Category Archives: Privacy

Henry N. Ess III Chair Lecture Notes

Posted on by
3

I’m preparing for a lecture tonight at Harvard Law School.  Here’s the abstract:

The Path of Legal Information

November 9, 2010

I propose a path toward a new legal information environment that is predominantly digital in nature.  This new era grows out of a long history of growth and change in the publishing of legal information over more than nine hundred years years, from the early manuscripts at the roots of English common law in the reign of the Angevin King Henry II; through the early printed treatises of Littleton and Coke in the fifteenth, sixteenth, and seventeenth centuries, (including those in the extraordinary collection of Henry N. Ess III); to the systemic improvements introduced by Blackstone in the late eighteenth century; to the modern period, ushered in by Langdell and West at the end of the nineteenth century.  Now, we are embarking upon an equally ambitious venture to remake the legal information environment for the twenty-first century, in the digital era.

We should learn from advances in cloud computing, the digital naming systems, and youth media practices, as well as classical modes of librarianship, as we envision – and, together, build – a new system for recording, indexing, writing about, and teaching what we mean by the law.  A new legal information environment, drawing comprehensively from contemporary technology, can improve access to justice by the traditionally disadvantaged, including persons with disabilities; enhance democracy; promote innovation and creativity in scholarship and teaching; and promote economic development.  This new legal information architecture must be grounded in a reconceptualization of the public sector’s role and draw in private parties, such as Google, Amazon, Westlaw, and LexisNexis, as key intermediaries to legal information.

This new information environment will have unintended – and sometimes negative – consequences, too.  This trajectory toward openness is likely to change the way that both professionals and the public view the law and the process of lawmaking.  Hierarchies between those with specialized knowledge and power and those without will continue its erosion.  Lawyers will have to rely upon an increasingly broad range of skills, rather than serving as gatekeepers to information, to command high wages, just as new gatekeepers emerge to play increasingly important roles in the legal process.  The widespread availability of well-indexed digital copies of legal work-products will also affect the ways in which lawmakers of all types think and speak in ways that are hard to anticipate.  One indirect effect of these changes, for instance, may be a greater receptivity on the part of lawmakers to calls for substantive information privacy rules for individuals in a digital age.

An effective new system will not emerge on its own; the digital environment, like the physical, is a built environment.  As lawyers, teachers, researchers, and librarians, we share an interest in the way in which legal information is created, stored, accessed, manipulated, and preserved over the long term.  We will have to work together to overcome several stumbling blocks, such as state-level assertions of copyright.  As collaborators, we could design and develop it together over the next decade or so.  The net result — if we get it right — will be improvements in the way we teach and learn about the law and how the system of justice functions.

Joel Reidenberg: Transparent Citizens and the Rule of Law

Posted on by
5

Prof. Joel Reidenberg (Fordham Law; director of the Center on Law and Information Policy) starts out a luncheon talk at the Berkman Center’s Law Lab with a provocative opening theme: Transparency challenges the very existence of the Rule of Law. Some hasty/live-blogged notes follow:

As a practical matter, in the cloud era, we’ve lost the practical obscurity of information about all of us.  What used to exist about us, but in private/not-that-accessible form, is now accessible and associate-able with an individual.  We now have transparent citizens, Reidenberg contends.

How does this challenge the rule of law, he wonders?  The data that are included in the TIA and other state databases come from third-parties, outside the warrant process (the third-party data problem).  The state doesn’t have to spend the same amount of time or money to gather a great deal of information about each of us.  Fusion centers are another prime example of this phenomenon, Reidenberg argues.  Fusion centers use data from private sector parties to determine who should be a suspect, as opposed to the historical approaches to determining suspects and then gathering data.  The state does not have to adhere as faithfully to the rule of law in their law enforcement practices.

We have a transparency challenge, says Reidenberg.  Enhanced cryptography can allow people to carry out acts anonymously, he points out; ditto for the Cohen case in New York with Blogger, Juicy Campus, and so forth.  People are hiding behind anonymity to carry out wrong-doing.  As the public perceives more and more surveillance, wrong-doers will use more robust tools to maintain anonymity — making it harder for the state to catch the real bad guys and to protect the rule of law among the citizenry broadly.

There’s a transparency challenge to the rule of law, as well, Reidenberg argues.  The dossier on Justice Scalia that Prof. Reidenberg’s class pulled together.  Secondary use is a major issue when it comes to public data.  Students could easily pull together a dossier on a major figure by using the transparency that government insists on with respect to information about each of us.  A related example: social networking and judges, in the case of a Staten Island-based judge who is friends with those who appear before him.  (Is there a difference between LinkedIn and Facebook?  And/or: do we really want our judges “unplugged” if we tell them they cannot be friends with anyone online?  What about the jury pool and public friendship networks?  Lawyers googling potential jurors outside of voir dire?  Puts me in mind of Prof. Charles Nesson’s American jury seminar this semester at HLS.)

Reidenberg concludes with the “re-instantiation of the Rule of Law.”  We need to focus on a norm of data misuse, he argues.  Knowledge for some purposes is fine; knowledge for other purposes is not OK.  Reidenberg’s argument here points toward seeking to re-engineer practical obscurity into the technical network.  He cites to Helen Nissenbaum’s contextual integrity argument as support for this concept.  (It’s much in the spirit of our work on the Youth Media Policy project, where we’re trying to translate the data about youth online digital media practices into good policy proposals.)

This talk by Reidenberg proves to be extremely provocative to the Law Lab crowd assembled here.  A spirited discussion starts up during the question period.  Just as a few examples of types of push-back: John Clippinger, the law lab’s co-director, says that he agrees with Reidenberg’s analysis but disagrees in terms of what to do about it.  It’s the wrong time to prescribe solutions right now, Clippinger charges, especially with norms in flux as they are right now.  Julie Cohen (Georgetown law prof who is a visiting professor here at HLS this year), who spoke here in the Berkman Center lunch series just last week, was talking about the virtues of “semantic discontinuity” in response to similar privacy concerns.  The communication process leads to a much finer granularity of information as well as new forms of metadata creation and re-assembly, which in turn makes it difficult to operate in proper contexts, argues Urs Gasser (in a quite wonderful series of questions).  Joel’s limited purpose knowledge regime, he argues, is up against a loss of the rule of law (though Clippinger thinks you don’t have to frame it that way; and Cohen pushes on what he means by the “rule of law”; and Clippinger comes back to the private law mesh of contracts-type of regime as preferable).  Professor Harry Lewis (SEAS at Harvard) wants to know how all this will affect the extensive private surveillance regime and whether law should come into the picture to restrict the use of these privately-collected data.  (My question: would you close the third-party data loophole with respect to state access to privately-collected data without 4th Amendment protections?  Yes, said Reidenberg.)

Just based on the last few weeks of lunches around the Berkman Center, I’m coming up in my mind with a dream seminar on these topics.  For starters, I’d have Joel Reidenberg, Julie Cohen, and Jonathan Zitttrain; present each of them with a common set of hard Internet law problems; and ask them to apply their big-picture theories to their resolution.  I suspect we’d get some extremely interesting, and different approaches, to adjusting the law, technology and norms to fit better with the digital age.  I can imagine there are others to invite to the party, too…

Julie Cohen: Configuring the Networked Self

Posted on by
2

At the Berkman Center, we are hearing a preview of key elements of Prof. Julie Cohen‘s forthcoming book, Configuring the Networked Self.   Some hasty live-blog notes follow:

Prof. Cohen tells us that there are two disconnects that she starts with: 1) there are lots of invocations of “freedom” being floated around, but many of the results in the political and technical processes seem antithetical to the interests of the communities involved; and, 2) while the free culture debate is all about openness, it’s impossible (or at least difficult) to imagine how privacy claims may be contemplated in the context of all this openness.

What’s puzzling, to Cohen, about these disconnects that has led her to major substantive and methodological claims: we make these laws and policies about freedom within the frame of liberal political theory, invoking terms like autonomy and freedom and presumptions like rational choice as the dominant terms of the discourse.  We ought to be focusing instead on the experienced geography of the networked society, where people are living in cultures, living in ways that are mediated by technologies.  We don’t have very good tools to ask and answer those questions.  We’re led to start with the presumption that individuals are autonomous and separate from culture.  It’s difficult to say things about how more or less privacy will result in meaningful, significant consequences for how we experience our culture and how political discourse works from there.

On to the methodological question: lots of people are working on these questions in related fields, and we in legal scholarship often don’t pay enough attention to what they are learning (say, in cultural theory, STS, other fields described by legal scholars in pejorative terms of “post-modernist” and otherwise).  We need to understand what Cohen calls “situated embodied users” and how they experience information technologies in order to inform law and policy in this field better.  Cohen’s “normative prior”: We should promote law and policy that promote human flourishing (network neutrality, access to knowledge, access to culture as precursors for participation in public life).  But Cohen also tells us that she parts company with those who expound this theory where they seek to embed it in liberal political theory.  We should reconcile — or live with — tensions in legal and policy problems by looking to these “post-modern” fields and ask what they can tell us.  We should ask what kinds of guarantees the law ought to provide.

Where does this process lead us?  Think about Access to Knowledge, Cohen says: it’s nice, but it doesn’t get you as far as you need for human flourishing.  It doesn’t guarantee you rights of re-use in creative materials or rights of privacy, for instance.  There are further structural preconditions for human flourishing that we need to ensure.  Two in particular: 1) operational transparency: it’s not enough to know what is being collected about you, you need to know how it’s going to be used; and 2) semantic discontinuity: a vital structural element of the networked information economy: e.g., copyright, you need incompleteness in the law and policy regime that affords room for play.  In privacy, you need space left over for identity play, for engagement in unpredictable activity.  In architecture, seamless interoperability is all to the good in some ways, but not good for privacy, for instance.  Data about you would therefore move around and around and around without your knowing about it.  Human beings benefit, Cohen argues, from structural discontinuity.

This is going to be a fascinating and important book.  And I’m eager to think through how Cohen’s claims relate to JZ’s in Future of the Internet once I’ve read Cohen’s new work.

Reader Privacy Event at UNC-Chapel Hill

Posted on by
2

Anne Klinefelter, the beloved law library director at UNC-Chapel Hill (you should hear her dean introduce her; really!), is hosting a Data Privacy Day event on reader privacy.  She makes the case in her opening panel remarks that, if we wish to translate library practices with respect to privacy into a digital world, we need to figure out how to translate not just law but also ethics.  Anne argues that the law needs updating to keep up with new research practices of today’s library users, especially as we shift from a world (primarily) of checking out books to a world (primarily) of accessing databases.  Her analysis of the 48 state laws with respect to user data privacy shows that the statutes vary in substance, in coverage, and in enforcement.  Anne’s closing point is a great one: if we’re in the business of translating these rules of library protection of user data, we need to bring the ethical code and norms along as well.

Jane Horvath (Google) and Andrew McDiarmid (CDT) take up the Google Books Search Settlement and its privacy implications.  Jane emphasized the protections for user privacy built into book search.  She also emphasized ECPA and the need to update it to protect reader privacy.  Google, she says, is “calling for ECPA reform.  It really is necessary now.”

Andrew described, diplomatically and clearly, the privacy concerns that CDT has with respect to the Google Books Search Settlement (which CDT thinks should be approved; EFF, the Samuelson Clinic, and the ACLU of Northern California have similar concerns, but oppose approval of the settlement).  The critiques that Andrew described are not limited to Google’s activities, he noted; Amazon and others need to address the same issues.  Andrew worries about the potential development of (too?) rich user profiles that may be the target of information requests for law enforcement and civil litigants.  Rather than regulate Google as a library, Andrew argues, we should focus on the kinds of safeguards that CDT would like to see apply.  The best recent restatement of Fair Information Practices is by the DHS, says Andrew.  Eight principles should apply: Transparency, individual participation (including the right to correct it), purpose specification, minimization, use limitation,  data quality and integrity, security, accountability and auditing.  CDT would like to see Google commit to specific protections in alignment with these eight principles.

Tidbits from Navigate 2008 Day One

Posted on by
1

It’s Day One at Navigate 2008. Trevor Hughes and his crack team at the IAPP have established a space for thinking not about what’s urgeny, but about what’s important when it comes to privacy. The key for the event is to think big about privacy. The goal is to contribute to the global dialogue. (For me, kids, technology, and the future are on the brain because of Born Digital coming out, so the frame I bring to it is the future systems that we are building to protect our children and grandchildren.)

navigate08

Meta tidbit: Going meta, briefly, on the emerging art of conference blogging. I’ve been wondering: What’s the optimal amount of blogging of a conference, in terms of frequency, length, and topic? JZ says the goal should not be coverage, but to exposure worthy tidbits. That’s to say, as many as a few posts a day if there are worthy things to say, or no posts if the conference totally stinks. (JZ is blogging a key aspect of Hal Abelson’s provocation so we can see what he means by a “tidbit” when that’s up.)

Process/experimentation tidbit: there are three breakout groups, each using MindManager in the breakout rooms. From a mission-control, a few of us have a view across the three MindMaps through a networking tool called MindJet. It works great for viewing all the conversations as they emerge in real-time. It also lets one intervene from the center — but that is not necessarily welcome, it seems, as the MindManager scribes have enough to do to keep track of the conversation, and chatting with the curators doesn’t seem to help their focus much. It’s cool to be able to intervene and to ask clarifying questions, but not necessarily productive to the whole, it seems. It’s great to be trying this out in real-time, though.

Substantive tidbit: from the first session, part of MIT prof Hal Abelson’s provocation. In the end, the way to go is to build accountable information systems, says Hal. He cited a letter he (and many of us) got from Bank of America which said that data about some customers had escaped from a third-party location and that B of A is tracking our accounts to see if anything is going wrong as a result. Hal says that this may be lawful, but it’s not accountable. He wants to know more: who had the data, why they had it, what it was, what happened in the breach, what risks he is running as a result, and so forth. He also says not to worry so much about the collection or mining of the data, but rather about decisions made about you based on these data. (I have a sense already that this is not a consensus view among other attendees — to be tested out!)

A final Bostonian’s tidbit, off to the side: In the command-central room for IAPP, there’s a side conversation about the MBTA’s Charlie Tickets v. Charlie Cards. These are the cards you buy to go on the Boston-area subway system. If you use an Charlie Ticket, rather than a Charlie Card, you pay more per ride, but there’s little chance your movements could be tracked, so one way to see it is that there’s a explicit premium per ride for your privacy. Richard Stallman has an alternate approach, apparently: swapping zero-value CharlieCards to frustrate any user tracking while not having to pay the privacy premium.

Navigating Privacy

Posted on by
1

Jonathan Zittrain and I are headed up to seacoast New Hampshire to be the “curators” of the IAPP’s new executive forum, Navigate, for the first few days of the week. It’s a beautifully organized program and a terrific line-up. It promises to be provocative and a lot of fun.

Privacy turned out to be a major part of our research into how young people use new technologies differently from their parents and grandparents. In our book, Born Digital (coming out in the next few weeks; and now the book’s website from the publisher is up), we started with a single chapter on Privacy and ended up with three: Identity, Dossiers, and Privacy. (Berkman summer intern Kanu Tewari made a video rendition of our Dossiers chapter; and the project’s wiki has a section on Privacy.) I look forward to testing those ideas with a bunch of privacy pros who will no doubt help to refine them.

As a special bonus: They’ve partnered with the MindJet people — makers of MindManager, which I love — to document the event and to extract key themes in an organized digital format. I’m looking forward to learning some MindManager tricks.

Daniel Solove's The Future of Reputation

Posted on by
3

The first book I’ve read in full on my Amazon Kindle is Daniel Solove‘s “The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.” It’s a book I’ve been meaning to read since it came out; it did not disappoint. I was glad to have the joint experience of reading a first full book on the Kindle and of enjoying Solove’s fine work in the process.

Before I picked up “The Future of Reputation,” Solove had already played an important part in my own thinking about online privacy. The term that he coined in a previous book, “digital dossiers,” is a key building-block for the chapter of the same topic in Born Digital, which Urs Gasser and I have just finished (coming out in August). Solove advanced the ball in a helpful way, building on and refining previous scholarship of his own and that of Jonathan Zittrain, Paul Schwartz, Simson Garfinkel and others.

This book has the great virtue of being accessible to a reader who is not a privacy expert as well as being informative to those who know a good bit about it to begin with. Solove repeats a lot of lines that one has heard many times before (for instance, at the outset of Chapter 5, Scott McNealy’s line: “You already have zero privacy. Get over it.”), but also introduces some new ideas to the mix. It’s good on the theory, but it also offers practical policy guidance. He also poses good questions that could help anyone who wants to think more seriously about how to manage their reputation in a digital age.

One other thing I appreciated in particular: Solove is clearly a voracious reader and does an excellent job of situating his own thoughts in within the works and thought of others (variously Henry James and Beecher; Burr and Hamilton; Warren and Brandeis; Brin, Johnson & Post, and Gates) and in historical context, which I much enjoyed.

As for the Kindle itself: it’s fine. I don’t love it, but I also have found myself bringing it on planes with me lately, loaded up with a bunch of books that I’ve been meaning to read. So far, the battery life has been poor (might be my poor re-charging practices), so that the technology of the Kindle is sometimes less good than the technology of the classic book (which cannot run out of batteries in the middle of a long-haul flight, as my Kindle always seems to). The eInk is soft on the eyes; no problem there. The next and previous page functionality is fine, and the bookmark works pretty well. And FWIW, I’ve now got Mark Bauerlein’s “The Dumbest Generation: How the Digital Age Stupefies Young Americans and Jeopardizes Our Future (Or, Don’t Trust Anyone Under 30)” on there, which is up next for a review — as its premise cuts against the grain of Born Digital.  One advantage of the Kindle is cost, once you have device: the Solove and Bauerlein books cost a mere $9.99 each.

Sears and Badware

Posted on by
2

Tonight, we at StopBadware are releasing a report that finds that Sears Holding Corporation’s MySHC Community application is badware. (We also blogged our pending review of the application a few days ago.) Our concerns are these:

1) The software does not fully, accurately, clearly, and conspicuously disclose the principal and significant features and functionality of the application prior to installation.

The My SHC Community application’s only mention of the software’s functionality outside of the privacy policy and user license agreement (ULA) prior to installation is in a sentence of the fourth paragraph of a six paragraph introduction to the community. It states that “this research software will confidentially track your online browsing.” It does not make clear outside the privacy policy and ULA that this includes sending extensive personal data to Sears (see below) or that it monitors all internet traffic, not just browsing.

2) Information is collected and transmitted without disclosure in the privacy policy.

There are two privacy policies available to users of My SHC Community and the accompanying software application. All of the behaviors noted in this report are disclosed in one version, which is shown to and accepted by users during installation. However, when viewing the privacy policy on the website or from the link included in a registration confirmation e-mail, a different version of the privacy policy, which does not include any information about the software or its behavior, appears, unless the user is currently logged into the My SHC Community site. This means, for example, that a user checking the privacy policy from a different PC may not see the privacy policy that s/he originally agreed to.

3) The software does not clearly identify itself.

While running, the My SHC Community application gives no indication to the user that it is active. It is also difficult to tell that the application is installed, as there are no Start menu or desktop shortcuts or other icons to indicate its presence.

4) The software transmits data to unknown parties.

According to SHC and comScore, the parent company of the software developer, VoiceFive, the My SHC Community application collects and transmits to Sears Holdings’s servers (hosted by comScore) extensive data, including websites visited, e-mails sent and received (headers only, not the text of the messages), items purchased, and other records of one’s internet use. This is not made clear to the user separate from the privacy policy or ULA, as required by StopBadware guidelines. Sears Holdings Corp. commits in its privacy policy “to make commercially viable efforts to automatically filter confidential personally identifiable information,” but is unable to guarantee that none of this information will be sent or stored.

We’ve spent time on the phone with the team at Sears Holding Corporation (SHC) about their app. SHC has informed StopBadware that they are significantly improving the My SHC Community application disclosure and privacy policy language and adding a Start menu icon in an effort to comply with our guidelines and address privacy concerns. They expect these changes to be implemented within 48 hours. At StopBadware, we have not evaluated these planned changes at this time. SHC has also informed us that they have suspended invitations to new users to install the application until these changes are implemented.

Our news release on this report is here.

Cookie Crumbles Contest: Make a Video, Help Consumers, Win Cash

Posted on by
Reply

Have fun and help raise awareness about how the Internet really works — and possibly earn a trip to DC and $5000 if you’re really good at it!

The Berkman Center, StopBadware, Google, Medium, and EDVentures present Cookie Crumbles. It’s a fun contest for people who like to make short, humorous (yet meaningful) videos and posting them to YouTube (there’s a Cookie Crumbles group set up for contest purposes). We are looking for short YouTube videos that address these questions as accurately and as creatively as possible:

Most people know cookies as a treat best enjoyed with milk. When it comes to web cookies, however, many users want to know more:

* What is a cookie?
* How do cookies work?
* How can cookies be used?
* How is the data from cookies used with data collected in other ways, including from third parties?
* How can cookies be misused?
* What options does a user have to manage cookies and their use?

The top few submissions, as determined by a combination of YouTube viewers and Berkman Center staff, will earn their creators a trip to Washington, D.C., where their videos will be aired and discussed at the United States Federal Trade Commission’s November 1-2 Town Hall workshop entitled “Ehavioral Advertising: Tracking, Targeting, and Technology.” Several prizes will be awarded by a panel of judges and discussants including Jeff Chester, Esther Dyson (who blogged the contest here and here), and others, moderated by the Berkman Center, and including one grand prize of $5,000. Submission guidelines and more can be found here.

Ira Rubinstein on Microsoft’s Corporate Privacy Guidelines

Posted on by
2

Ira Rubinstein

Ira Rubinstein is here with us at the Berkman Center today to talk about Microsoft’s corporate policies on privacy. Ira was joined yesterday here by Brad Smith, Microsoft’s General Counsel, who spoke last night on the topic of innovation, interoperability and IP, and Annmarie Levin, like Ira an Associate General Counsel and with whom we’ve been working on interop and innovation.

Ira’s lunch talk is on the company’s privacy guidelines, which have been posted online, in a 49-page document, since last October. Ira’s testimony to a US Senate committee on privacy in 2001 is also posted here.

As his slides and the policy document states, the core commitment is that “Microsoft customers will be empowered to control the collection, use, and distribution of their personal information.” This commitment drives through to a set of detailed definitions, and then to guidelines for privacy protections when developing software.

Microsoft has gone to a “layered” approach to privacy statements. There’s a basic document with a lot of links to privacy statements by type of application or topical area. One discussion topic: can a layered approach result in greater disclosure and clarity to users?

Microsoft has stated its support for comprehensive privacy legislation in the United States. My comment, not Ira’s: as an idea for comprehensive privacy legislation: what about a format regulation promulgated by the US FTC that ensures that consumers can know where to look for information about how personal information is handled?

The nature of what kind of personally identifiable information that the policies need to cover is changing as the company continues to grow and add business lines. Microsoft announced six months or so ago a new initiative into the health care domain, covering electronic medical records and so forth. All of a sudden, the type of information that Microsoft might collect about you has changed (expanded) radically.

Much of the conversation, prompted by JZ and Ben Adida, revolved around a lawyer’s problem: what happens after a subpoena arrives seeking personally identifiable information. Ira: “I agree that Data minimization is a desirable goal” from a privacy perspective. The hard question buried here is the role of technology intermediaries in retaining information that might help law enforcement v. protecting the privacy of customers.

Should Microsoft, and other companies wishing to be leaders in the security space, let people be idiots? With the “Stop Phishing Filter,” Microsoft gives you a series of choices: set the phishing filter to automatic, set it to manual, or ask me later — but not “no thanks” for this phishing filter. Is “no thanks” a choice they should offer, even if that’s a very poor choice for a user to make?

JZ is the semi-formal respondent: He keys in initially to the notion of making affirmative choices to design privacy protection into software. JZ wants an interface where a consumer could check in on the conversations going on in the background as clients connect back to servers. Or a periodic audit, where you’re prompted to go back in to check periodically on all the pinging that’s gone back and forth. He’s also keyed in on the possibilities for government surveillance in a world of software-as-service instead of products.