Oct 072009
 

Cindy Cohn of EFF writes:

Today EFF along with the ACLU and the privacy authors and publishers they represent, the American Library Association, the Association of Research Libraries and the Association of College and Research Libraries, CDT, EPIC, SFLC, Professor James Grimmelman sent a joint letter to Google urging it to include privacy protections along with its reconsidered Google Book Search Settlement.

The Court considering the Google Book Search case granted the parties more time to renegotiate the settlement. The Court had received approximately 435 submissions about the settlement by both class members and amici. The American Library Association did a helpful analysis that estimates that 390 of the submissions object to the settlement and another 8 submissions support the settlement but with significant reservations. Shortly thereafter, the Department of Justice weighed in with serious reservations as well, leading the plaintiffs to seek the extension. The Court will still meet with the parties for a status conference on October 7.

Read more on EFF.

Sep 232009
 

From EPIC.org:

In a letter to the Chief Privacy Officer of the Department of Homeland Security, EPIC asked when the annual privacy report will be made available. The Department is required by law to provide an annual report “on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.” The last privacy report was published in July 2008. EPIC has previously sent similar letters to the Department, reminding the agency of its legal obligation to inform the public about its activities.

Computerworld has additional background.

Sep 052009
 

Cindy Cohn of EFF has a commentary on Google’s new privacy policy for Google Books that suggests that the new policy is better, but not sufficient. Cohen writes:

Late yesterday afternoon, September 3, 2009, Google finally issued a privacy policy for Google Books, both the current service and the extensive new book-related services they hope to have a federal court approve in October.

While there are some good things in the policy — many that EFF and its coalition partners the ACLU of Northern California and the Samuelson Clinic at Berkeley Law School have long been urging Google to do — it is still falls well short of the privacy protections that readers need, both substantively and in whether it will be permanent and readily enforceable by readers. Our coalition on behalf of authors and publishers seeking to protect reader privacy will still be filing an Objection to the Settlement in Court on Tuesday, September 8.

First, and most importantly, the privacy policy fails to address our core concerns about the standards for disclosure of reading habits to the government and private litigants.

[…]

Second, the privacy policy is procedurally insufficient to protect readers and authors who depend on reader privacy. While a privacy policy could be written to create enforceable promises, Google has issued a “website business as usual” privacy policy. Those policies can be changed at any time and may be unenforceable by readers whose privacy has been violated.

[…]

Third, Google also failed to include many other items in the list of privacy demands we published in July…

[…]

Read the full EFF analysis and commentary  here.

In related developments, Ryan Singel of Epicenter reports that:

A key privacy group is seeking to intervene in the ongoing copyright lawsuit over Google’s plan to build the library and bookstore of the future, arguing that reader privacy is at risk no matter how much Google promises to have a good privacy policy.

EPIC, or the Electronic Privacy Information Center, asked federal court judge Denny Chin on Friday to allow it to formally intervene on behalf of readers’ privacy interests in the suit pitting Google against the Authors Guild and the Association of American Publishers.

For a European privacy-centric perspective, see the commentary by Open Rights Group.

And Michael Zimmer has more on the objections of academic authors to the proposed court settlement.

Aug 132009
 

In response to an EPIC Freedom of Information Act Request, the Government Services Administration released several contracts between the federal government and web 2.0 companies, including agreements with Blip.tv, Blist, Google (YouTube), Yahoo (Flickr), and MySpace. EPIC also obtained amendments to agreements with Facebook, Slideshare.net, Vimeo.com, and AddThis.com. The contracts do not address the privacy obligations of social media companies. The GSA letter to EPIC explained that “no specific Web 2.0 guidance currently exists,” but provided EPIC with Training Slides that raise privacy issues. The GSA Agreement with Google actually states that, “to the extent any rules or guidelines exist prohibiting the use of persistent cookies in connection with Provider Content applies to Google, Provider expressly waives those rules or guidelines as they may apply to Google.” Some of the agreements also permit companies to track users of government web sites for advertising purposes.

Source: EPIC.org

Aug 112009
 

Today, EFF and the Center for Democracy and Technology submitted comments to the Office of Management and Budget in response to the agency’s review of the policies governing the federal government’s use of cookies and other web technologies.

The comments are an extension of recommendations we made in May, in which we suggested that the OMB permit cookie-based web analytics so long as the process was carefully overseen and met with specific strict safeguards. Today, we’ve expanded our recommendations to include the use of cookies for creating individualized web account logins and other common web practices that we understand government webmasters would like to be able to use. Overall, we continue to urge the government to limit the use of any data collected, to eliminate this data as soon as possible, and to seek third-party oversight.

Read more on EFF (The Electronic Frontier Foundation).

Related: EPIC submitted comments to the Office of Management and Budget recommending that the existing ban on the use of cookies at federal government websites be maintained.

Aug 112009
 

The Obama administration is proposing to scale back a long-standing ban on tracking how people use government Internet sites with “cookies” and other technologies, raising alarms among privacy groups.

A two-week public comment period ended Monday on a proposal by the White House Office of Management and Budget to end a ban on federal Internet sites using such technologies and replace it with other privacy safeguards. The current prohibition, in place since 2000, can be waived if an agency head cites a “compelling need.”

[…]

Two prominent technology policy advocacy groups, the Electronic Privacy Information Center and Electronic Frontier Foundation, cited the terms of a Feb. 19 contract with Google, in which a unnamed federal agency explicitly carved out an exemption from the ban so that the agency could use Google’s YouTube video player.

The terms of the contract, negotiated through the General Services Administration, “expressly waives those rules or guidelines as they may apply to Google.” The contract was obtained by EPIC through a Freedom of Information Act request.

“Our primary concern is that the GSA has failed to protect the privacy rights of U.S. citizens,” EPIC Executive Director Marc Rotenberg said. “The expectation is they should be complying with the government regulations, not that the government should change its regulations to accommodate these companies.”

Read more in The Washington Post.

Jul 062009
 

In a ruling that could fuel debate about online privacy, a federal judge in Seattle has held that IP addresses are not personal information.

“In order for ‘personally identifiable information’ to be personally identifiable, it must identify a person. But an IP address identifies a computer,” U.S. District Court Judge Richard Jones said in a written decision.

Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software.

[…]

Marc Rotenberg, executive director of the Electronic Privacy Information Center, criticizes the Microsoft ruling as “a silly decision.” “The judge didn’t understand the significance of the IP address or the reason that it was collected,” he says.

Rotenberg adds that the judge prematurely dismissed the case, arguing that more facts were needed to determine whether IP addresses were personally identifiable.

Read more on MediaPost Publications.