The federal Chief Information Officers Council has released a report (pdf) detailing recommendations for a cloud computing privacy framework. Cloud computing is when you upload, store and access your data at an online service owned or operated by others. Millions of consumers use cloud computing services such as Web-based e-mail, online photo or video databases, or Internet calendar services.

The lack of control of your data is a substantial problem, as is the question of the physical location of the data and which country’s laws your personal information are subject to. (Read a previous post for more on the privacy issues connected with cloud computing.)

In “Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies,” the federal CIOs say:

While [cloud computing] provides a flexible solution for complex information technology needs, cloud computing poses additional privacy challenges to those using the “cloud.” Federal agencies need to be aware of the significant privacy concerns associated with the cloud computing environment where [personally identifiable information (PII) ] will be stored on a server that is not owned or controlled by the Federal government. That solution may result in holding or processing data without complying with Federal privacy requirements in a multi-jurisdictional environment. The framework below provides guidance on the privacy considerations posed by moving computer systems that contain PII to a Cloud Computing Provider (CCP). [...] Read more »

Time has an opinion column by attorney Adam Cohen discussing location-tracking via GPS.

Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn’t violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway — and no reasonable expectation that the government isn’t tracking your movements.

That is the bizarre — and scary — rule that now applies in California and eight other Western states. The U.S. Court of Appeals for the Ninth Circuit, which covers this vast jurisdiction, recently decided the government can monitor you in this way virtually anytime it wants — with no need for a search warrant. Read more »

To recap: In February, the Robbins family filed a lawsuit — Robbins v. Lower Merion School District (pdf) — alleging that the Lower Merion School District in Pennsylvania misused the 2,300 Webcam-enabled laptops it issued to students in order to remotely peep into the students’ homes, take photographs and violate their privacy. The school district said it used the webcams only to track school-issued laptops that it thought were lost, stolen or inadvertently taken without permission.

In May, lawyers and computer experts hired by the district to investigate the case released a report (pdf) that said there was “overzealous and questionable use of technology by [Information Services] personnel without any apparent regard for privacy considerations or sufficient consultation with administrators.” Later that month, a federal judge “permanently banned the Lower Merion School District from using webcams or other intrusive technology to secretly monitor students through their school-issued laptops.” Recently, the Philadelphia Inquirer reported that the Lower Merion School District’s school board unanimously passed new policies “to govern the use and tracking of student laptops and other technology” to avoid a repeat of the recent controversy, which has cost the district “nearly $1 million in legal fees and expenses.”

Now, the FBI has announced that it has completed its investigation into the webcam  incident and federal officials would not be filing criminal charges. In a press release, United States Attorney Zane David Memeger said, “After a thorough review of the evidence in this matter by my office, the Federal Bureau of Investigation, the Montgomery County District Attorney’s Office, the Montgomery County Detectives, and the Lower Merion Police Department, I have concluded that bringing criminal charges is not warranted in this matter.” Read more »

The Bay Area Lawyer Chapter of the American Constitution Society presents: “Privacy Law 2.0- Modernizing the Electronic Communications Privacy Act.”

In 1986 The Bangles were all the rage, mobile phones were bigger than your head, and the World Wide Web didn’t even exist. A lot has changed since then — but not electronic privacy law. Since its drafting in 1986, the Electronic Communications Privacy Act (ECPA) has become a patchwork of inadequate and confusing standards. This panel of attorneys from major technology companies, civil liberties organizations, and academia will discuss recent case law, the impact of an outdated ECPA on clients, business, the public, and government, and the broad-based coalition effort currently underway to modernize ECPA and better protect privacy and innovation in the 21st century.

The panelists are: Read more »

To recap: In February, the Robbins family filed a lawsuit — Robbins v. Lower Merion School District (pdf) — alleging that the Lower Merion School District in Pennsylvania misused the 2,300 Webcam-enabled laptops it issued to students in order to remotely peep into the students’ homes, take photographs and violate their privacy. The school district said it used the webcams only to track school-issued laptops that it thought were lost, stolen or inadvertently taken without permission. In May, lawyers and computer experts hired by the district to investigate the case released a report (pdf) that said there was “overzealous and questionable use of technology by [Information Services] personnel without any apparent regard for privacy considerations or sufficient consultation with administrators.” Later that month, a federal judge “permanently banned the Lower Merion School District from using webcams or other intrusive technology to secretly monitor students through their school-issued laptops.” (Wired had a story about security vulnerabilities in LANrev Theft Track, a remote-surveillance technology used by Lower Merion School District.)

Now, the Philadelphia Inquirer reports that the Lower Merion School District’s school board has unanimously passed new policies “to govern the use and tracking of student laptops and other technology” to avoid a repeat of the recent controversy, which has cost the district “nearly $1 million in legal fees and expenses.”

The measures, passed unanimously by the school board at its monthly meeting, spell out in detail when, how, and for what reasons school officials can access or monitor the laptops they will give to each of the district’s nearly 2,300 high school students next month. Read more »

The New York Times reports on the privacy questions surrounding the “net neutrality” proposal from Google and Verizon. (For more about how the proposal could affect the open Internet, visit Public Knowledge.)

Last week, two elephants — Google and Verizon — came together to propose a vision for the Internet that represented what many characterize as a retreat by Google from its past strict adherence to so-called net neutrality. The phrase net neutrality, really more of a rallying cry than a technical term, describes a policy that would prohibit Internet service providers from exploiting their role in delivering information to favor their own content, or the content of the highest bidders.

The two companies were presumed to be on opposite sides of this issue since Google bases its business on an open Internet and Verizon, among other things, sells access to the Internet. For the sake of getting commitments from Verizon to support a “neutral” Internet delivered on hard wires, Google wrote on one of its blogs, it agreed to some exceptions: no neutrality for the Internet delivered wirelessly and for “additional, differentiated” online services. [...] Read more »