The Wall Street Journal reports that China is the latest country to require cellphone users to prove their identity when signing up for service. Several countries have considered such legislation. In the United States, there is legislation under discussion in the Senate that would require people to present ID when buying a prepaid mobile phones and would require companies to keep the information on file. Mexico, Vietnam, Spain and Japan are all seeking to identify some types of cellphone users and create databases.

Often, governments say this is a way to improve security, as only those with nefarious purposes (kidnappers, blackmailers) would need to have mobile phones that are not linked to their identities. This argument ignores that there are legitimate reasons for people to use prepaid cellphones anonymously: whistleblowers speaking to journalists or government prosecutors, or domestic violence victims who seek to avoid tracking by their abusers.

The Journal reports:

China began implementing a long-discussed measure that requires cellphone users to register by name when setting up an account, prompting concerns over privacy in the world’s largest mobile market. Read more »

The federal Chief Information Officers Council has released a report (pdf) detailing recommendations for a cloud computing privacy framework. Cloud computing is when you upload, store and access your data at an online service owned or operated by others. Millions of consumers use cloud computing services such as Web-based e-mail, online photo or video databases, or Internet calendar services.

The lack of control of your data is a substantial problem, as is the question of the physical location of the data and which country’s laws your personal information are subject to. (Read a previous post for more on the privacy issues connected with cloud computing.)

In “Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies,” the federal CIOs say:

While [cloud computing] provides a flexible solution for complex information technology needs, cloud computing poses additional privacy challenges to those using the “cloud.” Federal agencies need to be aware of the significant privacy concerns associated with the cloud computing environment where [personally identifiable information (PII) ] will be stored on a server that is not owned or controlled by the Federal government. That solution may result in holding or processing data without complying with Federal privacy requirements in a multi-jurisdictional environment. The framework below provides guidance on the privacy considerations posed by moving computer systems that contain PII to a Cloud Computing Provider (CCP). [...] Read more »

Time has an opinion column by attorney Adam Cohen discussing location-tracking via GPS.

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway — and no reasonable expectation that the government isn’t tracking your movements.

That is the bizarre — and scary — rule that now applies in California and eight other Western states. The U.S. Court of Appeals for the Ninth Circuit, which covers this vast jurisdiction, recently decided the government can monitor you in this way virtually anytime it wants — with no need for a search warrant. Read more »

To recap: In February, the Robbins family filed a lawsuit — Robbins v. Lower Merion School District (pdf) — alleging that the Lower Merion School District in Pennsylvania misused the 2,300 Webcam-enabled laptops it issued to students in order to remotely peep into the students’ homes, take photographs and violate their privacy. The school district said it used the webcams only to track school-issued laptops that it thought were lost, stolen or inadvertently taken without permission.

In May, lawyers and computer experts hired by the district to investigate the case released a report (pdf) that said there was “overzealous and questionable use of technology by [Information Services] personnel without any apparent regard for privacy considerations or sufficient consultation with administrators.” Later that month, a federal judge “permanently banned the Lower Merion School District from using webcams or other intrusive technology to secretly monitor students through their school-issued laptops.” Recently, the Philadelphia Inquirer reported that the Lower Merion School District’s school board unanimously passed new policies “to govern the use and tracking of student laptops and other technology” to avoid a repeat of the recent controversy, which has cost the district “nearly $1 million in legal fees and expenses.”

Now, the FBI has announced that it has completed its investigation into the webcam  incident and federal officials would not be filing criminal charges. In a press release, United States Attorney Zane David Memeger said, “After a thorough review of the evidence in this matter by my office, the Federal Bureau of Investigation, the Montgomery County District Attorney’s Office, the Montgomery County Detectives, and the Lower Merion Police Department, I have concluded that bringing criminal charges is not warranted in this matter.” Read more »

The Wall Street Journal takes a look at online targeted behavioral advertising and the data collected by marketers about Internet users’ browsing habits:

Add this to the list of consumer-data collection tactics that can raise eyebrows: Clearspring Technologies’ “AddThis” button. The button allows users to alert friends and contacts to interesting or useful material on the Web. For instance, with a click, a news article could be sent to a friend over email or posted to a site like Facebook Inc. More than 1.5 million web properties have implemented AddThis, hoping the easy links—and implied endorsements— help drive traffic.

Clearspring recently started aggregating data about consumers’ Web sharing habits into segments that marketers can buy to target online ads.

While many websites and marketers are jumping on the technology, some companies, such as AOL Inc., are having qualms. [...]

Clearspring said it doesn’t collect information about consumers on all the sites that feature its button, and websites can opt out of the advertising data collection. “This is very much a participatory system,” said Hooman Radfar, Clearspring’s 30-year-old founder and chief executive. The company says it doesn’t collect, store or sell personally identifiable data or data in several sensitive categories, including health or kids. Read more »

The Bay Area Lawyer Chapter of the American Constitution Society presents: “Privacy Law 2.0- Modernizing the Electronic Communications Privacy Act.”

In 1986 The Bangles were all the rage, mobile phones were bigger than your head, and the World Wide Web didn’t even exist. A lot has changed since then — but not electronic privacy law. Since its drafting in 1986, the Electronic Communications Privacy Act (ECPA) has become a patchwork of inadequate and confusing standards. This panel of attorneys from major technology companies, civil liberties organizations, and academia will discuss recent case law, the impact of an outdated ECPA on clients, business, the public, and government, and the broad-based coalition effort currently underway to modernize ECPA and better protect privacy and innovation in the 21st century.

The panelists are: Read more »