Categories
Join Us At:
|
Cybersecurity Bill Advances in House – But Does it Advance Privacy?Wednesday, the House Homeland Security Subcommittee on Cybersecurity passed a bill that will permit greater information sharing for cybersecurity efforts. Called the PRECISE Act, the bill as reported out of the subcommittee, will create an exception to privacy laws so that companies who hold Internet use information (like your browsing history or IP address) can share it in the name of protecting cybersecurity. This would be facilitated by a new public-private entity created to receive, process and distribute the data back out to companies and government agencies who would theoretically use it to protect their own networks. For background, Congress and the administration have made increased information sharing a cornerstone of efforts to address cybersecurity threats. They claim that current anti-trust laws and privacy laws like the Electronic Communications and Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA) don’t allow companies to share data relevant to threats from hackers, foreign governments and terrorists. But without the proper safeguards in place, there is a substantial risk that any new cybersecurity law could allow a flood of private and sensitive Internet use data to flow from corporations to the government. (We shared our concerns with the administration’s information sharing proposal with you last fall, and wrote in December to House Intelligence Committee leaders about a flawed proposal they are considering.) Although the PRECISE Act is still flawed, it satisfies two important privacy principles. First, the bill ensures that the National Security Agency (NSA) doesn’t become the head of domestic cybersecurity efforts. It is absolutely critical that private industry or a civilian government agency lead these efforts — it would be wildly inappropriate for a military agency to collect information about US citizens on US soil, and given the NSA’s history of warrantless wiretapping, even leaving that possibility open should be a non-starter. Second, the bill defines the information that companies can share specifically as the technical data necessary to understand and respond to a cyber-threat, and it requires that companies make an effort to strip out information that can be used to identify people unrelated to the threat. Other cybersecurity proposals have refused to define what can be shared or require that personal identifying information of innocent people be stripped out before the data is passed along to the government, permitting Internet use records, emails and more to be given to the government, almost without limit. Earlier this week, FBI Director Robert Mueller said that cybersecurity threats will soon eclipse terrorism as the greatest threat to America. Read that again. We now have fair warning where the government will likely turn next to expand its extraordinary electronic surveillance powers. It’s going to take some work to make sure that Congress doesn’t pass a new cyber-PATRIOT Act and we’ll be needing your help. Check back here for more info. Learn more about cybersecurity: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook.
Civil Liberties in the Digital Age: Weekly Highlights (2/3/2012) In the digital age that we live in today, we are constantly exposing our personal information online. From using cell phones and GPS devices to online shopping and sending e-mail, the things we do and say online leave behind ever-growing trails of personal information. The ACLU believes that Americans shouldn’t have to choose between using new technology and keeping control of your private information. Each week, we feature some of the most interesting news related to technology and civil liberties that we’ve spotted from the previous week. Post-IPO, Facebook will have to make privacy investigations public [ars technica] What Actually Changed in Google’s Privacy Policy [EFF] Malcolm Harris' '@destructuremal' Twitter Posts Subpoenaed By New York Court [Huffington Post] Microsoft Slams Google Privacy Changes [Information Week] Learn more about dotRights: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: tech clips
Will Congress Take Privacy Out of Your Netflix Queue? The Senate Judiciary is holding a hearing right now on a piece of legislation, H.R. 2471, that you likely haven’t heard of but will have a big impact on your Netflix account. Yes. Netflix. Sometimes even called the Netflix bill (they have claimed responsibility for pushing it), it would allow consumers to grant companies a perpetual consent for sharing video rental records, rather than requiring consumers to decide if they want to share information every time they make a purchase. While consumers would still opt into sharing, Netflix would clearly like consumers to set sharing as the default and then forget it. This change eviscerates the protections in an obscure but important privacy law, the Video Privacy Protection Act (VPPA). How did we get here? It was a privacy perfect storm: the contentious confirmation of a Supreme Court Justice, a reporter on the hunt for potentially salacious information and a new technology sweeping the country. The year was 1987 and Judge Robert Bork’s confirmation fight captivated the nation. In an effort to shape judgments about his character (and likely look for embarrassing dirt), the Washington DC City Paper obtained and published his video rental records. Outrage was swift. Senator Patrick Leahy described the disclosure of the records as “an issue that goes to the deepest yearning of all Americans that we are here and we cherish our freedom and we want our freedom. We want to be left alone.” A legislative response quickly followed and in 1988 Congress passed the VPPA. While focused on only a narrow case of records (largely video rentals and sales) the VPPA is in many ways a model statute. Strong protections against law enforcement access, careful limitations on how records can be shared or sold, a remedy for an individual to sue for violations and limits on how long records can be kept – the VPPA has it all. All of this makes the VPPA pretty problematic for companies who want Americans to live in all sharing, all the time world. Companies like Netflix would like consumers to share everything with social networking sites like Facebook. Unfortunately the result of this sharing would be to almost completely erase the protections of the VPPA since they only apply to the video provider, not 3rd parties like Facebook. But more important than specific changes, the VPPA is in many ways a model for what the ACLU believes current privacy law should look like. Today, in a way barely imaginable in 1988, we live in a world of records. Every communication online, every credit card transaction, every borrowed library book creates a record. Our travels are frequently recorded; from EZ Pass to subway fare to cell phone tracking, we leave a trail, frequently an unwilling trail. All of this information can be used in ways we did not intend. That’s why we’ve repeatedly called for updates to existing digital privacy laws like the Electronic Communications Privacy Act. H.R. 2471 takes us in the wrong direction. At a time when we need more protections for our records, it gives us less (here’s a more formal description of our concerns) and we’re hoping tomorrow’s hearing will convince the committee to scrap the bill in favor of more comprehensive, privacy protective reforms. Incidentally, some of the videos Judge Bork rented? Garden variety films such as A Day at the Races, Ruthless People and The Man Who Knew Too Much. Nothing salacious or exciting. But that’s not the point, is it? Privacy isn’t just about protecting us when we have something to hide; it’s recognition that the American default is “leave me alone”. That’s where H.R. 2471 misses the mark. If you want to ask Congress to take action on the Electronic Communications Privacy Act please click here. Learn more about consumer privacy: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: dotRights, Netflix, privacy, Robert Bork
Civil Liberties in the Digital Age: Weekly Highlights (1/27/2012) In the digital age that we live in today, we are constantly exposing our personal information online. From using cell phones and GPS devices to online shopping and sending e-mail, the things we do and say online leave behind ever-growing trails of personal information. The ACLU believes that Americans shouldn’t have to choose between using new technology and keeping control of your private information. Each week, we feature some of the most interesting news related to technology and civil liberties that we’ve spotted from the previous week. Revealed: The FBI Wants to Monitor Social Media [Mashable] Twitter may censor tweets in individual countries [SF Gate] ACLU Lens: Google's New Privacy Policy [ACLU Blog of Rights] Supreme Court Decision on GPS Tracking: A Spur to Action for Congress [ACLU Blog of Rights] Facebook Timeline Now Pushed To Everyone, Users Get A Week To Clean Up Profiles [Tech Crunch] Learn more about dotRights: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: dotRights, tech clips
Supreme Court GPS Ruling: Bringing the 4th Amendment Into the 21st Century On Monday the Supreme Court issued a landmark decision protecting privacy in the digital age. In U.S. v. Jones, a unanimous Supreme Court held that the police and FBI violated the Fourth Amendment when they attached a GPS device to Antoine Jones’s car and tracked his movements for 28 days. While the case turned on the fact that the government physically placed a GPS device on Mr. Jones’s car, the implications are far broader. A majority of the justices acknowledged that advancing technology, like cell phone tracking, gives the government unprecedented ability to collect, store, and analyze an enormous amount of information about our private lives. Monday’s decision suggests that the Court is prepared to address that intrusion into privacy. Justice Samuel Alito delved to the heart of the matter when he explained that “in the pre-computer age, the greatest protections of privacy were neither constitutional nor statutory, but practical.” The architecture of mass surveillance had not yet been constructed. A person walking down the street would barely be noticed, and there would be no permanent record of his movements. Today everything goes down on our permanent records. This is most obvious on the Internet, where every mouse click can be monitored and recorded. Every search term we type — an anxious quest for information about a newly diagnosed health problem, a nostalgic query to learn about the life of an ex-boyfriend — is lodged in the vast data warehouses of Google. One of Gmail’s big selling points is that “you will never need to delete another message.” But perhaps the most profound change is taking place not in cyberspace but in real space. The technology of surveillance is transforming our outdoor spaces so that they are just as susceptible to monitoring as the online world. Between networks of surveillance cameras, the possibility of GPS tracking, and the reality that the vast majority of Americans carry cell phones that track our every movement, there is no longer a technical barrier to mass surveillance of Americans’ movements. When this type of mass surveillance is combined with the rapid development of facial recognition technology, it may soon be possible for any law enforcement agent to identify a person and pull up a dossier of information about him, this represents a serious erosion of the privacy that Americans rightly expect and have traditionally enjoyed. As practical barriers to mass surveillance fall, legal barriers become all the more important. The Jones decision is a heartening sign that as technology advances, the Supreme Court will not allow the Fourth Amendment to fall behind. Learn more about location tracking: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: location tracking, tracked
ACLU Lens: Google's New Privacy Policy Google is following you. Yesterday evening, Google announced a new privacy policy effective March 1. The new policy is consistent across the vast majority of Google products, and it’s in English; you don’t have to speak legalese to understand it. But, the new privacy policy makes clear that Google will, for the first time, combine the personal data you share with any one of its products or sites across almost all of its products and sites (everything but Google Chrome, Google Books, and Google Wallet) in order to obtain a more comprehensive picture of you. And there’s no opting out. This comes on the heels of Google’s new Search, plus Your World, a feature combining search results from the public web with private information and photos you have shared (or that have been shared with you) through Google+ or Picasa. See? I told you Google is following you. So, what does Google’s new policy mean for you? Anytime you’re signed into your Google account, whether on a computer, tablet, or Android phone, Google collects information about you – that’s not new. But, come March, what you do on one Google-owned site will affect what content you might see on another Google-owned site. The head of Google’s privacy for product and engineering explained on Google’s blog that integrating an individual’s profiles across Google’s sites will help Google “figure[e] out what you really mean when you type in Apple, Jaguar or Pink,” provide more relevant ads, “provide reminders that you’re going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day” (thanks, Mom), and “ensure that our spelling suggestions, even for your friends’ names, are accurate.” And while it’s easy to see some of the benefits of the new policy, it’s important to keep in mind the other implications of the changes. For example, have you ever Googled something you didn’t want to tell your parents/spouse/friends/doctor about? Have you ever had a personal conversation over e-mail that you didn’t want broadcast to the world? With this new integration, your e-mail content won’t influence only what ads you see in Gmail, and your search terms won’t influence just what ads you see when you’re searching. As of March 1, your e-mail content and search terms could influence ads you see on any Google site. So, imagine watching a YouTube video with friends or family and suddenly having an ad based on what you assumed was a private e-mail conversation or a personal Google search appear. Yikes! And short of signing out of your Google account, there is no opting out. What’s more, this data aggregation is not just about what ads you see, but as ACLU of Massachusetts describes, it creates an even larger treasure chest of personal information ripe for government picking. And what about anonymity? Google is planning to “replace past names associated with your Google Account so that you are represented consistently across all our services.” But, what if you deliberately keep different names on your various accounts? What if, for instance, you want your e-mail address associated with your legal name, but would prefer for your YouTube account not to tie directly to you? Unfortunately, Google’s new integration policy will make it very difficult, if not impossible, to do so. Don’t like the sound of that? Demand Your dotRights and tell Google. In the News:
Learn more about dotRights: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: dotRights, Google, online privacy, privacy
Supreme Court Decision on GPS Tracking: A Spur to Action for Congress As we told you earlier, the Supreme Court ruled yesterday in U.S. v Jones that the government violated the Fourth Amendment when it used a GPS device to track a suspect’s location for 28 days without a valid warrant. It is fantastic privacy decision from the Court, and we’re hoping it also leads to some fantastic privacy decisions by Congress. The law must catch up with new technology; ask Congress to support the GPS Act now! We’ll have more on the decision itself soon, but for the purpose of political analysis here are the facts you need to understand. The actual majority ruling rests on relatively narrow grounds, but a majority of the justices (in two concurrences) recognize that the long term monitoring of each and every single movement made by a person (in this case it was a month), no matter what technology is used, impinges on an individual’s reasonable expectation of privacy. In a concurrence written by Justice Samuel Alito, four justices go further and state unequivocally that use of a GPS device of this type is a search and should receive the full protection of the Fourth Amendment. Justice Alito’s concurrence then urges legislators to properly address location privacy issues: In circumstances involving dramatic technological change, the best solution to privacy concerns may be legislative. … A legislative body is well situated to gauge changing public attitudes, to draw detailed lines, and to balance privacy and public safety in a comprehensive way. Justice Alito also notes that after a previous major Fourth Amendment case on wiretapping, “Congress did not leave it to the courts to develop a body of Fourth Amendment case law governing that complex subject. Instead, Congress promptly enacted a comprehensive statute”. In sum, the Court has given Congress a good, strong push. They have clearly indicated that the Fourth Amendment is implicated and that there are countless technical and legal questions related to location tracking that lawmakers need to answer. They have also created strong encouragement for prosecutors (long the biggest bar to strong privacy protections) to make a deal. The Jones decision creates substantial uncertainty for prosecutors about when they need a warrant – something they will certainly want Congress to resolve. Given this case it is hard to imagine a careful prosecutor authorizing any type of location tracking (using either GPS or cell phone information) without probable cause under the Fourth Amendment. Now it’s incumbent upon lawmakers to seize the initiative and resolve unanswered questions in the most privacy protective manner. A great way to do that is to support the GPS Act. This legislation, which has bipartisan support in both the House and the Senate, would require full warrant protection for all types of location tracking. If you want to show your support for the GPS Act, please take action now! Learn more about location tracking: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: location tracking, tracked
Supreme Court Rules Government Violated Privacy Rights in GPS Tracking Case In a major victory for privacy, today in U.S. v. Jones the Supreme Court unanimously held that, “The Government’s attachment of the GPS device to the vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a search under the Fourth Amendment.” The Court found that the government violated the Fourth Amendment, which protects American from unreasonable searches, when it placed a GPS device to Antoine Jones’s car and tracked his movements continuously for a month. This case is particularly significant because it is the first time the Supreme Court has had to consider the constitutionality of location-tracking technology. While this case is specifically about whether police need a warrant to put a GPS tracking device on a person’s car, it is the closest the Court is likely to come anytime soon to addressing location tracking, and the decision could influence the law on cell phone tracking. The ACLU filed a friend-of-the-court brief urging the Court to find that the wealth of personal details gleaned from the 24/7 surveillance of GPS tracking rises to the level of private information that is covered by the Fourth Amendment. We’re very pleased to hear the Court recognized that 24-7 GPS tracking is so intrusive and should be prohibited under the Bill of Rights except when authorized by a court based on probable cause to believe that criminal activity is afoot. To help ensure that the Supreme Court’s decision is enforced, contact Congress today and ask them to support pending bill that would protect Americans’ cell phone location data from being obtained by law enforcement without a warrant. Stay tuned for more analysis of this important decision this week! Learn more about GPS tracking: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: GPS, location tracking, tracked
SOPA and PIPA Votes Delayed Indefinitely Following an action-filled week on Capitol Hill, votes on two anti-piracy bills in the House and Senate have been delayed indefinitely until there is wider agreement in Congress about the legislation. Rep. Lamar Smith (R-TX), sponsor of the Stop Online Piracy Act (SOPA) just announced that “all consideration” of the bill would be halted “until there is wider agreement on a solution.” An hour earlier, Senate Majority Leader Harry Reid (D-Nev.) announced a vote on SOPA’s sister bill in the Senate, the Protect IP Act (PIPA), would be postponed as well, stating that “there is no reason that the legitimate issues raised by many about this bill cannot be resolved.” In an attempt to crack down on piracy online, these bills could potentially result in the takedown of large amounts of non-infringing, First-Amendment-protected content from the Internet, without even giving notice to the owners and producers of that lawful content. To show opposition to the overbroad legislation, earlier this week thousands of websites went dark to protest the proposed legislation. We’re pleased to hear that opposing parties in Congress want to take more time to come up with a solution that addresses the concerns voiced all across the country, and seen all across the Internet this week. We believe that Congress can find a solution to end piracy, without harming free speech online. Contact your Member of Congress today to let them know that you want them to protect the open Internet. Learn more about free speech online: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook.
The Internet Goes Dark Yesterday’s Internet blackout of major websites like Wikipedia, Reddit and even the ACLU’s own Northern California affiliate certainly made waves. These tech advocates united to dim their websites in order to protest and bring attention to the anti-piracy legislation pending in the House and Senate. Though we did not dim our own website, we stood in support of those websites that did and encouraged people to contact their Member of Congress to urge them to fix these flawed pieces of legislation, and in response to our call tens of thousands of you have already taken action. If you haven’t acted yet, tell Congress that the bills need to be fixed so they don’t restrict access to wholly lawful non-infringing content in the course of getting rid of infringing content. While the protest was originally sparked by the Stop Online Piracy Act (SOPA) in the House, it was its sister bill in the Senate, the PROTECT IP Act (PIPA), that seemed to garner the most attention. PIPA was introduced by Sen. Patrick Leahy (D-Vt.) in May 2011, but Sen. Ron Wyden (D-Ore.) has had a hold on the bill since it was voted out of the Senate Judiciary Committee in July. Despite the volume of protest, Senate Majority Leader Harry Reid (D-Nev.) has promised to go through with a cloture vote, scheduled for January 24th. After yesterday’s protest, it seems like PIPA is losing its steam. As the protest continued to gain momentum, Senators began pulling their sponsorship of the bill. As of this afternoon, twenty six senators have withdrawn their support, including former cosponsors Sens. Kelly Ayotte (R-N.H.), Ben Cardin (D-Md.), Orrin Hatch (R-Utah), Marco Rubio (R-Fla.), Roy Blunt (R-Mo.), and John Boozman (R-Ark.). While he has not withdrawn his sponsorship, Sen. Chuck Grassley (R-Iowa) has said that he does not support the bill in its current form and he believes improvements can be made. We applaud these senators for stepping forward and encouraging a delay on these bills in order to fine tune the anti-piracy language. Any legislation to reduce online infringement must also protect the First Amendment rights of online content producers and Internet users to post and/or access lawful non-infringing content. We urge those of you concerned about these bills to seize this moment and keep the pressure on your Members of Congress to fix these bills. To hear more about the ACLU’s position on SOPA and PIPA, you can watch this short Agence France-Press clip with the ACLU’s First Amendment Counsel, Michael Macleod-Ball here. Learn more about SOPA and PIPA: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook. Tags: Ben Cardin, Chuck Grassley, John Boozman, Kelly Ayotte, Marco Rubio, Orrin Hatch, Patrick Leahy, Protect IP Act, Ron Wyden, Roy Blunt, Stop Online Piracy Act |
|
|
© ACLU, 125 Broad Street, 18th Floor New York, NY 10004 |
