November 20th, 2014
The Senate, by a vote of 58 to 42, failed to advance to debate on the USA Freedom Act, a bill to reform bulk data collection by the National Security Agency. The NSA has faced considerable criticism from the public and lawmakers since revelations by former contractor Edward Snowden concerning the agency’s broad surveillance programs. (He revealed several surveillance programs by the agency.) The USA Freedom Act, introduced by Sen. Patrick Leahy (D-Vermont), chairman of the Judiciary Committee, and a host of Democratic and Republican co-sponsors. The legislation was backed by the Obama administration, which called for reforms in January. The Washington Post reports:
Congress and the administration face a June 1 expiration of a key provision of the USA Patriot Act that enables the intelligence community to gather data for counterterrorism purposes. Section 215 allows the government to obtain specific records relevant to particular investigations. But, as Snowden disclosed, it also was the authority cited by the government to enable the NSA to collect data in bulk. Reform advocates want to end that bulk collection but in general maintain the government’s ability to issue targeted orders for data.
The 58-to-42 vote exposed fissures in the GOP over the legislation, with national security-oriented members and a vocal privacy proponent, Sen. Rand Paul (R-Ky.), voting to block the bill — but for different reasons. Read more »
November 19th, 2014
The New York Times reports on privacy questions surrounding apps for tracking students’ behavior in classrooms, such as ClassDojo. The app has addressed one of the concerns listed in the story concerning retention and deletion of the data. The New York Times reports:
ClassDojo is used by at least one teacher in roughly one out of three schools in the United States, according to its developer. The app is among the innovations to emerge from the estimated $7.9 billion education software market aimed at students from prekindergarten through high school. Although there are similar behavior-tracking programs, they are not as popular as ClassDojo.
Many teachers say the app helps them automate the task of recording classroom conduct, as well as allowing them to communicate directly with parents.
But some parents, teachers and privacy law scholars say ClassDojo, along with other unproven technologies that record sensitive information about students, is being adopted without sufficiently considering the ramifications for data privacy and fairness, like where and how the data might eventually be used. [...] Read more »
November 18th, 2014
The Federal Trade Commission announced that it has reached a proposed settlement with TRUSTe, a provider of privacy certifications for online businesses, over its privacy seal program. TRUSTe faced charges “that it deceived consumers about its recertification program for company’s privacy practices, as well as perpetuated its misrepresentation as a non-profit entity.” The FTC said:
TRUSTe provides seals to businesses that meet specific requirements for consumer privacy programs that it administers. TRUSTe seals assure consumers that businesses’ privacy practices are in compliance with specific privacy standards like the Children’s Online Privacy Protection Act (COPPA) and the U.S.-EU Safe Harbor Framework. [...]
The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year. [...] Read more »
November 18th, 2014
The Indiana Business Journal reports on a privacy case (Hinchy v. Walgreen Co., et al.) concerning a Walgreens pharmacy and a customer’s private medical information. (We’ve discussed misuse or abuse of access privileges by insiders before.) IBJ reports:
A Marion County jury verdict affirmed Friday by the Indiana Court of Appeals upholds a $1.4 million verdict for a Walgreen pharmacy customer whose prescription information was provided to a third party and sets a national precedent, according to the Indianapolis lawyer who argued the case.
“This is the first published court decision in the nation in which a health care provider has been held liable for HIPAA (Health Insurance Portability and Accountability Act) violations committed by its employees,” plaintiffs attorney Neal Eggeson said of the decision. Read more »
November 17th, 2014
The Kojo Nnamdi Show recently had a discussion with Chris Calabrese, Senior Policy Director at the Center for Democracy and Technology, and Mark Eckenwiler, Senior Counsel at Perkins Coie, about GPS tracking technology and its use by law enforcement officials. The discussion included privacy issues. Here’s the blurb:
Last week, law enforcement officers used GPS tracking to locate a woman who had been abducted in Philadelphia. The vehicle of her alleged abductor had a GPS device installed by the dealer, which the police then used to find the suspect and the victim. We explore the legal issues around when and how police can use surveillance technology like GPS, and what a 2012 Supreme Court decision means for such cases.
November 17th, 2014
Recently, there were news reports that Verizon and AT&T were using tracking “supercookies” to keep tabs on their customers’ online activities. These supercookies were virtually impossible to get rid of. Now, ProPublica reports that AT&T has stopped using the supercookie tracking technology on mobile phones, but it may restart the use of the technology:
AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers’ Internet activity. [...]
The tracking numbers can be used by sites to build a dossier about a person’s behavior on mobile devices – including which apps they use, what sites they visit and for how long. Read more »