In a column for BBC News, security expert Bruce Schneier explains “The damage that hi-tech does to our privacy.” He urges the public to consider the problems that are arising because it is easy and cheap (and will only get easier and cheaper) to keep data on everyone.

Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.

Data is the pollution of the information age. It’s a natural byproduct of every computer-mediated interaction. It stays around forever, unless it’s disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic. [...]

Increasingly, you leave a trail of digital footprints throughout your day. [...] Read more »

The ACLU has released a summary of the recently passed stimulus law’s (pdf) medical privacy provisions. (Here’s privacy consultant Bob Gellman’s evaluation of the medical privacy provisions.) From the ACLU’s summary:

On February 17, 2009, President Obama signed the American Recovery and Reinvestment Act of 2009 (hereafter ARRA). One of the many goals of the ARRA is to encourage the adoption of electronic medical records by doctors and hospitals. One of the most significant barriers to this process is the lack of powerful existing safeguards for patient information. [...]

Medical records privacy is currently protected pursuant to the Health Insurance Portability and Accountability Act (hereafter HIPAA). Unfortunately the HIPAA regulations contain numerous exceptions which allow for widespread access, sale and use of medical records. Patients have almost no control over how information is used, to whom it is disclosed or even the ability to learn about these disclosures after the fact. Read more »

From the Web site:

Confronting the Third Party Doctrine and the Privacy of Personal Information

BCLT’s 2009 Privacy Lecture features an address by Richard A. Epstein, the James Parker Hall Distinguished Service Professor of Law at the University of Chicago.

Professor Epstein is known for his research and writing in a broad range of constitutional, economic, historical, and philosophical subjects. In 2003 he was awarded an honorary degree in law from Ghent University. In 2005 he was named by Legal Affairs magazine as one of the twenty leading legal thinkers in the United States. Also in 2005, the College of William & Mary School of Law awarded him the Brigham-Kanner Property Rights Prize.

Responses to Professor Epstein’s 2008 BCLT Privacy Lecture will be made by Professor Orin Kerr and Assistant Professor Erin Murphy.

Orin Kerr teaches criminal law, criminal procedure, and computer crime law. He is the is a co-author of the leading casebook in criminal procedure and also a co-author of the leading treatise in criminal procedure. Read more »

We’ve heard stories about law enforcement officials using Facebook and other social networking sites to track down criminals or gather evidence, but police officers in a New York town are now being scrutinized for comments on their Facebook pages. The Associated Press reports, “Officials in a suburban New York town are consulting outside lawyers to determine what they can do about racist and sexist comments appearing on police officers’ Facebook pages.” The Journal News reports Harrison, N.Y., officials are considering “disciplinary action against three cops and the code enforcement officer who engaged in sexist banter about the town supervisor on their Facebook pages.”

Harrison officials are also considering the civil liberty aspects of the case. Police Chief David Hall rejected the Facebook comments as, “gutteral, juvenile locker-room banter,” but he also told the Journal News, “There is nothing that addresses this sort of thing in our policies [...] They were expressing their opinions on their own time on their own computers. It’s a free-speech issue.”

CNet reports:

A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.

In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted. [...]

Boucher’s attorney, Jim Budreau, already has filed an appeal to the Second Circuit. That makes it likely to turn into a precedent-setting case that creates new ground rules for electronic privacy, especially since Homeland Security claims the right to seize laptops at the border for an indefinite period. Budreau was out of the office on Thursday and could not immediately be reached for comment. Read more »

Privacy consultant Bob Gellman has published an evaluation (pdf) of the privacy subtitle in the newly passed stimulus law, which has many provisions that affect the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. Gellman has many years of experience working in the field, especially on medical privacy, and his analysis is should be of interest to those concerned with the privacy of health data.

The commentary is detailed and thoughtful. One example, discussing the information disclosure provision:

This requirement makes mandatory a patient request that a covered entity limit disclosures to a health plan if the patient pays out of pocket in full. For privacy, this is a highly desirable outcome. However, for a health care provider, it will create a requirement that will take some care to implement. Parts of a record that are medically intertwined will have to be segregable when disclose to a health plan.

If health records in an electronic system are shared, a covered entity must be able to segregate specific parts of a record and to keep those parts from being disclosed to health plans as directed by the patient. However, the same records can be shared among various health care providers because the restriction only applies to disclosures to a health plan. Read more »