Category Archives: Law: Privacy

I used to think that Jim Dempsy was a good guy, someone who believed in protecting personal privacy.

Could I have been seriously mistaken? The evidence is pretty damning: President Bush has just nominated him to be on the Privacy and Civil Liberties Oversight Board.

There are, fortunately, three other possibilities.

First, the Privacy and Civil Liberties Oversight Board could have had all of its jurisdiction taken away, so this is a meaningless appointment. (Indeed, for a long time the Bush administration made sure that it never met.) But surely that's not it: the Board actually has more heft than it used to, thanks to amendments in H.R. 1 passed last year.

Second, the appointment could be a lame duck's petard planted under the next administration: 'Take that Obama! Not only will we burrow into the senior ranks of the bureaucracy, but we'll stack the independent oversight board with people who'll give you tsursis! Heh heh heh.' After all, the appointment won't take effect until the Senate acts, and it lasts for five years. That means basically none of anything Dempsey does while on Board will be on Bush's watch.

Or, maybe, it's one of these:

I was interviewed today for this afternoon's edition of Marketplace; of course you never know if they'll use it or not.

The topic was the strange — and to my mind wrongly decided — decision ordering massive disclosure of user YouTube video-viewing records in Viacom v. Google. For a very good explanation of most of the problems with the decision see EFF's Kurt Opsahl's discussion at Court Ruling Will Expose Viewing Habits of YouTube Users.

Based on the cursory discussion in the decision, I don't think the Judge read the Video Privacy Protection Act (aka “the Bork Bill”) right.

The decision is, if anything, worse than Opsahl says, in that the court also orders disclosure of information relating to “private” videos — videos marked for limited distribution — including the title and information about who uploaded them. While it may be the case that some of these videos are trying to share copyright protected materials under the radar, it is undoubtedly the case that many of these videos are (1) truly private and of very limited distribution and (2) the author would be identifiable from the associated information ordered to be disclosed. (The order also is opaque as to what sort of precautions if any Viacom would be required to take to prevent leakage of this data.)

There are some procedural obstacles to getting an immediate interlocutory appeal of this decision, but assuming they can be surmounted I think there's a strong chance of reversal before the 2nd Circuit.

This is only one of the first in what is sure to be a long series of fishing expeditions in the increasingly elaborate databases being created about our online behavior. It will get worse once our ISPs start tracking our every move in order, they will say, to better advertise to us. Video viewing records have the peculiar advantage of being protected by an unusually powerful statute, the so-called 'Bork Bill'. Many other records won't have that (although some will have ECPA), and that is an issue which needs urgent attention.

Ryan Singel, Secret Spy Court Repeatedly Questions FBI Wiretap Network.

Don't have time to post about this except to say that this is potentially a really big deal both for location privacy and for the use of routine pen-register orders to get much more than a phone number — if the FBI has really been doing this stuff.

This article describes important questions. We need the answers.

Although I usually couldn't care less about celebrity gossip, I was very interested to see this article (in the India Times, no less!), TomKat threaten to sue baby store over leaked shopping details.

Basically, these two celebs claim a right of privacy and a violation of their right of publicity because a store they shop at has been blabbing the details of their purchases.

I'm interested in this because back when I was writing one of the early articles about digital certificates, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 Ore. L. Rev. 49 (1996), I had a heck of a time finding relevant law on the subject of the ownership of transaction information, a problem that persisted into the writing of The Death of Privacy?, 52 STAN L. REV. 1461 (2000). I finally concluded that for ordinary transactions, where there was no special duty of confidentiality (e.g. lawyer, doctor) or celebrity with a special right of publicity, the basic rule was that customer and merchant both own the facts and can do what they wish with them.

The right of publicity claim is a narrow one: the shop can't claim endorsement by the celebrity (e.g. by using their images in an ad), but that doesn't amount to a gag order. For example, the shopkeeper can certainly brag to customers so long as s/he doesn't imply or claim an endorsment.

But the privacy claim? Absent either a contractual or legal duty, it's just not there. Maybe it should be, but that will take a change in the law.

Via RB: CCTV, Get Out Clause and iMovie,

What’s a band to do if it hasn’t got the cash to make its own music video and lives in a country with extremely high levels of CCTV? Well, Get Out Clause used state CCTV cameras and their rights to access information to create this clip,

Unable to afford to make their own music video the band set up and performed their music in front of 80 of the 1,300 CCTV cameras used by British state security – one camera was even on a bus…

Now comes the good part: the band used the UK Data Protection Act – that’s the UK equivalent of US reader’s access to information laws – to request all the footage the state collected of them…

And then they turned the footage into a music video.

(The song is ok, but not as inventive as their social engineering.)