The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Author Archives: marieandreeweiss


by Leave a comment

Senate ‘Malvertising’ Hearing

The Permanent Subcommittee of the Senate Committee on Homeland Security & Governmental Affairs held a hearing last week on the findings of its ‘Online Advertising and Hidden Hazards to Consumer Security and Data Privacy’ report.
In his introductory remark, Senator John McCain (R-AZ) noted that online advertising is now more profitable than broadcast television advertising. Indeed online advertising revenue was $42.8 billion in 2013, almost $3 billion more than television advertising.

At the same time, ‘malvertising’ increased over 200 % in 2013 to over 209,000 incidents generating over 12.4 billion malicious ad impressions (Testimony of Craig D. Spiezle Executive Director & Founder of Online Trust Alliance).

Online advertisements may be used as a vehicle to install malicious software on users’ computers. The software then steal personal information or attack other computers, most of the time without the user even knowing that his computer has been infected.

Online advertisements is a serious security threat for consumers, yet most consumers are not aware of this issue. During the questions sessions, Mr. Spiezle noted that that issue has been kept quiet from several years. Senator McCaskill (D-MI) reminded panelists that online advertising is the backbone of the Internet economy, yet consumers have not been sufficiently informed that their data is what fuels this economy. Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection at the FTC, stated that the FTC informs consumers about online privacy on its OnGuard online site.

Who is Responsible?

What should be the responsibility of online advertising companies such as Google and Yahoo! ? Senator McCain believes that they “have a responsibility to help protect consumers from the potentially harmful effects of the advertisements they deliver.” They do not directly control the advertisements however, and as many as five or six companies can be involved in the process of publishing an ad, which makes finding which companies are responsible for having let the malware being installed quite difficult.

Also, Senator McCain noted that “commercial actors have limited incentives to develop and institute security measures for fear of becoming the liable party if something goes wrong.” However, the representatives of Google and Yahoo! emphasized that their companies have an incentive to fight malvertising in order to retain their customers’ trust.
Senator McCain asked Alex Stamos, Chief Information Security Officer at Yahoo!, if the site was responsible for malware, to which Mr. Stamos answered that Yahoo! takes responsibility for its users’ safety. Pushing further, Senator McCain then asked Mr. Stamos if Yahoo! would reimburse a user whose bank account has been depleted through a malware encountered on a Yahoo! site, but Mr. Stamos did not believe that Yahoo! has such responsibility.

Possible Solutions

George F. Salem, Senior Product Manager at Google, testified that his company has a two-pronged approach to fighting malware: preventing users from even visiting sites invested with malware and disabling ads which have malware. He also noted that consumers should be careful about downloads, always use the latest version of their browser and also install up-to-date antivirus software, a view shared by Ms. Mithal.

Senator Mc Cain also noted that “another problem in the current online advertising industry is the lack of meaningful standards for security” and expressed frustration that Google and Yahoo!, similar companies as they are, could not have the same best practice standards and implement them the same way, as they face the same problems.

Senator Mc Cain asked Ms. Mithal what could be the solutions to malvertising. She answered that increasing consumer education, having more robust industry self-regulations and also more enforcement would be key. Indeed, the FTC has already brought some enforcement actions against companies involved in online advertising for deceptive practices. Ms. Mithal stressed that there should be enforcement against the purveyor of malware but also against third parties which let the purveyor go by.

What’s Next?

Several online advertising companies, including Google and Yahoo, announced a new initiative called Trust in Ads that has as its goal the protection of consumers from malicious online advertisements and deceptive practices.

New legislation may be ahead. Senator Mc Cain asked Ms. Mithal if the FTC would need additional tools to protect consumer’s online privacy and Ms. Mithal mentioned that the FTC has advocated in the past to be given the authority to fine companies that do not maintain reasonable security practices. In her written testimony, Ms. Mithal wrote that the FTC “continues to reiterate its longstanding, bipartisan call for enactment of a strong federal data security and breach notification law.”

Advertisements


by Leave a comment

Google ‘Glasstiquette’ and Other Google Glass Issues

I was sitting at an airport café a few weeks ago, and witnessed a group of friends having fun, speaking and laughing together around a table. Next to them was a middle-aged business man wearing Google Glass.

One of the members of the group spotted the glasses, and started a conversation with their wearer. The business man obliged, saying he liked them very much, and then said: Oh, and by the way, I just took a picture of you!

The mood of the group subtly changed. They politely ended the conversation and then, very slowly, as not to be rude, all turned their back to the business man.

I had just witnessed a Google Glass breach of etiquette, and for what is worth, it did not seem that the culprit was unaware of it.

Etiquette for a Wearable Computers World

Do we need new rules to live in a society where the person next from us on line at the supermarket counter, or worse, behind us at the pharmacy while we pick up drugs, may be able to take a photograph of us, or to film us, without us even noticing it?

Google itself seems to believe we do,  as it recently released a guide for ‘Google Glass Explorers,’ people who have been given the opportunity to test Google Glass, which are still not available for sale.

Well, it seems that the business man I witnessed at the airport broke one of the Do’s of the guide: ‘Ask for permission.’ While this seems just common sense if one if taking a photograph, how could we possibly ask for permission to film a crowd? Should we ask every single person for permission?

Google Glass and Law Enforcement

Knowing the answer to this question may be a matter of personal safety. A woman claimed this week that she was attacked and robbed in a bar at San Francisco while wearing Google Glass, and, according to her, it was because she was wearing Google Glass.

It seems that she was later able to retrieve her Google Glass. Interestingly, its camera had apparently recorded the incident, showing a man ripping the glasses off her face. Could the recoding be used as evidence?

Indeed, Google Glass may be used by law enforcement officials in the near future. New York’s finest, the NY Police Department, is experimenting with two pairs of Google Glass, to find out whether they could be used for police work. That could raise some interesting fourth amendment issues.

On the other hand, Google Glass may become the pet peeve of police officers in charge of enforcing road security.

A woman got a ticket in San Diego last October, for speeding, but also for wearing Google Glass, as 27602(a) of the California Vehicle Code forbids driving a motor vehicle if “a television receiver, a video monitor, or a television or video screen, or any other similar means of visually displaying a television broadcast or video signal that produces entertainment or business applications, is operating and is located in the motor vehicle at a point forward of the back of the driver’s seat, or is operating and the monitor, screen, or display is visible to the driver while driving the motor vehicle.”

The case was later dismissed, as the judge did not find enough evidence to prove beyond a reasonable doubt that Google Glass was switched on while its wearer was driving.

Is it safe for car drivers to wear Google Glass while driving? It may be banned soon by legislators, just as texting and using a telephone while driving is forbidden in most states. Some states, such as Illinois, have already introduced bills to that effect. It remains to be seen if they will be enacted; Reuters reported this week that Google is lobbying to stop these bills from becoming law.

Facial Recognition and Google Glass

Even though Google has not (yet) developed a facial recognition app for Google Glass, another company, NameTag has done so. It would allow Google Glass wearers to pick a suitable date among a crowd of strangers, by scanning social media information of people around them. That triggered concerns from Senator Al Franken (D-Minnesota), who sent a letter on February 5th to the President of NameTag, expressing his “deep concerns” about the new app  and urging him to delay its launch “until best practices for facial recognition technology are established.”

It is not the first time legislators are expressing concerns over the privacy issues involved in Google Glass, and it probably won’t be the last.  


by Leave a comment

Washington State May Soon Regulate Personal Information Collection by Drones

Two Washington State bills are addressing the issue of government surveillance using drones, and the potential negative impact this could have on privacy.

The first bill, HB 1771, is a bi-partisan bill sponsored by Rep. David Taylor, R-Moxee, which was   introduced last year. It calls drones a “public unmanned aircraft system.”

HB 2789, is also sponsored by Rep. David Taylor. It calls drones “extraordinary sensing devices” and its Section 3(1) would have government use of drones “conducted in a transparent manner that is open to public scrutiny.”

Calling drones “devices” instead of “aircraft” has significance for a State famous for its aeronautic industry.  Indeed, while HB 1771 passed the House last week, HB 2789 stills lingers in Committee.

A Very Broad Definition of Personal Information

HB 2789 and HB 1771 both define what is “personal information” quite broadly, as it would not only encompass a social security or an I.D. number, but also “medical history, ancestry, religion, political ideology, or criminal or employment record.

Interestingly, it would also encompass information that can be “a basis for inferring personal characteristics” such as “the record of the person’s presence, registration, or membership in an organization or activity, or admission to an institution” or even, “things done by or to such person,” a definition that is so broad that it may encompass just about anything that ever happens to an individual. This definition recognizes that drone surveillance allows for a 24/7 surveillance society.

Personal information also means IP and trade secret information.

Illegal Collection of Data by Drones Must be “Minimized”

Under section 4 of HB 2789, disclosure of personal information acquired by a drone must be conducted in a way that minimizes unauthorized collection and disclosure of personal information. It reprises the words of Section 5 of HB 1771, only replacing ‘public unmanned aircraft by ‘extraordinary sensing device.’

I am not sure that I interpreted section 4 correctly, so here is the full text:

All operations of an extraordinary sensing device or disclosure of personal information about any person acquired through the operation of an extraordinary sensing device must be conducted in such a way as to minimize the collection and disclosure of personal information not authorized under this chapter.

So the standard it not complete avoidance of unauthorized collection of personal information, but instead minimization of illegal collection. The wording may reflect the understanding of the legislature that, because of the amazing volume of data that may potentially be collected by drones, including “things done by or to such person,” it would be unrealistic to set a standard of complete avoidance of data collection.

Maybe this ”minimizing” standard set by HB 1771 and HB 2789 is a glimpse of the standards for future data protection law…

Warrant Needed to Collect Personal Information by Drones

Under Section 5 of HB 2789, a drone could to collect personal information pursuant to a search warrant, which could not exceed a period of ten days.

The standard to obtain a warrant under Section5 (3)(c) of HB 2789 and Section 6 (2) (c ) of HB 1771would be “specific and articulable facts demonstrating probable cause to believe that there has been, is, or will be criminal activity

Under Section 5 (3)(d) of HB 2789, a petition for a search warrant would also have to include a statement that “other methods of data collection have been investigated and found to be either cost prohibitive or pose an unacceptable safety risk to a law enforcement officer or to the public. ”

So drones should be, at least for now, still considered an extraordinary method to be used in criminal investigations.  Such statement would not be necessary though under HB 1771.

Warrant could not exceed ten days under Section 5(5) of HB 2789, but could not exceed 48 hours under section 6(4)HB 1771, and thus HB 1771 would be much more protective for civil liberties. However, as we saw, it is unlikely that HB 1771 will ever be enacted into law.

Warrant Not Needed in Case of an Emergency

Both bills would authorize some warrantless use of drones.

However, under Section 7 of HB 2789 a warrant would not be needed if a law enforcement officer “reasonably determines that an emergency situation exists [involving] criminal activity and presents immediate danger of death or serious physical injury to any person,” and that the use of a drone is thus necessary.

Under Section 8 of HB 1771, it would only be necessary for the law enforcement officer to “reasonably determine that an emergency situation exists that involves immediate danger of death or serious physical injury to any person” which would require the use of drone, without requiring a pre-determination of criminal activity.

But even if an emergency situation does not involve criminal activity, section 8 of HB 2789 allows for the use of drones without a warrant if there is “immediate danger of death or serious physical injury to any person,” which would require the use of drones in order “to reduce the danger of death or serious physical injury.”

However, such use would only be authorized if it could be reasonably determined that such use of drones “does not intend to collect personal information and is unlikely to accidentally collect personal information,” and also that such use is not done “for purposes of regulatory enforcement.“

Both bills require that an application for a warrant be made within 48 hours after the warrantless use of a drone.

Fruits of the Poisonous Drone

Under section 10 of HB 2789 and section 10 of HB 1771, no personal information acquired illegally by a drone nor any evidence derived from it could be used as evidence in a court of law or by state authorities.

Handling Personal Information Lawfully Collected

Even if personal information has been lawfully collected by drones, such information may not be copied or disclosed for any other purpose than the one for which it has been collected, “unless there is probable cause that the personal information is evidence of criminal activity.”

If there is no such evidence, the information must be deleted within 30 days if the information was collected pursuant to a warrant and 10 days if was incidentally collected under section 11 of HB 2789, but would have to be deleted within 24 hours under section 11 of HB 1771.

Drone regulation is a new legal issue, but Washington  would not be the first State to regulate it. Many other States have introduced similar proposals, often not successfully however. But Florida, Idaho, Illinois, Montana, Oregon, Tennessee, Texas and Virginia have all enacted laws regulating the use of drones for surveillance purposes and North Carolina has enacted a two-year moratorium. It remains to be seen if and when federal legislation will be enacted.


by 1 Comment

Warrant Needed In Massachusetts to Obtain Cell Phone Records

The Massachusetts Supreme Judicial Court ruled 5-2 on February 18 in Commonwealth v. Augustine that the government must first obtain a warrant supported by probable cause before obtaining two weeks worth of historical cell site location information (CSLI).

Defendant had been indicted for the 2004 murder of his former girlfriend. During the investigation, the prosecution filed for an order to obtain CSLI from the suspect’s cellular service provider, but the order was filed under 18 U.S.C. § 2703(d) of the Stored Communications Act (SCA). Under that law, the government does not need to show probable cause, but only needs to show specific and articulable facts showing “that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”

The order was granted by the Superior Court in September 2004. Defendant was indicted by a grand jury in 2011, and filed a motion to suppress evidence associated with his cell phone in November 2012.

A judge from the Superior Court granted his motion to suppress, reasoning that this was a search under article 14 of the Massachusetts Declaration of Rights – which is similar to the Fourth Amendment to the U.S. Constitution – and thus a search warrant was required.

The Commonwealth of Massachusetts appealed, arguing that the CSLI was a business record, held by a third party, and that the defendant had no expectation of privacy in this information as he had voluntarily revealed it to a third party.

This argument did not convince the Massachusetts Supreme Judicial Court, ruling instead that defendant had an expectation of privacy in the CSLI and that the prosecution therefore needed to obtain a warrant based on probable cause to obtain this information.

The Third Party Doctrine

Why did the court find that the defendant had an expectation of privacy in his CSLI, even though this information was known by a third party, his cell phone service provider?

Under the U.S. Supreme Court third party doctrine, as stated in the U.S. v. Miller 1976 case and in the 1979 Smith v. Maryland case, a defendant has no reasonable expectation of privacy in information revealed to third parties.

In Miller, the Supreme Court found that defendant has no expectation of privacy in his bank records, as they were “business records of the banks.” Similarly, in Smith v. Maryland, the Supreme Court held that installing and using a telephone pen register was not a “search” under the Fourth Amendment, and thus no warrant was required, because the defendant had no expectation of privacy in the phone numbers he had dialed.

First, the Massachusetts Supreme Judicial Court recognized article 14 of the Massachusetts Declaration of Rights affords more protection than the Fourth Amendment to the U.S. Constitution.

 

Then, the Supreme Judicial Court distinguished Miller and Smith from the case, finding “significant difference” between these two cases and the case at stake. The Court noted that “the digital age has altered dramatically the societal landscape from the 1970’s.

In Smith, the defendant had taken an affirmative step when dialing the numbers which had been communicated to the prosecution by the telephone company. He had to do it in order to be able to use his telephone service. As such, Smith had “identified] a discrete item of information…like a telephone number (or a check or deposit slip as in Miller) and then transmit it to the provider.”

But cell phone users do not transmit their data to their cell phone company in order to use the service. Instead, “CSLI is purely a function and product of cellular telephone technology, created by the provider’s system network.”

The court also noted that, while using a landline may only indicate that a particular party is at home, CSLI provides a detailed report of an individual’s whereabouts. The Massachusetts court quoted the State v. Earls case from the New Jersey Supreme Court, which stated that using a cell phone to determine the location of its owner “is akin to using a tracking device and can function as a substitute for 24/7 surveillance.”

As CSLI is business information “substantively different from the types of information and records contemplated by Smith and Miller,” the court concluded that it “would be inappropriate to apply the third-party doctrine to CSLI.” However, the court added that they saw “no reason to change [their] view thatthe third-party doctrine applies to traditional telephone records.”

Obtaining CSLI from a Cell Phone Provider is a Search and Thus Requires a Warrant

The court then proceeded to answer the question of whether the government needed a warrant to access the CSLI.

As CSLI informs law enforcement about the whereabouts of an individual, the Massachusetts Supreme Judicial Court compared it to electronic monitoring devices such as a GPS. It noted that “it is only when such tracking takes place over extended periods of time that the cumulative nature of the information collected implicates a privacy interest on the part of the individual who is the target of the tracking,” quoting the Supreme Court U.S. v. Jones case, where Justice Sotomayor and Justice Alito both noted in their concurring opinions that the length of a GPS surveillance is relevant to determine whether or not the individual monitored has or does not have an expectation of privacy.

The Massachusetts Supreme Judicial Court found relevant the duration of the period of time for which historical CSLI was sought by the government. The government may only obtain historical CSLI, meeting the SCA standard of specific and articulable facts, if the time period is “too brief to implicate the person’s reasonable privacy interest,” but the two-week period covered in this case exceeds it.

The court’s ruling was about article 14 of the Massachusetts Declaration of Rights. The Supreme Court has not yet considered the issue of whether obtaining CSLI is a search under the Fourth Amendment. Since courts are split on this issue, it is likely that the Supreme Court will answer the question of whether a warrant is required to obtain cell phone location records quite soon. 


by Leave a comment

More International Reactions to the US Massive Intelligence Collection

The revelation of the large-scale US intelligence collection program continues to bring about international reactions.  

United Nations

The Third Committee of the United Nations (Social, Humanitarian and Cultural) approved on November 26 a draft resolution on “The right to privacy in the digital age.” The draft will now advance to General Assembly voting.

 The General Assembly would call upon Member States to respect the right to privacy and to take measures to prevent its violation. They also would have to “review their procedures, practices and legislation regarding the surveillance of communications, their interception and collection of personal data, including mass surveillance, interception and collection, with a view to upholding the right to privacy by ensuring the full and effective implementation of all their obligations under international human rights law.

The General Assembly would also request the United Nations High Commissioner for Human Rights to write a report on the right to privacy in the context of domestic and extraterritorial surveillance and/or interception of digital communications and collection of personal data, including on a mass scale.

European Union Commission

In the European Union, the EU Commission published today a communication on “Rebuilding Trust in EU-US Data Flows.” The Commission noted that “the standard of protection of personal data must be addressed in its proper context, without affecting other dimensions of EU-US relations.”

This is why data protection standards will not be negotiated within the Transatlantic Trade and Investment Partnership (TTIP).

The Commission noted in the introduction that trust in the US/EU “has been negatively affected and needs to be restored” and that “[m]ass surveillance of private communication, be it of citizens, enterprises or political leaders, is unacceptable.”

The communication identified six steps which should be taken to restore trust in transatlantic data transfers:

Implement the EU Data Protection Reform

The proposed regulation has a wide territorial scope since companies not established in the EU would have to apply it if they offer goods and services to European consumers or monitor their behavior.

The regulation would also provide” clear rules on the obligations and liabilities of data processors such as cloud providers.” Surveillance programs affect data stored in the cloud, and companies providing cloud services asked to provide personal data to foreign authorities would not be able “to escape their responsibility” by arguing that they are mere data processors, not data controllers.

Making the Safe Harbor Safe

The Safe Harbor scheme has several weaknesses and that leads to some competitive disadvantages. For instance, some self-certified Safe Harbor members do not comply with its principles in practice. Also, some countries may decide to cease altogether data transfer on the basis of Safe Harbor.

Therefore,” the current implementation of Safe Harbor cannot be maintained.”However, it should be strengthened, not canceled.

The scheme would be more effective if certified companies would have more transparent privacy policies  and also if affordable dispute resolution mechanisms would be available to EU citizens.

Strengthening Data Protection Safeguards in the Law Enforcement Area

The current negotiations between the US and the EU on an “umbrella agreement” for transfers and processing of data in the context of police and judicial cooperation must be concluded quickly.

Using the existing Mutual Legal Assistance and Sectoral Agreements to Obtain Data

The Commission expressed hope that the US would commit that personal data held by private companies located in the EU will not be directly accessed and transferred to US law enforcement authorities outside of formal channels of cooperation, such as the Passenger Name Records Agreement and Terrorist Financing Tracking Program.

Addressing European Concerns in the On-Going U.S. Reform Process

President Obama has announced a review of U.S. national security authorities’ activities. This process should also benefit EU citizens by providing an opportunity to address the EU concerns about US intelligence collection programs.

Safeguards available to US citizens should be extended to EU citizens not resident in the US, and transparency should be increased and there should be better and stronger oversight.

Promoting Privacy Standards Internationally

The U.S. should accede to the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the “Convention 108”, which is open to countries which are not member of the Council of Europe. The US has already acceded to the 2001 Convention on Cybercrime.

The press release about this communication is available here.


by Leave a comment

ACS Panel: is it Possible for the Constitution to Keep Pace with New Technologies?

On November 21, the American Constitution Society (ACS) presented a panel on ‘The Constitution and Privacy in a Time of Innovation.’ The participants were Stephen Vladeck of American University, Chris Calabrese of the ACLU, James Grimmelman of the University of Maryland, and Orin Kerr of The George Washington University, and the moderator was Dahlia Lithwick of Slate. The video of the panel is here.

The ACS asked the question: is it possible for the Constitution to keep pace with new technologies? The question could not have been more topical, as the panel took place just a day after it was revealed that the government has been collecting Internet metadata for many years.

Orin Kerr started by reminding the audience that the Fourth Amendment was originally applied to breaking into homes, arresting people and seizing in the physical world. However, the Fourth Amendment also addressed new issues over the years.

Professor Kerr noted that “every age is an age of innovation.” In the 20’s, the issue was how the Fourth Amendment would apply to automobiles and telephones, in the 60’s, how it would apply to phone booths, and in the 80’s, how it would apply to aerial surveillance. Today, the issues are DNA, email and GPS devices. Professor Kerr believes that we’ll see more cases similar to the 2012 U.S. v. Jones GPS case in the future.

Chris Calabrese regretted that the Supreme Court has dodged the issue of the records about each of us, not the content of our messages, but the metadata. This is “envelope information” such as who we call and when. Mr. Calebrese gave the example of an individual calling a suicide hot line:  this would be a very sensitive piece of information. However, the Supreme Court  still follows the third party doctrine, as  stated in Smith v. Maryland:  if you share info with a third party, it is no longer protected by the Fourth Amendment.

U.S. v. Jones is the first case where the Supreme Court addressed a form of metadata, location information. Mr. Calabrese stated that as “we live in a world of records,” where we constantly create records, it is thus essential to know who owns these records and how they are accessed. These are issues that both the Supreme Court and Congress must address. 

James Grimmelman reminded the audience that some third parties holding our information now actively engage in information gathering, unlike telephone companies which play a somewhat passive role. He gave Facebook as an example of a company actively trying to maximize information to gain advertising revenue and fuel activities on its site. To do so, it gives incentives to users to share information.

Professor Grimmelman pointed out that Facebook is aware that users are concerned about how their information is being shared with the government, which may chill their willingness to share information on Facebook. Mr. Calabrese later said that, according to a survey, the public dislikes corporate collection of data even more than government collection of data, as they perceive the government as giving them at least something  back.

Professor Grimmelman also believes that surveillance by drones in public places will be an important issue, as the government will know and aggregate the whereabouts of individuals on a massive scale.  Mr. Calabrese noted that we appear in public, sure, but in “an impermanent way” and that would no longer be the case if our public presence is constantly recorded and analyzed. This is a pervasive intrusion on our private lives.

Stephen Vladeck addressed the issue of whether the Fourth Amendment is affected by NSA surveillance. He reminded the audience that the FISA Act functioned in a space unoccupied by the Supreme Court. FISA was extended in 2001 and in 2008, and gave the government authority to implement programs such as PRISM. What is the role of the Fourth Amendment in these surveillance issues?

Professor Kerr does not believe the Fourth Amendment has a role to play there, under the third party doctrine, but Professor Vladeck proposed to differentiate between records that we individually share with third parties, from the fairly new ability for the government to aggregate that data.

For Professor Vladeck, the Fourth Amendment can regulate surveillance, as only the government is capable of such massive surveillance. However, Professor Kerr does not believe that the Fourth Amendment protects metadata against searches, as it only protects against government invasion into one’s private space. Metadata searches should be regulated by a law, but this is not the role of the Fourth Amendment. When reading the Jones concurrence, it seems however, that the Supreme Court may soon introduce a new category of search. It could possibly cover metadata.

That may happen this term, as Professor Kerr believes the Supreme Court will tackle this term the issue of whether the police may search a cell phone incident to an arrest, and, if they can, how far they can search. That would be an opportunity for the Supreme Court to discuss once again the issue of new technologies and the Fourth Amendment.


by Leave a comment

Big Data and Privacy: Some Recent Developments

For those of you tracking the relationship between big data and privacy, some recent developments will be of interest.

Last June, Commissioner Julie Brill from the Federal Trade Commission gave a speech about Reclaim Your Name, focusing on data brokers.

Since then, as reported in The New York Times, data broker Axciom has launched a web portal, Aboutthe Data.com, which would enable consumers to access data held by Axciom and even correct it.

However, Axciom is still ironing out the wrinkles in its portal, as it seems that some users have not been able to log in.

In the meantime, Commissioner Brill will give a lecture on the issue at NYU Poly/Sloan Institute in Brooklyn on October 23. Attendance to this event will be free, and the details can be found here.