privacy law

ProPublica's Julia Angwin reported this week on how marketers' tracking of customers is getting more intrusive: "Online marketers are increasingly seeking to track users offline, as well, by collecting data about people's offline habits—such as recent purchases, where you live, how many kids you have, and what kind of car you drive."

Angwin goes on to explain how it works: after sharing your e-mail address with a store, a marketer locates customers online when they use their email addresses to log into websites, then a marketer tags customers' computers with a tracker, and then when customers arrive at the website of the same story they will see a site customized to them.

The Washington Post reports on the Court of Justice of the European Union's's decision this week that Internet users have the right to demand that Google-search links be deleted. Europeans have the right to be forgotten. Americans don't. "Those seeking a similar right in the United States have stumbled upon the expansive free-speech protections in the First Amendment. Blocking access to even the most damaging information — mug shots, videos of intimate acts, or Web pages created by cyber-stalkers — can be difficult and often impossible, experts say. Online news accounts of past personal problems are even harder to leave behind," the Post further reports.

The European court, however, drew a distinction between newspapers keeping such news reports alive but not search engine results, the Post reports.

Sprint, the country's third-largest wireless provider, was the only cellphone company to receive "the secret legal basis of a then-classified program that collected Americans’ phone records by the billions for counterterrorism purposes" because it was the only company to demand access to that legal rationale before the program was revealed last year by Edward Snowden's leaks, the Washington Post reports. After receiving the rationale, Sprint continued to turn over phone call records to the NSA, the Post also reports.

Government-funded scientists are connecting "terabytes of patient medical records" at 11 sites across the country, The Washington Post reports. The result would be possibly the largest repository of medical information in the country, containing the medical information of 26 million to 30 million Americans. The new repository also raises privacy and propietary concerns, presenting "tricky ethical questions about who owns and controls the data, how to protect patient privacy and how research questions will be prioritized," The Post also reports.

"'The raw data is not what is being shared. That remains with the institution that the patient trusts,' said Devon McGraw, director of the health privacy project for the Center for Democracy and Technology," The Post further reports.

The project arises out of a Affordable Care Act provision  to create an independent nonprofit to help doctors and patients make better-informed decisions about their care, The Post further reports.

President Barack Obama plans to get the National Security Agency out of the business of collecting phone call records in bulk, The New York Times' Charlie Savage reports: "Under the proposal, they said, the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order." A House Intelligence Committee would allow the NSA to issue subpoenas for specific phone records without judicial approval, The Times also reports.

When we get arrested, do police have the right to search phones without a warrant, Reason's Damon Root asks. Do warrantless cell-phone searches constitute unreasonable searches and seizures?

While it is constitutionally permissible for police to search arrestees, their possessions and the immediate vicinity around the arrest site without a warrant, "cell phones contain previously unimaginable amounts of personal information, including not only words and images but also GPS location data. In other words, should getting arrested for a minor offense like jaywalking be sufficient to allow the police virtually unlimited access to your private affairs in search of additional wrongdoing?," Reason also asks.

The two cases the U.S. Supreme Court will hear are Riley v. California and United States v. Wurie.

The New York Times' Charlie Savage and Laura Poitras report on the evolution of the Foreign Intelligence Surveillance Court since the 9/11 attacks. Files leaked by Edward Snowden "help explain how the court evolved from its original task — approving wiretap requests — to engaging in complex analysis of the law to justify activities like the bulk collection of data about Americans’ emails and phone calls," they write. The court transformed from an adjudicator of surveillance applications to an interpreter of the law, Steven Aftergood, of the Federation of American Scientists, commented to The Times.

Among other revelations is that "the newly disclosed documents also refer to a decision by the court called Large Content FISA, a term that has not been publicly revealed before. Several current and former officials, speaking on the condition of anonymity, said Large Content FISA referred to sweeping but short-lived orders issued on Jan. 10, 2007, that authorized the Bush administration to continue its warrantless wiretapping program."

Craig Mundie, writing in Foreign Affairs, says that in the era of big data a new approach is needed. Instead of worrying about limiting data collection, control should be focused on "the moment when it is used."

One of Mundie's arguments against curbing the collection of data is that there can be dividends from aggregated data, such as learning how to "better address public health issues, learn more about how economies work, and prevent fraud and other crimes."

Mundie suggests building a version of digital rights management into electronic personal data in order to protect it: "All electronic personal data would have to be placed within a 'wrapper' of metadata, or information that describes the data without necessarily revealing its content. That wrapper would describe the rules governing the use of the data it held. Any programs that wanted to use the data would have to get approval to 'unwrap' it first. Regulators would also impose a mandatory auditing requirement on all applications that used personal data, allowing authorities to follow and observe applications that collected personal information to make sure that no one misused it and to penalize those who did."

The Massachusetts Supreme Judicial Court, 5-2, ruled this week that law enforcement may not a track a suspect's movements from cellphone data without getting a warrant, The Wall Street Journal reports. The court held, "'“even though restricted to telephone calls sent and received (answered or unanswered), the tracking of the defendant’s movements in the urban Boston area for two weeks was more than sufficient to intrude upon the defendant’s expectation of privacy,'" WSJ reported from the opinion. The court was applying the state constitution, not the federal constitution.