Internet privacy

  • September 4, 2015
    Guest Post

    by Anupam Chander, Director of the California International Law Center and Professor of Law at the University of California, Davis. He is the author of The Electronic Silk Road: How the Web Binds the World Together in Commerce, published by Yale University Press.

    *This post is part of ACSblog’s symposium examining proposed reforms to the Electronic Communications Privacy Act (ECPA).

    My parents grew up in a pen and paper world, where most of their writings and records were kept at home, in their offices, or with close confidantes. I grew up in a world of computers, but even my writings were mostly kept at home on hard drives and floppy disks (for today’s students, many of whom have never seen a floppy disk, a history of the floppy disk). My first writings were kept, astonishingly, on a cassette recorder, which stored what I typed on my TRS-80, a computer made by Radio Shack. That computer had a total memory of 16K, roughly 16,000 characters (not even words) of text.

    My children are growing up in the cloud, where their writings and their records are being stored in remote computers. Because those computers are managed by Dropbox, Google, Microsoft, and their peers, their writings are far more secure than I ever managed when I stored my files on a floppy or a hard drive, both of which failed with remarkable regularity and maximally devastating timing.

    But even if our kids never know the pain of losing a week’s work to faulty computing or an accidental deletion, they face a world where their writings are far more subject to government scrutiny than mine ever were. Not only are their writings subject to government searches, but also their whereabouts, through the tracking of smartphones. This is because while the Fourth Amendment clearly protects homes from searches and seizures without a warrant, it is not so clear that it protects writings and the records about us stored on a remote computer.

    Do our children deserve less protection from government snooping because they are relying on cloud services? Right now, the law says that if the government wants to read what’s on my home computer, it has to get a warrant to do so. But if the government wants to read what our kids are storing privately online, they may not. (For a more detailed account of when the government can access information online without a warrant, see this ProPublica summary, updated as of June 2014, but not including Riley v. California, described below.)

  • September 2, 2015
    Guest Post

    by Kate Westmoreland, Non-Residential Fellow, The Center for Internet & Society at Stanford Law School

    *This post is part of ACSblog’s symposium examining proposed reforms to the Electronic Communications Privacy Act (ECPA).

    As internet companies and cloud providers hold more and more communications and user data, access to this information has become a key part of criminal investigations and prosecutions. The current system for managing international access to this data is struggling under the increased demand. Microsoft’s Brad Smith has been vocal in his calls for a new international convention on access to user data for criminal matters. But is a whole new convention really necessary?

    The answer depends on (1) whether the system is actually broken and, if so, (2) whether a new international convention is the right solution. Perhaps I should give a spoiler alert on this, but I think the answer is “yes, but don’t put all your eggs in the one basket.” Ultimately, we should be working towards a new international system for managing government requests for user data, but this is a very long-term, ambitious project. In the meantime, we need to pursue a range of shorter-term improvements at the domestic and international levels.

    There is a growing consensus that the current system for international government access to user data in criminal matters is broken. It is governed by a creaky old system of bilateral and multilateral treaties (mutual legal assistance treaties or “MLATs”), relationships between law enforcement officers and companies, and a mishmash of domestic legislation. A government report last year stated that MLAT requests to the United States take an average of at least 10 months to process. The White House then called for increased funding to process the requests more quickly, but the appropriation has stalled. When law enforcement agencies feel that they cannot access the information through mutual legal assistance, they turn to alternative, informal methods, including directly asking companies to hand over the data.

  • February 22, 2012

    by Jeremy Leaming

    The White House appears to being moving closer to revealing a strategy for addressing rising concerns over privacy breaches in cyberspace.

    Politico reports that a White House event tomorrow is “likely to set the stage for the public unveiling of the administration’s highly anticipated white paper on online privacy, which has been more than a year in the making. The white paper is expected to call for a consumer privacy bill of rights from Congress, while charging the industry to police itself under the watch of federal regulators.”

    Some commentators suggest that the administration’s policy is likely influenced, in part, by the work of the Commerce Department’s Internet Policy Task Force, which issued a green paper after a year-long review “that included extensive consultations with commercial, civil society, governmental and academic stakeholders ….”

    The paper’s forward asserts that protections of consumers’ privacy “are crucial to maintaining the consumer trust that nurtures the Internet’s growth.”

    The potential release of the administration’s plans to address privacy concerns comes admist reporting by The Wall Street Journal that the Internet advertising giant, Google, had bypassed “the privacy settings of millions of people using” Apple’s Web browser, Safari, apparently allowing Google to track “the Web-browsing habits of people who intended for that kind of monitoring to be blocked.”

  • August 10, 2010
    The cyberspace advertising giant Google is facing internal struggles over how "far should it go in profiting from its crown jewels - the vast trove of data it possesses" about users' online activities, reports The Wall Street Journal's Jessica E. Vascellaro.

    Reporting on a 2008 confidential "vision statement," the WSJ says the document provides "a candid, introspective look at Google's fight to remain at the vanguard of the information economy."

    The Google document asserts that the company's database is "the BEST source of user interests found on the Internet," and advances ideas on how to take advantage of the situation, WSJ reports.

    The article continues:

    The most aggressive ideas would put Google at the cutting edge of the business of tracking people online to profit from their actions. A data-trading marketplace, for instance, would allow personal information from many sources - including Google - to be combined and used for highly personalized tracking of individuals.

    Beyond information gleaned from the vision statement, interviews with current and past Google workers reveal an internal and ongoing struggle over concerns about users' privacy and the potential for company profits.

    "In short," the WSJ piece concludes, "Google is trying to establish itself as the clearinghouse for as many ad transactions as possible, even when those deals don't actually involve consumer data that Google provides or sees. The further step in that progression would be for Google to become a clearinghouse for everyone's data, too. That idea, also laid out in the vision statement, is still being considered, people familiar with the talks say. That would put Google - already one of the biggest repositories of consumer data anywhere - at the center of the trade in other people's data as well."