Tuesday, August 31, 2010

Yes, you can have my personal information, but here's a looong list of things you can't do with it. (The short version is: Anything you originally promised not to do.)


Article: Pervasive Surveillance and the Future of the Fourth Amendment

August 30, 2010 by Dissent

Russell D. Covey of the Georgia State University College of Law has an article in the Mississippi Law Journal. Here’s the abstract:

We are in a period of intense technological change. The continued explosive growth in technology has two major effects on the scope and application of the Fourth Amendment. First, the diffusion of powerful new technologies like DNA synthesis and high-powered computing makes it far easier than ever before for ill-meaning groups or individuals to obtain powerful and destructive weapons. Regardless of who is perceived to desire such weapons, the very existence and potential use of such weapons poses a permanent and growing threat to national security. Second, with the development of new technologies, governments are finding it increasingly cheap and easy to conduct intrusive surveillance on their populations and to obtain data and information about individuals in quantities and in detail never before imagined. For both of these reasons, states are increasingly likely to adopt strategies of pervasive surveillance.

Fourth Amendment doctrine has failed to respond adequately to these trends. First, Fourth Amendment law – mainly, the so-called “third party doctrine” – fails to adequately protect privacy in light of new technology. Second, the few limits that have been placed on government use of technology threaten the ability of the state to conduct the type of surveillance necessary to effectively combat the risks posed by terrorism. The solution suggested is to shift the focus of the Fourth Amendment from its longstanding concern with acquisition of information to its use. Current practices already suggest that people generally are less concerned about revealing private information to others under appropriate circumstances than they are in ensuring that these limited disclosures are not misused by their recipients. In a future world where dangerous technologies are cheap and easily obtained, the critical problem will be to safeguard the population through carefully targeted surveillance, while ensuring that such surveillance cannot be used for pretextual or politically oppressive purposes.

You can download the full article here.

Covey, Russell D., Pervasive Surveillance and the Future of the Fourth Amendment (August 25, 2010). Mississippi Law Journal, Vol. 80, No. 4, 2010; Georgia State University College of Law, Legal Studies Research Paper No. 2010-14.

Via FourthAmendment.com.

(Related) We've been using radio locators to find back-country skiers who are lost or buried under an avalanche. This one seems to be for bragging rights and social networking...


Vail Resorts unveils ski slope geolocation system

… A skier can turn off RF functionality entirely if he or she so chooses, the company explained. [Opt Out Bob]

Coherent and comprehensive? I can't wait. More accurately, I don't think I'll live that long.


Article: Fourth Amendment Pragmatism

August 30, 2010 by Dissent

Dan Solove has a new article out, “Fourth Amendment Pragmatism,” in the Boston College Law Review. Here’s the abstract of the article, which will undoubtedly generate a lot of discussion:

In this essay, Professor Solove argues that the Fourth Amendment reasonable expectation of privacy test should be abandoned. Instead of engaging in a fruitless game of determining whether privacy is invaded, the United States Supreme Court should adopt a more pragmatic approach to the Fourth Amendment and directly face the issue of how to regulate government information gathering. There are two central questions in Fourth Amendment analysis: (1) The Coverage Question – Does the Fourth Amendment provide protection against a particular form of government information gathering? and (2) The Procedure Question – How should the Fourth Amendment regulate this form of government information gathering? The Coverage Question should be easy to answer: The Fourth Amendment should regulate whenever government information gathering creates problems of reasonable significance. Such a scope of coverage would be broad, and the attention wasted on the Coverage Question would be shifted to the Procedure Question. This pragmatic approach to the Fourth Amendment is consistent with its text and will make Fourth Amendment law coherent and comprehensive.

You can download the full article here.

Solove, Daniel J., Fourth Amendment Pragmatism (August 27, 2010). Boston College Law Review, Vol. 51, p. 1, 2010; GWU Law School Public Law Research Paper. Available at SSRN: http://ssrn.com/abstract=1666828.

Gee, does that mean the Constitution still rules?


EDNY: SCA won’t cut it: historical cell data requires warrant

August 30, 2010 by Dissent

Chris Soghoian has uploaded a federal magistrate’s decision in Eastern District New York denying the federal government’s request for an order requiring Sprint Nextel to produce cell records, including tower and sector information for a subscriber’s phone. According to court documents, the Sprint subscriber was Edwin Espinosa, but the phone was allegedly being used by the target of a criminal investigation, Tyshawn Augustus.

The government asserted that the request was relevant to a criminal investigation and that it believed it had sufficient grounds for obtaining a warrant under the probable cause standard. But the government did not apply for, nor obtain a warrant, preferring, it said, to proceed under the Stored Communications Act (SCA). It has been the government’s position that the SCA permits them to obtain records without a warrant.

Magistrate James Orenstein disagreed and denied the requested order, holding that the Fourth Amendment requires a warrant to obtain these types of records and that the government’s assertion that they had sufficient evidence to reach the probable cause standard was not sufficient. The judge wrote:

Even assuming that the facts proffered in the revised Application sufficed to establish probable cause, those facts could not simply be proffered but would instead have to be established by means of an affidavit or affirmation.

There’s much more to the opinion, but if the government hoped to get a ruling to support its approach that it does not need a warrant to search historical cell phone records with location data, it met its match in Judge Orenstein.

Update: Mariko Hirose of the ACLU blogs about the decision, here.

It's going to happen. Google and Microsoft and many others saw this coming and probably saw how profitable it could be.


Article: Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers

By Dissent, August 30, 2010

Barbara J. Evans of the University of Houston Law Center has uploaded a working paper to SSRN, “Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers.” The abstract is:

How much should an insurer or healthcare provider be able to charge when selling people’s personal health data without their permission to a researcher? This question is being addressed now in proceedings to amend the HIPAA Privacy Rule. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 allows such sales but limits pricing to a cost-based fee for data preparation and transmission. The requirement that individuals authorize the release of their data can be waived under existing provisions of the HIPAA Privacy Rule.

This article explains why supplying data to researchers is set to become a profitable line of business for entities that hold large stores of health data in electronic form. Health information systems are a form of infrastructure, and Congress’s cost-based fee for data preparation and transmission echoes pricing schemes traditionally used in other infrastructure industries such as railroads, electric power transmission, and telecommunications. Cost-based fees for infrastructure services, of constitutional necessity, must allow recovery of operating and capital costs including a return on invested capital – in other words, a profit margin.

This fee structure is being launched in an emerging 21st-century research landscape where biomedical discovery will depend more than it has in the past on studies that harness existing stores of data – such as insurance claims and healthcare data – that were created for purposes other than the research itself. This article explores why, in this environment, the new fee structure has the potential to destabilize already-fragile public trust and invite state-law responses that could override key provisions of federal privacy regulations, with devastating consequences for researchers’ future access to data. To avoid this outcome, the cost-based fee must be thoughtfully implemented and accompanied by reform of the HIPAA waiver provision now used to approve nonconsensual use of people’s health data in research. This article identifies specific defects of the existing framework for approving nonconsensual uses of data with the aim of eliciting a wider debate about what the reforms ought to be.

You can download the entire article from SSRN

Evans, Barbara J., Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers (August 23, 2010). Univ. of Houston Public Law and Legal Theory Working Paper No. 2010-A-22. Available at SSRN: http://ssrn.com/abstract=1660582

(Related) How about disclosure to the media?


Triplets’ Parents Sue Hospital & Media

By Dissent, August 31, 2010

Dan McCue reports on a case in Illinois:

Surrogate parents of newborn triplets claim a hospital and major media outlets violated medical privacy laws and subjected them to “humiliation, embarrassment and emotional distress” by publishing photos and stories about their newborns. The parents say they never gave Advocate Christ Medical Center permission to release personal information about them or their babies, nor did they agree that the Sun Times, Tribune Co. or WLS-TV could photograph and publish the babies’ pictures.

Read more about the lawsuit on Courthouse News, where you can also read a copy of the complaint. I e-mailed the plaintiff’s lawyer yesterday to inquire as to whether a HIPAA complaint had also been filed, but I have not received any response as yet.

[From the Courthouse article:

About three days after the Lindgren triplets were born, Cynthia Lindgren says, she got a call from a nurse who said that news outlets were coming to the hospital to do a story on the four sets of triplets.

The nurse asked for permission to have the Lindgren children filmed, but Cynthia Lindgren said she demurred, saying she would have to speak with her husband.

But the hospital let the TV and newspapers go ahead anyway, the Lindgrens say.

WLS broadcast footage of one of the Lindgren children and disclosed their medical condition; the print articles also revealed where the family lives and how the children were conceived, the parents say.

(Related) Maybe agreeing on a policy isn't that simple?


Article: An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government

August 30, 2010 by Dissent

Christopher Soghoian’s article, “An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government,” will be published in an upcoming issue of the Minnesota Journal of Law, Science & Technology, but you can read it now via free download from SSRN. Here’s how the article begins:

Today, when consumers evaluate potential telecommunications, Internet service or application providers – they are likely to consider several differentiating factors: The cost of service, the features offered as well as the providers’ reputation for network quality and customer service. The firms’ divergent approaches to privacy, and in particular, their policies regarding law enforcement and intelligence agencies’ access to their customers’ private data are not considered by consumers during the purchasing process – perhaps because it is practically impossible for anyone to discover this information.

A naive reader might simply assume that the law gives companies very little wiggle room – when they are required to provide data, they must do so. This is true. However, companies have a huge amount of flexibility in the way they design their networks, in the amount of data they retain by default, the exigent circumstances in which they share data without a court order, and the degree to which they fight unreasonable requests. As such, there are substantial differences in the privacy practices of the major players in the telecommunications and Internet applications market: Some firms retain identifying data for years, while others retain no data at all; some voluntarily provide government agencies access to user data – one carrier even argued in court that its 1st amendment free speech rights guarantee it the right to do so, while other companies refuse to voluntarily disclose data without a court order; some companies charge government agencies when they request user data, while others disclose it for free. As such, a consumer’s decision to use a particular carrier or provider can significantly impact their privacy, and in some cases, their freedom.

Soghoian, Christopher, An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government (August 10, 2010). Minnesota Journal of Law, Science & Technology, Forthcoming. Available at SSRN: http://ssrn.com/abstract=1656494

(Related) Medical data is getting broader and more detailed.


Sensors and In-Home Collection of Health Data: A Privacy by Design Approach

By Dissent, August 31, 2010

From the Information and Privacy Commissioner of Ontario’s web site:

In-home health care monitoring devices are gaining in prominence. Technological improvements in networking, wireless communications, and the miniaturization of electronics have resulted in a suite of emerging technologies that rely on the collection of information from within the home, from an individual’s body, or both. This new technology brings with it significant potential benefits for both society as a whole and individual citizens, such as reducing strain on health care systems through a more preventative (rather than reactive) approach to potential health care problems, which generally improves an individual’s clinical outcomes and/or independence. In order to create these benefits, however, significant and continuous data collection about the individual is required. Until now, these data have not been accessible, as technologies were not sufficiently advanced to collect necessary information accurately, reliably, and securely. It is important to recognise that these data tend to be of a highly sensitive nature, as they are collected either directly about the individual or about actions taken within his or her home (traditionally the most privacy protected location in one’s daily life). As such, people’s privacy must be at the forefront of these new technologies and be strongly protected. In this white paper, we describe a general technology that is commonly used to collect data for in-home health care monitoring systems – sensors and sensor networks. We then identify the points of interest within such a system with regard to privacy, and describe some of the considerations that might be made when determining appropriate privacy protections. To demonstrate this approach, we will describe examples of devices being developed by the University of Toronto’s Intelligent Assistive Technology and Systems Lab (IATSL).

You can access the full paper here. In explaining the need for privacy by design, the writers note:

The application of remote sensors to the provision of health care – particularly as sensors and data collection enter the home – brings additional factors to the already complex issue of health information privacy Kotz et al. (2009), for instance, identify three particular features of remote home health care that have implications for privacy. Applied to sensor technologies, these features are as follows:

  1. More medical data may be collected about a patient, as sensors allow continual monitoring of health characteristics over an extended period;

  2. Broader health data may be collected about the patient; in addition to physiological data, information about an individual’s lifestyle and activities may be recorded.

  3. A broader range of applications may be enabled by the range of data made available through the use of sensor technologies.

The ability to maintain the privacy and security of patient information will be a key determinant of the success of remote home health care systems (see, for instance, the findings of Mihailidis et al., 2008). Of course, in ensuring privacy, the ability of these systems to aid in the provision of care cannot be compromised. What then, is the best manner of achieving these dual goals? The answer lies with Privacy by Design and the positive-sum paradigm.



Department of Homeland Security Sued Over Secret Traveller Files

August 30, 2010 by Dissent

Matt Smith reports:

San Francisco travel writer Edward Hasbrouck has sued the U.S. Department of Homeland Security over what he says is the agency’s refusal to give a complete accounting of secret files detailing his numerous border crossings around the world.

“This is not something I’m doing lightly, or that I’m doing every day, or that I like doing,” said Hasbrouck, who has long been the U.S. media’s go-to guy on the subject of traveling travails. But “I think it’s important for people to know about this surveillance program, and to understand what kind of dossiers are being kept, and how that information is being used.”

Read more on SF Weekly.

Hasbrouk blogged about his reasons for suing on his web site last week:

Today the First Amendment Project is filing a lawsuit on my behalf against U.S. Customs and Border Protection (one of the divisions of the Department of Homeland Security) for violating the Privacy Act and the Freedom Of Information Act (FOIA) by refusing to disclose their records of my travels, what they did with my requests for my records, and how they index, search for, and retrieve these travel surveillance records.

According to the complaint in Hasbrouck v. CBP filed today with the U.S District Court in San Francisco:

This complaint concerns the failure to disclose records regarding the warrantless, suspicionless dragnet collection and maintenance of Federal government records of the travel, activities, and other personal information concerning U.S. citizens not accused of any crime….

Not so much a wave of “Me too” companies, rather these are “We don't do that” Fodder for my “Small Business Development” entrepreneurs.


The Rise of the Anti-Facebooks

Facebook is dominating social media in almost every country where it hasn't been banned, and the six-year old site shows no signs of slowing down. It's creeping across generations, replacing things like the phone book and introducing tools the masses had no idea they needed. It's also indoctrinating the world into adopting the Mark Zuckerberg Values of "openness," "sharing" and "living your whole life on the Internet."

Those values have lead to a cultural movement. But here comes the resistance: a wave of social networking sites that define themselves in opposition to Facebook.

Privacy Fiends

The most prominent example is Diaspora, the distributed, open-source social network all about privacy and control of your data. Diaspora doesn't cite Facebook by name on its Kickstarter page, where its four founders raised 20 times more money than they asked for. But its founders do refer to "large corporate networks who want to tell you that sharing and privacy are mutually exclusive."

… Another site, folkdirect.com, launched in January with a similarly lofty view of privacy: "Your details will never become fodder for targeted advertising campaigns and there are no third party apps to phish your data."

CollegeOnly founder Josh Weinstein remembers how he and his friends were just as anxious to join Facebook as they were for freshman orientation. CollegeOnly launched a social network for "connecting student bodies" last week. When you graduate, you're out. In the promo video, Weinstein turns to the camera and asks, "Don't you wish your social network were college only?" Yet-to-launch mobile startup Scoop has a similar idea.

… Maybe age or school-affiliation isn't important, but exclusiveness still is. ASMALLWORLD is an invitation-only social network for "sophisticated" and "influential" people

Hibe is a yet-to-launch social network based around controlling which personality you project to whom, a concept its creator calls "Social Web 3.0."

Anyone can screw up research. No doubt this will show up in college research classes as THE bad example.


Prosecutor Loses Case For Citing Wikipedia

Posted by CmdrTaco on Monday August 30, @11:19AM

"The Philippine Daily Inquirer reports on a recent case where the Office of the Solicitor General (OSG) lost an appeal after seeking to impeach the testimony of a defendant's expert witness by citing an article from Wikipedia. In her brief, the defendant said 'the authority, alluded to by oppositor-appellant, the "Diagnostic and Statistical Manual of Mental Health Disorders DSM-IV-TR," was taken from an Internet website commonly known as Wikipedia,' and argued that Wikipedia itself contains a disclaimer saying it 'makes no guarantee of validity.' The court in finding for the defendant said in its decision that it found 'incredible ... if not a haphazard attempt, on the part of the (OSG) to impeach an expert witness, with, as pointed out by (the defendant) unreliable information. This is certainly unacceptable evidence, nothing short of a mere allegation totally unsupported by authority.'"

Does the government believe that its citizens are so innumerate they can't determine that 25 MPG is not as good as 35 MPG? I doubt they will grade on a standard curve...


EPA Proposes Grading System For Car Fuel Economy

Posted by Soulskill on Monday August 30, @10:05PM

"The EPA and Department of Transportation on Monday proposed a fuel economy label overhaul to reflect how electric and alternative fuel vehicles stack up against gasoline passenger vehicles. ... The changed label, mandated by the 2007 energy law, includes the same information on city and highway miles per gallon and estimated driving costs based on 15,000 miles a year now available. But the new labels add more comparative information, rating cars on mileage, greenhouse gas contribution, and other air pollutants from tailpipe emissions. That means that consumers can look at a label to see how one vehicle compares to all available vehicles, rather than only cars in a specific class. One label proposes grades, ranging from an A-plus to a D. There are no failing grades, since vehicles need to comply with the Clean Air Act."

For all my students?


Monday, August 30, 2010

Developing Critical Thinking Through Web Research

As we know, the Internet is a great place to find information on anything that sparks your curiosity. Likewise, the web is a great resource for students, but they need to know how to evaluate what they find and discern the good from the bad. That's where we come in as teachers. And to help us help our students, Microsoft offers us a free 37 page ebook titled Developing Critical Thinking Through Web Research Skills. The ebook presents strategies for teaching Internet search skills and strategies for evaluating information. The ebook also links to many additional resources for teaching web search strategies. There are strategies and resources appropriate for students from in early elementary grades through high school included in the ebook. As you might expect, the ebook is heavy on references to Bing and other Microsoft products, but overall it is a good resource worth your time to download and read.

For my website students


Tuesday, August 31, 2010

7 Places & Ways to Find Copyright-friendly Images



ShrinkTheWeb: Improved Thumbnail Screenshot Generator




7 Video Editing Tasks VirtualDub Handles With Ease [Windows]

No comments: