Super-injunctions: Twitter Sued by Footballer (UK)

In what may be the first lawsuit against the microblogging site, an English footballer is suing Twitter and its users after a/some Tweeter(s) purported to reveal the name of a player who allegedly had an affair with a model. The lawsuit lists the defendants as “Twitter Inc and persons unknown” according to reports. It seems like we finally have an answer to how Twitter gags could potentially be enforced. Sort of. Read the rest of this entry »

Gag-Order Issued for Facebook and Twitter

In an attempt to prevent the spreading of sensitive information, a judge in Britain has banned Twitter and Facebook users, among others, from revealing details about a brain-damaged woman involved in a recent UK case. The order was issued in the Court of Protection regarding the case of a mother looking to withdraw life support from her brain damaged daughter. The ban seeks to prevent users from identifying the brain-damaged woman and her caregivers. Read the rest of this entry »

Google & Apple’s Location v. Privacy Congress Hearing

Google and Apple appeared before the US’ Senate Subcommittee on Privacy, Technology and the Law today to explain, and hopefully placate, privacy concerns over how these two these two global corporations track and use their customers’ location data.  The hearing was called in response to last month’s disclosure that Apple’s iPhones collected location data, even when the customer turned off the tracking software, and ongoing concerns that Google’s Android-based phones also track the locations of users.   Read the rest of this entry »

Potential Fines for Massive Data Breaches

Following Sony’s recent, and nigh global, data security issues and Canada’s privacy watchdog’s call to increase penalties on corporations if they do not protect personal information of their customers, Industry Minister Tony Clement has responded with a “Maybe”.  The minister made a statement to Postmedia News on Friday that ”I have not closed the door to it, but there would have to be additional consultations on that issue.”  Privacy Commissioner Jennifer Stoddart has been vocal about the need for the federal government to update this country’s private-sector privacy law to include fines, given the “alarming trend toward ever-bigger” data breaches. Read the rest of this entry »

Class Action Against Sony for Data Breach

A class action has been filed in Ontario on behalf of approximately one million Canadian PlayStation and Qriocity users against Sony Corporation.  The proposed lawsuit comes on the heels of what has become a string of data breaches and crumbling trust in the multinational corporation’s data security systems.  Sony Corp’s announced in April that hackers had managed to break into databases containing personal information associated with nearly 100 million worldwide user accounts on the company’s popular PlayStation Network. Read the rest of this entry »

US “Privacy Bill of Rights” Proposal

The Federal Trade Commission, consumer advocates, and some legislators have been considering online privacy for years, but the issue has been increasingly in the forefront. The FTC released a “Do Not Track” Proposal in December, and several media sources have focused on the issue recently. The Wall Street Journal ran a series last summer entitled “What They Know”, which revealed that many websites install tracking tools on users’ computers Read the rest of this entry »

The Private market in online privacy services and the emergence of data as an asset class

One of the most common concerns arising out of the use of the internet is privacy. The use and interaction with online materials provides opportunities for marketers to surreptitiously collect data and sell it to advertisers looking to target certain consumer groups. Read the rest of this entry »

Android app reads RFID transit cards

Eric Butler, creator of FireSheep, has released an Android app that can read RFID fare cards used on some major US transit systems. The app is not designed primarily as a tool for revealing private data or, as was the case of FireSheep, to raise awareness. However, it does demonstrate how simple it can be to access the information on these chips and highlights the need for them to be secure.

Read the rest of this entry »

Do Corporations have Personal Privacy Rights?

In a case involving the US telecommunications giant AT&T, the US Supreme Court considered whether or not a corporation could have personal privacy rights. AT&T had tried to block the release of documents it had given to the Federal Communications Commission, basing the attempt on an exemption in the Freedom of Information Act which protects information “could reasonably be expected to constitute an unwarranted invasion of personal privacy”. Read the rest of this entry »

WikiLeaks, Twitter and communications privacy law

Although we may be tired of reading the word “WikiLeaks”, the United States government’s reaction to Julian Assange’s revelations has brought issues of privacy law in communications to the forefront. According to the Associated Press, the U.S. Department of Justice obtained a court order from a district court in Alexandria, Virginia, on December 14th, asking Twitter, Inc. to disclose information connected to four accounts: the official WikiLeaks Twitter account, and the personal accounts of three WikiLeaks supporters. The court order also asks for any information Twitter may have on Julian Assange, the founder of WikiLeaks, and Private Bradley Manning, who is currently in U.S. custody, suspected of leaking classified information to WikiLeaks. The court order was unsealed on January 5th at the request of Twitter; WikiLeaks posted on its official Twitter account that it assumes information from Google and Facebook were similarly subpoenaed, although this has not been confirmed. Assange has complained that the government’s conduct amounts to harassment.

Unsurprisingly, WikiLeaks is only one of many organizations and individuals that have found their Twitter accounts the subject of recent subpoenas. A recent New York Times article has indicated that U.S. law enforcement agencies request information from companies such as Google, Twitter, Facebook, and Verizon more and more. As social networking sites and online data storage have become more popular with consumers, they have also become more popular with law enforcement agencies seeking information. Fortunately for such agencies, but unfortunately for consumers who value their privacy, the main law regarding communications privacy in the U.S., the Electronic Communications Privacy Act (ECPA), was enacted in 1986, when email and cellphones were not used nearly as widely as today, and social networking sites were more than ten years in the future. Experts have suggested that the legislation originates from U.S. case law which says that individuals have no expectation of privacy from the government once you’ve given personal information to a third party. According to some consumer privacy advocates, the legislation is so outdated that it gives more protection to a letter in a filing cabinet than it does to emails on a server. The law makes it relatively easy for law enforcement agencies to gain access to information stored on a server; for example, if emails are more than 180 days old, agencies do not generally need a warrant to access them. This is further complicated by the fact that the legislation has been interpreted inconsistently by judges.

Due to the fact that court orders requesting information are often sealed, it is difficult for individuals to know whether or not they have been the subject of any requests. While most companies do not reveal the existence of requests to users, Twitter’s policy has been praised by privacy advocates. Twitter will “notify users of requests for their information prior to disclosure unless we are prohibited from doing so by statute or court order.” Google, Facebook, and many organizations that often find themselves faced with court orders for user information, do not have policies of informing users of requests for their data before disclosure.

While even the most vocal supporters of consumer privacy agree that user information is extremely valuable to law enforcement agencies involved in a wide variety of investigations, from terrorism to Internet pornography, many find it intolerable that protection of online data is so much weaker than that of data stored in paper form at homes or offices. Under ECPA, law enforcement agencies need only a subpoena from a prosecutor to access an individual’s online data. In order to set up a wiretap, agencies need a court order, and in order to access documents, they must obtain a search warrant from a judge. With online storage and transmission of data becoming more frequent and hard copy storage and snail mail transmission less so, it seems inconsistent that privacy in our main modes of communication in 2011 is granted far less protection than our main modes of communication 50 or even 100 years ago. Does it make sense for the privacy of consumer and user information to be afforded less protection merely because of the way in which it is stored or sent? Should legal protection be different for a conversation held over the phone and a series of emails? Furthermore, do legislators truly intend that older and newer modes of communication be treated so differently for the purposes of law enforcement?

With public and media attention focused on ECPA, some legislators, including Senator Patrick Leahy, a Vermont Democrat, have begun to advocate reform of online privacy policies. While acknowledging that Americans’ privacy has been increasingly encroached in the last decade, Leahy has stressed the need for balance between individual privacy rights and law enforcement objectives. With federal law enforcement issues planning to ask for regulations that would make it easier for them to set up legal wiretaps of Internet communications, it remains to be seen whether such reforms will result in improved protections for communications privacy.