Jun 302014
 
 June 30, 2014  Posted by  Court, Surveillance, U.S.

Susan Landau focuses on what the Supreme Court’s opinion in Riley didn’t discuss:

Riley has no discussion regarding expectation of privacy, the two-part test based on whether an individual has sought to keep certain information private and whether society views the individual’s expectation of privacy as reasonable. Expectation of privacy underlies decisions in such cases as United States v. Miller and Smith v. Maryland. In Riley, much of the information on the cell phone might have been held by third parties in the “cloud,” but the justices did not focus on that issue.

Read more on Lawfare Blog

Jun 302014
 
 June 30, 2014  Posted by  Breaches, Business, Featured News, Govt, Online, U.S.

From the FTC:

The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.

Read their annual report, which provides examples of different types of cases, on their site (pdf).

h/t @AndrewProia

Jun 302014
 
 June 30, 2014  Posted by  Surveillance

The Local reports:

Denmark’s cooperation with the US intelligence agency NSA goes back to the 1990s, newly-obtained documents have revealed.

Through a freedom of information request, Danmarks Radio obtained internal government documents dating from 1998-2000 that showed the Americans put “significant pressure” on Denmark to change its laws to allow the surveillance of communication lest it fall out of an inner circle of information-sharing countries.

The new documents corroborate information provided by former NSA contractor Edward Snowden that revealed that the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste) collaborated with the American NSA to tap undersea internet cables. They also reveal that the partnership goes back further than previously known.

“The papers confirm the picture of the cooperation existing and having existed for many years,” Hans Jørgen Bonnichsen, a former director of the Danish Security and Intelligence Service (Politiets Efterretningstjeneste), told DR.

Read more on The Local (Dk)

Jun 302014
 
 June 30, 2014  Posted by  Non-U.S., Online

Last week’s National Post features an op-ed written by Ontario’s Information and Privacy Commissioner Dr. Ann Cavoukian and the founder and co-chair of the Future of Privacy Forum think tank Christopher Wolf commenting if a recent European Court of Justice judgement requiring Internet search providers to remove links to embarrassing information should also be applied to Canadian Citizens. The full article is below:

A man walks into a library. He asks to see the librarian. He tells the librarian there is a book on the shelves of the library that contains truthful, historical information about his past conduct, but he says he is a changed man now and the book is no longer relevant. He insists that any reference in the library’s card catalog and electronic indexing system associating him with the book be removed, or he will go to the authorities.

The librarian refuses, explaining that the library does not make judgments on people, but simply offers information to readers to direct them to materials from which they can make their own judgment in the so-called “marketplace of ideas.” The librarian goes on to explain that if the library had to respond to such requests, it would become a censorship body — essentially the arbiter of what information should remain accessible to the public. Moreover, if it had to respond to every such request, the burden would be enormous and there would be no easy way to determine whether a request was legitimate or not. The indexing system would become swiss cheese, with gaps and holes. And, most importantly, readers would be deprived of access to historical information that would allow them to reach their own conclusions about people and events.

The librarian gives this example: What if someone is running for office but wants to hide something from his unsavory past by blocking access to the easiest way for voters to uncover those facts? Voters would be denied relevant information, and democracy would be impaired.

The man is not convinced, and calls a government agent. The government agent threatens to fine or jail the librarian if he does not comply with the man’s request to remove the reference to the unflattering book in the library’s indexing system.

Is this a scenario out of George Orwell’s Nineteen Eighty-Four? No, this is the logical extension of a recent ruling from Europe’s highest court, which ordered Google to remove a link to truthful information about a person, because that person found the information unflattering and out of date. (The scale of online indexing would of course be dramatically more comprehensive than a library indexing system.)

The European Court of Justice ruled that Google has a legal obligation to remove, from a search result of an individual’s name, a link to a newspaper containing a truthful, factual account of the individual’s financial troubles years ago. The individual, a Spanish citizen, had requested that Google remove the newspaper link because the information it contained was “now entirely irrelevant.” This concept has been described as the “right to be forgotten.” While one may have sympathy for the Spanish man who claimed he had rehabilitated his credit and preferred that his previous setback be forgotten, the rule of law that the highest European Court has established could open the door to unintended consequences such as censorship and threats to freedom of expression.

The European Court relied on the fundamental rights to privacy and to the protection of personal data contained in the Charter of Fundamental Rights of the European Union, without so much as citing, much less analyzing, one of the other fundamental rights contained in the Charter, namely the right to free expression.

Moreover, the Court did not provide sufficient instruction on how the “right to be forgotten” should be applied. When do truthful facts become “outdated” such that they should be suppressed on the Internet? Do online actors other than search engines have a duty to “scrub” the Internet of unflattering yet truthful facts? The Court didn’t say. The European Court of Justice has mandated that the Googles of the world serve as judge and jury of what legal information is in the public interest, and what information needs to be suppressed because the facts are now dated and the subject is a private person. Under penalty of fines and possibly jail time, online companies may err on the side of deleting links to information, with free expression suffering in the process.

The European Court’s own Advocate General argued that a right to be forgotten “would entail sacrificing pivotal rights such as freedom of expression and information” and would suppress “legitimate and legal information that has entered the public sphere.” Further, the Advocate General argued, this would amount to “censuring” published content. In the First Amendment parlance of the U.S. Supreme Court, the European Court’s decision may amount to “burning the house to roast the pig.”

You might think this problem is limited to Europe, and that the search results in North America will remain unaffected by the Court’s ruling. But earlier European efforts to cleanse the Internet (in the context of hate speech) suggested that even materials on North American domains would be subject to European law.

As privacy advocates, we strongly support rights to protect an individual’s reputation and to guard against illegal and abusive behaviour. If you post something online about yourself, you should have the right to remove it or take it somewhere else. If someone else posts illegal defamatory content about you, as a general rule, you have a legal right to have it removed. But while personal control is essential to privacy, empowering individuals to demand the removal of links to unflattering, but accurate, information arguably goes far beyond protecting privacy. Other solutions should be explored to address the very real problem posed by the permanence of online data.

The recent extreme application of privacy rights in such a vague, shotgun manner threatens free expression on the Internet. We cannot allow the right to privacy to be converted into the right to censor.

SOURCE: Information and Privacy Commissioner, Ontario