Tag Archives: privacy

ACLU challenges NSA surveillance

On June 11th, the ACLU filed a lawsuit challenging the NSA’s surveillance program.  The ACLU lawsuit alleges that the program violates the First Amendment rights or free speech and association, the right to privacy under the Fourth Amendment, and that the surveillance program exceeds the authority provided by the Patriot Act.

ACLU, a customer of Verizon, made the following comments:

This dragnet program is surely one of the largest surveillance efforts ever launched by a democratic government against its own citizens.

It is the equivalent of requiring every American to file a daily report with the government of every location they visited, every person they talked to on the phone, the time of each call, and the length of every conversation.  The program goes far beyond even the permissible limits set by the Patriot Act and represents a gross infringement of the freedom of association and the right to privacy.

The complaint can be accessed here.

via ACLU Files Lawsuit Challenging Constitutionality of NSA Phone Spying Program | American Civil Liberties Union.

Advertisements

Leave a comment

Filed under civil rights, electronic discovery, federal, Privacy Rights

Online Retailer and Personal Information

If you have bought anything online, you are aware that the online retailer keeps information that you provide.  For example, your name, your credit card, your address, your phone number.  The question decided in California regarded the anti fraud statute.  Can online retailers require you to provide this information?

The California Supreme Court held in Apple Inc. v. Superior Court of Los Angeles County, et al., (Feb 4, 2013) that Apple could require personal information from customers who make downloadable purchases on iTunes.

The plaintiffs alleged Apple violated the Song-Beverly Credit Card Act, section 1747.08(d), by requiring this information from customers.

The California Supreme Court rejected this claim because:

Unlike a brick-and-mortar retailer, an online retailer cannot visually inspect the credit card, the signature on the back of the card, or the customer’s photo identification.

Thus, section 1747.08(d) – the key anti fraud mechanism in the statutory scheme – has no practical application to online transactions involving electronically downloadable products.  We cannot conclude that if the Legislature in 1990 had been prescient enough to anticipate online transactions involving electronically downloadable products, it would have intended section 1747.08(a)’s prohibitions to apply to such transactions despite the unavailability of section 1747.08(d)’s safeguards.

 

via Courthouse News Service.

Leave a comment

Filed under civil rights, legal decision, Privacy Rights

What NOT to include in your social media policy

HR.BLR has a good list to keep in mind when drafting your social media policy.  Please read this very carefully.

Social Media Policies: What NOT To Do

When creating your social media policies, here’s what NOT to do:

  • Don’t screen applicants on social media and/or ask for passwords to such sites. “Increasingly [such practices] will be prohibited by both federal and state law,” Scott explained. Additionally, screening on social media opens the risk for discrimination claims based on protected class status that may be discovered in social media postings.
  • “Don’t adopt social media policies which are overbroad, or which unreasonably chill the exercise of protected concerted activity rights under the NLRA.” Scott continued.
  • Don’t fire or discipline employees for social media content without first reviewing with counsel to ensure you are not crossing the line. Remember that the line is moving quickly as technology changes!
  • Don’t use third-party apps that are overbroad in their access to applicant and employee information.
  • Don’t refuse to hire applicants (or fire or discipline employees) based on information culled from social media without checking with experienced legal counsel.

Social Media Policies: What TO Do

Here are some “dos” for social media policies

  • Create a current, effective and enforceable social media policy.
  • Instruct employees not to use vulgar, obscene, threatening, intimidating or harassing language; attack people based on protected status (e.g., union status or activity, disability, national origin, etc.); disparage company products and services; or disclose confidential or proprietary company information.
  • Create a companion privacy policy, establishing guidelines to prevent the disclosure of confidential employee or company information. Confidential employee information may include things such as home addresses, birthdays, employee personal data (including medical data), and protected status information. Company proprietary information could be financial, trade secrets, or other business information deemed confidential. (These lists contain examples, but are not comprehensive.)
  • Train employees about social media policies.
  • “Use a non-decision-maker to filter the contents of the social media page” if you do use social media as part of applicant screening, Semler advised. This is so you don’t get charged with the knowledge of protected status.
  • Monitor ongoing legal developments and conform your practices to those changes. For example, monitor the constantly changing laws, regulations and rules established and implemented by federal and state legislatures, agencies and courts.

via What NOT to include in your social media policy.

Leave a comment

Filed under electronic discovery, Privacy Rights

Facebook is collecting your data — 500 terabytes a day

With more than 950 million users, Facebook is collecting a lot of data. Every time you click a notification, visit a page, upload a photo, or check out a friend’s link, you’re generating data for the company to track. Multiply that by 950 million people, who spend on average more than 6.5 hours on the site every month, and you have a lot of information to deal with.

Here are some of the stats the company provided Wednesday to demonstrate just how big Facebook’s data really is:

  • 2.5 billion content items shared per day (status updates + wall posts + photos + videos + comments)
  • 2.7 billion Likes per day
  • 300 million photos uploaded per day
  • 100+ petabytes of disk space in one of FB’s largest Hadoop (HDFS) clusters
  • 105 terabytes of data scanned via Hive, Facebook’s Hadoop query language, every 30 minutes
  • 70,000 queries executed on these databases per day
  • 500+terabytes of new data ingested into the databases every day

“If you aren’t taking advantage of big data, then you don’t have big data, you have just a pile of data,” said Jay Parikh, VP of infrastructure at Facebook on Wednesday. “Everything is interesting to us.”

Parikh said the company is constantly trying to figure out how to better analyze and make sense of the data, including doing extensive A/B testing on all potential updates to the site, and making sure it responds in real time to user input.

“We’re growing fast, but everyone else is growing faster,” he said.

via Facebook is collecting your data — 500 terabytes a day — Data | GigaOM.

2 Comments

Filed under electronic discovery, Privacy Rights

Mobile Data Privacy Laws Misunderstood by Users

Smartphone users understanding of privacy laws may not be accurate, according to a recent survey by law researchers from the University of California at Berkeley. The survey considered data from 1,200 users telephoned on either a landline or a mobile phone and sought to gain insight on perceptions about privacy as it relates to data stored on mobile devices. Researchers found that over 80 percent of users surveyed believed that their mobile phone was as private at their personal computer. Further, 70 percent of users would not want their cell phone provider to use location-based data to target ads to them, nor would they wish for social networking apps to use their contact lists.

As discussed by Technology Review, most smartphone users surveyed were seemingly unaware that, during an arrest, courts have allowed the search of a cellphone just as if it were any other possession. Regarding the use of location-based data for targeted advertisement, many apps already collect location data, sometimes with the users unknowing permission, hastily and inadvertently given when accepting the conditions of a free app.

But for midsize businesses, it is the collection of users contact lists that is perhaps most troubling. Businesses have privacy policies to protect customer information, but rightly or wrongly, it is a common enough practice in industry for employees to store customer phone numbers and other sensitive information on business and sometimes even personal cellphones. A recent article in Todays iPhone says that a recent Bitdefender study of 65,000 apps showed that 18.6% access cellphone users contact list information, and only 57.5% of those apps go on to encrypt the captured data. Although the release of iOS 6 will warn users when an app wants to collect data, it is still a troubling statistic.

via Midsize Insider: Mobile Data Privacy Laws Misunderstood by Users.

Leave a comment

Filed under electronic discovery, Privacy Rights

NSA tells privacy plaintiffs “trust us”

The public should trust that the National Security Agency will use its powers under a Terrorist Surveillance Program only when absolutely necessary, the NSA claims in Federal Court.

That’s what the NSA said in response to a class action that claims the agency would have unlimited authority to monitor anyone at any time if the class loses its lawsuit challenging the government’s claim of state secrets protection.

In its “Government Defendants’ Reply in Support of Second Motion to Dismiss and for Summary Judgment,” the NSA claims it is not obligated to turn over evidence in the class action that accused it of warrantless “dragnet” surveillance of U.S. citizens.

Lead plaintiff Carolyn Jewell represents telephone service customers who accuse the NSA of using telecommunications companies to spy on customers under the Terrorist Surveillance Program (TSP).

Created after the Sept. 11 terrorist attacks, critics claim the NASA used the TSP to violate the Constitution and the Foreign Intelligence Surveillance Act.

Jewell et al. claim that dismissal of the complaint against the NSA would be a weak concession by the judiciary, and a breach in the system of checks and balances.

The NSA wants the case dismissed because supplying evidence would compromise national security.

“This lawsuit puts at issue alleged intelligence activities of the National Security Agency (‘NSA’) purportedly undertaken pursuant to presidential authorization since the terrorist attacks of September 11, 2001,” the NSA says in its response. “Plaintiffs allege that the NSA engages in warrantless ‘dragnet’ surveillance by collecting the content of millions of domestic communications, as well as communication transactional records.

“For the past six years, the nation’s most senior intelligence officials, in succeeding

administrations, have consistently advised this court that litigation of plaintiffs’ allegations would risk exceptional damage to national security, setting forth in detail the matters at issue. Renewed invocation of the state secrets privilege in this action by the Director of National Intelligence has undergone rigorous review within the Executive Branch under a process providing that privilege will only be asserted where necessary to protect against significant harm to national security. Contrary to plaintiffs’ suggestion, in these circumstances dismissal would not constitute an abdication of judicial authority, but the exercise of judicial scrutiny of the privileged information at issue and the application of established law to protect compelling

national security interests.”

The NSA claims that Jewel’s assertion that FISA displaces the state secrets privilege is false, and that her argument that 9th Circuit “precedent concerning the privilege has been effectively overruled by the Supreme Court and that, as a result, this court may only consider a privilege assertion in response to specific discovery requests,” is also incorrect.

“Finally, citing hearsay and speculation in media reports, plaintiffs wrongly contend that their case may proceed on “‘on-privileged’ evidence,” the NSA said. “Plaintiffs’ opposition does not present a way forward, but a roadmap to why further proceedings would risk the disclosure of highly sensitive NSA sources and methods.”

U.S. District Judge Jeffery White will consider the motion on Nov. 2.

    The trial, if one occurs, is set for Dec. 14.

via Courthouse News Service.

Leave a comment

Filed under civil rights

Protect your Email Privacy

1. Use a Strong Password. You give out your email address all the time; it’s not really private information. That being the case, the only thing protecting your account from misuse is the password. A malefactor who guesses your too-weak password gains full control of your email account. Protect your account with a strong password, especially if you use a Web-based email provider like Gmail or Yahoo mail.

2. Beware Public PCs. If you check your email on a public computer in a library or Internet café, be absolutely sure you’ve logged out before leaving. Even then, you might be leaving behind traces that could give the next user too much information about you. Follow PCMag’s advice to Use Public Computers Safely.

3. Protect Your Address. It’s true that you give out your email address every time you send a message, but there’s no need to give it to the whole world. Don’t include your email address in comments on blog posts, or in social media posts. Spammers and scammers scrape pages all the time looking for new victims.

4. Lock It Up. If you step away from your desk, lock the Windows desktop or close your email client. Otherwise a sneaky co-worker could read your mail or even reset your login password. Hold the Windows key and press L to lock the desktop instantly.

5. Don’t Be Fooled. Oh, dear. Your email provider has sent you notification of a security breach, with a link to reset your password. Don’t click that link! It’s almost certainly a fraud, designed to steal your email account password. If you have any doubts, navigate to the email provider’s site directly and double-check.

6. Use Encryption. Sometimes you just have to send sensitive information by email. To keep your data safe, save it as a document and use your word processing application’s built-in encryption, or store the document in an encrypted ZIP file. Then share the password with the recipient separately. If you need encryption frequently, try a free email encryption product like PrivateSky or Enlocked.

via Six Tips for Protecting Your Email Privacy | PCMag.com.

Leave a comment

Filed under technology

New Md. Law May Be First in Country Banning Employers From Seeking Workers’ Social Media Passwords

In what could be the first such law in the country, Maryland has enacted a bill that would prohibit employers from demanding personal passwords to social media sites such as Facebook from job applicants and workers.

State lawmakers last week almost unanimously approved making such information private, in response to reports that a growing number of employers are seeking access to individuals’ personal social media accounts to gather information for job-related decision-making, Raycom News Network reports.

The bill will take effect as law after it is signed into law by the state governor, the Gazette reports.

The American Civil Liberties Union of Maryland favored the new measure. The state Chamber of Commerce opposed it.

While no one wants others to read private messages, the chamber had hoped lawmakers would recognize that there may be legitimate reason for employers to review social media sites, said lawyer and employment practitioner Elizabeth Torphy-Donzella of Shawe Rosenthal. Her Baltimore-based law firm represents the chamber.

Similar legislation is being pursued in California and Illinois and in Congress, the Baltimore Sun reports.

The Washington Post’s Capitol Business Blog says Michigan also is considering such a law.

via New Md. Law May Be First in Country Banning Employers From Seeking Workers’ Social Media Passwords – News – ABA Journal.

Leave a comment

Filed under civil rights, employment

Facebook and Job Applicants

Federal law clearly provides that employers must not discriminate against job applicants based on a number of factors, pursuant to Title VII, the ADA and ADAAA. What might employers find when they ask job applicants for their Facebook password?  Potentially sensitive information that could be used in a prohibitive manner when deciding who to hire – such as information regarding disabilities.

The following article was uploaded at EDD Blog:

Friday, Facebook threatened legal action against companies who require applicants provide usernames and passwords so prospective employers can see what applicants and their friends post on social networks. Now, it’s not clear what legal recourse Facebook has if businesses refuse to obey their demands, but shutting down the business’s Fan Page appears likely for violators. This action could cost firms tens of thousands or millions of dollars.

Erin Egan, Facebook’s Chief Privacy Officer had this to say about employers asking for applicant’s passwords:

“If you are a Facebook user, you should never have to share your password, let anyone access your account or do anything that might jeopardize the security of your account or violate the privacy of your friends,” Egan wrote. “We don’t think employers should be asking prospective employees to provide their passwords because we don’t think it’s the right thing to do.”

Facebook’s stance highlights the changing climate which causes clashes between individual privacy rights and corporate protection. And, without a strong social media policy, firms not only face possible legal action, but lose what is becoming a mandatory marketing channel.

via edd blog online: You Need A Social Media Policy.

Leave a comment

Filed under civil rights, electronic discovery

Cops to Get Facial Recognition Devices

Police departments in several states are getting new high-tech devices that can scan irises, recognize faces and collect fingerprints.The devices, made by BI2 Technologies, are attached to an iPhone for immediate searches of criminal databases, the Wall Street Journal sub. req. reports.

The development is “raising significant questions about privacy and civil liberties,” the story says.Currently the technology, called “Moris” for Mobile Offender Recognition and Information System, is used by the military to identify insurgents. But B12 has contracts to sell about 1,000 of the Moris devices to 40 police agencies, the story says.The Wall Street Journal interviewed George Washington University law professor Orin Kerr about the legal implications. Generally, police can take pictures of anyone in a public space. But after an officer stops or detains someone, police need “reasonable suspicion” to take fingerprints.Whether a warrant will be needed to use facial recognition or an iris scan is “a gray area of the law,” Kerr said. “A warrant might be required to force someone to open their eyes.”

via Cops to Get Facial Recognition Devices; Will They Need Warrants to Use Them? – News – ABA Journal.

 

Leave a comment

Filed under civil rights, electronic discovery