere in the neighborhood of $15 billion.

Paper or otherwise, a respectable neighborhood.

AMERIQUEST FILES FOUND IN DUMPSTER

2007-10-19T11:49:00.000-07:00

According to ABC news, "police in Atlanta Georgia are investigating how the personal files of 1,200 Ameriquest Mortgage customers" turned up in a dumpster at an apartment complex.

"Police say the 40 boxes of records contain sensitive financial information, including customers' credit histories, bank account information, tax and salary records and social security numbers."

The boxes appeared last month, but oddly, the three Ameriquest offices in the Atlanta area closed in 2005.

Police say the files involved mortgage customers from a number of different states, including Georgia, Florida and Mississippi.

Authorities plan to alert customers identified from the documents so that they can check their records to confirm they were not fraud victims.

An Ameriquest representative has reviewed some of the documents, and spokesman Chris Orlando says the company believes they were stolen from Ameriquest in late 2002.

According to Orlando, "We take the security of our records very seriously...and have been working to locate the person or persons responsible for the theft. We are pleased that the files have now been secured by authorities in DeKalb County, and we are working with local law enforcement to determine what information is contained in the files and who stole them."

It would be interesting to see if Ameriquest filed a police report for stolen files back in 2002.

Deputy Chief Burrows says so far his department has uncovered no evidence that the files were stolen from Ameriquest.

Deputy Chief Mike Burrows of the DeKalb County Police Department told the Blotter on ABCNews.com that the documents would have been a treasure trove to identity theft criminals."

According to Burrows, "If anyone finds it, they can delve into the files and assume people's identity and obviously open credit accounts and obtain loans on vehicles, mortgages -- the general financial identity fraud situation that the whole country's facing."

LEAHY - SPECTER INTRODUCE ID THEFT BILL

2007-10-17T09:01:00.000-07:00

Leahy and Specter have introduced another ID theft bill.

This bill, The Identity Theft Enforcement and Restitution Act of 2007 would, would:

* Give ID theft victims the right to seek compensation for they time lost and expenses they incur in correcting their credit history.

* Criminalizing the act of threatening to obtain or release information from a protected computer.

* Eliminate a requirement that the loss resulting from damage to a victim's computer must exceed $5,000 for prosecution (violations resulting in less than $5,000 damage would be catergorized as misdemeanors)

* Expand federal computer fraud statutes to cover small businesses and corporations.

* Allowing for federal prosecutions of cases in which both the identify thief's computer and the victim's computer are located in the same state.

* Make it a felony to use spyware or keyloggers to damage 10 or more computers;

* Expand the definition of cybercrime to include extortion schemes that threaten to damage or access confidential information on a computer.

"Cybercriminals are getting smarter and more effective in their online efforts to strip Americans of their privacy and their property.

"Protecting American consumers from identity theft and fraud should be one of the Senate's top priorities. Cyber criminals are getting smarter and more effective in their online efforts to strip Americans of their privacy, and their property," Leahy said in a statement.

"In 2006, some 8.4 million Americans became victims to identity theft. Victims are often left with a bad credit report and must spend months and even years regaining their financial health. In the meantime, victims have difficulty getting credit, obtaining loans, renting apartments, and even getting hired," Arlen Specter said.

COMCAST INTERNAL HANDBOOK SHOWS CONCERN FOR PRIVACY

2007-10-16T08:42:00.000-07:00

DeDeclan McCullagh, writer for CNET, reports that "Comcast's confidential "Law Enforcement Handbook" was publicly disclosed on Monday."

MuCullagh's article is titled: "Secret manual shows Comcast (gasp!) protects customers' privacy."

I haven't read that manual myself, but Declan reports that is demonstates concern for their customer's privacy. This is isn't entirely surprising, and is an interesting development, given what we've recently about other telecoms and their cooperation with the Bush administration's wiretapping.

McCullagh writes:

"It turns out to be a 35-page manual dated September 2007 for police and intelligence agencies to use when they're trying to extract information out of Comcast about subscribers. The company's Internet service, VoIP telephone service and cable TV service are all covered.

What's perhaps most interesting, though, is that the leaked handbook shows that Comcast seems to be trying to protect its customers' privacy. I didn't see anything in the document offering to divulge more information than the law permits. Instead, the company repeatedly stresses that police follow legal requirements, and even attaches the text of two federal privacy laws as appendixes."

For more, click here: Declan McCullagh on Comcast's confidential "Law Enforcement Handbook."

EU WILL TAKE MONTHS ON GOOGLE

2007-10-15T13:04:00.000-07:00

According to Reuters, the EU will take several more months examining whether Google, and other search engines, are violating EU privacy law.

"We have written to Google to say that we are continuing our work, that it is not limited to Google, and that we will adopt an opinion at the beginning of 2008," Reuters quotes an official as saying after, after Article 29 committee met last week.

QWEST CEO CLAIMS RETALIATION FOR REFUSAL TO SPY ON CUSTOMERS

2007-10-11T11:19:00.000-07:00

Sara Burnett and Jeff Smith, report in the Rocky Mountain News that documents suggest that the National Security Agencym and other government agencies, retaliated against Qwest by not giving the company lucrative government contracts because Qwest would not cooperate with the federal government's possibly illegal phone surveillance program.

The documents were under seal until Wednesday, part of the trial of former Qwest CEO Joseph Nacchio for insider trading.

Nacchio, it appears, wanted to raise a defense related to the possibility that in 2001 Qwest was about to get a $100 million contract from the NSA. They didn't get the contract, and as we know, Qwest -- unlike AT&T and Verizon -- refused to track their customers phone calls without a warrant. The suggestion is that the program was raised at the same meeting in which the contract was discussed.

Nacchio also apparently was going to argue that he was in line for a $2 billion contract to build an Internet network which would be safe from terrorist attack, but that never happened.

Google, Yahoo, Microsoft Change Privacy Policies

2007-07-30T14:20:00.000-07:00

Google, Yahoo, and Microsoft have all recently changed their privacy policies due pressure from certain groups, not the least of which is the European Union, which is, among other activities, scrutinizing the possible merger of Google and Doubleclick.

Among the changes:

Yahoo - all search log data will be anonymous after 13 months.

Microsoft - all user search data anonymous after 18 months.

Google - data stored about end users in its server logs anonymous after 18 months.

GONZALEZ TESTIMONY HINTS AT DATA MINING

2007-07-28T14:55:00.001-07:00

AG Alberto Gonzalez testified this week there was dispute about Justice Dept. activities, but that it did not involve what he called the "terrorist surveillance program."

He may have been referring to large scale searches of electronic databases of domestic phone call and e-mail records, or data mining, according an article in the New York Times.

That the government can do this is well-known, utilizing the NSA's ability to intercerpt electronic traffic.

In 2004 there was disagreement within the Department of Justice over a program, but Gonzalez refuses to discuss it, and President Bush will not confirm its existence.

It may have involved Justice Dept. disagreements with the White House over the President's power to access large volumes of domestic records of phone calls and internet usage, looking for specific patterns or combinations of words, rather than usage by a person or group.

****************************************************************************

Raul Touts Work of White House Privacy Board

2007-07-25T13:55:00.000-07:00

The Privacy and Civil Liberties Oversight Board based out of the White House has long been regarded as toothless at best - recall Democrat Lanny Davis quit - and recent remarks by it's vice chair will do nothing to disabuse that impression.

Alan Raul told a House of Representatives Judiciary subcommittee that he opposed pending bill which would give the board more power, and more importantly, separate it from the White House. Davis quit out of concerns that the White House interfered with the Board and edited it's final report.

Raul claimed that the Board meets frequently and evaluated the privacy implications of areas of the federal government such as the NSA, the State Dept., and Treasury.

ChoicePoint Settles Breach Case With 44 States

2007-06-01T12:13:00.000-07:00

ChoicePoint has settled with all 44 states which sued the company over its 2005 security breach.

ChoicePoint agreed to adopt stronger security measures and pay $500,000 to the states, according to Connecticut Attorney General Richard Blumenthal.

Considering the company had 44 state AGs suing it, over a very highly publicized privacy breach, a settlement for $500,000 and tighter security procedures, which they were going to do anyway, is a very good deal for ChoicePoint.

The security measures are designed to make sure that their third party customers are using the personal information ChoicePoint markets for legitimate reasons. This will apparently include getting written certification from their customers, or even onsite visits to those customers by ChoicePoint.

ChoicePoint also agreed to conduct periodic audits of companies getting consumers' personal information to ensure that they are not using the information for illegitmate purposes.

Top Spammer Arrested

2007-05-31T09:31:00.000-07:00

According the Associated Press, the federal government has arrested a man they describe as being one of the top spammers in the world. They even claim users could notice a decrease in spam because of his arrest.

They accuse of 27 year-old Robert Alan Soloway using other people's computers to send out spam without their knowledge - so called "zombie computers". Apparently, a federal grand jury has already indicted him on several charges, including mail fraud, wire fraud, and aggravated identity theft. The government stated that this is the first time the federal government has charged a spammer with violating laws against identity theft.

Soloway has pleaded not guilty to all the charges.

Microsoft, which has been aggressive in going after spammers, won a $7 million civil judgment against him back in 2005, and the operator of a small Internet service provider in Oklahoma won a $10 million judgment. The article quotes Tim Cranton of Microsoft saying, "He's one of the top 10 spammers in the world."